初始提交: Gitea 项目代码

2026-05-30 22:47:36 +08:00
commit f288f76350
6116 changed files with 776822 additions and 0 deletions
@@ -0,0 +1,535 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"bytes"
+	stdCtx "context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"slices"
+	"strings"
+
+	actions_model "gitea.dev/models/actions"
+	"gitea.dev/models/db"
+	git_model "gitea.dev/models/git"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/actions"
+	"gitea.dev/modules/container"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	shared_user "gitea.dev/routers/web/shared/user"
+	"gitea.dev/services/context"
+	"gitea.dev/services/convert"
+
+	act_model "gitea.com/gitea/runner/act/model"
+	"go.yaml.in/yaml/v4"
+)
+
+const (
+	tplListActions           templates.TplName = "repo/actions/list"
+	tplDispatchInputsActions templates.TplName = "repo/actions/workflow_dispatch_inputs"
+	tplViewActions           templates.TplName = "repo/actions/view"
+)
+
+type WorkflowInfo struct {
+	Entry    git.TreeEntry
+	ErrMsg   string
+	Workflow *act_model.Workflow
+}
+
+// DisplayName returns the workflow name from the YAML file if present, otherwise the filename.
+func (w WorkflowInfo) DisplayName() string {
+	if w.Workflow != nil && w.Workflow.Name != "" {
+		return w.Workflow.Name
+	}
+	return w.Entry.Name()
+}
+
+// MustEnableActions check if actions are enabled in settings
+func MustEnableActions(ctx *context.Context) {
+	if !setting.Actions.Enabled {
+		ctx.NotFound(nil)
+		return
+	}
+
+	if unit.TypeActions.UnitGlobalDisabled() {
+		ctx.NotFound(nil)
+		return
+	}
+
+	if ctx.Repo.Repository != nil {
+		if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
+			ctx.NotFound(nil)
+			return
+		}
+	}
+}
+
+func List(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("actions.actions")
+	ctx.Data["PageIsActions"] = true
+
+	commit, err := ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultBranch)
+	if errors.Is(err, util.ErrNotExist) {
+		ctx.Data["NotFoundPrompt"] = ctx.Tr("repo.branch.default_branch_not_exist", ctx.Repo.Repository.DefaultBranch)
+		ctx.NotFound(nil)
+		return
+	} else if err != nil {
+		ctx.ServerError("GetBranchCommit", err)
+		return
+	}
+
+	workflows, curWorkflowID := prepareWorkflowTemplate(ctx, commit)
+	if ctx.Written() {
+		return
+	}
+	otherWorkflows := prepareOtherWorkflows(ctx, workflows, curWorkflowID)
+	if ctx.Written() {
+		return
+	}
+	prepareWorkflowDispatchTemplate(ctx, workflows, curWorkflowID)
+	if ctx.Written() {
+		return
+	}
+
+	prepareWorkflowList(ctx, workflows, otherWorkflows)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplListActions)
+}
+
+// prepareOtherWorkflows surfaces historical runs whose workflow file no longer
+// exists on the default branch (renamed, removed, or only on other branches).
+func prepareOtherWorkflows(ctx *context.Context, workflows []WorkflowInfo, curWorkflowID string) []string {
+	listed := make(container.Set[string], len(workflows))
+	for _, w := range workflows {
+		listed.Add(w.Entry.Name())
+	}
+
+	var other []string
+	if ctx.Repo.Repository.NumActionRuns > 0 {
+		ids, err := actions_model.GetRunWorkflowIDs(ctx, ctx.Repo.Repository.ID)
+		if err != nil {
+			ctx.ServerError("GetRunWorkflowIDs", err)
+			return nil
+		}
+		other = container.FilterSlice(ids, func(id string) (string, bool) {
+			return id, id != "" && !listed.Contains(id)
+		})
+	}
+
+	ctx.Data["OtherWorkflows"] = other
+	ctx.Data["CurWorkflowIsListed"] = curWorkflowID == "" || listed.Contains(curWorkflowID)
+	return other
+}
+
+func WorkflowDispatchInputs(ctx *context.Context) {
+	ref := ctx.FormString("ref")
+	if ref == "" {
+		ctx.NotFound(nil)
+		return
+	}
+	// get target commit of run from specified ref
+	refName := git.RefName(ref)
+	var commit *git.Commit
+	var err error
+	if refName.IsTag() {
+		commit, err = ctx.Repo.GitRepo.GetTagCommit(refName.TagName())
+	} else if refName.IsBranch() {
+		commit, err = ctx.Repo.GitRepo.GetBranchCommit(refName.BranchName())
+	} else {
+		ctx.ServerError("UnsupportedRefType", nil)
+		return
+	}
+	if err != nil {
+		ctx.ServerError("GetTagCommit/GetBranchCommit", err)
+		return
+	}
+	workflows, curWorkflowID := prepareWorkflowTemplate(ctx, commit)
+	if ctx.Written() {
+		return
+	}
+	prepareWorkflowDispatchTemplate(ctx, workflows, curWorkflowID)
+	if ctx.Written() {
+		return
+	}
+	ctx.HTML(http.StatusOK, tplDispatchInputsActions)
+}
+
+func prepareWorkflowTemplate(ctx *context.Context, commit *git.Commit) (workflows []WorkflowInfo, curWorkflowID string) {
+	curWorkflowID = ctx.FormString("workflow")
+
+	_, entries, err := actions.ListWorkflows(commit)
+	if err != nil {
+		ctx.ServerError("ListWorkflows", err)
+		return nil, ""
+	}
+
+	workflows = make([]WorkflowInfo, 0, len(entries))
+	for _, entry := range entries {
+		workflow := WorkflowInfo{Entry: *entry}
+		content, err := actions.GetContentFromEntry(entry)
+		if err != nil {
+			ctx.ServerError("GetContentFromEntry", err)
+			return nil, ""
+		}
+		wf, err := act_model.ReadWorkflow(bytes.NewReader(content))
+		if err != nil {
+			workflow.ErrMsg = ctx.Locale.TrString("actions.runs.invalid_workflow_helper", err.Error())
+			workflows = append(workflows, workflow)
+			continue
+		}
+		if err := actions.ValidateWorkflowContent(content); err != nil {
+			workflow.ErrMsg = ctx.Locale.TrString("actions.runs.invalid_workflow_helper", err.Error())
+			workflows = append(workflows, workflow)
+			continue
+		}
+		workflow.Workflow = wf
+		// The workflow must contain at least one job without "needs". Otherwise, a deadlock will occur and no jobs will be able to run.
+		hasJobWithoutNeeds := false
+		// Check whether you have matching runner and a job without "needs"
+		emptyJobsNumber := 0
+		for _, j := range wf.Jobs {
+			if j == nil {
+				emptyJobsNumber++
+				continue
+			}
+			if !hasJobWithoutNeeds && len(j.Needs()) == 0 {
+				hasJobWithoutNeeds = true
+			}
+		}
+		if !hasJobWithoutNeeds {
+			workflow.ErrMsg = ctx.Locale.TrString("actions.runs.no_job_without_needs")
+		}
+		if emptyJobsNumber == len(wf.Jobs) {
+			workflow.ErrMsg = ctx.Locale.TrString("actions.runs.no_job")
+		}
+		workflows = append(workflows, workflow)
+	}
+
+	ctx.Data["workflows"] = workflows
+	ctx.Data["RepoLink"] = ctx.Repo.Repository.Link()
+	ctx.Data["AllowDisableOrEnableWorkflow"] = ctx.Repo.Permission.IsAdmin()
+	actionsConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
+	ctx.Data["ActionsConfig"] = actionsConfig
+	ctx.Data["CurWorkflow"] = curWorkflowID
+	ctx.Data["CurWorkflowDisabled"] = actionsConfig.IsWorkflowDisabled(curWorkflowID)
+
+	return workflows, curWorkflowID
+}
+
+func prepareWorkflowDispatchTemplate(ctx *context.Context, workflowInfos []WorkflowInfo, curWorkflowID string) {
+	actionsConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
+	if curWorkflowID == "" || !ctx.Repo.Permission.CanWrite(unit.TypeActions) || actionsConfig.IsWorkflowDisabled(curWorkflowID) {
+		return
+	}
+
+	var curWorkflow *act_model.Workflow
+	for _, workflowInfo := range workflowInfos {
+		if workflowInfo.Entry.Name() == curWorkflowID {
+			if workflowInfo.Workflow == nil {
+				log.Debug("CurWorkflowID %s is found but its workflowInfo.Workflow is nil", curWorkflowID)
+				return
+			}
+			curWorkflow = workflowInfo.Workflow
+			break
+		}
+	}
+
+	if curWorkflow == nil {
+		return
+	}
+
+	ctx.Data["CurWorkflowExists"] = true
+	curWfDispatchCfg := workflowDispatchConfig(curWorkflow)
+	if curWfDispatchCfg == nil {
+		return
+	}
+
+	ctx.Data["WorkflowDispatchConfig"] = curWfDispatchCfg
+
+	branchOpts := git_model.FindBranchOptions{
+		RepoID:          ctx.Repo.Repository.ID,
+		IsDeletedBranch: optional.Some(false),
+		ListOptions: db.ListOptions{
+			ListAll: true,
+		},
+	}
+	branches, err := git_model.FindBranchNames(ctx, branchOpts)
+	if err != nil {
+		ctx.ServerError("FindBranchNames", err)
+		return
+	}
+	// always put default branch on the top
+	branches = util.SliceRemoveAll(branches, ctx.Repo.Repository.DefaultBranch)
+	branches = append([]string{ctx.Repo.Repository.DefaultBranch}, branches...)
+	ctx.Data["Branches"] = branches
+
+	tags, err := repo_model.GetTagNamesByRepoID(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("GetTagNamesByRepoID", err)
+		return
+	}
+	ctx.Data["Tags"] = tags
+}
+
+func prepareWorkflowList(ctx *context.Context, workflows []WorkflowInfo, otherWorkflows []string) {
+	actorID := ctx.FormInt64("actor")
+	status := ctx.FormInt("status")
+	workflowID := ctx.FormString("workflow")
+	branch := ctx.FormString("branch")
+	page := ctx.FormInt("page")
+	if page <= 0 {
+		page = 1
+	}
+
+	// if status or actor query param is not given to frontend href, (href="/<repoLink>/actions")
+	// they will be 0 by default, which indicates get all status or actors
+	ctx.Data["CurActor"] = actorID
+	ctx.Data["CurStatus"] = status
+	ctx.Data["CurBranch"] = branch
+	if actorID > 0 || status > int(actions_model.StatusUnknown) || branch != "" {
+		ctx.Data["IsFiltered"] = true
+	}
+
+	opts := actions_model.FindRunOptions{
+		ListOptions: db.ListOptions{
+			Page:     page,
+			PageSize: convert.ToCorrectPageSize(ctx.FormInt("limit")),
+		},
+		RepoID:        ctx.Repo.Repository.ID,
+		WorkflowID:    workflowID,
+		TriggerUserID: actorID,
+	}
+
+	// if status is not StatusUnknown, it means user has selected a status filter
+	if actions_model.Status(status) != actions_model.StatusUnknown {
+		opts.Status = []actions_model.Status{actions_model.Status(status)}
+	}
+	if branch != "" {
+		opts.Ref = string(git.RefNameFromBranch(branch))
+	}
+
+	runs, total, err := db.FindAndCount[actions_model.ActionRun](ctx, opts)
+	if err != nil {
+		ctx.ServerError("FindAndCount", err)
+		return
+	}
+
+	for _, run := range runs {
+		run.Repo = ctx.Repo.Repository
+	}
+
+	if err := actions_model.RunList(runs).LoadTriggerUser(ctx); err != nil {
+		ctx.ServerError("LoadTriggerUser", err)
+		return
+	}
+
+	if err := loadIsRefDeleted(ctx, ctx.Repo.Repository.ID, runs); err != nil {
+		log.Error("LoadIsRefDeleted", err)
+	}
+
+	// Check for each run if there is at least one online runner that can run its jobs
+	runErrors := make(map[int64]string)
+	runners, err := db.Find[actions_model.ActionRunner](ctx, actions_model.FindRunnerOptions{
+		RepoID:        ctx.Repo.Repository.ID,
+		IsOnline:      optional.Some(true),
+		WithAvailable: true,
+	})
+	if err != nil {
+		ctx.ServerError("FindRunners", err)
+		return
+	}
+	for _, run := range runs {
+		if !run.Status.In(actions_model.StatusWaiting, actions_model.StatusRunning) {
+			continue
+		}
+		jobs, err := actions_model.GetLatestAttemptJobsByRepoAndRunID(ctx, run.RepoID, run.ID)
+		if err != nil {
+			ctx.ServerError("GetRunJobsByRunID", err)
+			return
+		}
+		for _, job := range jobs {
+			if !job.Status.IsWaiting() {
+				continue
+			}
+			if err := actions.ValidateWorkflowContent(job.WorkflowPayload); err != nil {
+				runErrors[run.ID] = ctx.Locale.TrString("actions.runs.invalid_workflow_helper", err.Error())
+				break
+			}
+			hasOnlineRunner := false
+			for _, runner := range runners {
+				if !runner.IsDisabled && runner.CanMatchLabels(job.RunsOn) {
+					hasOnlineRunner = true
+					break
+				}
+			}
+			if !hasOnlineRunner {
+				runErrors[run.ID] = ctx.Locale.TrString("actions.runs.no_matching_online_runner_helper", strings.Join(job.RunsOn, ","))
+				break
+			}
+		}
+	}
+	ctx.Data["RunErrors"] = runErrors
+
+	ctx.Data["Runs"] = runs
+
+	workflowNames := make(map[string]string, len(workflows))
+	for _, wf := range workflows {
+		workflowNames[wf.Entry.Name()] = wf.DisplayName()
+	}
+	ctx.Data["WorkflowNames"] = workflowNames
+
+	actors, err := actions_model.GetActors(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("GetActors", err)
+		return
+	}
+	ctx.Data["Actors"] = shared_user.MakeSelfOnTop(ctx.Doer, actors)
+
+	ctx.Data["StatusInfoList"] = actions_model.GetStatusInfoList(ctx, ctx.Locale)
+
+	runBranches, err := actions_model.GetRunBranches(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("GetRunBranches", err)
+		return
+	}
+	ctx.Data["RunBranches"] = runBranches
+
+	pager := context.NewPagination(total, opts.PageSize, opts.Page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+	ctx.Data["HasWorkflowsOrRuns"] = len(workflows) > 0 || len(otherWorkflows) > 0 || len(runs) > 0
+
+	ctx.Data["CanWriteRepoUnitActions"] = ctx.Repo.Permission.CanWrite(unit.TypeActions)
+}
+
+// loadIsRefDeleted loads the IsRefDeleted field for each run in the list.
+// TODO: move this function to models/actions/run_list.go but now it will result in a circular import.
+func loadIsRefDeleted(ctx stdCtx.Context, repoID int64, runs actions_model.RunList) error {
+	branches := make(container.Set[string], len(runs))
+	for _, run := range runs {
+		refName := git.RefName(run.Ref)
+		if refName.IsBranch() {
+			branches.Add(refName.ShortName())
+		}
+	}
+	if len(branches) == 0 {
+		return nil
+	}
+
+	branchInfos, err := git_model.GetBranches(ctx, repoID, branches.Values(), false)
+	if err != nil {
+		return err
+	}
+	branchSet := git_model.BranchesToNamesSet(branchInfos)
+	for _, run := range runs {
+		refName := git.RefName(run.Ref)
+		if refName.IsBranch() && !branchSet.Contains(refName.ShortName()) {
+			run.IsRefDeleted = true
+		}
+	}
+	return nil
+}
+
+type WorkflowDispatchInput struct {
+	Name        string   `yaml:"name"`
+	Description string   `yaml:"description"`
+	Required    bool     `yaml:"required"`
+	Default     string   `yaml:"default"`
+	Type        string   `yaml:"type"`
+	Options     []string `yaml:"options"`
+}
+
+type WorkflowDispatch struct {
+	Inputs []WorkflowDispatchInput
+}
+
+func workflowDispatchConfig(w *act_model.Workflow) *WorkflowDispatch {
+	switch w.RawOn.Kind {
+	case yaml.ScalarNode:
+		var val string
+		if !decodeNode(w.RawOn, &val) {
+			return nil
+		}
+		if val == "workflow_dispatch" {
+			return &WorkflowDispatch{}
+		}
+	case yaml.SequenceNode:
+		var val []string
+		if !decodeNode(w.RawOn, &val) {
+			return nil
+		}
+		if slices.Contains(val, "workflow_dispatch") {
+			return &WorkflowDispatch{}
+		}
+	case yaml.MappingNode:
+		var val map[string]yaml.Node
+		if !decodeNode(w.RawOn, &val) {
+			return nil
+		}
+
+		workflowDispatchNode, found := val["workflow_dispatch"]
+		if !found {
+			return nil
+		}
+
+		var workflowDispatch WorkflowDispatch
+		var workflowDispatchVal map[string]yaml.Node
+		if !decodeNode(workflowDispatchNode, &workflowDispatchVal) {
+			return &workflowDispatch
+		}
+
+		inputsNode, found := workflowDispatchVal["inputs"]
+		if !found || inputsNode.Kind != yaml.MappingNode {
+			return &workflowDispatch
+		}
+
+		i := 0
+		for {
+			if i+1 >= len(inputsNode.Content) {
+				break
+			}
+			var input WorkflowDispatchInput
+			if decodeNode(*inputsNode.Content[i+1], &input) {
+				input.Name = inputsNode.Content[i].Value
+				workflowDispatch.Inputs = append(workflowDispatch.Inputs, input)
+			}
+			i += 2
+		}
+		return &workflowDispatch
+
+	default:
+		return nil
+	}
+	return nil
+}
+
+func decodeNode(node yaml.Node, out any) bool {
+	if err := node.Decode(out); err != nil {
+		log.Warn("Failed to decode node %v into %T: %v", node, out, err)
+		return false
+	}
+	return true
+}
+
+func actionsListRedirectURL(repoLink, workflow, actor, status, branch string) string {
+	return fmt.Sprintf("%s/actions?workflow=%s&actor=%s&status=%s&branch=%s",
+		repoLink,
+		url.QueryEscape(workflow),
+		url.QueryEscape(actor),
+		url.QueryEscape(status),
+		url.QueryEscape(branch),
+	)
+}
@@ -0,0 +1,178 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"strings"
+	"testing"
+
+	actions_model "gitea.dev/models/actions"
+	"gitea.dev/models/db"
+	unittest "gitea.dev/models/unittest"
+
+	act_model "gitea.com/gitea/runner/act/model"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestReadWorkflow_WorkflowDispatchConfig(t *testing.T) {
+	yaml := `
+    name: local-action-docker-url
+    `
+	workflow, err := act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch := workflowDispatchConfig(workflow)
+	assert.Nil(t, workflowDispatch)
+
+	yaml = `
+    name: local-action-docker-url
+    on: push
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.Nil(t, workflowDispatch)
+
+	yaml = `
+    name: local-action-docker-url
+    on: workflow_dispatch
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.NotNil(t, workflowDispatch)
+	assert.Nil(t, workflowDispatch.Inputs)
+
+	yaml = `
+    name: local-action-docker-url
+    on: [push, pull_request]
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.Nil(t, workflowDispatch)
+
+	yaml = `
+    name: local-action-docker-url
+    on:
+        push:
+        pull_request:
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.Nil(t, workflowDispatch)
+
+	yaml = `
+    name: local-action-docker-url
+    on: [push, workflow_dispatch]
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.NotNil(t, workflowDispatch)
+	assert.Nil(t, workflowDispatch.Inputs)
+
+	yaml = `
+    name: local-action-docker-url
+    on:
+        - push
+        - workflow_dispatch
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.NotNil(t, workflowDispatch)
+	assert.Nil(t, workflowDispatch.Inputs)
+
+	yaml = `
+    name: local-action-docker-url
+    on:
+        push:
+        pull_request:
+        workflow_dispatch:
+            inputs:
+    `
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.NotNil(t, workflowDispatch)
+	assert.Nil(t, workflowDispatch.Inputs)
+
+	yaml = `
+    name: local-action-docker-url
+    on:
+        push:
+        pull_request:
+        workflow_dispatch:
+            inputs:
+                logLevel:
+                    description: 'Log level'
+                    required: true
+                    default: 'warning'
+                    type: choice
+                    options:
+                    - info
+                    - warning
+                    - debug
+                boolean_default_true:
+                    description: 'Test scenario tags'
+                    required: true
+                    type: boolean
+                    default: true
+                boolean_default_false:
+                    description: 'Test scenario tags'
+                    required: true
+                    type: boolean
+                    default: false
+    `
+
+	workflow, err = act_model.ReadWorkflow(strings.NewReader(yaml))
+	assert.NoError(t, err, "read workflow should succeed")
+	workflowDispatch = workflowDispatchConfig(workflow)
+	assert.NotNil(t, workflowDispatch)
+	assert.Equal(t, WorkflowDispatchInput{
+		Name:        "logLevel",
+		Default:     "warning",
+		Description: "Log level",
+		Options: []string{
+			"info",
+			"warning",
+			"debug",
+		},
+		Required: true,
+		Type:     "choice",
+	}, workflowDispatch.Inputs[0])
+	assert.Equal(t, WorkflowDispatchInput{
+		Name:        "boolean_default_true",
+		Default:     "true",
+		Description: "Test scenario tags",
+		Required:    true,
+		Type:        "boolean",
+	}, workflowDispatch.Inputs[1])
+	assert.Equal(t, WorkflowDispatchInput{
+		Name:        "boolean_default_false",
+		Default:     "false",
+		Description: "Test scenario tags",
+		Required:    true,
+		Type:        "boolean",
+	}, workflowDispatch.Inputs[2])
+}
+
+func Test_loadIsRefDeleted(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	runs, total, err := db.FindAndCount[actions_model.ActionRun](t.Context(),
+		actions_model.FindRunOptions{RepoID: 4, Ref: "refs/heads/test"})
+	assert.NoError(t, err)
+	assert.Len(t, runs, 1)
+	assert.EqualValues(t, 1, total)
+	for _, run := range runs {
+		assert.False(t, run.IsRefDeleted)
+	}
+
+	assert.NoError(t, loadIsRefDeleted(t.Context(), 4, runs))
+	for _, run := range runs {
+		assert.True(t, run.IsRefDeleted)
+	}
+}
@@ -0,0 +1,59 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"errors"
+	"net/http"
+	"path/filepath"
+	"strings"
+
+	actions_model "gitea.dev/models/actions"
+	"gitea.dev/modules/badge"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+)
+
+func GetWorkflowBadge(ctx *context.Context) {
+	workflowFile := ctx.PathParam("workflow_name")
+	branch := ctx.FormString("branch", ctx.Repo.Repository.DefaultBranch)
+	event := ctx.FormString("event")
+	style := ctx.FormString("style")
+
+	branchRef := git.RefNameFromBranch(branch)
+	b, err := getWorkflowBadge(ctx, workflowFile, branchRef.String(), event)
+	if err != nil {
+		ctx.ServerError("GetWorkflowBadge", err)
+		return
+	}
+
+	ctx.Data["Badge"] = b
+	ctx.RespHeader().Set("Content-Type", "image/svg+xml")
+	switch style {
+	case badge.StyleFlatSquare:
+		ctx.HTML(http.StatusOK, "shared/actions/runner_badge_flat-square")
+	default: // defaults to badge.StyleFlat
+		ctx.HTML(http.StatusOK, "shared/actions/runner_badge_flat")
+	}
+}
+
+func getWorkflowBadge(ctx *context.Context, workflowFile, branchName, event string) (badge.Badge, error) {
+	extension := filepath.Ext(workflowFile)
+	workflowName := strings.TrimSuffix(workflowFile, extension)
+
+	run, err := actions_model.GetWorkflowLatestRun(ctx, ctx.Repo.Repository.ID, workflowFile, branchName, event)
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			return badge.GenerateBadge(workflowName, "no status", badge.DefaultColor), nil
+		}
+		return badge.Badge{}, err
+	}
+
+	color, ok := badge.GlobalVars().StatusColorMap[run.Status]
+	if !ok {
+		return badge.GenerateBadge(workflowName, "unknown status", badge.DefaultColor), nil
+	}
+	return badge.GenerateBadge(workflowName, run.Status.String(), color), nil
+}
@@ -0,0 +1,14 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"testing"
+
+	"gitea.dev/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m)
+}
@@ -0,0 +1,78 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"testing"
+
+	actions_model "gitea.dev/models/actions"
+	"gitea.dev/modules/timeutil"
+	"gitea.dev/modules/translation"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestConvertToViewModel(t *testing.T) {
+	task := &actions_model.ActionTask{
+		Status: actions_model.StatusSuccess,
+		Steps: []*actions_model.ActionTaskStep{
+			{Name: "Run step-name", Index: 0, Status: actions_model.StatusSuccess, LogLength: 1, Started: timeutil.TimeStamp(1), Stopped: timeutil.TimeStamp(5)},
+		},
+		Stopped: timeutil.TimeStamp(20),
+	}
+
+	viewJobSteps, _, err := convertToViewModel(t.Context(), translation.MockLocale{}, nil, task)
+	require.NoError(t, err)
+
+	expectedViewJobs := []*ViewJobStep{
+		{
+			Summary:  "Set up job",
+			Duration: "0s",
+			Status:   "success",
+		},
+		{
+			Summary:  "Run step-name",
+			Duration: "4s",
+			Status:   "success",
+		},
+		{
+			Summary:  "Complete job",
+			Duration: "15s",
+			Status:   "success",
+		},
+	}
+	assert.Equal(t, expectedViewJobs, viewJobSteps)
+}
+
+func TestConvertToViewModelCancellingTaskDoesNotRenderRunningSteps(t *testing.T) {
+	task := &actions_model.ActionTask{
+		Status: actions_model.StatusCancelling,
+		Steps: []*actions_model.ActionTaskStep{
+			{Name: "Run step-name", Index: 0, Status: actions_model.StatusRunning, LogLength: 1},
+		},
+	}
+
+	viewJobSteps, _, err := convertToViewModel(t.Context(), translation.MockLocale{}, nil, task)
+	require.NoError(t, err)
+
+	expectedViewJobs := []*ViewJobStep{
+		{
+			Summary:  "Set up job",
+			Duration: "0s",
+			Status:   "success",
+		},
+		{
+			Summary:  "Run step-name",
+			Duration: "0s",
+			Status:   "cancelling",
+		},
+		{
+			Summary:  "Complete job",
+			Duration: "0s",
+			Status:   "waiting",
+		},
+	}
+	assert.Equal(t, expectedViewJobs, viewJobSteps)
+}
@@ -0,0 +1,114 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"time"
+
+	activities_model "gitea.dev/models/activities"
+	git_model "gitea.dev/models/git"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+)
+
+const (
+	tplActivity templates.TplName = "repo/activity"
+)
+
+// Activity render the page to show repository latest changes
+func Activity(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.activity")
+	ctx.Data["PageIsActivity"] = true
+
+	ctx.Data["PageIsPulse"] = true
+
+	timeUntil := time.Now()
+	period, timeFrom := "weekly", timeUntil.Add(-time.Hour*168)
+	switch ctx.PathParam("period") {
+	case "daily":
+		period, timeFrom = "daily", timeUntil.Add(-time.Hour*24)
+	case "halfweekly":
+		period, timeFrom = "halfweekly", timeUntil.Add(-time.Hour*72)
+	case "weekly":
+		period, timeFrom = "weekly", timeUntil.Add(-time.Hour*168)
+	case "monthly":
+		period, timeFrom = "monthly", timeUntil.AddDate(0, -1, 0)
+	case "quarterly":
+		period, timeFrom = "quarterly", timeUntil.AddDate(0, -3, 0)
+	case "semiyearly":
+		period, timeFrom = "semiyearly", timeUntil.AddDate(0, -6, 0)
+	case "yearly":
+		period, timeFrom = "yearly", timeUntil.AddDate(-1, 0, 0)
+	}
+	ctx.Data["DateFrom"] = timeFrom
+	ctx.Data["DateUntil"] = timeUntil
+	ctx.Data["Period"] = period
+	ctx.Data["PeriodText"] = ctx.Tr("repo.activity.period." + period)
+
+	canReadCode := ctx.Repo.Permission.CanRead(unit.TypeCode)
+	if canReadCode {
+		// GetActivityStats needs to read the default branch to get some information
+		branchExist, _ := git_model.IsBranchExist(ctx, ctx.Repo.Repository.ID, ctx.Repo.Repository.DefaultBranch)
+		if !branchExist {
+			ctx.Data["NotFoundPrompt"] = ctx.Tr("repo.branch.default_branch_not_exist", ctx.Repo.Repository.DefaultBranch)
+			ctx.NotFound(nil)
+			return
+		}
+	}
+
+	var err error
+	// TODO: refactor these arguments to a struct
+	ctx.Data["Activity"], err = activities_model.GetActivityStats(ctx, ctx.Repo.Repository, timeFrom,
+		ctx.Repo.Permission.CanRead(unit.TypeReleases),
+		ctx.Repo.Permission.CanRead(unit.TypeIssues),
+		ctx.Repo.Permission.CanRead(unit.TypePullRequests),
+		canReadCode,
+	)
+	if err != nil {
+		ctx.ServerError("GetActivityStats", err)
+		return
+	}
+
+	if ctx.PageData["repoActivityTopAuthors"], err = activities_model.GetActivityStatsTopAuthors(ctx, ctx.Repo.Repository, timeFrom, 10); err != nil {
+		ctx.ServerError("GetActivityStatsTopAuthors", err)
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplActivity)
+}
+
+// ActivityAuthors renders JSON with top commit authors for given time period over all branches
+func ActivityAuthors(ctx *context.Context) {
+	timeUntil := time.Now()
+	var timeFrom time.Time
+
+	switch ctx.PathParam("period") {
+	case "daily":
+		timeFrom = timeUntil.Add(-time.Hour * 24)
+	case "halfweekly":
+		timeFrom = timeUntil.Add(-time.Hour * 72)
+	case "weekly":
+		timeFrom = timeUntil.Add(-time.Hour * 168)
+	case "monthly":
+		timeFrom = timeUntil.AddDate(0, -1, 0)
+	case "quarterly":
+		timeFrom = timeUntil.AddDate(0, -3, 0)
+	case "semiyearly":
+		timeFrom = timeUntil.AddDate(0, -6, 0)
+	case "yearly":
+		timeFrom = timeUntil.AddDate(-1, 0, 0)
+	default:
+		timeFrom = timeUntil.Add(-time.Hour * 168)
+	}
+
+	authors, err := activities_model.GetActivityStatsTopAuthors(ctx, ctx.Repo.Repository, timeFrom, 10)
+	if err != nil {
+		ctx.ServerError("GetActivityStatsTopAuthors", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, authors)
+}
@@ -0,0 +1,230 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	auth_model "gitea.dev/models/auth"
+	issues_model "gitea.dev/models/issues"
+	access_model "gitea.dev/models/perm/access"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/httpcache"
+	"gitea.dev/modules/httplib"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/storage"
+	"gitea.dev/services/attachment"
+	"gitea.dev/services/context"
+	"gitea.dev/services/context/upload"
+	repo_service "gitea.dev/services/repository"
+)
+
+func attachmentReadScope(unitType unit.Type) (auth_model.AccessTokenScope, bool) {
+	switch unitType {
+	case unit.TypeIssues, unit.TypePullRequests:
+		return auth_model.AccessTokenScopeReadIssue, true
+	case unit.TypeReleases:
+		return auth_model.AccessTokenScopeReadRepository, true
+	default:
+		return "", false
+	}
+}
+
+// UploadIssueAttachment response for Issue/PR attachments
+func UploadIssueAttachment(ctx *context.Context) {
+	uploadAttachment(ctx, ctx.Repo.Repository.ID, attachment.UploadAttachmentForIssue)
+}
+
+// UploadReleaseAttachment response for uploading release attachments
+func UploadReleaseAttachment(ctx *context.Context) {
+	uploadAttachment(ctx, ctx.Repo.Repository.ID, attachment.UploadAttachmentForRelease)
+}
+
+// UploadAttachment response for uploading attachments
+func uploadAttachment(ctx *context.Context, repoID int64, uploadFunc attachment.UploadAttachmentFunc) {
+	if !setting.Attachment.Enabled {
+		ctx.HTTPError(http.StatusNotFound, "attachment is not enabled")
+		return
+	}
+
+	file, header, err := ctx.Req.FormFile("file")
+	if err != nil {
+		ctx.ServerError("FormFile", err)
+		return
+	}
+	defer file.Close()
+
+	uploaderFile := attachment.NewLimitedUploaderKnownSize(file, header.Size)
+	attach, err := uploadFunc(ctx, uploaderFile, &repo_model.Attachment{
+		Name:       header.Filename,
+		UploaderID: ctx.Doer.ID,
+		RepoID:     repoID,
+	})
+	if err != nil {
+		if upload.IsErrFileTypeForbidden(err) {
+			ctx.HTTPError(http.StatusBadRequest, err.Error())
+			return
+		}
+		ctx.ServerError("uploadAttachment(uploadFunc)", err)
+		return
+	}
+
+	log.Trace("New attachment uploaded: %s", attach.UUID)
+	ctx.JSON(http.StatusOK, map[string]string{
+		"uuid": attach.UUID,
+	})
+}
+
+// DeleteAttachment response for deleting issue's attachment
+func DeleteAttachment(ctx *context.Context) {
+	file := ctx.FormString("file")
+	attach, err := repo_model.GetAttachmentByUUID(ctx, file)
+	if err != nil {
+		ctx.HTTPError(http.StatusBadRequest, err.Error())
+		return
+	}
+
+	if !ctx.IsSigned {
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	if attach.RepoID != ctx.Repo.Repository.ID {
+		ctx.HTTPError(http.StatusBadRequest, "attachment does not belong to this repository")
+		return
+	}
+
+	if ctx.Doer.ID != attach.UploaderID {
+		if attach.IssueID > 0 {
+			issue, err := issues_model.GetIssueByID(ctx, attach.IssueID)
+			if err != nil {
+				ctx.ServerError("GetIssueByID", err)
+				return
+			}
+			if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
+				ctx.HTTPError(http.StatusForbidden)
+				return
+			}
+		} else if attach.ReleaseID > 0 {
+			if !ctx.Repo.Permission.CanWrite(unit.TypeReleases) {
+				ctx.HTTPError(http.StatusForbidden)
+				return
+			}
+		} else {
+			if !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.IsOwner() {
+				ctx.HTTPError(http.StatusForbidden)
+				return
+			}
+		}
+	}
+
+	err = repo_model.DeleteAttachment(ctx, attach, true)
+	if err != nil {
+		ctx.ServerError("DeleteAttachment", err)
+		return
+	}
+	ctx.JSON(http.StatusOK, map[string]string{
+		"uuid": attach.UUID,
+	})
+}
+
+// ServeAttachment serve attachments with the given UUID
+func ServeAttachment(ctx *context.Context, uuid string) {
+	attach, err := repo_model.GetAttachmentByUUID(ctx, uuid)
+	if err != nil {
+		if repo_model.IsErrAttachmentNotExist(err) {
+			ctx.HTTPError(http.StatusNotFound)
+		} else {
+			ctx.ServerError("GetAttachmentByUUID", err)
+		}
+		return
+	}
+
+	// prevent visiting attachment from other repository directly
+	// The check will be ignored before this code merged.
+	if attach.CreatedUnix > repo_model.LegacyAttachmentMissingRepoIDCutoff && ctx.Repo.Repository != nil && ctx.Repo.Repository.ID != attach.RepoID {
+		ctx.HTTPError(http.StatusNotFound)
+		return
+	}
+
+	unitType, repoID, err := repo_service.GetAttachmentLinkedTypeAndRepoID(ctx, attach)
+	if err != nil {
+		ctx.ServerError("GetAttachmentLinkedTypeAndRepoID", err)
+		return
+	}
+
+	if unitType == unit.TypeInvalid { // unlinked attachment can only be accessed by the uploader
+		if !(ctx.IsSigned && attach.UploaderID == ctx.Doer.ID) { // We block if not the uploader
+			ctx.HTTPError(http.StatusNotFound)
+			return
+		}
+	} else { // If we have the linked type, we need to check access
+		var (
+			perm access_model.Permission
+			repo = ctx.Repo.Repository
+		)
+		if repo == nil {
+			repo, err = repo_model.GetRepositoryByID(ctx, repoID)
+			if err != nil {
+				ctx.ServerError("GetRepositoryByID", err)
+				return
+			}
+			perm, err = access_model.GetDoerRepoPermission(ctx, repo, ctx.Doer)
+			if err != nil {
+				ctx.ServerError("GetDoerRepoPermission", err)
+				return
+			}
+		} else {
+			perm = ctx.Repo.Permission
+		}
+
+		if !perm.CanRead(unitType) {
+			ctx.HTTPError(http.StatusNotFound)
+			return
+		}
+
+		if requiredScope, ok := attachmentReadScope(unitType); ok {
+			context.CheckTokenScopes(ctx, repo, requiredScope)
+			if ctx.Written() {
+				return
+			}
+		}
+	}
+
+	if err := attach.IncreaseDownloadCount(ctx); err != nil {
+		ctx.ServerError("IncreaseDownloadCount", err)
+		return
+	}
+
+	if setting.Attachment.Storage.ServeDirect() {
+		// If we have a signed url (S3, object storage), redirect to this directly.
+		u, err := storage.Attachments.ServeDirectURL(attach.RelativePath(), attach.Name, ctx.Req.Method, nil)
+
+		if u != nil && err == nil {
+			ctx.Redirect(u.String())
+			return
+		}
+	}
+
+	if httpcache.HandleGenericETagPrivateCache(ctx.Req, ctx.Resp, `"`+attach.UUID+`"`, attach.CreatedUnix.AsTimePtr()) {
+		return
+	}
+
+	// If we have matched and access to release or issue
+	fr, err := storage.Attachments.Open(attach.RelativePath())
+	if err != nil {
+		ctx.ServerError("Open", err)
+		return
+	}
+	defer fr.Close()
+
+	httplib.ServeUserContentByFile(ctx.Req, ctx.Resp, fr, httplib.ServeHeaderOptions{Filename: attach.Name})
+}
+
+// GetAttachment serve attachments
+func GetAttachment(ctx *context.Context) {
+	ServeAttachment(ctx, ctx.PathParam("uuid"))
+}
@@ -0,0 +1,284 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"bytes"
+	"fmt"
+	"html/template"
+	"net/http"
+	"net/url"
+	"path"
+	"strconv"
+
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/charset"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/git/languagestats"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/highlight"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+)
+
+type blameRow struct {
+	RowNumber int
+
+	Avatar         template.HTML
+	PreviousSha    string
+	PreviousShaURL string
+	CommitURL      string
+	CommitMessage  string
+	CommitSince    template.HTML
+
+	Code         template.HTML
+	EscapeStatus *charset.EscapeStatus
+}
+
+// RefBlame render blame page
+func RefBlame(ctx *context.Context) {
+	ctx.Data["IsBlame"] = true
+	prepareRepoViewContent(ctx, ctx.Repo.RefTypeNameSubURL())
+
+	// Get current entry user currently looking at.
+	if ctx.Repo.TreePath == "" {
+		ctx.NotFound(nil)
+		return
+	}
+	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(ctx.Repo.TreePath)
+	if err != nil {
+		HandleGitError(ctx, "Repo.Commit.GetTreeEntryByPath", err)
+		return
+	}
+
+	blob := entry.Blob()
+	fileSize := blob.Size()
+	ctx.Data["FileSize"] = fileSize
+	ctx.Data["FileTreePath"] = ctx.Repo.TreePath
+
+	tplName := tplRepoViewContent
+	if !ctx.FormBool("only_content") {
+		prepareHomeTreeSideBarSwitch(ctx)
+		tplName = tplRepoView
+	}
+
+	if fileSize >= setting.UI.MaxDisplayFileSize {
+		ctx.Data["IsFileTooLarge"] = true
+		ctx.HTML(http.StatusOK, tplName)
+		return
+	}
+
+	ctx.Data["NumLines"], err = blob.GetBlobLineCount(nil)
+	if err != nil {
+		ctx.NotFound(err)
+		return
+	}
+
+	bypassBlameIgnore, _ := strconv.ParseBool(ctx.FormString("bypass-blame-ignore"))
+	result, err := performBlame(ctx, ctx.Repo.Repository, ctx.Repo.Commit, ctx.Repo.TreePath, bypassBlameIgnore)
+	if err != nil {
+		ctx.NotFound(err)
+		return
+	}
+
+	ctx.Data["UsesIgnoreRevs"] = result.UsesIgnoreRevs
+	ctx.Data["FaultyIgnoreRevsFile"] = result.FaultyIgnoreRevsFile
+
+	commitNames := processBlameParts(ctx, result.Parts)
+	if ctx.Written() {
+		return
+	}
+
+	renderBlame(ctx, result.Parts, commitNames)
+
+	ctx.HTML(http.StatusOK, tplName)
+}
+
+type blameResult struct {
+	Parts                []*gitrepo.BlamePart
+	UsesIgnoreRevs       bool
+	FaultyIgnoreRevsFile bool
+}
+
+func performBlame(ctx *context.Context, repo *repo_model.Repository, commit *git.Commit, file string, bypassBlameIgnore bool) (*blameResult, error) {
+	objectFormat := ctx.Repo.GetObjectFormat()
+
+	blameReader, err := gitrepo.CreateBlameReader(ctx, objectFormat, repo, commit, file, bypassBlameIgnore)
+	if err != nil {
+		return nil, err
+	}
+
+	r := &blameResult{}
+	if err := fillBlameResult(blameReader, r); err != nil {
+		_ = blameReader.Close()
+		return nil, err
+	}
+
+	err = blameReader.Close()
+	if err != nil {
+		if len(r.Parts) == 0 && r.UsesIgnoreRevs {
+			// try again without ignored revs
+
+			blameReader, err = gitrepo.CreateBlameReader(ctx, objectFormat, repo, commit, file, true)
+			if err != nil {
+				return nil, err
+			}
+
+			r := &blameResult{
+				FaultyIgnoreRevsFile: true,
+			}
+			if err := fillBlameResult(blameReader, r); err != nil {
+				_ = blameReader.Close()
+				return nil, err
+			}
+
+			return r, blameReader.Close()
+		}
+		return nil, err
+	}
+	return r, nil
+}
+
+func fillBlameResult(br *gitrepo.BlameReader, r *blameResult) error {
+	r.UsesIgnoreRevs = br.UsesIgnoreRevs()
+
+	previousHelper := make(map[string]*gitrepo.BlamePart)
+
+	r.Parts = make([]*gitrepo.BlamePart, 0, 5)
+	for {
+		blamePart, err := br.NextPart()
+		if err != nil {
+			return fmt.Errorf("BlameReader.NextPart failed: %w", err)
+		}
+		if blamePart == nil {
+			break
+		}
+
+		if prev, ok := previousHelper[blamePart.Sha]; ok {
+			if blamePart.PreviousSha == "" {
+				blamePart.PreviousSha = prev.PreviousSha
+				blamePart.PreviousPath = prev.PreviousPath
+			}
+		} else {
+			previousHelper[blamePart.Sha] = blamePart
+		}
+
+		r.Parts = append(r.Parts, blamePart)
+	}
+
+	return nil
+}
+
+func processBlameParts(ctx *context.Context, blameParts []*gitrepo.BlamePart) map[string]*user_model.UserCommit {
+	// store commit data by SHA to look up avatar info etc
+	commitNames := make(map[string]*user_model.UserCommit)
+	// and as blameParts can reference the same commits multiple
+	// times, we cache the lookup work locally
+	commits := make([]*git.Commit, 0, len(blameParts))
+	commitCache := map[string]*git.Commit{}
+	commitCache[ctx.Repo.Commit.ID.String()] = ctx.Repo.Commit
+
+	for _, part := range blameParts {
+		sha := part.Sha
+		if _, ok := commitNames[sha]; ok {
+			continue
+		}
+
+		// find the blamePart commit, to look up parent & email address for avatars
+		commit, ok := commitCache[sha]
+		var err error
+		if !ok {
+			commit, err = ctx.Repo.GitRepo.GetCommit(sha)
+			if err != nil {
+				if git.IsErrNotExist(err) {
+					ctx.NotFound(err)
+				} else {
+					ctx.ServerError("Repo.GitRepo.GetCommit", err)
+				}
+				return nil
+			}
+			commitCache[sha] = commit
+		}
+
+		commits = append(commits, commit)
+	}
+
+	// populate commit email addresses to later look up avatars.
+	validatedCommits, err := user_model.ValidateCommitsWithEmails(ctx, commits)
+	if err != nil {
+		ctx.ServerError("ValidateCommitsWithEmails", err)
+		return nil
+	}
+	for _, c := range validatedCommits {
+		commitNames[c.ID.String()] = c
+	}
+
+	return commitNames
+}
+
+func renderBlameFillFirstBlameRow(repoLink string, avatarUtils *templates.AvatarUtils, part *gitrepo.BlamePart, commit *user_model.UserCommit, br *blameRow) {
+	if commit.User != nil {
+		br.Avatar = avatarUtils.Avatar(commit.User, 18)
+	} else {
+		br.Avatar = avatarUtils.AvatarByEmail(commit.Author.Email, commit.Author.Name, 18)
+	}
+
+	br.PreviousSha = part.PreviousSha
+	br.PreviousShaURL = fmt.Sprintf("%s/blame/commit/%s/%s", repoLink, url.PathEscape(part.PreviousSha), util.PathEscapeSegments(part.PreviousPath))
+	br.CommitURL = fmt.Sprintf("%s/commit/%s", repoLink, url.PathEscape(part.Sha))
+	br.CommitMessage = commit.MessageUTF8()
+	br.CommitSince = templates.TimeSince(commit.Author.When)
+}
+
+func renderBlame(ctx *context.Context, blameParts []*gitrepo.BlamePart, commitNames map[string]*user_model.UserCommit) {
+	language, err := languagestats.GetFileLanguage(ctx, ctx.Repo.GitRepo, ctx.Repo.CommitID, ctx.Repo.TreePath)
+	if err != nil {
+		log.Error("Unable to get file language for %-v:%s. Error: %v", ctx.Repo.Repository, ctx.Repo.TreePath, err)
+	}
+
+	buf := &bytes.Buffer{}
+	rows := make([]*blameRow, 0)
+	avatarUtils := templates.NewAvatarUtils(ctx)
+	rowNumber := 0 // will be 1-based
+	for _, part := range blameParts {
+		for partLineIdx, line := range part.Lines {
+			rowNumber++
+
+			br := &blameRow{RowNumber: rowNumber}
+			rows = append(rows, br)
+
+			if int64(buf.Len()) < setting.UI.MaxDisplayFileSize {
+				buf.WriteString(line)
+				buf.WriteByte('\n')
+			}
+
+			if partLineIdx == 0 {
+				renderBlameFillFirstBlameRow(ctx.Repo.RepoLink, avatarUtils, part, commitNames[part.Sha], br)
+			}
+		}
+	}
+
+	escapeStatus := &charset.EscapeStatus{}
+
+	bufContent := buf.Bytes()
+	bufContent = charset.ToUTF8(bufContent, charset.ConvertOpts{})
+	highlighted, _, lexerDisplayName := highlight.RenderCodeSlowGuess(path.Base(ctx.Repo.TreePath), language, util.UnsafeBytesToString(bufContent))
+	unsafeLines := highlight.UnsafeSplitHighlightedLines(highlighted)
+	for i, br := range rows {
+		var line template.HTML
+		if i < len(unsafeLines) {
+			line = template.HTML(util.UnsafeBytesToString(unsafeLines[i]))
+		}
+		br.EscapeStatus, br.Code = charset.EscapeControlHTML(line, ctx.Locale)
+		escapeStatus = escapeStatus.Or(br.EscapeStatus)
+	}
+
+	ctx.Data["EscapeStatus"] = escapeStatus
+	ctx.Data["BlameRows"] = rows
+	ctx.Data["LexerName"] = lexerDisplayName
+}
@@ -0,0 +1,275 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+
+	git_model "gitea.dev/models/git"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/optional"
+	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/routers/utils"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	pull_service "gitea.dev/services/pull"
+	release_service "gitea.dev/services/release"
+	repo_service "gitea.dev/services/repository"
+)
+
+const (
+	tplBranch templates.TplName = "repo/branch/list"
+)
+
+// Branches render repository branch page
+func Branches(ctx *context.Context) {
+	ctx.Data["Title"] = "Branches"
+	ctx.Data["AllowsPulls"] = ctx.Repo.Repository.AllowsPulls(ctx)
+	ctx.Data["IsWriter"] = ctx.Repo.Permission.CanWrite(unit.TypeCode)
+	ctx.Data["IsMirror"] = ctx.Repo.Repository.IsMirror
+	// TODO: Can be replaced by ctx.Repo.PullRequestCtx.CanCreateNewPull()
+	ctx.Data["CanPull"] = ctx.Repo.Permission.CanWrite(unit.TypeCode) ||
+		(ctx.IsSigned && repo_model.HasForkedRepo(ctx, ctx.Doer.ID, ctx.Repo.Repository.ID))
+	ctx.Data["PageIsViewCode"] = true
+	ctx.Data["PageIsBranches"] = true
+
+	page := max(ctx.FormInt("page"), 1)
+	pageSize := setting.Git.BranchesRangeSize
+
+	kw := ctx.FormString("q")
+
+	defaultBranch, branches, branchesCount, err := repo_service.LoadBranches(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, optional.None[bool](), kw, page, pageSize)
+	if err != nil {
+		ctx.ServerError("LoadBranches", err)
+		return
+	}
+
+	commitIDs := []string{defaultBranch.DBBranch.CommitID}
+	for _, branch := range branches {
+		commitIDs = append(commitIDs, branch.DBBranch.CommitID)
+	}
+
+	commitStatuses, err := git_model.GetLatestCommitStatusForRepoCommitIDs(ctx, ctx.Repo.Repository.ID, commitIDs)
+	if err != nil {
+		ctx.ServerError("LoadBranches", err)
+		return
+	}
+	if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
+		for key := range commitStatuses {
+			git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key])
+		}
+	}
+
+	commitStatus := make(map[string]*git_model.CommitStatus)
+	for commitID, cs := range commitStatuses {
+		commitStatus[commitID] = git_model.CalcCommitStatus(cs)
+	}
+
+	ctx.Data["Keyword"] = kw
+	ctx.Data["Branches"] = branches
+	ctx.Data["CommitStatus"] = commitStatus
+	ctx.Data["CommitStatuses"] = commitStatuses
+	ctx.Data["DefaultBranchBranch"] = defaultBranch
+	pager := context.NewPagination(branchesCount, pageSize, page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+	ctx.HTML(http.StatusOK, tplBranch)
+}
+
+// DeleteBranchPost responses for delete merged branch
+func DeleteBranchPost(ctx *context.Context) {
+	defer jsonRedirectBranches(ctx)
+	branchName := ctx.FormString("name")
+
+	if err := repo_service.DeleteBranch(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.GitRepo, branchName); err != nil {
+		switch {
+		case git.IsErrBranchNotExist(err):
+			log.Debug("DeleteBranch: Can't delete non existing branch '%s'", branchName)
+			ctx.Flash.Error(ctx.Tr("repo.branch.deletion_failed", branchName))
+		case errors.Is(err, repo_service.ErrBranchIsDefault):
+			log.Debug("DeleteBranch: Can't delete default branch '%s'", branchName)
+			ctx.Flash.Error(ctx.Tr("repo.branch.default_deletion_failed", branchName))
+		case errors.Is(err, git_model.ErrBranchIsProtected):
+			log.Debug("DeleteBranch: Can't delete protected branch '%s'", branchName)
+			ctx.Flash.Error(ctx.Tr("repo.branch.protected_deletion_failed", branchName))
+		default:
+			log.Error("DeleteBranch: %v", err)
+			ctx.Flash.Error(ctx.Tr("repo.branch.deletion_failed", branchName))
+		}
+
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.branch.deletion_success", branchName))
+}
+
+// RestoreBranchPost responses for delete merged branch
+func RestoreBranchPost(ctx *context.Context) {
+	defer jsonRedirectBranches(ctx)
+
+	branchID := ctx.FormInt64("branch_id")
+	branchName := ctx.FormString("name")
+
+	deletedBranch, err := git_model.GetDeletedBranchByID(ctx, ctx.Repo.Repository.ID, branchID)
+	if err != nil {
+		log.Error("GetDeletedBranchByID: %v", err)
+		ctx.Flash.Error(ctx.Tr("repo.branch.restore_failed", branchName))
+		return
+	} else if deletedBranch == nil {
+		log.Debug("RestoreBranch: Can't restore branch[%d] '%s', as it does not exist", branchID, branchName)
+		ctx.Flash.Error(ctx.Tr("repo.branch.restore_failed", branchName))
+		return
+	}
+
+	if err := gitrepo.Push(ctx, ctx.Repo.Repository, ctx.Repo.Repository, git.PushOptions{
+		Branch: fmt.Sprintf("%s:%s%s", deletedBranch.CommitID, git.BranchPrefix, deletedBranch.Name),
+		Env:    repo_module.PushingEnvironment(ctx.Doer, ctx.Repo.Repository),
+	}); err != nil {
+		if strings.Contains(err.Error(), "already exists") {
+			log.Debug("RestoreBranch: Can't restore branch '%s', since one with same name already exist", deletedBranch.Name)
+			ctx.Flash.Error(ctx.Tr("repo.branch.already_exists", deletedBranch.Name))
+			return
+		}
+		log.Error("RestoreBranch: CreateBranch: %v", err)
+		ctx.Flash.Error(ctx.Tr("repo.branch.restore_failed", deletedBranch.Name))
+		return
+	}
+
+	objectFormat := git.ObjectFormatFromName(ctx.Repo.Repository.ObjectFormatName)
+
+	// Don't return error below this
+	if err := repo_service.PushUpdate(
+		&repo_module.PushUpdateOptions{
+			RefFullName:  git.RefNameFromBranch(deletedBranch.Name),
+			OldCommitID:  objectFormat.EmptyObjectID().String(),
+			NewCommitID:  deletedBranch.CommitID,
+			PusherID:     ctx.Doer.ID,
+			PusherName:   ctx.Doer.Name,
+			RepoUserName: ctx.Repo.Owner.Name,
+			RepoName:     ctx.Repo.Repository.Name,
+		}); err != nil {
+		log.Error("RestoreBranch: Update: %v", err)
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.branch.restore_success", deletedBranch.Name))
+}
+
+func jsonRedirectBranches(ctx *context.Context) {
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/branches?page=" + url.QueryEscape(ctx.FormString("page")))
+}
+
+// CreateBranch creates new branch in repository
+func CreateBranch(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.NewBranchForm)
+	if !ctx.Repo.CanCreateBranch() {
+		ctx.NotFound(nil)
+		return
+	}
+
+	if ctx.HasError() {
+		ctx.Flash.Error(ctx.GetErrMsg())
+		ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL())
+		return
+	}
+
+	var err error
+
+	if form.CreateTag {
+		target := ctx.Repo.CommitID
+		if ctx.Repo.RefFullName.IsBranch() {
+			target = ctx.Repo.BranchName
+		}
+		err = release_service.CreateNewTag(ctx, ctx.Doer, ctx.Repo.Repository, target, form.NewBranchName, "")
+	} else if ctx.Repo.RefFullName.IsBranch() {
+		err = repo_service.CreateNewBranch(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.BranchName, form.NewBranchName)
+	} else {
+		err = repo_service.CreateNewBranchFromCommit(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.CommitID, form.NewBranchName)
+	}
+	if err != nil {
+		if release_service.IsErrProtectedTagName(err) {
+			ctx.Flash.Error(ctx.Tr("repo.release.tag_name_protected"))
+			ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL())
+			return
+		}
+
+		if release_service.IsErrTagAlreadyExists(err) {
+			e := err.(release_service.ErrTagAlreadyExists)
+			ctx.Flash.Error(ctx.Tr("repo.branch.tag_collision", e.TagName))
+			ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL())
+			return
+		}
+		if git_model.IsErrBranchAlreadyExists(err) || git.IsErrPushOutOfDate(err) {
+			ctx.Flash.Error(ctx.Tr("repo.branch.branch_already_exists", form.NewBranchName))
+			ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL())
+			return
+		}
+		if git_model.IsErrBranchNameConflict(err) {
+			e := err.(git_model.ErrBranchNameConflict)
+			ctx.Flash.Error(ctx.Tr("repo.branch.branch_name_conflict", form.NewBranchName, e.BranchName))
+			ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL())
+			return
+		}
+		if git.IsErrPushRejected(err) {
+			e := err.(*git.ErrPushRejected)
+			if len(e.Message) == 0 {
+				ctx.Flash.Error(ctx.Tr("repo.editor.push_rejected_no_message"))
+			} else {
+				flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
+					"Message": ctx.Tr("repo.editor.push_rejected"),
+					"Summary": ctx.Tr("repo.editor.push_rejected_summary"),
+					"Details": utils.EscapeFlashErrorString(e.Message),
+				})
+				if err != nil {
+					ctx.ServerError("UpdatePullRequest.HTMLString", err)
+					return
+				}
+				ctx.Flash.Error(flashError)
+			}
+			ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL())
+			return
+		}
+
+		ctx.ServerError("CreateNewBranch", err)
+		return
+	}
+
+	if form.CreateTag {
+		ctx.Flash.Success(ctx.Tr("repo.tag.create_success", form.NewBranchName))
+		ctx.Redirect(ctx.Repo.RepoLink + "/src/tag/" + util.PathEscapeSegments(form.NewBranchName))
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.branch.create_success", form.NewBranchName))
+	ctx.Redirect(ctx.Repo.RepoLink + "/src/branch/" + util.PathEscapeSegments(form.NewBranchName) + "/" + util.PathEscapeSegments(form.CurrentPath))
+}
+
+func MergeUpstream(ctx *context.Context) {
+	branchName := ctx.FormString("branch")
+	_, err := repo_service.MergeUpstream(ctx, ctx.Doer, ctx.Repo.Repository, branchName, false)
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.JSONErrorNotFound()
+			return
+		} else if pull_service.IsErrMergeConflicts(err) {
+			ctx.JSONError(ctx.Tr("repo.pulls.merge_conflict"))
+			return
+		}
+		ctx.ServerError("MergeUpstream", err)
+		return
+	}
+	ctx.JSONRedirect("")
+}
@@ -0,0 +1,41 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"net/http"
+
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+	contributors_service "gitea.dev/services/repository"
+)
+
+const (
+	tplCodeFrequency templates.TplName = "repo/activity"
+)
+
+// CodeFrequency renders the page to show repository code frequency
+func CodeFrequency(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.activity.navbar.code_frequency")
+
+	ctx.Data["PageIsActivity"] = true
+	ctx.Data["PageIsCodeFrequency"] = true
+	ctx.PageData["repoLink"] = ctx.Repo.RepoLink
+
+	ctx.HTML(http.StatusOK, tplCodeFrequency)
+}
+
+// CodeFrequencyData returns JSON of code frequency data
+func CodeFrequencyData(ctx *context.Context) {
+	if contributorStats, err := contributors_service.GetContributorStats(ctx, ctx.Cache, ctx.Repo.Repository, ctx.Repo.Repository.DefaultBranch); err != nil {
+		if errors.Is(err, contributors_service.ErrAwaitGeneration) {
+			ctx.Status(http.StatusAccepted)
+			return
+		}
+		ctx.ServerError("GetContributorStats", err)
+	} else {
+		ctx.JSON(http.StatusOK, contributorStats["total"].Weeks)
+	}
+}
@@ -0,0 +1,467 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"html/template"
+	"net/http"
+	"strings"
+
+	asymkey_model "gitea.dev/models/asymkey"
+	"gitea.dev/models/db"
+	git_model "gitea.dev/models/git"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/renderhelper"
+	repo_model "gitea.dev/models/repo"
+	unit_model "gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/charset"
+	"gitea.dev/modules/fileicon"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/markup"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	asymkey_service "gitea.dev/services/asymkey"
+	"gitea.dev/services/context"
+	git_service "gitea.dev/services/git"
+	"gitea.dev/services/gitdiff"
+	repo_service "gitea.dev/services/repository"
+	"gitea.dev/services/repository/gitgraph"
+)
+
+const (
+	tplCommits    templates.TplName = "repo/commits"
+	tplGraph      templates.TplName = "repo/graph"
+	tplGraphDiv   templates.TplName = "repo/graph/div"
+	tplCommitPage templates.TplName = "repo/commit_page"
+)
+
+// RefCommits render commits page
+func RefCommits(ctx *context.Context) {
+	switch {
+	case len(ctx.Repo.TreePath) == 0:
+		Commits(ctx)
+	case ctx.Repo.TreePath == "search":
+		SearchCommits(ctx)
+	default:
+		FileHistory(ctx)
+	}
+}
+
+// Commits render branch's commits
+func Commits(ctx *context.Context) {
+	ctx.Data["PageIsCommits"] = true
+	if ctx.Repo.Commit == nil {
+		ctx.NotFound(nil)
+		return
+	}
+	ctx.Data["PageIsViewCode"] = true
+
+	commitsCount := ctx.Repo.CommitsCount
+
+	page := max(ctx.FormInt("page"), 1)
+
+	pageSize := ctx.FormInt("limit")
+	if pageSize <= 0 {
+		pageSize = setting.Git.CommitsRangeSize
+	}
+
+	// Both `git log branchName` and `git log commitId` work.
+	commits, err := ctx.Repo.Commit.CommitsByRange(page, pageSize, "", "", "")
+	if err != nil {
+		ctx.ServerError("CommitsByRange", err)
+		return
+	}
+	ctx.Data["Commits"], err = processGitCommits(ctx, commits)
+	if err != nil {
+		ctx.ServerError("processGitCommits", err)
+		return
+	}
+	commitIDs := make([]string, 0, len(commits))
+	for _, c := range commits {
+		commitIDs = append(commitIDs, c.ID.String())
+	}
+	commitsTagsMap, err := repo_model.FindTagsByCommitIDs(ctx, ctx.Repo.Repository.ID, commitIDs...)
+	if err != nil {
+		log.Error("FindTagsByCommitIDs: %v", err)
+		ctx.Flash.Error(ctx.Tr("internal_error_skipped", "FindTagsByCommitIDs"))
+	} else {
+		ctx.Data["CommitsTagsMap"] = commitsTagsMap
+	}
+	ctx.Data["CommitCount"] = commitsCount
+
+	pager := context.NewPagination(commitsCount, pageSize, page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+	ctx.HTML(http.StatusOK, tplCommits)
+}
+
+// Graph render commit graph - show commits from all branches.
+func Graph(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.commit_graph")
+	ctx.Data["PageIsCommits"] = true
+	ctx.Data["PageIsViewCode"] = true
+	mode := strings.ToLower(ctx.FormTrim("mode"))
+	if mode != "monochrome" {
+		mode = "color"
+	}
+	ctx.Data["Mode"] = mode
+	hidePRRefs := ctx.FormBool("hide-pr-refs")
+	ctx.Data["HidePRRefs"] = hidePRRefs
+	branches := ctx.FormStrings("branch")
+	realBranches := make([]string, len(branches))
+	copy(realBranches, branches)
+	for i, branch := range realBranches {
+		if strings.HasPrefix(branch, "--") {
+			realBranches[i] = git.BranchPrefix + branch
+		}
+	}
+	ctx.Data["SelectedBranches"] = realBranches
+	files := ctx.FormStrings("file")
+
+	graphCommitsCount, err := ctx.Repo.GetCommitGraphsCount(ctx, hidePRRefs, realBranches, files)
+	if err != nil {
+		log.Warn("GetCommitGraphsCount error for generate graph exclude prs: %t branches: %s in %-v, Will Ignore branches and try again. Underlying Error: %v", hidePRRefs, branches, ctx.Repo.Repository, err)
+		realBranches = []string{}
+		graphCommitsCount, err = ctx.Repo.GetCommitGraphsCount(ctx, hidePRRefs, realBranches, files)
+		if err != nil {
+			ctx.ServerError("GetCommitGraphsCount", err)
+			return
+		}
+	}
+
+	page := ctx.FormInt("page")
+
+	graph, err := gitgraph.GetCommitGraph(ctx.Repo.GitRepo, page, 0, hidePRRefs, realBranches, files)
+	if err != nil {
+		ctx.ServerError("GetCommitGraph", err)
+		return
+	}
+
+	if err := graph.LoadAndProcessCommits(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo); err != nil {
+		ctx.ServerError("LoadAndProcessCommits", err)
+		return
+	}
+
+	ctx.Data["Graph"] = graph
+
+	gitRefs, err := ctx.Repo.GitRepo.GetRefs()
+	if err != nil {
+		ctx.ServerError("GitRepo.GetRefs", err)
+		return
+	}
+
+	ctx.Data["AllRefs"] = gitRefs
+
+	divOnly := ctx.FormBool("div-only")
+	queryParams := ctx.Req.URL.Query()
+	queryParams.Del("div-only")
+	paginator := context.NewPagination(graphCommitsCount, setting.UI.GraphMaxCommitNum, page, 5)
+	paginator.AddParamFromQuery(queryParams)
+	ctx.Data["Page"] = paginator
+	if divOnly {
+		ctx.HTML(http.StatusOK, tplGraphDiv)
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplGraph)
+}
+
+// SearchCommits render commits filtered by keyword
+func SearchCommits(ctx *context.Context) {
+	ctx.Data["PageIsCommits"] = true
+	ctx.Data["PageIsViewCode"] = true
+
+	query := ctx.FormTrim("q")
+	if len(query) == 0 {
+		ctx.Redirect(ctx.Repo.RepoLink + "/commits/" + ctx.Repo.RefTypeNameSubURL())
+		return
+	}
+
+	all := ctx.FormBool("all")
+	opts := git.NewSearchCommitsOptions(query, all)
+	commits, err := ctx.Repo.Commit.SearchCommits(opts)
+	if err != nil {
+		ctx.ServerError("SearchCommits", err)
+		return
+	}
+	ctx.Data["CommitCount"] = len(commits)
+	ctx.Data["Commits"], err = processGitCommits(ctx, commits)
+	if err != nil {
+		ctx.ServerError("processGitCommits", err)
+		return
+	}
+
+	ctx.Data["Keyword"] = query
+	if all {
+		ctx.Data["All"] = true
+	}
+	ctx.HTML(http.StatusOK, tplCommits)
+}
+
+// FileHistory show a file's reversions
+func FileHistory(ctx *context.Context) {
+	if ctx.Repo.TreePath == "" {
+		Commits(ctx)
+		return
+	}
+
+	commitsCount, err := gitrepo.FileCommitsCount(ctx, ctx.Repo.Repository, ctx.Repo.RefFullName.ShortName(), ctx.Repo.TreePath)
+	if err != nil {
+		ctx.ServerError("FileCommitsCount", err)
+		return
+	} else if commitsCount == 0 {
+		ctx.NotFound(nil)
+		return
+	}
+
+	page := max(ctx.FormInt("page"), 1)
+
+	commits, err := ctx.Repo.GitRepo.CommitsByFileAndRange(
+		git.CommitsByFileAndRangeOptions{
+			Revision: ctx.Repo.RefFullName.ShortName(), // FIXME: legacy code used ShortName
+			File:     ctx.Repo.TreePath,
+			Page:     page,
+		})
+	if err != nil {
+		ctx.ServerError("CommitsByFileAndRange", err)
+		return
+	}
+	ctx.Data["Commits"], err = processGitCommits(ctx, commits)
+	if err != nil {
+		ctx.ServerError("processGitCommits", err)
+		return
+	}
+
+	ctx.Data["FileTreePath"] = ctx.Repo.TreePath
+	ctx.Data["CommitCount"] = commitsCount
+
+	pager := context.NewPagination(commitsCount, setting.Git.CommitsRangeSize, page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+	ctx.HTML(http.StatusOK, tplCommits)
+}
+
+func LoadBranchesAndTags(ctx *context.Context) {
+	response, err := repo_service.LoadBranchesAndTags(ctx, ctx.Repo, ctx.PathParam("sha"))
+	if err == nil {
+		ctx.JSON(http.StatusOK, response)
+		return
+	}
+	ctx.NotFoundOrServerError(fmt.Sprintf("could not load branches and tags the commit %s belongs to", ctx.PathParam("sha")), git.IsErrNotExist, err)
+}
+
+// Diff show different from current commit to previous commit
+func Diff(ctx *context.Context) {
+	ctx.Data["PageIsDiff"] = true
+
+	userName := ctx.Repo.Owner.Name
+	repoName := ctx.Repo.Repository.Name
+	commitID := ctx.PathParam("sha")
+
+	diffBlobExcerptData := &gitdiff.DiffBlobExcerptData{
+		BaseLink:      ctx.Repo.RepoLink + "/blob_excerpt",
+		DiffStyle:     GetDiffViewStyle(ctx),
+		AfterCommitID: commitID,
+	}
+	gitRepo := ctx.Repo.GitRepo
+	var gitRepoStore gitrepo.Repository = ctx.Repo.Repository
+
+	if ctx.Data["PageIsWiki"] != nil {
+		var err error
+		gitRepoStore = ctx.Repo.Repository.WikiStorageRepo()
+		gitRepo, err = gitrepo.RepositoryFromRequestContextOrOpen(ctx, gitRepoStore)
+		if err != nil {
+			ctx.ServerError("Repo.GitRepo.GetCommit", err)
+			return
+		}
+		diffBlobExcerptData.BaseLink = ctx.Repo.RepoLink + "/wiki/blob_excerpt"
+	}
+
+	commit, err := gitRepo.GetCommit(commitID)
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound(err)
+		} else {
+			ctx.ServerError("Repo.GitRepo.GetCommit", err)
+		}
+		return
+	}
+	if len(commitID) != commit.ID.Type().FullLength() {
+		commitID = commit.ID.String()
+	}
+
+	fileOnly := ctx.FormBool("file-only")
+	maxLines, maxFiles := setting.Git.MaxGitDiffLines, setting.Git.MaxGitDiffFiles
+	files := ctx.FormStrings("files")
+	if fileOnly && (len(files) == 2 || len(files) == 1) {
+		maxLines, maxFiles = -1, -1
+	}
+
+	diff, err := gitdiff.GetDiffForRender(ctx, ctx.Repo.RepoLink, gitRepo, &gitdiff.DiffOptions{
+		AfterCommitID:      commitID,
+		SkipTo:             ctx.FormString("skip-to"),
+		MaxLines:           maxLines,
+		MaxLineCharacters:  setting.Git.MaxGitDiffLineCharacters,
+		MaxFiles:           maxFiles,
+		WhitespaceBehavior: gitdiff.GetWhitespaceFlag(GetWhitespaceBehavior(ctx)),
+	}, files...)
+	if err != nil {
+		ctx.NotFound(err)
+		return
+	}
+	diffShortStat, err := gitdiff.GetDiffShortStat(ctx, gitRepoStore, gitRepo, "", commitID)
+	if err != nil {
+		ctx.ServerError("GetDiffShortStat", err)
+		return
+	}
+	ctx.Data["DiffShortStat"] = diffShortStat
+
+	parents := make([]string, commit.ParentCount())
+	for i := 0; i < commit.ParentCount(); i++ {
+		sha, err := commit.ParentID(i)
+		if err != nil {
+			ctx.NotFound(err)
+			return
+		}
+		parents[i] = sha.String()
+	}
+
+	ctx.Data["CommitID"] = commitID
+	ctx.Data["AfterCommitID"] = commitID
+
+	var parentCommit *git.Commit
+	var parentCommitID string
+	if commit.ParentCount() > 0 {
+		parentCommit, err = gitRepo.GetCommit(parents[0])
+		if err != nil {
+			ctx.NotFound(err)
+			return
+		}
+		parentCommitID = parentCommit.ID.String()
+	}
+	setCompareContext(ctx, parentCommit, commit, userName, repoName)
+	ctx.Data["Title"] = commit.MessageTitle() + " · " + base.ShortSha(commitID)
+	ctx.Data["Commit"] = commit
+	ctx.Data["Diff"] = diff
+	ctx.Data["DiffBlobExcerptData"] = diffBlobExcerptData
+
+	if !fileOnly {
+		diffTree, err := gitdiff.GetDiffTree(ctx, gitRepo, false, parentCommitID, commitID)
+		if err != nil {
+			ctx.ServerError("GetDiffTree", err)
+			return
+		}
+
+		renderedIconPool := fileicon.NewRenderedIconPool()
+		ctx.PageData["DiffFileTree"] = transformDiffTreeForWeb(renderedIconPool, diffTree, nil)
+		ctx.PageData["FolderIcon"] = fileicon.RenderEntryIconHTML(renderedIconPool, fileicon.EntryInfoFolder())
+		ctx.PageData["FolderOpenIcon"] = fileicon.RenderEntryIconHTML(renderedIconPool, fileicon.EntryInfoFolderOpen())
+		ctx.Data["FileIconPoolHTML"] = renderedIconPool.RenderToHTML()
+	}
+
+	statuses, err := git_model.GetLatestCommitStatus(ctx, ctx.Repo.Repository.ID, commitID, db.ListOptionsAll)
+	if err != nil {
+		log.Error("GetLatestCommitStatus: %v", err)
+	}
+	if !ctx.Repo.Permission.CanRead(unit_model.TypeActions) {
+		git_model.CommitStatusesHideActionsURL(ctx, statuses)
+	}
+
+	ctx.Data["CommitStatus"] = git_model.CalcCommitStatus(statuses)
+	ctx.Data["CommitStatuses"] = statuses
+
+	verification := asymkey_service.ParseCommitWithSignature(ctx, commit)
+	ctx.Data["Verification"] = verification
+	ctx.Data["Author"] = user_model.ValidateCommitWithEmail(ctx, commit)
+	ctx.Data["Parents"] = parents
+	ctx.Data["DiffNotAvailable"] = diffShortStat.NumFiles == 0
+
+	if err := asymkey_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
+		return repo_model.IsOwnerMemberCollaborator(ctx, ctx.Repo.Repository, user.ID)
+	}, nil); err != nil {
+		ctx.ServerError("CalculateTrustStatus", err)
+		return
+	}
+
+	note := &git.Note{}
+	err = git.GetNote(ctx, ctx.Repo.GitRepo, commitID, note)
+	if err == nil {
+		ctx.Data["NoteCommit"] = note.Commit
+		ctx.Data["NoteAuthor"] = user_model.ValidateCommitWithEmail(ctx, note.Commit)
+		rctx := renderhelper.NewRenderContextRepoComment(ctx, ctx.Repo.Repository, renderhelper.RepoCommentOptions{CurrentRefSubURL: "commit/" + util.PathEscapeSegments(commitID)})
+		htmlMessage := template.HTML(template.HTMLEscapeString(string(charset.ToUTF8WithFallback(note.Message, charset.ConvertOpts{}))))
+		ctx.Data["NoteRendered"], err = markup.PostProcessCommitMessage(rctx, htmlMessage)
+		if err != nil {
+			ctx.ServerError("PostProcessCommitMessage", err)
+			return
+		}
+	} else if !git.IsErrNotExist(err) {
+		log.Error("GetNote: %v", err)
+	}
+
+	pr, _ := issues_model.GetPullRequestByMergedCommit(ctx, ctx.Repo.Repository.ID, commitID)
+	if pr != nil {
+		ctx.Data["MergedPRIssueNumber"] = pr.Index
+	}
+
+	ctx.HTML(http.StatusOK, tplCommitPage)
+}
+
+// RawDiff dumps diff results of repository in given commit ID to io.Writer
+func RawDiff(ctx *context.Context) {
+	var gitRepo *git.Repository
+	if ctx.Data["PageIsWiki"] != nil {
+		wikiRepo, err := gitrepo.OpenRepository(ctx, ctx.Repo.Repository.WikiStorageRepo())
+		if err != nil {
+			ctx.ServerError("OpenRepository", err)
+			return
+		}
+		defer wikiRepo.Close()
+		gitRepo = wikiRepo
+	} else {
+		gitRepo = ctx.Repo.GitRepo
+		if gitRepo == nil {
+			ctx.ServerError("GitRepo not open", fmt.Errorf("no open git repo for '%s'", ctx.Repo.Repository.FullName()))
+			return
+		}
+	}
+	if err := git.GetRawDiff(
+		gitRepo,
+		ctx.PathParam("sha"),
+		git.RawDiffType(ctx.PathParam("ext")),
+		ctx.Resp,
+	); err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound(errors.New("commit " + ctx.PathParam("sha") + " does not exist."))
+			return
+		}
+		ctx.ServerError("GetRawDiff", err)
+		return
+	}
+}
+
+func processGitCommits(ctx *context.Context, gitCommits []*git.Commit) ([]*git_model.SignCommitWithStatuses, error) {
+	commits, err := git_service.ConvertFromGitCommit(ctx, gitCommits, ctx.Repo.Repository)
+	if err != nil {
+		return nil, err
+	}
+	if !ctx.Repo.Permission.CanRead(unit_model.TypeActions) {
+		for _, commit := range commits {
+			if commit.Status == nil {
+				continue
+			}
+			commit.Status.HideActionsURL(ctx)
+			git_model.CommitStatusesHideActionsURL(ctx, commit.Statuses)
+		}
+	}
+	return commits, nil
+}
@@ -0,0 +1,73 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	git_model "gitea.dev/models/git"
+	access_model "gitea.dev/models/perm/access"
+	unit_model "gitea.dev/models/unit"
+	"gitea.dev/modules/log"
+	"gitea.dev/services/context"
+	repo_service "gitea.dev/services/repository"
+)
+
+type RecentBranchesPromptDataStruct struct {
+	RecentlyPushedNewBranches []*git_model.RecentlyPushedNewBranch
+}
+
+func prepareRecentlyPushedNewBranches(ctx *context.Context) {
+	if ctx.Doer == nil {
+		return
+	}
+	if err := ctx.Repo.Repository.GetBaseRepo(ctx); err != nil {
+		log.Error("GetBaseRepo: %v", err)
+		return
+	}
+
+	opts := git_model.FindRecentlyPushedNewBranchesOptions{
+		Repo:     ctx.Repo.Repository,
+		BaseRepo: ctx.Repo.Repository,
+	}
+	if ctx.Repo.Repository.IsFork {
+		opts.BaseRepo = ctx.Repo.Repository.BaseRepo
+	}
+
+	baseRepoPerm, err := access_model.GetDoerRepoPermission(ctx, opts.BaseRepo, ctx.Doer)
+	if err != nil {
+		log.Error("GetDoerRepoPermission: %v", err)
+		return
+	}
+	if !opts.Repo.CanContentChange() || !opts.BaseRepo.CanContentChange() {
+		return
+	}
+	if !opts.BaseRepo.UnitEnabled(ctx, unit_model.TypePullRequests) || !baseRepoPerm.CanRead(unit_model.TypePullRequests) {
+		return
+	}
+
+	var finalBranches []*git_model.RecentlyPushedNewBranch
+	branches, err := git_model.FindRecentlyPushedNewBranches(ctx, ctx.Doer, opts)
+	if err != nil {
+		log.Error("FindRecentlyPushedNewBranches failed: %v", err)
+		return
+	}
+
+	for _, branch := range branches {
+		divergingInfo, err := repo_service.GetBranchDivergingInfo(ctx,
+			branch.BranchRepo, branch.BranchName, // "base" repo for diverging info
+			opts.BaseRepo, opts.BaseRepo.DefaultBranch, // "head" repo for diverging info
+		)
+		if err != nil {
+			log.Error("GetBranchDivergingInfo failed: %v", err)
+			continue
+		}
+		branchRepoHasNewCommits := divergingInfo.BaseHasNewCommits
+		baseRepoCommitsBehind := divergingInfo.HeadCommitsBehind
+		if branchRepoHasNewCommits || baseRepoCommitsBehind > 0 {
+			finalBranches = append(finalBranches, branch)
+		}
+	}
+	if len(finalBranches) > 0 {
+		ctx.Data["RecentBranchesPromptData"] = RecentBranchesPromptDataStruct{finalBranches}
+	}
+}
@@ -0,0 +1,795 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	gocontext "context"
+	"encoding/csv"
+	"errors"
+	"io"
+	"net/http"
+	"net/url"
+	"path/filepath"
+	"sort"
+	"strings"
+	"unicode"
+
+	"gitea.dev/models/db"
+	git_model "gitea.dev/models/git"
+	issues_model "gitea.dev/models/issues"
+	access_model "gitea.dev/models/perm/access"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/charset"
+	csv_module "gitea.dev/modules/csv"
+	"gitea.dev/modules/fileicon"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/git/gitcmd"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/markup"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/setting"
+	api "gitea.dev/modules/structs"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/typesniffer"
+	"gitea.dev/modules/util"
+	"gitea.dev/routers/common"
+	"gitea.dev/services/context"
+	"gitea.dev/services/context/upload"
+	git_service "gitea.dev/services/git"
+	"gitea.dev/services/gitdiff"
+	user_service "gitea.dev/services/user"
+)
+
+const (
+	tplCompare     templates.TplName = "repo/diff/compare"
+	tplBlobExcerpt templates.TplName = "repo/diff/blob_excerpt"
+	tplDiffBox     templates.TplName = "repo/diff/box"
+)
+
+// setCompareContext sets context data.
+func setCompareContext(ctx *context.Context, before, head *git.Commit, headOwner, headName string) {
+	ctx.Data["BeforeCommit"] = before
+	ctx.Data["HeadCommit"] = head
+
+	ctx.Data["GetBlobByPathForCommit"] = func(commit *git.Commit, path string) *git.Blob {
+		if commit == nil {
+			return nil
+		}
+
+		blob, err := commit.GetBlobByPath(path)
+		if err != nil {
+			return nil
+		}
+		return blob
+	}
+
+	ctx.Data["GetSniffedTypeForBlob"] = func(blob *git.Blob) typesniffer.SniffedType {
+		st := typesniffer.SniffedType{}
+
+		if blob == nil {
+			return st
+		}
+
+		st, err := blob.GuessContentType()
+		if err != nil {
+			log.Error("GuessContentType failed: %v", err)
+			return st
+		}
+		return st
+	}
+
+	setPathsCompareContext(ctx, before, head, headOwner, headName)
+	setImageCompareContext(ctx)
+	setCsvCompareContext(ctx)
+}
+
+// SourceCommitURL creates a relative URL for a commit in the given repository
+func SourceCommitURL(owner, name string, commit *git.Commit) string {
+	return setting.AppSubURL + "/" + url.PathEscape(owner) + "/" + url.PathEscape(name) + "/src/commit/" + url.PathEscape(commit.ID.String())
+}
+
+// RawCommitURL creates a relative URL for the raw commit in the given repository
+func RawCommitURL(owner, name string, commit *git.Commit) string {
+	return setting.AppSubURL + "/" + url.PathEscape(owner) + "/" + url.PathEscape(name) + "/raw/commit/" + url.PathEscape(commit.ID.String())
+}
+
+// setPathsCompareContext sets context data for source and raw paths
+func setPathsCompareContext(ctx *context.Context, base, head *git.Commit, headOwner, headName string) {
+	ctx.Data["SourcePath"] = SourceCommitURL(headOwner, headName, head)
+	ctx.Data["RawPath"] = RawCommitURL(headOwner, headName, head)
+	if base != nil {
+		ctx.Data["BeforeSourcePath"] = SourceCommitURL(headOwner, headName, base)
+		ctx.Data["BeforeRawPath"] = RawCommitURL(headOwner, headName, base)
+	}
+}
+
+// setImageCompareContext sets context data that is required by image compare template
+func setImageCompareContext(ctx *context.Context) {
+	ctx.Data["IsSniffedTypeAnImage"] = func(st typesniffer.SniffedType) bool {
+		return st.IsImage() && (setting.UI.SVG.Enabled || !st.IsSvgImage())
+	}
+}
+
+// setCsvCompareContext sets context data that is required by the CSV compare template
+func setCsvCompareContext(ctx *context.Context) {
+	ctx.Data["IsCsvFile"] = func(diffFile *gitdiff.DiffFile) bool {
+		extension := strings.ToLower(filepath.Ext(diffFile.Name))
+		return extension == ".csv" || extension == ".tsv"
+	}
+
+	type CsvDiffResult struct {
+		Sections []*gitdiff.TableDiffSection
+		Error    string
+	}
+
+	ctx.Data["CreateCsvDiff"] = func(diffFile *gitdiff.DiffFile, baseBlob, headBlob *git.Blob) CsvDiffResult {
+		if diffFile == nil {
+			return CsvDiffResult{nil, ""}
+		}
+
+		errTooLarge := errors.New(ctx.Locale.TrString("repo.error.csv.too_large"))
+
+		csvReaderFromCommit := func(ctx *markup.RenderContext, blob *git.Blob) (*csv.Reader, io.Closer, error) {
+			if blob == nil {
+				// It's ok for blob to be nil (file added or deleted)
+				return nil, nil, nil
+			}
+
+			if setting.UI.CSV.MaxFileSize != 0 && setting.UI.CSV.MaxFileSize < blob.Size() {
+				return nil, nil, errTooLarge
+			}
+
+			reader, err := blob.DataAsync()
+			if err != nil {
+				return nil, nil, err
+			}
+			var closer io.Closer = reader
+			csvReader, err := csv_module.CreateReaderAndDetermineDelimiter(ctx, charset.ToUTF8WithFallbackReader(reader, charset.ConvertOpts{}))
+			return csvReader, closer, err
+		}
+
+		baseReader, baseBlobCloser, err := csvReaderFromCommit(markup.NewRenderContext(ctx).WithRelativePath(diffFile.OldName), baseBlob)
+		if baseBlobCloser != nil {
+			defer baseBlobCloser.Close()
+		}
+		if err != nil {
+			if err == errTooLarge {
+				return CsvDiffResult{nil, err.Error()}
+			}
+			log.Error("error whilst creating csv.Reader from file %s in base commit %s in %s: %v", diffFile.Name, baseBlob.ID.String(), ctx.Repo.Repository.Name, err)
+			return CsvDiffResult{nil, "unable to load file"}
+		}
+
+		headReader, headBlobCloser, err := csvReaderFromCommit(markup.NewRenderContext(ctx).WithRelativePath(diffFile.Name), headBlob)
+		if headBlobCloser != nil {
+			defer headBlobCloser.Close()
+		}
+		if err != nil {
+			if err == errTooLarge {
+				return CsvDiffResult{nil, err.Error()}
+			}
+			log.Error("error whilst creating csv.Reader from file %s in head commit %s in %s: %v", diffFile.Name, headBlob.ID.String(), ctx.Repo.Repository.Name, err)
+			return CsvDiffResult{nil, "unable to load file"}
+		}
+
+		sections, err := gitdiff.CreateCsvDiff(diffFile, baseReader, headReader)
+		if err != nil {
+			errMessage, err := csv_module.FormatError(err, ctx.Locale)
+			if err != nil {
+				log.Error("CreateCsvDiff FormatError failed: %v", err)
+				return CsvDiffResult{nil, "unknown csv diff error"}
+			}
+			return CsvDiffResult{nil, errMessage}
+		}
+		return CsvDiffResult{sections, ""}
+	}
+}
+
+type comparePageInfoType struct {
+	compareInfo      *git_service.CompareInfo
+	nothingToCompare bool
+	allowCreatePull  bool
+}
+
+func newComparePageInfo() *comparePageInfoType {
+	return &comparePageInfoType{}
+}
+
+// parseCompareInfo parse compare info between two commit for preparing comparing references
+func (cpi *comparePageInfoType) parseCompareInfo(ctx *context.Context) error {
+	baseRepo := ctx.Repo.Repository
+	fileOnly := ctx.FormBool("file-only")
+
+	// 1 Parse compare router param
+	compareReq := common.ParseCompareRouterParam(ctx.PathParam("*"))
+
+	// remove the check when we support compare with carets
+	if compareReq.BaseOriRefSuffix != "" {
+		return util.NewInvalidArgumentErrorf("unsupported comparison syntax: ref with suffix")
+	}
+
+	// 2 get repository and owner for head
+	headOwner, headRepo, err := common.GetHeadOwnerAndRepo(ctx, baseRepo, compareReq)
+	if err != nil {
+		return err
+	}
+
+	// 3 permission check
+	// base repository's code unit read permission check has been done on web.go
+	permBase := ctx.Repo.Permission
+
+	// If we're not merging from the same repo:
+	isSameRepo := baseRepo.ID == headRepo.ID
+	if !isSameRepo {
+		// Assert ctx.Doer has permission to read headRepo's codes
+		permHead, err := access_model.GetDoerRepoPermission(ctx, headRepo, ctx.Doer)
+		if err != nil {
+			return err
+		}
+		if !permHead.CanRead(unit.TypeCode) {
+			return util.NewNotExistErrorf("") // permission: no error message for end users
+		}
+		ctx.Data["CanWriteToHeadRepo"] = permHead.CanWrite(unit.TypeCode)
+	}
+
+	// 4 get base and head refs
+	baseRefName := util.IfZero(compareReq.BaseOriRef, baseRepo.GetPullRequestTargetBranch(ctx))
+	headRefName := util.IfZero(compareReq.HeadOriRef, headRepo.DefaultBranch)
+
+	baseRef := ctx.Repo.GitRepo.UnstableGuessRefByShortName(baseRefName)
+	if baseRef == "" {
+		return util.NewNotExistErrorf("no base ref: %s", baseRefName)
+	}
+	headGitRepo, err := gitrepo.RepositoryFromRequestContextOrOpen(ctx, headRepo)
+	if err != nil {
+		return err
+	}
+
+	headRef := headGitRepo.UnstableGuessRefByShortName(headRefName)
+	if headRef == "" {
+		return util.NewNotExistErrorf("no head ref: %s", headRefName)
+	}
+
+	ctx.Data["BaseName"] = baseRepo.OwnerName
+	ctx.Data["BaseBranch"] = baseRef.ShortName() // for legacy templates
+	ctx.Data["HeadUser"] = headOwner
+	ctx.Data["HeadBranch"] = headRef.ShortName() // for legacy templates
+	ctx.Data["IsPull"] = true
+
+	context.InitRepoPullRequestCtx(ctx, baseRepo, headRepo)
+
+	// The current base and head repositories and branches may not
+	// actually be the intended branches that the user wants to
+	// create a pull-request from - but also determining the head
+	// repo is difficult.
+
+	// We will want therefore to offer a few repositories to set as
+	// our base and head
+
+	// 1. First if the baseRepo is a fork get the "RootRepo" it was
+	// forked from
+	var rootRepo *repo_model.Repository
+	if baseRepo.IsFork {
+		err = baseRepo.GetBaseRepo(ctx)
+		if err != nil && !repo_model.IsErrRepoNotExist(err) {
+			return err
+		} else if err == nil {
+			rootRepo = baseRepo.BaseRepo
+		}
+	}
+
+	// 2. Now if the current user is not the owner of the baseRepo,
+	// check if they have a fork of the base repo and offer that as
+	// "OwnForkRepo"
+	var ownForkRepo *repo_model.Repository
+	if ctx.Doer != nil && baseRepo.OwnerID != ctx.Doer.ID {
+		repo := repo_model.GetForkedRepo(ctx, ctx.Doer.ID, baseRepo.ID)
+		if repo != nil {
+			ownForkRepo = repo
+			ctx.Data["OwnForkRepo"] = ownForkRepo
+		}
+	}
+
+	ctx.Data["HeadRepo"] = headRepo
+	ctx.Data["BaseCompareRepo"] = ctx.Repo.Repository
+
+	// If we have a rootRepo, and it's different from:
+	// 1. the computed base
+	// 2. the computed head
+	// then get the branches of it
+	if rootRepo != nil &&
+		rootRepo.ID != headRepo.ID &&
+		rootRepo.ID != baseRepo.ID {
+		canRead := access_model.CheckRepoUnitUser(ctx, rootRepo, ctx.Doer, unit.TypeCode)
+		if canRead {
+			ctx.Data["RootRepo"] = rootRepo
+			if !fileOnly {
+				branches, tags, err := getBranchesAndTagsForRepo(ctx, rootRepo)
+				if err != nil {
+					return err
+				}
+				ctx.Data["RootRepoBranches"] = branches
+				ctx.Data["RootRepoTags"] = tags
+			}
+		}
+	}
+
+	// If we have a ownForkRepo, and it's different from:
+	// 1. The computed base
+	// 2. The computed head
+	// 3. The rootRepo (if we have one)
+	// then get the branches from it.
+	if ownForkRepo != nil &&
+		ownForkRepo.ID != headRepo.ID &&
+		ownForkRepo.ID != baseRepo.ID &&
+		(rootRepo == nil || ownForkRepo.ID != rootRepo.ID) {
+		canRead := access_model.CheckRepoUnitUser(ctx, ownForkRepo, ctx.Doer, unit.TypeCode)
+		if canRead {
+			ctx.Data["OwnForkRepo"] = ownForkRepo
+			if !fileOnly {
+				branches, tags, err := getBranchesAndTagsForRepo(ctx, ownForkRepo)
+				if err != nil {
+					return err
+				}
+				ctx.Data["OwnForkRepoBranches"] = branches
+				ctx.Data["OwnForkRepoTags"] = tags
+			}
+		}
+	}
+
+	compareInfo, err := git_service.GetCompareInfo(ctx, baseRepo, headRepo, headGitRepo, baseRef, headRef, compareReq.DirectComparison(), fileOnly)
+	if err != nil {
+		return err
+	}
+
+	// Treat as pull request if both references are branches
+	cpi.allowCreatePull = baseRef.IsBranch() && headRef.IsBranch() && permBase.CanReadIssuesOrPulls(true)
+	cpi.allowCreatePull = cpi.allowCreatePull && compareInfo.CompareBase != ""
+	cpi.compareInfo = &compareInfo
+	return nil
+}
+
+// autoTitleFromBranchName humanizes a branch name into a PR title.
+func autoTitleFromBranchName(name string) string {
+	var buf strings.Builder
+	var prevIsSpace bool
+	runes := []rune(name)
+	for i, r := range runes {
+		isSpace := unicode.IsSpace(r)
+		if r == '-' || r == '_' || isSpace {
+			if !prevIsSpace {
+				buf.WriteRune(' ')
+			}
+			prevIsSpace = true
+			continue
+		}
+		if !prevIsSpace && unicode.IsUpper(r) {
+			needSpace := i > 0 && unicode.IsLower(runes[i-1]) || i < len(runes)-1 && unicode.IsLower(runes[i+1])
+			if needSpace {
+				buf.WriteRune(' ')
+			}
+		}
+		buf.WriteRune(unicode.ToLower(r))
+		prevIsSpace = isSpace
+	}
+	out := strings.TrimSpace(buf.String())
+	if out == "" {
+		return out
+	}
+	outRunes := []rune(out)
+	outRunes[0] = unicode.ToUpper(outRunes[0])
+	return string(outRunes)
+}
+
+func prepareNewPullRequestTitleContent(ci *git_service.CompareInfo, commits []*git_model.SignCommitWithStatuses, defaultTitleSource string) (title, content string) {
+	useFirstCommitAsTitle := len(commits) == 1 || (defaultTitleSource == setting.RepoPRTitleSourceFirstCommit && len(commits) > 0)
+	if useFirstCommitAsTitle {
+		// the "commits" are from "ShowPrettyFormatLogToList", which is ordered from newest to oldest, here take the oldest one
+		c := commits[len(commits)-1]
+		title = c.UserCommit.MessageTitle()
+	} else {
+		title = autoTitleFromBranchName(ci.HeadRef.ShortName())
+	}
+
+	if len(commits) == 1 {
+		c := commits[0]
+		content = c.MessageBody()
+	}
+
+	var titleTrailer string
+	// TODO: 255 doesn't seem to be a good limit for title, just keep the old behavior
+	title, titleTrailer = util.EllipsisDisplayStringX(title, 255)
+	if titleTrailer != "" {
+		if content != "" {
+			content = titleTrailer + "\n\n" + content
+		} else {
+			content = titleTrailer + "\n"
+		}
+	}
+	return title, content
+}
+
+// prepareCompareDiff renders compare diff page. TODO: need to refactor it and other "compare diff" related functions together
+func (cpi *comparePageInfoType) prepareCompareDiff(ctx *context.Context, whitespaceBehavior gitcmd.TrustedCmdArgs) {
+	ci := cpi.compareInfo
+	if ci.CompareBase == "" {
+		cpi.nothingToCompare = true
+		return
+	}
+	repo := ctx.Repo.Repository
+	headCommitID := ci.HeadCommitID
+
+	ctx.Data["CommitRepoLink"] = ci.HeadRepo.Link()
+	ctx.Data["BeforeCommitID"] = ci.CompareBase
+	ctx.Data["AfterCommitID"] = headCommitID
+
+	// follow GitHub's behavior: autofill the form and expand
+	newPrFormTitle := ctx.FormTrim("title")
+	newPrFormBody := ctx.FormTrim("body")
+	ctx.Data["ExpandNewPrForm"] = ctx.FormBool("expand") || ctx.FormBool("quick_pull") || newPrFormTitle != "" || newPrFormBody != ""
+	ctx.Data["TitleQuery"] = newPrFormTitle
+	ctx.Data["BodyQuery"] = newPrFormBody
+
+	if headCommitID == ci.CompareBase {
+		config := repo.MustGetUnit(ctx, unit.TypePullRequests).PullRequestsConfig()
+		// if auto-detect manual merge, an empty PR will be closed immediately because it is already on base branch
+		supportEmptyPr := !config.AutodetectManualMerge
+		acrossRepoPr := !ci.IsSameRef()
+		ctx.Data["AllowEmptyPr"] = supportEmptyPr && acrossRepoPr
+
+		cpi.nothingToCompare = true
+		return
+	}
+
+	beforeCommitID := ci.CompareBase
+
+	maxLines, maxFiles := setting.Git.MaxGitDiffLines, setting.Git.MaxGitDiffFiles
+	files := ctx.FormStrings("files")
+	if len(files) == 2 || len(files) == 1 {
+		maxLines, maxFiles = -1, -1
+	}
+
+	fileOnly := ctx.FormBool("file-only")
+
+	diff, err := gitdiff.GetDiffForRender(ctx, ci.HeadRepo.Link(), ci.HeadGitRepo,
+		&gitdiff.DiffOptions{
+			BeforeCommitID:     beforeCommitID,
+			AfterCommitID:      headCommitID,
+			SkipTo:             ctx.FormString("skip-to"),
+			MaxLines:           maxLines,
+			MaxLineCharacters:  setting.Git.MaxGitDiffLineCharacters,
+			MaxFiles:           maxFiles,
+			WhitespaceBehavior: whitespaceBehavior,
+			DirectComparison:   ci.DirectComparison(),
+		}, ctx.FormStrings("files")...)
+	if err != nil {
+		ctx.ServerError("GetDiff", err)
+		return
+	}
+	diffShortStat, err := gitdiff.GetDiffShortStat(ctx, ci.HeadRepo, ci.HeadGitRepo, beforeCommitID, headCommitID)
+	if err != nil {
+		ctx.ServerError("GetDiffShortStat", err)
+		return
+	}
+	ctx.Data["DiffShortStat"] = diffShortStat
+	ctx.Data["Diff"] = diff
+	ctx.Data["DiffBlobExcerptData"] = &gitdiff.DiffBlobExcerptData{
+		BaseLink:      ci.HeadRepo.Link() + "/blob_excerpt",
+		DiffStyle:     GetDiffViewStyle(ctx),
+		AfterCommitID: headCommitID,
+	}
+	ctx.Data["DiffNotAvailable"] = diffShortStat.NumFiles == 0
+
+	if !fileOnly {
+		diffTree, err := gitdiff.GetDiffTree(ctx, ci.HeadGitRepo, false, beforeCommitID, headCommitID)
+		if err != nil {
+			ctx.ServerError("GetDiffTree", err)
+			return
+		}
+
+		renderedIconPool := fileicon.NewRenderedIconPool()
+		ctx.PageData["DiffFileTree"] = transformDiffTreeForWeb(renderedIconPool, diffTree, nil)
+		ctx.PageData["FolderIcon"] = fileicon.RenderEntryIconHTML(renderedIconPool, fileicon.EntryInfoFolder())
+		ctx.PageData["FolderOpenIcon"] = fileicon.RenderEntryIconHTML(renderedIconPool, fileicon.EntryInfoFolderOpen())
+		ctx.Data["FileIconPoolHTML"] = renderedIconPool.RenderToHTML()
+	}
+
+	headCommit, err := ci.HeadGitRepo.GetCommit(headCommitID)
+	if err != nil {
+		ctx.ServerError("GetCommit", err)
+		return
+	}
+
+	baseGitRepo := ctx.Repo.GitRepo
+
+	beforeCommit, err := baseGitRepo.GetCommit(beforeCommitID)
+	if err != nil {
+		ctx.ServerError("GetCommit", err)
+		return
+	}
+
+	commits, err := processGitCommits(ctx, ci.Commits)
+	if err != nil {
+		ctx.ServerError("processGitCommits", err)
+		return
+	}
+	ctx.Data["Commits"] = commits
+	ctx.Data["CommitCount"] = len(commits)
+
+	ctx.Data["title"], ctx.Data["content"] = prepareNewPullRequestTitleContent(ci, commits, setting.Repository.PullRequest.DefaultTitleSource)
+
+	setCompareContext(ctx, beforeCommit, headCommit, ci.HeadRepo.OwnerName, repo.Name)
+}
+
+func getBranchesAndTagsForRepo(ctx gocontext.Context, repo *repo_model.Repository) (branches, tags []string, err error) {
+	branches, err = git_model.FindBranchNames(ctx, git_model.FindBranchOptions{
+		RepoID:          repo.ID,
+		ListOptions:     db.ListOptionsAll,
+		IsDeletedBranch: optional.Some(false),
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+	tags, err = repo_model.GetTagNamesByRepoID(ctx, repo.ID)
+	if err != nil {
+		return nil, nil, err
+	}
+	return branches, tags, nil
+}
+
+// CompareDiff show different from one commit to another commit
+func CompareDiff(ctx *context.Context) {
+	comparePageInfo := newComparePageInfo()
+	err := comparePageInfo.parseCompareInfo(ctx)
+	if errors.Is(err, util.ErrNotExist) || errors.Is(err, util.ErrInvalidArgument) {
+		ctx.NotFound(nil)
+		return
+	} else if err != nil {
+		ctx.ServerError("ParseCompareInfo", err)
+		return
+	}
+	ci := comparePageInfo.compareInfo
+	ctx.Data["PageIsViewCode"] = true
+	ctx.Data["PullRequestWorkInProgressPrefixes"] = setting.Repository.PullRequest.WorkInProgressPrefixes
+	ctx.Data["CompareInfo"] = ci
+
+	// TODO: need to refactor "prepare compare" related functions together
+	comparePageInfo.prepareCompareDiff(ctx, gitdiff.GetWhitespaceFlag(GetWhitespaceBehavior(ctx)))
+	if ctx.Written() {
+		return
+	}
+
+	baseTags, err := repo_model.GetTagNamesByRepoID(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("GetTagNamesByRepoID", err)
+		return
+	}
+	ctx.Data["Tags"] = baseTags
+
+	fileOnly := ctx.FormBool("file-only")
+	if fileOnly {
+		ctx.HTML(http.StatusOK, tplDiffBox)
+		return
+	}
+
+	headBranches, headTags, err := getBranchesAndTagsForRepo(ctx, ci.HeadRepo)
+	if err != nil {
+		ctx.ServerError("GetBranchesAndTagsForRepo", err)
+		return
+	}
+	ctx.Data["HeadBranches"] = headBranches
+	ctx.Data["HeadTags"] = headTags
+
+	// For compare repo branches
+	PrepareBranchList(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if ci.CompareBase != "" {
+		comparePageInfo.prepareCreatePullRequestPage(ctx)
+		if ctx.Written() {
+			return
+		}
+	} else {
+		ctx.Flash.Error(ctx.Tr("repo.pulls.no_common_history"), true)
+		ctx.Data["CommitCount"] = 0
+	}
+	ctx.Data["PageIsComparePull"] = comparePageInfo.allowCreatePull
+	ctx.Data["IsNothingToCompare"] = comparePageInfo.nothingToCompare
+	ctx.HTML(http.StatusOK, tplCompare)
+}
+
+func (cpi *comparePageInfoType) prepareCreatePullRequestPage(ctx *context.Context) {
+	ci := cpi.compareInfo
+	if cpi.allowCreatePull {
+		pr, err := issues_model.GetUnmergedPullRequest(ctx, ci.HeadRepo.ID, ctx.Repo.Repository.ID, ci.HeadRef.ShortName(), ci.BaseRef.ShortName(), issues_model.PullRequestFlowGithub)
+		if err != nil {
+			if !issues_model.IsErrPullRequestNotExist(err) {
+				ctx.ServerError("GetUnmergedPullRequest", err)
+				return
+			}
+		} else {
+			ctx.Data["HasPullRequest"] = true
+			if err := pr.LoadIssue(ctx); err != nil {
+				ctx.ServerError("LoadIssue", err)
+				return
+			}
+			ctx.Data["PullRequest"] = pr
+			return
+		}
+
+		if !cpi.nothingToCompare {
+			// Setup information for new form.
+			pageMetaData := retrieveRepoIssueMetaData(ctx, ctx.Repo.Repository, nil, true)
+			if ctx.Written() {
+				return
+			}
+			_, templateErrs := setTemplateIfExists(ctx, pullRequestTemplateKey, pullRequestTemplateCandidates, pageMetaData)
+			if len(templateErrs) > 0 {
+				ctx.Flash.Warning(renderErrorOfTemplates(ctx, templateErrs), true)
+			}
+		}
+	}
+	beforeCommitID := cpi.compareInfo.CompareBase
+	afterCommitID := cpi.compareInfo.HeadCommitID
+
+	ctx.Data["Title"] = "Comparing " + base.ShortSha(beforeCommitID) + ci.CompareSeparator + base.ShortSha(afterCommitID)
+
+	ctx.Data["IsDiffCompare"] = true
+
+	if content, ok := ctx.Data["content"].(string); ok && content != "" {
+		// If a template content is set, prepend the "content". In this case that's only
+		// applicable if you have one commit to compare and that commit has a message.
+		// In that case the commit message will be prepended to the template body.
+		if templateContent, ok := ctx.Data[pullRequestTemplateKey].(string); ok && templateContent != "" {
+			// Re-use the same key as that's prioritized over the "content" key.
+			// Add two new lines between the content to ensure there's always at least
+			// one empty line between them.
+			ctx.Data[pullRequestTemplateKey] = content + "\n\n" + templateContent
+		}
+
+		// When using form fields, also add content to field with id "body".
+		if fields, ok := ctx.Data["Fields"].([]*api.IssueFormField); ok {
+			for _, field := range fields {
+				if field.ID == "body" {
+					if fieldValue, ok := field.Attributes["value"].(string); ok && fieldValue != "" {
+						field.Attributes["value"] = content + "\n\n" + fieldValue
+					} else {
+						field.Attributes["value"] = content
+					}
+				}
+			}
+		}
+	}
+
+	ctx.Data["IsProjectsEnabled"] = ctx.Repo.Permission.CanWrite(unit.TypeProjects)
+	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
+	upload.AddUploadContext(ctx, "comment")
+
+	ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWrite(unit.TypePullRequests)
+
+	prConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypePullRequests).PullRequestsConfig()
+	ctx.Data["AllowMaintainerEdit"] = prConfig.DefaultAllowMaintainerEdit
+}
+
+// attachCommentsToLines attaches comments to their corresponding diff lines
+func attachCommentsToLines(section *gitdiff.DiffSection, lineComments map[int64][]*issues_model.Comment) {
+	for _, line := range section.Lines {
+		if comments, ok := lineComments[int64(line.LeftIdx*-1)]; ok {
+			line.Comments = append(line.Comments, comments...)
+		}
+		if comments, ok := lineComments[int64(line.RightIdx)]; ok {
+			line.Comments = append(line.Comments, comments...)
+		}
+		sort.SliceStable(line.Comments, func(i, j int) bool {
+			return line.Comments[i].CreatedUnix < line.Comments[j].CreatedUnix
+		})
+	}
+}
+
+// attachHiddenCommentIDs calculates and attaches hidden comment IDs to expand buttons
+func attachHiddenCommentIDs(section *gitdiff.DiffSection, lineComments map[int64][]*issues_model.Comment) {
+	for _, line := range section.Lines {
+		gitdiff.FillHiddenCommentIDsForDiffLine(line, lineComments)
+	}
+}
+
+// ExcerptBlob render blob excerpt contents
+func ExcerptBlob(ctx *context.Context) {
+	commitID := ctx.PathParam("sha")
+	opts := gitdiff.BlobExcerptOptions{
+		LastLeft:      ctx.FormInt("last_left"),
+		LastRight:     ctx.FormInt("last_right"),
+		LeftIndex:     ctx.FormInt("left"),
+		RightIndex:    ctx.FormInt("right"),
+		LeftHunkSize:  ctx.FormInt("left_hunk_size"),
+		RightHunkSize: ctx.FormInt("right_hunk_size"),
+		Direction:     ctx.FormString("direction"),
+		Language:      ctx.FormString("filelang"),
+	}
+	filePath := ctx.FormString("path")
+	gitRepo := ctx.Repo.GitRepo
+
+	diffBlobExcerptData := &gitdiff.DiffBlobExcerptData{
+		BaseLink:      ctx.Repo.RepoLink + "/blob_excerpt",
+		DiffStyle:     GetDiffViewStyle(ctx),
+		AfterCommitID: commitID,
+	}
+
+	if ctx.Data["PageIsWiki"] == true {
+		var err error
+		gitRepo, err = gitrepo.RepositoryFromRequestContextOrOpen(ctx, ctx.Repo.Repository.WikiStorageRepo())
+		if err != nil {
+			ctx.ServerError("OpenRepository", err)
+			return
+		}
+		diffBlobExcerptData.BaseLink = ctx.Repo.RepoLink + "/wiki/blob_excerpt"
+	}
+
+	commit, err := gitRepo.GetCommit(commitID)
+	if err != nil {
+		ctx.ServerError("GetCommit", err)
+		return
+	}
+	blob, err := commit.Tree.GetBlobByPath(filePath)
+	if err != nil {
+		ctx.ServerError("GetBlobByPath", err)
+		return
+	}
+	reader, err := blob.DataAsync()
+	if err != nil {
+		ctx.ServerError("DataAsync", err)
+		return
+	}
+	defer reader.Close()
+
+	section, err := gitdiff.BuildBlobExcerptDiffSection(filePath, reader, opts)
+	if err != nil {
+		ctx.ServerError("BuildBlobExcerptDiffSection", err)
+		return
+	}
+
+	diffBlobExcerptData.PullIssueIndex = ctx.FormInt64("pull_issue_index")
+	if diffBlobExcerptData.PullIssueIndex > 0 {
+		if !ctx.Repo.Permission.CanRead(unit.TypePullRequests) {
+			ctx.NotFound(nil)
+			return
+		}
+
+		issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, diffBlobExcerptData.PullIssueIndex)
+		if err != nil {
+			log.Error("GetIssueByIndex error: %v", err)
+		} else if issue.IsPull {
+			// FIXME: DIFF-CONVERSATION-DATA: the following data assignment is fragile
+			ctx.Data["Issue"] = issue
+			ctx.Data["CanBlockUser"] = func(blocker, blockee *user_model.User) bool {
+				return user_service.CanBlockUser(ctx, ctx.Doer, blocker, blockee)
+			}
+			// and "diff/comment_form.tmpl" (reply comment) needs them
+			ctx.Data["PageIsPullFiles"] = true
+			ctx.Data["AfterCommitID"] = diffBlobExcerptData.AfterCommitID
+
+			allComments, err := issues_model.FetchCodeComments(ctx, issue, ctx.Doer, ctx.FormBool("show_outdated"))
+			if err != nil {
+				log.Error("FetchCodeComments error: %v", err)
+			} else {
+				if lineComments, ok := allComments[filePath]; ok {
+					attachCommentsToLines(section, lineComments)
+					attachHiddenCommentIDs(section, lineComments)
+				}
+			}
+		}
+	}
+
+	ctx.Data["section"] = section
+	ctx.Data["FileNameHash"] = git.HashFilePathForWebUI(filePath)
+	ctx.Data["DiffBlobExcerptData"] = diffBlobExcerptData
+
+	ctx.HTML(http.StatusOK, tplBlobExcerpt)
+}
@@ -0,0 +1,126 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"strings"
+	"testing"
+
+	asymkey_model "gitea.dev/models/asymkey"
+	git_model "gitea.dev/models/git"
+	issues_model "gitea.dev/models/issues"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/setting"
+	git_service "gitea.dev/services/git"
+	"gitea.dev/services/gitdiff"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAttachCommentsToLines(t *testing.T) {
+	section := &gitdiff.DiffSection{
+		Lines: []*gitdiff.DiffLine{
+			{LeftIdx: 5, RightIdx: 10},
+			{LeftIdx: 6, RightIdx: 11},
+		},
+	}
+
+	lineComments := map[int64][]*issues_model.Comment{
+		-5: {{ID: 100, CreatedUnix: 1000}},                               // left side comment
+		10: {{ID: 200, CreatedUnix: 2000}},                               // right side comment
+		11: {{ID: 300, CreatedUnix: 1500}, {ID: 301, CreatedUnix: 2500}}, // multiple comments
+	}
+
+	attachCommentsToLines(section, lineComments)
+
+	// First line should have left and right comments
+	assert.Len(t, section.Lines[0].Comments, 2)
+	assert.Equal(t, int64(100), section.Lines[0].Comments[0].ID)
+	assert.Equal(t, int64(200), section.Lines[0].Comments[1].ID)
+
+	// Second line should have two comments, sorted by creation time
+	assert.Len(t, section.Lines[1].Comments, 2)
+	assert.Equal(t, int64(300), section.Lines[1].Comments[0].ID)
+	assert.Equal(t, int64(301), section.Lines[1].Comments[1].ID)
+}
+
+func TestNewPullRequestTitleContent(t *testing.T) {
+	ci := &git_service.CompareInfo{HeadRef: "refs/heads/head-branch"}
+
+	mockCommit := func(msg string) *git_model.SignCommitWithStatuses {
+		return &git_model.SignCommitWithStatuses{
+			SignCommit: &asymkey_model.SignCommit{
+				UserCommit: &user_model.UserCommit{
+					Commit: &git.Commit{
+						CommitMessage: git.CommitMessage{MessageRaw: msg},
+					},
+				},
+			},
+		}
+	}
+
+	// no commit
+	title, content := prepareNewPullRequestTitleContent(ci, nil, setting.RepoPRTitleSourceAuto)
+	assert.Equal(t, "Head branch", title)
+	assert.Empty(t, content)
+
+	title, content = prepareNewPullRequestTitleContent(ci, nil, setting.RepoPRTitleSourceFirstCommit)
+	assert.Equal(t, "Head branch", title)
+	assert.Empty(t, content)
+
+	// single commit
+	title, content = prepareNewPullRequestTitleContent(ci, []*git_model.SignCommitWithStatuses{mockCommit("single-commit-title\nbody")}, setting.RepoPRTitleSourceAuto)
+	assert.Equal(t, "single-commit-title", title)
+	assert.Equal(t, "body", content)
+
+	title, content = prepareNewPullRequestTitleContent(ci, []*git_model.SignCommitWithStatuses{mockCommit("single-commit-title\nbody")}, setting.RepoPRTitleSourceFirstCommit)
+	assert.Equal(t, "single-commit-title", title)
+	assert.Equal(t, "body", content)
+
+	// multiple commits
+	commits := []*git_model.SignCommitWithStatuses{
+		// ordered from newest to oldest
+		mockCommit("title2\nbody2"),
+		mockCommit("title1\nbody1"),
+	}
+	title, content = prepareNewPullRequestTitleContent(ci, commits, setting.RepoPRTitleSourceAuto)
+	assert.Equal(t, "Head branch", title)
+	assert.Empty(t, content)
+
+	title, content = prepareNewPullRequestTitleContent(ci, commits, setting.RepoPRTitleSourceFirstCommit)
+	assert.Equal(t, "title1", title)
+	assert.Empty(t, content)
+
+	// title string handling
+	title, content = prepareNewPullRequestTitleContent(ci, []*git_model.SignCommitWithStatuses{mockCommit("title-" + strings.Repeat("a", 255))}, setting.RepoPRTitleSourceFirstCommit)
+	assert.Equal(t, "title-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa…", title)
+	assert.Equal(t, "…aaaaaaaaa\n", content)
+
+	title, content = prepareNewPullRequestTitleContent(ci, []*git_model.SignCommitWithStatuses{mockCommit("title \xf0\nbody \xf0")}, setting.RepoPRTitleSourceFirstCommit)
+	assert.Equal(t, "title ð", title)
+	assert.Equal(t, "body ð", content)
+}
+
+func TestAutoTitleFromBranchName(t *testing.T) {
+	cases := []struct {
+		branch string
+		want   string
+	}{
+		{"fix/the-bug", "Fix/the bug"},
+		{"Already-Capitalized", "Already capitalized"},
+		{"ALL-CAPS-BRANCH", "All caps branch"},
+		{"FixHTMLBug", "Fix html bug"},
+		{"MixedCase-Name", "Mixed case name"},
+		{"fooBar-baz", "Foo bar baz"},
+		{"foo/BAR", "Foo/bar"},
+		{"_leading-underscore", "Leading underscore"},
+		{"CamelCase", "Camel case"},
+		{"foo--double-dash", "Foo double dash"},
+		{"123-fix", "123 fix"},
+	}
+	for _, c := range cases {
+		assert.Equal(t, c.want, autoTitleFromBranchName(c.branch), "branch: %q", c.branch)
+	}
+}
@@ -0,0 +1,38 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"net/http"
+
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+	contributors_service "gitea.dev/services/repository"
+)
+
+const (
+	tplContributors templates.TplName = "repo/activity"
+)
+
+// Contributors render the page to show repository contributors graph
+func Contributors(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.activity.navbar.contributors")
+	ctx.Data["PageIsActivity"] = true
+	ctx.Data["PageIsContributors"] = true
+	ctx.HTML(http.StatusOK, tplContributors)
+}
+
+// ContributorsData renders JSON of contributors along with their weekly commit statistics
+func ContributorsData(ctx *context.Context) {
+	if contributorStats, err := contributors_service.GetContributorStats(ctx, ctx.Cache, ctx.Repo.Repository, ctx.Repo.Repository.DefaultBranch); err != nil {
+		if errors.Is(err, contributors_service.ErrAwaitGeneration) {
+			ctx.Status(http.StatusAccepted)
+			return
+		}
+		ctx.ServerError("GetContributorStats", err)
+	} else {
+		ctx.JSON(http.StatusOK, contributorStats)
+	}
+}
@@ -0,0 +1,165 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"time"
+
+	auth_model "gitea.dev/models/auth"
+	git_model "gitea.dev/models/git"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/httpcache"
+	"gitea.dev/modules/httplib"
+	"gitea.dev/modules/lfs"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/storage"
+	"gitea.dev/routers/common"
+	"gitea.dev/services/context"
+)
+
+func checkDownloadTokenScope(ctx *context.Context) bool {
+	context.CheckRepoScopedToken(ctx, ctx.Repo.Repository, auth_model.Read)
+	return !ctx.Written()
+}
+
+// ServeBlobOrLFS download a git.Blob redirecting to LFS if necessary
+func ServeBlobOrLFS(ctx *context.Context, blob *git.Blob, lastModified *time.Time) error {
+	if httpcache.HandleGenericETagPrivateCache(ctx.Req, ctx.Resp, `"`+blob.ID.String()+`"`, lastModified) {
+		return nil
+	}
+
+	lfsPointerBuf, err := blob.GetBlobBytes(lfs.MetaFileMaxSize)
+	if err != nil {
+		return err
+	}
+
+	pointer, _ := lfs.ReadPointerFromBuffer(lfsPointerBuf)
+	if pointer.IsValid() {
+		meta, _ := git_model.GetLFSMetaObjectByOid(ctx, ctx.Repo.Repository.ID, pointer.Oid)
+		if meta == nil {
+			return common.ServeBlob(ctx.Base, ctx.Repo.Repository, ctx.Repo.TreePath, blob, lastModified)
+		}
+		if httpcache.HandleGenericETagPrivateCache(ctx.Req, ctx.Resp, `"`+pointer.Oid+`"`, meta.UpdatedUnix.AsTimePtr()) {
+			return nil
+		}
+
+		if setting.LFS.Storage.ServeDirect() {
+			// If we have a signed url (S3, object storage, blob storage), redirect to this directly.
+			u, err := storage.LFS.ServeDirectURL(pointer.RelativePath(), blob.Name(), ctx.Req.Method, nil)
+			if u != nil && err == nil {
+				ctx.Redirect(u.String())
+				return nil
+			}
+		}
+
+		lfsDataFile, err := lfs.ReadMetaObject(meta.Pointer)
+		if err != nil {
+			return err
+		}
+		defer lfsDataFile.Close()
+		httplib.ServeUserContentByFile(ctx.Req, ctx.Resp, lfsDataFile, httplib.ServeHeaderOptions{Filename: ctx.Repo.TreePath})
+		return nil
+	}
+
+	return common.ServeBlob(ctx.Base, ctx.Repo.Repository, ctx.Repo.TreePath, blob, lastModified)
+}
+
+func getBlobForEntry(ctx *context.Context) (*git.Blob, *time.Time) {
+	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(ctx.Repo.TreePath)
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound(err)
+		} else {
+			ctx.ServerError("GetTreeEntryByPath", err)
+		}
+		return nil, nil
+	}
+
+	if entry.IsDir() || entry.IsSubModule() {
+		ctx.NotFound(nil)
+		return nil, nil
+	}
+
+	latestCommit, err := ctx.Repo.GitRepo.GetTreePathLatestCommit(ctx.Repo.Commit.ID.String(), ctx.Repo.TreePath)
+	if err != nil {
+		ctx.ServerError("GetTreePathLatestCommit", err)
+		return nil, nil
+	}
+	lastModified := &latestCommit.Committer.When
+
+	return entry.Blob(), lastModified
+}
+
+// SingleDownload download a file by repos path
+func SingleDownload(ctx *context.Context) {
+	if !checkDownloadTokenScope(ctx) {
+		return
+	}
+
+	blob, lastModified := getBlobForEntry(ctx)
+	if blob == nil {
+		return
+	}
+
+	if err := common.ServeBlob(ctx.Base, ctx.Repo.Repository, ctx.Repo.TreePath, blob, lastModified); err != nil {
+		ctx.ServerError("ServeBlob", err)
+	}
+}
+
+// SingleDownloadOrLFS download a file by repos path redirecting to LFS if necessary
+func SingleDownloadOrLFS(ctx *context.Context) {
+	if !checkDownloadTokenScope(ctx) {
+		return
+	}
+
+	blob, lastModified := getBlobForEntry(ctx)
+	if blob == nil {
+		return
+	}
+
+	if err := ServeBlobOrLFS(ctx, blob, lastModified); err != nil {
+		ctx.ServerError("ServeBlobOrLFS", err)
+	}
+}
+
+// DownloadByID download a file by sha1 ID
+func DownloadByID(ctx *context.Context) {
+	if !checkDownloadTokenScope(ctx) {
+		return
+	}
+
+	blob, err := ctx.Repo.GitRepo.GetBlob(ctx.PathParam("sha"))
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetBlob", err)
+		}
+		return
+	}
+	if err = common.ServeBlob(ctx.Base, ctx.Repo.Repository, ctx.Repo.TreePath, blob, nil); err != nil {
+		ctx.ServerError("ServeBlob", err)
+	}
+}
+
+// DownloadByIDOrLFS download a file by sha1 ID taking account of LFS
+func DownloadByIDOrLFS(ctx *context.Context) {
+	if !checkDownloadTokenScope(ctx) {
+		return
+	}
+
+	blob, err := ctx.Repo.GitRepo.GetBlob(ctx.PathParam("sha"))
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetBlob", err)
+		}
+		return
+	}
+	if err = ServeBlobOrLFS(ctx, blob, nil); err != nil {
+		ctx.ServerError("ServeBlob", err)
+	}
+}
@@ -0,0 +1,484 @@
+// Copyright 2016 The Gogs Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"net/http"
+	"path"
+	"strings"
+
+	git_model "gitea.dev/models/git"
+	"gitea.dev/models/issues"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/charset"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/httplib"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/context/upload"
+	"gitea.dev/services/forms"
+	files_service "gitea.dev/services/repository/files"
+)
+
+const (
+	tplEditFile        templates.TplName = "repo/editor/edit"
+	tplEditDiffPreview templates.TplName = "repo/editor/diff_preview"
+	tplDeleteFile      templates.TplName = "repo/editor/delete"
+	tplUploadFile      templates.TplName = "repo/editor/upload"
+	tplPatchFile       templates.TplName = "repo/editor/patch"
+	tplCherryPick      templates.TplName = "repo/editor/cherry_pick"
+
+	editorCommitChoiceDirect    string = "direct"
+	editorCommitChoiceNewBranch string = "commit-to-new-branch"
+)
+
+func prepareEditorPage(ctx *context.Context, editorAction string) *context.CommitFormOptions {
+	prepareHomeTreeSideBarSwitch(ctx)
+	return prepareEditorPageFormOptions(ctx, editorAction)
+}
+
+func prepareEditorPageFormOptions(ctx *context.Context, editorAction string) *context.CommitFormOptions {
+	cleanedTreePath := files_service.CleanGitTreePath(ctx.Repo.TreePath)
+	if cleanedTreePath != ctx.Repo.TreePath {
+		redirectTo := fmt.Sprintf("%s/%s/%s/%s", ctx.Repo.RepoLink, editorAction, util.PathEscapeSegments(ctx.Repo.BranchName), util.PathEscapeSegments(cleanedTreePath))
+		if ctx.Req.URL.RawQuery != "" {
+			redirectTo += "?" + ctx.Req.URL.RawQuery
+		}
+		ctx.Redirect(redirectTo)
+		return nil
+	}
+
+	commitFormOptions, err := context.PrepareCommitFormOptions(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.Permission, ctx.Repo.RefFullName)
+	if err != nil {
+		ctx.ServerError("PrepareCommitFormOptions", err)
+		return nil
+	}
+
+	if commitFormOptions.NeedFork {
+		ForkToEdit(ctx)
+		return nil
+	}
+
+	if commitFormOptions.WillSubmitToFork && !commitFormOptions.TargetRepo.CanEnableEditor() {
+		ctx.Data["NotFoundPrompt"] = ctx.Locale.Tr("repo.editor.fork_not_editable")
+		ctx.NotFound(nil)
+	}
+
+	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL()
+	ctx.Data["TreePath"] = ctx.Repo.TreePath
+	ctx.Data["CommitFormOptions"] = commitFormOptions
+
+	// for online editor
+	ctx.Data["IsEditingFileOnly"] = ctx.FormString("return_uri") != ""
+	ctx.Data["ReturnURI"] = ctx.FormString("return_uri")
+
+	// form fields
+	ctx.Data["commit_summary"] = ""
+	ctx.Data["commit_message"] = ""
+	ctx.Data["commit_choice"] = util.Iif(commitFormOptions.CanCommitToBranch, editorCommitChoiceDirect, editorCommitChoiceNewBranch)
+	ctx.Data["new_branch_name"] = getUniquePatchBranchName(ctx, ctx.Doer.LowerName, commitFormOptions.TargetRepo)
+	ctx.Data["last_commit"] = ctx.Repo.CommitID
+	return commitFormOptions
+}
+
+func prepareTreePathFieldsAndPaths(ctx *context.Context, treePath string) {
+	// show the tree path fields in the "breadcrumb" and help users to edit the target tree path
+	ctx.Data["TreeNames"], ctx.Data["TreePaths"] = getParentTreeFields(strings.TrimPrefix(treePath, "/"))
+}
+
+type preparedEditorCommitForm[T any] struct {
+	form              T
+	commonForm        *forms.CommitCommonForm
+	CommitFormOptions *context.CommitFormOptions
+	OldBranchName     string
+	NewBranchName     string
+	GitCommitter      *files_service.IdentityOptions
+}
+
+func (f *preparedEditorCommitForm[T]) GetCommitMessage(defaultCommitMessage string) string {
+	commitMessage := util.IfZero(strings.TrimSpace(f.commonForm.CommitSummary), defaultCommitMessage)
+	if body := strings.TrimSpace(f.commonForm.CommitMessage); body != "" {
+		commitMessage += "\n\n" + body
+	}
+	return commitMessage
+}
+
+func prepareEditorCommitSubmittedForm[T forms.CommitCommonFormInterface](ctx *context.Context) *preparedEditorCommitForm[T] {
+	form := web.GetForm(ctx).(T)
+	if ctx.HasError() {
+		ctx.JSONError(ctx.GetErrMsg())
+		return nil
+	}
+
+	commonForm := form.GetCommitCommonForm()
+	commonForm.TreePath = files_service.CleanGitTreePath(commonForm.TreePath)
+
+	commitFormOptions, err := context.PrepareCommitFormOptions(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.Permission, ctx.Repo.RefFullName)
+	if err != nil {
+		ctx.ServerError("PrepareCommitFormOptions", err)
+		return nil
+	}
+	if commitFormOptions.NeedFork {
+		// It shouldn't happen, because we should have done the checks in the "GET" request. But just in case.
+		ctx.JSONError(ctx.Locale.TrString("error.not_found"))
+		return nil
+	}
+
+	// check commit behavior
+	fromBaseBranch := ctx.FormString("from_base_branch")
+	commitToNewBranch := commonForm.CommitChoice == editorCommitChoiceNewBranch || fromBaseBranch != ""
+	targetBranchName := util.Iif(commitToNewBranch, commonForm.NewBranchName, ctx.Repo.BranchName)
+	if targetBranchName == ctx.Repo.BranchName && !commitFormOptions.CanCommitToBranch {
+		ctx.JSONError(ctx.Tr("repo.editor.cannot_commit_to_protected_branch", targetBranchName))
+		return nil
+	}
+
+	if !issues.CanMaintainerWriteToBranch(ctx, ctx.Repo.Permission, targetBranchName, ctx.Doer) {
+		ctx.NotFound(nil)
+		return nil
+	}
+
+	// Committer user info
+	gitCommitter, valid := WebGitOperationGetCommitChosenEmailIdentity(ctx, commonForm.CommitEmail)
+	if !valid {
+		ctx.JSONError(ctx.Tr("repo.editor.invalid_commit_email"))
+		return nil
+	}
+
+	if commitToNewBranch {
+		// if target branch exists, we should stop
+		targetBranchExists, err := git_model.IsBranchExist(ctx, commitFormOptions.TargetRepo.ID, targetBranchName)
+		if err != nil {
+			ctx.ServerError("IsBranchExist", err)
+			return nil
+		} else if targetBranchExists {
+			if fromBaseBranch != "" {
+				ctx.JSONError(ctx.Tr("repo.editor.fork_branch_exists", targetBranchName))
+			} else {
+				ctx.JSONError(ctx.Tr("repo.editor.branch_already_exists", targetBranchName))
+			}
+			return nil
+		}
+	}
+
+	oldBranchName := ctx.Repo.BranchName
+	if fromBaseBranch != "" {
+		err = editorPushBranchToForkedRepository(ctx, ctx.Doer, ctx.Repo.Repository.BaseRepo, fromBaseBranch, commitFormOptions.TargetRepo, targetBranchName)
+		if err != nil {
+			log.Error("Unable to editorPushBranchToForkedRepository: %v", err)
+			ctx.JSONError(ctx.Tr("repo.editor.fork_failed_to_push_branch", targetBranchName))
+			return nil
+		}
+		// we have pushed the base branch as the new branch, now we need to commit the changes directly to the new branch
+		oldBranchName = targetBranchName
+	}
+
+	return &preparedEditorCommitForm[T]{
+		form:              form,
+		commonForm:        commonForm,
+		CommitFormOptions: commitFormOptions,
+		OldBranchName:     oldBranchName,
+		NewBranchName:     targetBranchName,
+		GitCommitter:      gitCommitter,
+	}
+}
+
+// redirectForCommitChoice redirects after committing the edit to a branch
+func redirectForCommitChoice[T any](ctx *context.Context, parsed *preparedEditorCommitForm[T], treePath string) {
+	// when editing a file in a PR, it should return to the origin location
+	if returnURI := ctx.FormString("return_uri"); returnURI != "" && httplib.IsCurrentGiteaSiteURL(ctx, returnURI) {
+		ctx.JSONRedirect(returnURI)
+		return
+	}
+
+	if parsed.commonForm.CommitChoice == editorCommitChoiceNewBranch {
+		// Redirect to a pull request when possible
+		redirectToPullRequest := false
+		repo, baseBranch, headBranch := ctx.Repo.Repository, parsed.OldBranchName, parsed.NewBranchName
+		if ctx.Repo.Repository.IsFork && parsed.CommitFormOptions.CanCreateBasePullRequest {
+			redirectToPullRequest = true
+			baseBranch = repo.BaseRepo.DefaultBranch
+			headBranch = repo.Owner.Name + "/" + repo.Name + ":" + headBranch
+			repo = repo.BaseRepo
+		} else if repo.UnitEnabled(ctx, unit.TypePullRequests) {
+			redirectToPullRequest = true
+		}
+		if redirectToPullRequest {
+			ctx.JSONRedirect(repo.Link() + "/compare/" + util.PathEscapeSegments(baseBranch) + "..." + util.PathEscapeSegments(headBranch))
+			return
+		}
+	}
+
+	// redirect to the newly updated file
+	redirectTo := ctx.Repo.RepoLink + "/src/branch/" + util.PathEscapeSegments(parsed.NewBranchName) + "/" + util.PathEscapeSegments(treePath)
+	redirectTo = strings.TrimSuffix(redirectTo, "/")
+	ctx.JSONRedirect(redirectTo)
+}
+
+func editFileOpenExisting(ctx *context.Context) (prefetch []byte, dataRc io.ReadCloser, fInfo *fileInfo) {
+	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(ctx.Repo.TreePath)
+	if err != nil {
+		HandleGitError(ctx, "GetTreeEntryByPath", err)
+		return nil, nil, nil
+	}
+
+	// No way to edit a directory online.
+	if entry.IsDir() {
+		ctx.NotFound(nil)
+		return nil, nil, nil
+	}
+
+	blob := entry.Blob()
+	buf, dataRc, fInfo, err := getFileReader(ctx, ctx.Repo.Repository.ID, blob)
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound(err)
+		} else {
+			ctx.ServerError("getFileReader", err)
+		}
+		return nil, nil, nil
+	}
+
+	if fInfo.isLFSFile() {
+		lfsLock, err := git_model.GetTreePathLock(ctx, ctx.Repo.Repository.ID, ctx.Repo.TreePath)
+		if err != nil {
+			_ = dataRc.Close()
+			ctx.ServerError("GetTreePathLock", err)
+			return nil, nil, nil
+		} else if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
+			_ = dataRc.Close()
+			ctx.NotFound(nil)
+			return nil, nil, nil
+		}
+	}
+
+	return buf, dataRc, fInfo
+}
+
+func EditFile(ctx *context.Context) {
+	editorAction := ctx.PathParam("editor_action")
+	isNewFile := editorAction == "_new"
+	ctx.Data["IsNewFile"] = isNewFile
+
+	// Check if the filename (and additional path) is specified in the querystring
+	// (filename is a misnomer, but kept for compatibility with GitHub)
+	urlQuery := ctx.Req.URL.Query()
+	queryFilename := urlQuery.Get("filename")
+	if queryFilename != "" {
+		newTreePath := path.Join(ctx.Repo.TreePath, queryFilename)
+		redirectTo := fmt.Sprintf("%s/%s/%s/%s", ctx.Repo.RepoLink, editorAction, util.PathEscapeSegments(ctx.Repo.BranchName), util.PathEscapeSegments(newTreePath))
+		urlQuery.Del("filename")
+		if newQueryParams := urlQuery.Encode(); newQueryParams != "" {
+			redirectTo += "?" + newQueryParams
+		}
+		ctx.Redirect(redirectTo)
+		return
+	}
+
+	// on the "New File" page, we should add an empty path field to make end users could input a new name
+	prepareTreePathFieldsAndPaths(ctx, util.Iif(isNewFile, ctx.Repo.TreePath+"/", ctx.Repo.TreePath))
+
+	prepareEditorPage(ctx, editorAction)
+	if ctx.Written() {
+		return
+	}
+
+	if !isNewFile {
+		prefetch, dataRc, fInfo := editFileOpenExisting(ctx)
+		if ctx.Written() {
+			return
+		}
+		defer dataRc.Close()
+
+		ctx.Data["FileSize"] = fInfo.blobOrLfsSize
+
+		// Only some file types are editable online as text.
+		if fInfo.isLFSFile() {
+			ctx.Data["NotEditableReason"] = ctx.Tr("repo.editor.cannot_edit_lfs_files")
+		} else if !fInfo.st.IsRepresentableAsText() {
+			ctx.Data["NotEditableReason"] = ctx.Tr("repo.editor.cannot_edit_non_text_files")
+		} else if fInfo.blobOrLfsSize >= setting.UI.MaxDisplayFileSize {
+			ctx.Data["NotEditableReason"] = ctx.Tr("repo.editor.cannot_edit_too_large_file")
+		}
+
+		if ctx.Data["NotEditableReason"] == nil {
+			buf, err := io.ReadAll(io.MultiReader(bytes.NewReader(prefetch), dataRc))
+			if err != nil {
+				ctx.ServerError("ReadAll", err)
+				return
+			}
+			ctx.Data["FileContent"] = string(charset.ToUTF8(buf, charset.ConvertOpts{KeepBOM: true, ErrorReturnOrigin: true}))
+		}
+	}
+
+	editorConfig := getCodeEditorConfigByEditorconfig(ctx, ctx.Repo.TreePath)
+	editorConfig.Autofocus = !isNewFile
+	if isNewFile {
+		editorConfig.Filename = ""
+	}
+	ctx.Data["CodeEditorConfig"] = editorConfig
+	ctx.HTML(http.StatusOK, tplEditFile)
+}
+
+func EditFilePost(ctx *context.Context) {
+	editorAction := ctx.PathParam("editor_action")
+	isNewFile := editorAction == "_new"
+	parsed := prepareEditorCommitSubmittedForm[*forms.EditRepoFileForm](ctx)
+	if ctx.Written() {
+		return
+	}
+
+	defaultCommitMessage := util.Iif(isNewFile, ctx.Locale.TrString("repo.editor.add", parsed.form.TreePath), ctx.Locale.TrString("repo.editor.update", parsed.form.TreePath))
+
+	var operation string
+	if isNewFile {
+		operation = "create"
+	} else if parsed.form.Content.Has() {
+		// The form content only has data if the file is representable as text, is not too large and not in lfs.
+		operation = "update"
+	} else if ctx.Repo.TreePath != parsed.form.TreePath {
+		// If it doesn't have data, the only possible operation is a "rename"
+		operation = "rename"
+	} else {
+		// It should never happen, just in case
+		ctx.JSONError(ctx.Tr("error.occurred"))
+		return
+	}
+
+	_, err := files_service.ChangeRepoFiles(ctx, ctx.Repo.Repository, ctx.Doer, &files_service.ChangeRepoFilesOptions{
+		LastCommitID: parsed.form.LastCommit,
+		OldBranch:    parsed.OldBranchName,
+		NewBranch:    parsed.NewBranchName,
+		Message:      parsed.GetCommitMessage(defaultCommitMessage),
+		Files: []*files_service.ChangeRepoFile{
+			{
+				Operation:     operation,
+				FromTreePath:  ctx.Repo.TreePath,
+				TreePath:      parsed.form.TreePath,
+				ContentReader: strings.NewReader(strings.ReplaceAll(parsed.form.Content.Value(), "\r", "")),
+			},
+		},
+		Signoff:   parsed.form.Signoff,
+		Author:    parsed.GitCommitter,
+		Committer: parsed.GitCommitter,
+	})
+	if err != nil {
+		editorHandleFileOperationError(ctx, parsed.NewBranchName, err)
+		return
+	}
+
+	redirectForCommitChoice(ctx, parsed, parsed.form.TreePath)
+}
+
+// DeleteFile render delete file page
+func DeleteFile(ctx *context.Context) {
+	prepareEditorPage(ctx, "_delete")
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["PageIsDelete"] = true
+	prepareTreePathFieldsAndPaths(ctx, ctx.Repo.TreePath)
+	ctx.HTML(http.StatusOK, tplDeleteFile)
+}
+
+// DeleteFilePost response for deleting file or directory
+func DeleteFilePost(ctx *context.Context) {
+	parsed := prepareEditorCommitSubmittedForm[*forms.DeleteRepoFileForm](ctx)
+	if ctx.Written() {
+		return
+	}
+
+	treePath := ctx.Repo.TreePath
+	if treePath == "" {
+		ctx.JSONError("cannot delete root directory") // it should not happen unless someone is trying to be malicious
+		return
+	}
+
+	// Check if the path is a directory
+	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(treePath)
+	if err != nil {
+		ctx.NotFoundOrServerError("GetTreeEntryByPath", git.IsErrNotExist, err)
+		return
+	}
+
+	var commitMessage string
+	if entry.IsDir() {
+		commitMessage = parsed.GetCommitMessage(ctx.Locale.TrString("repo.editor.delete_directory", treePath))
+	} else {
+		commitMessage = parsed.GetCommitMessage(ctx.Locale.TrString("repo.editor.delete", treePath))
+	}
+
+	_, err = files_service.ChangeRepoFiles(ctx, ctx.Repo.Repository, ctx.Doer, &files_service.ChangeRepoFilesOptions{
+		LastCommitID: parsed.form.LastCommit,
+		OldBranch:    parsed.OldBranchName,
+		NewBranch:    parsed.NewBranchName,
+		Files: []*files_service.ChangeRepoFile{
+			{
+				Operation:         "delete",
+				TreePath:          treePath,
+				DeleteRecursively: true,
+			},
+		},
+		Message:   commitMessage,
+		Signoff:   parsed.form.Signoff,
+		Author:    parsed.GitCommitter,
+		Committer: parsed.GitCommitter,
+	})
+	if err != nil {
+		editorHandleFileOperationError(ctx, parsed.NewBranchName, err)
+		return
+	}
+
+	if entry.IsDir() {
+		ctx.Flash.Success(ctx.Tr("repo.editor.directory_delete_success", treePath))
+	} else {
+		ctx.Flash.Success(ctx.Tr("repo.editor.file_delete_success", treePath))
+	}
+	redirectTreePath := getClosestParentWithFiles(ctx.Repo.GitRepo, parsed.NewBranchName, treePath)
+	redirectForCommitChoice(ctx, parsed, redirectTreePath)
+}
+
+func UploadFile(ctx *context.Context) {
+	ctx.Data["PageIsUpload"] = true
+	prepareTreePathFieldsAndPaths(ctx, ctx.Repo.TreePath)
+	opts := prepareEditorPage(ctx, "_upload")
+	if ctx.Written() {
+		return
+	}
+	upload.AddUploadContextForRepo(ctx, opts.TargetRepo)
+
+	ctx.HTML(http.StatusOK, tplUploadFile)
+}
+
+func UploadFilePost(ctx *context.Context) {
+	parsed := prepareEditorCommitSubmittedForm[*forms.UploadRepoFileForm](ctx)
+	if ctx.Written() {
+		return
+	}
+
+	defaultCommitMessage := ctx.Locale.TrString("repo.editor.upload_files_to_dir", util.IfZero(parsed.form.TreePath, "/"))
+	err := files_service.UploadRepoFiles(ctx, ctx.Repo.Repository, ctx.Doer, &files_service.UploadRepoFileOptions{
+		LastCommitID: parsed.form.LastCommit,
+		OldBranch:    parsed.OldBranchName,
+		NewBranch:    parsed.NewBranchName,
+		TreePath:     parsed.form.TreePath,
+		Message:      parsed.GetCommitMessage(defaultCommitMessage),
+		Files:        parsed.form.Files,
+		Signoff:      parsed.form.Signoff,
+		Author:       parsed.GitCommitter,
+		Committer:    parsed.GitCommitter,
+	})
+	if err != nil {
+		editorHandleFileOperationError(ctx, parsed.NewBranchName, err)
+		return
+	}
+	redirectForCommitChoice(ctx, parsed, parsed.form.TreePath)
+}
@@ -0,0 +1,52 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"strings"
+
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	"gitea.dev/services/repository/files"
+)
+
+func NewDiffPatch(ctx *context.Context) {
+	prepareEditorPage(ctx, "_diffpatch")
+	if ctx.Written() {
+		return
+	}
+
+	ctx.Data["PageIsPatch"] = true
+	ctx.Data["CodeEditorConfig"] = CodeEditorConfig{Filename: "diff.patch"}
+	ctx.HTML(http.StatusOK, tplPatchFile)
+}
+
+// NewDiffPatchPost response for sending patch page
+func NewDiffPatchPost(ctx *context.Context) {
+	parsed := prepareEditorCommitSubmittedForm[*forms.EditRepoFileForm](ctx)
+	if ctx.Written() {
+		return
+	}
+
+	defaultCommitMessage := ctx.Locale.TrString("repo.editor.patch")
+	_, err := files.ApplyDiffPatch(ctx, ctx.Repo.Repository, ctx.Doer, &files.ApplyDiffPatchOptions{
+		LastCommitID: parsed.form.LastCommit,
+		OldBranch:    parsed.OldBranchName,
+		NewBranch:    parsed.NewBranchName,
+		Message:      parsed.GetCommitMessage(defaultCommitMessage),
+		Content:      strings.ReplaceAll(parsed.form.Content.Value(), "\r\n", "\n"),
+		Author:       parsed.GitCommitter,
+		Committer:    parsed.GitCommitter,
+	})
+	if err != nil {
+		err = util.ErrorWrapTranslatable(err, "repo.editor.fail_to_apply_patch")
+	}
+	if err != nil {
+		editorHandleFileOperationError(ctx, parsed.NewBranchName, err)
+		return
+	}
+	redirectForCommitChoice(ctx, parsed, parsed.form.TreePath)
+}
@@ -0,0 +1,84 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"bytes"
+	"net/http"
+
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	"gitea.dev/services/repository/files"
+)
+
+func CherryPick(ctx *context.Context) {
+	prepareEditorPage(ctx, "_cherrypick")
+	if ctx.Written() {
+		return
+	}
+
+	fromCommitID := ctx.PathParam("sha")
+	ctx.Data["FromCommitID"] = fromCommitID
+	cherryPickCommit, err := ctx.Repo.GitRepo.GetCommit(fromCommitID)
+	if err != nil {
+		HandleGitError(ctx, "GetCommit", err)
+		return
+	}
+
+	if ctx.FormString("cherry-pick-type") == "revert" {
+		ctx.Data["CherryPickType"] = "revert"
+		ctx.Data["commit_summary"] = "revert " + ctx.PathParam("sha")
+		ctx.Data["commit_message"] = "revert " + cherryPickCommit.MessageUTF8()
+	} else {
+		ctx.Data["CherryPickType"] = "cherry-pick"
+		ctx.Data["commit_summary"], ctx.Data["commit_message"] = cherryPickCommit.MessageTitle(), cherryPickCommit.MessageBody()
+	}
+
+	ctx.HTML(http.StatusOK, tplCherryPick)
+}
+
+func CherryPickPost(ctx *context.Context) {
+	fromCommitID := ctx.PathParam("sha")
+	parsed := prepareEditorCommitSubmittedForm[*forms.CherryPickForm](ctx)
+	if ctx.Written() {
+		return
+	}
+
+	defaultCommitMessage := util.Iif(parsed.form.Revert, ctx.Locale.TrString("repo.commit.revert-header", fromCommitID), ctx.Locale.TrString("repo.commit.cherry-pick-header", fromCommitID))
+	opts := &files.ApplyDiffPatchOptions{
+		LastCommitID: parsed.form.LastCommit,
+		OldBranch:    parsed.OldBranchName,
+		NewBranch:    parsed.NewBranchName,
+		Message:      parsed.GetCommitMessage(defaultCommitMessage),
+		Author:       parsed.GitCommitter,
+		Committer:    parsed.GitCommitter,
+	}
+
+	// First try the simple plain read-tree -m approach
+	opts.Content = fromCommitID
+	if _, err := files.CherryPick(ctx, ctx.Repo.Repository, ctx.Doer, parsed.form.Revert, opts); err != nil {
+		// Drop through to the "apply" method
+		buf := &bytes.Buffer{}
+		if parsed.form.Revert {
+			err = gitrepo.GetReverseRawDiff(ctx, ctx.Repo.Repository, fromCommitID, buf)
+		} else {
+			err = git.GetRawDiff(ctx.Repo.GitRepo, fromCommitID, git.RawDiffPatch, buf)
+		}
+		if err == nil {
+			opts.Content = buf.String()
+			_, err = files.ApplyDiffPatch(ctx, ctx.Repo.Repository, ctx.Doer, opts)
+			if err != nil {
+				err = util.ErrorWrapTranslatable(err, "repo.editor.fail_to_apply_patch")
+			}
+		}
+		if err != nil {
+			editorHandleFileOperationError(ctx, parsed.NewBranchName, err)
+			return
+		}
+	}
+	redirectForCommitChoice(ctx, parsed, parsed.form.TreePath)
+}
@@ -0,0 +1,82 @@
+// Copyright 2025 Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+
+	git_model "gitea.dev/models/git"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/util"
+	"gitea.dev/routers/utils"
+	context_service "gitea.dev/services/context"
+	files_service "gitea.dev/services/repository/files"
+)
+
+func errorAs[T error](v error) (e T, ok bool) {
+	if errors.As(v, &e) {
+		return e, true
+	}
+	return e, false
+}
+
+func editorHandleFileOperationErrorRender(ctx *context_service.Context, message, summary, details string) {
+	flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
+		"Message": message,
+		"Summary": summary,
+		"Details": utils.EscapeFlashErrorString(details),
+	})
+	if err == nil {
+		ctx.JSONError(flashError)
+	} else {
+		log.Error("RenderToHTML(%q, %q, %q), error: %v", message, summary, details, err)
+		ctx.JSONError("Unable to render error details, see server logs") // it should never happen
+	}
+}
+
+func editorHandleFileOperationError(ctx *context_service.Context, targetBranchName string, err error) {
+	if errAs := util.ErrorAsTranslatable(err); errAs != nil {
+		ctx.JSONError(errAs.Translate(ctx.Locale))
+	} else if errAs, ok := errorAs[git.ErrNotExist](err); ok {
+		ctx.JSONError(ctx.Tr("repo.editor.file_modifying_no_longer_exists", errAs.RelPath))
+	} else if errAs, ok := errorAs[git_model.ErrLFSFileLocked](err); ok {
+		ctx.JSONError(ctx.Tr("repo.editor.upload_file_is_locked", errAs.Path, errAs.UserName))
+	} else if errAs, ok := errorAs[files_service.ErrFilenameInvalid](err); ok {
+		ctx.JSONError(ctx.Tr("repo.editor.filename_is_invalid", errAs.Path))
+	} else if errAs, ok := errorAs[files_service.ErrFilePathInvalid](err); ok {
+		switch errAs.Type {
+		case git.EntryModeSymlink:
+			ctx.JSONError(ctx.Tr("repo.editor.file_is_a_symlink", errAs.Path))
+		case git.EntryModeTree:
+			ctx.JSONError(ctx.Tr("repo.editor.filename_is_a_directory", errAs.Path))
+		case git.EntryModeBlob:
+			ctx.JSONError(ctx.Tr("repo.editor.directory_is_a_file", errAs.Path))
+		default:
+			ctx.JSONError(ctx.Tr("repo.editor.filename_is_invalid", errAs.Path))
+		}
+	} else if errAs, ok := errorAs[files_service.ErrRepoFileAlreadyExists](err); ok {
+		ctx.JSONError(ctx.Tr("repo.editor.file_already_exists", errAs.Path))
+	} else if errAs, ok := errorAs[git.ErrBranchNotExist](err); ok {
+		ctx.JSONError(ctx.Tr("repo.editor.branch_does_not_exist", errAs.Name))
+	} else if errAs, ok := errorAs[git_model.ErrBranchAlreadyExists](err); ok {
+		ctx.JSONError(ctx.Tr("repo.editor.branch_already_exists", errAs.BranchName))
+	} else if files_service.IsErrCommitIDDoesNotMatch(err) {
+		ctx.JSONError(ctx.Tr("repo.editor.commit_id_not_matching"))
+	} else if files_service.IsErrCommitIDDoesNotMatch(err) || git.IsErrPushOutOfDate(err) {
+		ctx.JSONError(ctx.Tr("repo.editor.file_changed_while_editing", ctx.Repo.RepoLink+"/compare/"+util.PathEscapeSegments(ctx.Repo.CommitID)+"..."+util.PathEscapeSegments(targetBranchName)))
+	} else if errAs, ok := errorAs[*git.ErrPushRejected](err); ok {
+		if errAs.Message == "" {
+			ctx.JSONError(ctx.Tr("repo.editor.push_rejected_no_message"))
+		} else {
+			editorHandleFileOperationErrorRender(ctx, ctx.Locale.TrString("repo.editor.push_rejected"), ctx.Locale.TrString("repo.editor.push_rejected_summary"), errAs.Message)
+		}
+	} else if errors.Is(err, util.ErrNotExist) {
+		ctx.JSONError(ctx.Tr("error.not_found"))
+	} else {
+		setting.PanicInDevOrTesting("unclear err %T: %v", err, err)
+		editorHandleFileOperationErrorRender(ctx, ctx.Locale.TrString("repo.editor.failed_to_commit"), ctx.Locale.TrString("repo.editor.failed_to_commit_summary"), err.Error())
+	}
+}
@@ -0,0 +1,31 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+	repo_service "gitea.dev/services/repository"
+)
+
+const tplEditorFork templates.TplName = "repo/editor/fork"
+
+func ForkToEdit(ctx *context.Context) {
+	ctx.HTML(http.StatusOK, tplEditorFork)
+}
+
+func ForkToEditPost(ctx *context.Context) {
+	ForkRepoTo(ctx, ctx.Doer, repo_service.ForkRepoOptions{
+		BaseRepo:     ctx.Repo.Repository,
+		Name:         getUniqueRepositoryName(ctx, ctx.Doer.ID, ctx.Repo.Repository.Name),
+		Description:  ctx.Repo.Repository.Description,
+		SingleBranch: ctx.Repo.Repository.DefaultBranch, // maybe we only need the default branch in the fork?
+	})
+	if ctx.Written() {
+		return
+	}
+	ctx.JSONRedirect("") // reload the page, the new fork should be editable now
+}
@@ -0,0 +1,47 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	"gitea.dev/modules/setting"
+	"gitea.dev/services/context"
+	files_service "gitea.dev/services/repository/files"
+)
+
+func DiffPreviewPost(ctx *context.Context) {
+	newContent := ctx.FormString("content")
+	treePath := files_service.CleanGitTreePath(ctx.Repo.TreePath)
+	if treePath == "" {
+		ctx.HTTPError(http.StatusBadRequest, "file name to diff is invalid")
+		return
+	}
+
+	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(treePath)
+	if err != nil {
+		ctx.ServerError("GetTreeEntryByPath", err)
+		return
+	} else if entry.IsDir() {
+		ctx.HTTPError(http.StatusUnprocessableEntity)
+		return
+	}
+
+	oldContent, err := entry.Blob().GetBlobContent(setting.UI.MaxDisplayFileSize)
+	if err != nil {
+		ctx.ServerError("GetBlobContent", err)
+		return
+	}
+	diff, err := files_service.GetDiffPreview(ctx, ctx.Repo.Repository, ctx.Repo.BranchName, treePath, oldContent, newContent)
+	if err != nil {
+		ctx.ServerError("GetDiffPreview", err)
+		return
+	}
+
+	if len(diff.Files) != 0 {
+		ctx.Data["File"] = diff.Files[0]
+	}
+
+	ctx.HTML(http.StatusOK, tplEditDiffPreview)
+}
@@ -0,0 +1,31 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"testing"
+
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unittest"
+	"gitea.dev/modules/gitrepo"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestEditorUtils(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	t.Run("getUniquePatchBranchName", func(t *testing.T) {
+		branchName := getUniquePatchBranchName(t.Context(), "user2", repo)
+		assert.Equal(t, "user2-patch-1", branchName)
+	})
+	t.Run("getClosestParentWithFiles", func(t *testing.T) {
+		gitRepo, _ := gitrepo.OpenRepository(t.Context(), repo)
+		defer gitRepo.Close()
+		treePath := getClosestParentWithFiles(gitRepo, "sub-home-md-img-check", "docs/foo/bar")
+		assert.Equal(t, "docs", treePath)
+		treePath = getClosestParentWithFiles(gitRepo, "sub-home-md-img-check", "any/other")
+		assert.Empty(t, treePath)
+	})
+}
@@ -0,0 +1,63 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+	"gitea.dev/services/context/upload"
+	files_service "gitea.dev/services/repository/files"
+)
+
+// UploadFileToServer upload file to server file dir not git
+func UploadFileToServer(ctx *context.Context) {
+	file, header, err := ctx.Req.FormFile("file")
+	if err != nil {
+		ctx.ServerError("FormFile", err)
+		return
+	}
+	defer file.Close()
+
+	buf := make([]byte, 1024)
+	n, _ := util.ReadAtMost(file, buf)
+	if n > 0 {
+		buf = buf[:n]
+	}
+
+	err = upload.Verify(buf, header.Filename, setting.Repository.Upload.AllowedTypes)
+	if err != nil {
+		ctx.HTTPError(http.StatusBadRequest, err.Error())
+		return
+	}
+
+	name := files_service.CleanGitTreePath(header.Filename)
+	if len(name) == 0 {
+		ctx.HTTPError(http.StatusBadRequest, "Upload file name is invalid")
+		return
+	}
+
+	// FIXME: need to check the file size according to setting.Repository.Upload.FileMaxSize
+
+	uploaded, err := repo_model.NewUpload(ctx, name, buf, file)
+	if err != nil {
+		ctx.ServerError("NewUpload", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]string{"uuid": uploaded.UUID})
+}
+
+// RemoveUploadFileFromServer remove file from server file dir
+func RemoveUploadFileFromServer(ctx *context.Context) {
+	fileUUID := ctx.FormString("file")
+	if err := repo_model.DeleteUploadByUUID(ctx, fileUUID); err != nil {
+		ctx.ServerError("DeleteUploadByUUID", err)
+		return
+	}
+	ctx.Status(http.StatusNoContent)
+}
@@ -0,0 +1,135 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"context"
+	"fmt"
+	"path"
+	"strconv"
+	"strings"
+
+	git_model "gitea.dev/models/git"
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/markup"
+	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/util"
+	context_service "gitea.dev/services/context"
+)
+
+// getUniquePatchBranchName Gets a unique branch name for a new patch branch
+// It will be in the form of <username>-patch-<num> where <num> is the first branch of this format
+// that doesn't already exist. If we exceed 1000 tries or an error is thrown, we just return "" so the user has to
+// type in the branch name themselves (will be an empty field)
+func getUniquePatchBranchName(ctx context.Context, prefixName string, repo *repo_model.Repository) string {
+	prefix := prefixName + "-patch-"
+	for i := 1; i <= 1000; i++ {
+		branchName := fmt.Sprintf("%s%d", prefix, i)
+		if exist, err := git_model.IsBranchExist(ctx, repo.ID, branchName); err != nil {
+			log.Error("getUniquePatchBranchName: %v", err)
+			return ""
+		} else if !exist {
+			return branchName
+		}
+	}
+	return ""
+}
+
+// getClosestParentWithFiles Recursively gets the closest path of parent in a tree that has files when a file in a tree is
+// deleted. It returns "" for the tree root if no parents other than the root have files.
+func getClosestParentWithFiles(gitRepo *git.Repository, branchName, originTreePath string) string {
+	var f func(treePath string, commit *git.Commit) string
+	f = func(treePath string, commit *git.Commit) string {
+		if treePath == "" || treePath == "." {
+			return ""
+		}
+		// see if the tree has entries
+		if tree, err := commit.SubTree(treePath); err != nil {
+			return f(path.Dir(treePath), commit) // failed to get the tree, going up a dir
+		} else if entries, err := tree.ListEntries(); err != nil || len(entries) == 0 {
+			return f(path.Dir(treePath), commit) // no files in this dir, going up a dir
+		}
+		return treePath
+	}
+	commit, err := gitRepo.GetBranchCommit(branchName) // must get the commit again to get the latest change
+	if err != nil {
+		log.Error("GetBranchCommit: %v", err)
+		return ""
+	}
+	return f(originTreePath, commit)
+}
+
+// CodeEditorConfig is also used by frontend, defined in "codeeditor" module
+type CodeEditorConfig struct {
+	Filename              string   `json:"filename"` // the base name, not full path
+	Autofocus             bool     `json:"autofocus"`
+	PreviewableExtensions []string `json:"previewableExtensions,omitempty"`
+	LineWrapExtensions    []string `json:"lineWrapExtensions,omitempty"`
+	LineWrap              bool     `json:"lineWrap"`
+	Previewable           bool     `json:"previewable,omitempty"`
+
+	// the following can be read from .editorconfig if exists, or use default value
+	IndentStyle            string `json:"indentStyle"` // in most cases, keep it empty by default, detected by the source code
+	IndentSize             int    `json:"indentSize"`
+	TabWidth               int    `json:"tabWidth"`
+	TrimTrailingWhitespace *bool  `json:"trimTrailingWhitespace,omitempty"`
+}
+
+func getCodeEditorConfigByEditorconfig(ctx *context_service.Context, treePath string) CodeEditorConfig {
+	ret := CodeEditorConfig{Filename: path.Base(treePath)}
+	ret.PreviewableExtensions = markup.PreviewableExtensions()
+	ret.LineWrapExtensions = setting.Repository.Editor.LineWrapExtensions
+	ret.LineWrap = util.SliceContainsString(ret.LineWrapExtensions, path.Ext(treePath), true)
+	ret.Previewable = util.SliceContainsString(ret.PreviewableExtensions, path.Ext(treePath), true)
+	ec, _, err := ctx.Repo.GetEditorconfig()
+	if err == nil {
+		def, err := ec.GetDefinitionForFilename(treePath)
+		if err == nil {
+			ret.IndentStyle = util.IfZero(def.IndentStyle, ret.IndentStyle)
+			ret.IndentSize, _ = strconv.Atoi(def.IndentSize)
+			ret.TabWidth = def.TabWidth
+			ret.TrimTrailingWhitespace = def.TrimTrailingWhitespace
+		}
+	}
+	return ret
+}
+
+// getParentTreeFields returns list of parent tree names and corresponding tree paths based on given treePath.
+// eg: []{"a", "b", "c"}, []{"a", "a/b", "a/b/c"}
+// or: []{""}, []{""} for the root treePath
+func getParentTreeFields(treePath string) (treeNames, treePaths []string) {
+	treeNames = strings.Split(treePath, "/")
+	treePaths = make([]string, len(treeNames))
+	for i := range treeNames {
+		treePaths[i] = strings.Join(treeNames[:i+1], "/")
+	}
+	return treeNames, treePaths
+}
+
+// getUniqueRepositoryName Gets a unique repository name for a user
+// It will append a -<num> postfix if the name is already taken
+func getUniqueRepositoryName(ctx context.Context, ownerID int64, name string) string {
+	uniqueName := name
+	for i := 1; i < 1000; i++ {
+		_, err := repo_model.GetRepositoryByName(ctx, ownerID, uniqueName)
+		if err != nil || repo_model.IsErrRepoNotExist(err) {
+			return uniqueName
+		}
+		uniqueName = fmt.Sprintf("%s-%d", name, i)
+		i++
+	}
+	return ""
+}
+
+func editorPushBranchToForkedRepository(ctx context.Context, doer *user_model.User, baseRepo *repo_model.Repository, baseBranchName string, targetRepo *repo_model.Repository, targetBranchName string) error {
+	return gitrepo.Push(ctx, baseRepo, targetRepo, git.PushOptions{
+		Branch: baseBranchName + ":" + targetBranchName,
+		Env:    repo_module.PushingEnvironment(doer, targetRepo),
+	})
+}
@@ -0,0 +1,238 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"net/http"
+	"net/url"
+
+	"gitea.dev/models/db"
+	git_model "gitea.dev/models/git"
+	"gitea.dev/models/organization"
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/repository"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/structs"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	repo_service "gitea.dev/services/repository"
+)
+
+const (
+	tplFork templates.TplName = "repo/pulls/fork"
+)
+
+func getForkRepository(ctx *context.Context) *repo_model.Repository {
+	forkRepo := ctx.Repo.Repository
+	if ctx.Written() {
+		return nil
+	}
+
+	if forkRepo.IsEmpty {
+		log.Trace("Empty repository %-v", forkRepo)
+		ctx.NotFound(nil)
+		return nil
+	}
+
+	if err := forkRepo.LoadOwner(ctx); err != nil {
+		ctx.ServerError("LoadOwner", err)
+		return nil
+	}
+
+	ctx.Data["repo_name"] = forkRepo.Name
+	ctx.Data["description"] = forkRepo.Description
+	ctx.Data["IsPrivate"] = forkRepo.IsPrivate || forkRepo.Owner.Visibility == structs.VisibleTypePrivate
+	canForkToUser := repository.CanUserForkBetweenOwners(forkRepo.OwnerID, ctx.Doer.ID) && !repo_model.HasForkedRepo(ctx, ctx.Doer.ID, forkRepo.ID)
+
+	ctx.Data["ForkRepo"] = forkRepo
+
+	ownedOrgs, err := organization.GetOrgsCanCreateRepoByUserID(ctx, ctx.Doer.ID)
+	if err != nil {
+		ctx.ServerError("GetOrgsCanCreateRepoByUserID", err)
+		return nil
+	}
+	var orgs []*organization.Organization
+	for _, org := range ownedOrgs {
+		if forkRepo.OwnerID != org.ID && !repo_model.HasForkedRepo(ctx, org.ID, forkRepo.ID) {
+			orgs = append(orgs, org)
+		}
+	}
+
+	traverseParentRepo := forkRepo
+	for {
+		if !repository.CanUserForkBetweenOwners(ctx.Doer.ID, traverseParentRepo.OwnerID) {
+			canForkToUser = false
+		} else {
+			for i, org := range orgs {
+				if org.ID == traverseParentRepo.OwnerID {
+					orgs = append(orgs[:i], orgs[i+1:]...)
+					break
+				}
+			}
+		}
+
+		if !traverseParentRepo.IsFork {
+			break
+		}
+		traverseParentRepo, err = repo_model.GetRepositoryByID(ctx, traverseParentRepo.ForkID)
+		if err != nil {
+			ctx.ServerError("GetRepositoryByID", err)
+			return nil
+		}
+	}
+
+	ctx.Data["CanForkToUser"] = canForkToUser
+	ctx.Data["Orgs"] = orgs
+
+	// TODO: this message should only be shown for the "current doer" when it is selected, just like the "new repo" page.
+	// msg := ctx.TrN(maxCreationLimit, "repo.form.reach_limit_of_creation_1", "repo.form.reach_limit_of_creation_n", ctx.Doer.MaxCreationLimit())
+
+	if canForkToUser {
+		ctx.Data["ContextUser"] = ctx.Doer
+		ctx.Data["CanForkRepoInNewOwner"] = true
+	} else if len(orgs) > 0 {
+		ctx.Data["ContextUser"] = orgs[0]
+		ctx.Data["CanForkRepoInNewOwner"] = true
+	} else {
+		ctx.Data["CanForkRepoInNewOwner"] = false
+		ctx.Flash.Error(ctx.Tr("repo.fork_no_valid_owners"), true)
+		return nil
+	}
+
+	branches, err := git_model.FindBranchNames(ctx, git_model.FindBranchOptions{
+		RepoID:          ctx.Repo.Repository.ID,
+		ListOptions:     db.ListOptionsAll,
+		IsDeletedBranch: optional.Some(false),
+		// Add it as the first option
+		ExcludeBranchNames: []string{ctx.Repo.Repository.DefaultBranch},
+	})
+	if err != nil {
+		ctx.ServerError("FindBranchNames", err)
+		return nil
+	}
+	ctx.Data["Branches"] = append([]string{ctx.Repo.Repository.DefaultBranch}, branches...)
+
+	return forkRepo
+}
+
+// Fork render repository fork page
+func Fork(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("new_fork")
+	getForkRepository(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplFork)
+}
+
+// ForkPost response for forking a repository
+func ForkPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateRepoForm)
+	ctx.Data["Title"] = ctx.Tr("new_fork")
+
+	ctxUser := checkContextUser(ctx, form.UID)
+	if ctx.Written() {
+		return
+	}
+
+	forkRepo := getForkRepository(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.Data["ContextUser"] = ctxUser
+
+	if ctx.HasError() {
+		ctx.JSONError(ctx.GetErrMsg())
+		return
+	}
+
+	var err error
+	traverseParentRepo := forkRepo
+	for {
+		if !repository.CanUserForkBetweenOwners(ctxUser.ID, traverseParentRepo.OwnerID) {
+			ctx.JSONError(ctx.Tr("repo.settings.new_owner_has_same_repo"))
+			return
+		}
+		repo := repo_model.GetForkedRepo(ctx, ctxUser.ID, traverseParentRepo.ID)
+		if repo != nil {
+			ctx.JSONRedirect(ctxUser.HomeLink() + "/" + url.PathEscape(repo.Name))
+			return
+		}
+		if !traverseParentRepo.IsFork {
+			break
+		}
+		traverseParentRepo, err = repo_model.GetRepositoryByID(ctx, traverseParentRepo.ForkID)
+		if err != nil {
+			ctx.ServerError("GetRepositoryByID", err)
+			return
+		}
+	}
+
+	// Check if user is allowed to create repo's on the organization.
+	if ctxUser.IsOrganization() {
+		isAllowedToFork, err := organization.OrgFromUser(ctxUser).CanCreateOrgRepo(ctx, ctx.Doer.ID)
+		if err != nil {
+			ctx.ServerError("CanCreateOrgRepo", err)
+			return
+		} else if !isAllowedToFork {
+			ctx.HTTPError(http.StatusForbidden)
+			return
+		}
+	}
+
+	repo := ForkRepoTo(ctx, ctxUser, repo_service.ForkRepoOptions{
+		BaseRepo:     forkRepo,
+		Name:         form.RepoName,
+		Description:  form.Description,
+		SingleBranch: form.ForkSingleBranch,
+	})
+	if ctx.Written() {
+		return
+	}
+	ctx.JSONRedirect(ctxUser.HomeLink() + "/" + url.PathEscape(repo.Name))
+}
+
+func ForkRepoTo(ctx *context.Context, owner *user_model.User, forkOpts repo_service.ForkRepoOptions) *repo_model.Repository {
+	repo, err := repo_service.ForkRepository(ctx, ctx.Doer, owner, forkOpts)
+	if err != nil {
+		ctx.Data["Err_RepoName"] = true
+		switch {
+		case repo_model.IsErrReachLimitOfRepo(err):
+			maxCreationLimit := owner.MaxCreationLimit()
+			msg := ctx.TrN(maxCreationLimit, "repo.form.reach_limit_of_creation_1", "repo.form.reach_limit_of_creation_n", maxCreationLimit)
+			ctx.JSONError(msg)
+		case repo_model.IsErrRepoAlreadyExist(err):
+			ctx.JSONError(ctx.Tr("repo.settings.new_owner_has_same_repo"))
+		case repo_model.IsErrRepoFilesAlreadyExist(err):
+			switch {
+			case ctx.IsUserSiteAdmin() || (setting.Repository.AllowAdoptionOfUnadoptedRepositories && setting.Repository.AllowDeleteOfUnadoptedRepositories):
+				ctx.JSONError(ctx.Tr("form.repository_files_already_exist.adopt_or_delete"))
+			case setting.Repository.AllowAdoptionOfUnadoptedRepositories:
+				ctx.JSONError(ctx.Tr("form.repository_files_already_exist.adopt"))
+			case setting.Repository.AllowDeleteOfUnadoptedRepositories:
+				ctx.JSONError(ctx.Tr("form.repository_files_already_exist.delete"))
+			default:
+				ctx.JSONError(ctx.Tr("form.repository_files_already_exist"))
+			}
+		case db.IsErrNameReserved(err):
+			ctx.JSONError(ctx.Tr("repo.form.name_reserved", err.(db.ErrNameReserved).Name))
+		case db.IsErrNamePatternNotAllowed(err):
+			ctx.JSONError(ctx.Tr("repo.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern))
+		case errors.Is(err, user_model.ErrBlockedUser):
+			ctx.JSONError(ctx.Tr("repo.fork.blocked_user"))
+		default:
+			ctx.ServerError("ForkPost", err)
+		}
+		return nil
+	}
+	return repo
+}
@@ -0,0 +1,547 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"compress/gzip"
+	"fmt"
+	"net/http"
+	"os"
+	"path"
+	"regexp"
+	"slices"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	auth_model "gitea.dev/models/auth"
+	"gitea.dev/models/perm"
+	access_model "gitea.dev/models/perm/access"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/git/gitcmd"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/log"
+	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/structs"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+	repo_service "gitea.dev/services/repository"
+
+	"github.com/go-chi/cors"
+)
+
+func HTTPGitEnabledHandler(ctx *context.Context) {
+	if setting.Repository.DisableHTTPGit {
+		ctx.Resp.WriteHeader(http.StatusForbidden)
+		_, _ = ctx.Resp.Write([]byte("Interacting with repositories by HTTP protocol is not allowed"))
+	}
+}
+
+func CorsHandler() func(next http.Handler) http.Handler {
+	if setting.Repository.AccessControlAllowOrigin != "" {
+		return cors.Handler(cors.Options{
+			AllowedOrigins: []string{setting.Repository.AccessControlAllowOrigin},
+			AllowedHeaders: []string{"Content-Type", "Authorization", "User-Agent"},
+		})
+	}
+	return func(next http.Handler) http.Handler {
+		return next
+	}
+}
+
+// httpBase does the common work for git http services,
+// including early response, authentication, repository lookup and permission check.
+func httpBase(ctx *context.Context, optGitService ...string) *serviceHandler {
+	reponame := strings.TrimSuffix(ctx.PathParam("reponame"), ".git")
+
+	if ctx.FormString("go-get") == "1" {
+		context.EarlyResponseForGoGetMeta(ctx)
+		return nil
+	}
+
+	var serviceType string
+	var isPull, receivePack bool
+	switch util.OptionalArg(optGitService) {
+	case "git-receive-pack":
+		serviceType = ServiceTypeReceivePack
+		receivePack = true
+	case "git-upload-pack":
+		serviceType = ServiceTypeUploadPack
+		isPull = true
+	case "git-upload-archive":
+		serviceType = ServiceTypeUploadArchive
+		isPull = true
+	case "":
+		isPull = ctx.Req.Method == http.MethodHead || ctx.Req.Method == http.MethodGet
+	default: // unknown service
+		ctx.Resp.WriteHeader(http.StatusBadRequest)
+		return nil
+	}
+
+	var accessMode perm.AccessMode
+	if isPull {
+		accessMode = perm.AccessModeRead
+	} else {
+		accessMode = perm.AccessModeWrite
+	}
+
+	isWiki := false
+	unitType := unit.TypeCode
+
+	if strings.HasSuffix(reponame, ".wiki") {
+		isWiki = true
+		unitType = unit.TypeWiki
+		reponame = reponame[:len(reponame)-5]
+	}
+
+	owner := ctx.ContextUser
+	if !owner.IsOrganization() && !owner.IsActive {
+		ctx.PlainText(http.StatusForbidden, "Repository cannot be accessed. You cannot push or open issues/pull-requests.")
+		return nil
+	}
+
+	repoExist := true
+	repo, err := repo_model.GetRepositoryByName(ctx, owner.ID, reponame)
+	if err != nil {
+		if !repo_model.IsErrRepoNotExist(err) {
+			ctx.ServerError("GetRepositoryByName", err)
+			return nil
+		}
+
+		if redirectRepoID, err := repo_model.LookupRedirect(ctx, owner.ID, reponame); err == nil {
+			context.RedirectToRepo(ctx.Base, redirectRepoID)
+			return nil
+		}
+		repoExist = false
+	}
+
+	// Don't allow pushing if the repo is archived
+	if repoExist && repo.IsArchived && !isPull {
+		ctx.PlainText(http.StatusForbidden, "This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.")
+		return nil
+	}
+
+	// Only public pull don't need auth.
+	isPublicPull := repoExist && !repo.IsPrivate && isPull
+	askAuth := !isPublicPull || setting.Service.RequireSignInViewStrict
+
+	// don't allow anonymous pulls if organization is not public
+	if isPublicPull {
+		if err := repo.LoadOwner(ctx); err != nil {
+			ctx.ServerError("LoadOwner", err)
+			return nil
+		}
+
+		askAuth = askAuth || (repo.Owner.Visibility != structs.VisibleTypePublic)
+	}
+
+	// check access
+	if askAuth {
+		// rely on the results of Contexter
+		if !ctx.IsSigned {
+			// TODO: support digit auth - which would be Authorization header with digit
+			if setting.OAuth2.Enabled {
+				// `Basic realm="Gitea"` tells the GCM to use builtin OAuth2 application: https://github.com/git-ecosystem/git-credential-manager/pull/1442
+				ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea"`)
+			} else {
+				// If OAuth2 is disabled, then use another realm to avoid GCM OAuth2 attempt
+				ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea (Basic Auth)"`)
+			}
+			ctx.HTTPError(http.StatusUnauthorized)
+			return nil
+		}
+
+		context.CheckRepoScopedToken(ctx, repo, auth_model.GetScopeLevelFromAccessMode(accessMode))
+		if ctx.Written() {
+			return nil
+		}
+
+		if ctx.IsBasicAuth && ctx.Data["IsApiToken"] != true && !ctx.Doer.IsGiteaActions() {
+			_, err = auth_model.GetTwoFactorByUID(ctx, ctx.Doer.ID)
+			if err == nil {
+				// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
+				ctx.PlainText(http.StatusUnauthorized, "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page")
+				return nil
+			} else if !auth_model.IsErrTwoFactorNotEnrolled(err) {
+				ctx.ServerError("IsErrTwoFactorNotEnrolled", err)
+				return nil
+			}
+		}
+
+		if !ctx.Doer.IsActive || ctx.Doer.ProhibitLogin {
+			ctx.PlainText(http.StatusForbidden, "Your account is disabled.")
+			return nil
+		}
+
+		if repoExist {
+			// Only the main code repo accepts refs/for pushes, so wiki pushes must keep write checks.
+			if git.DefaultFeatures().SupportProcReceive && !isWiki {
+				accessMode = perm.AccessModeRead
+			}
+
+			p, err := access_model.GetDoerRepoPermission(ctx, repo, ctx.Doer)
+			if err != nil {
+				ctx.ServerError("GetDoerRepoPermission", err)
+				return nil
+			}
+
+			if !p.CanAccess(accessMode, unitType) {
+				ctx.PlainText(http.StatusNotFound, "Repository not found")
+				return nil
+			}
+
+			if !isPull && repo.IsMirror {
+				ctx.PlainText(http.StatusForbidden, "mirror repository is read-only")
+				return nil
+			}
+		}
+	}
+
+	if !repoExist {
+		if !receivePack {
+			ctx.PlainText(http.StatusNotFound, "Repository not found")
+			return nil
+		}
+
+		if isWiki { // you cannot send wiki operation before create the repository
+			ctx.PlainText(http.StatusNotFound, "Repository not found")
+			return nil
+		}
+
+		if owner.IsOrganization() && !setting.Repository.EnablePushCreateOrg {
+			ctx.PlainText(http.StatusForbidden, "Push to create is not enabled for organizations.")
+			return nil
+		}
+		if !owner.IsOrganization() && !setting.Repository.EnablePushCreateUser {
+			ctx.PlainText(http.StatusForbidden, "Push to create is not enabled for users.")
+			return nil
+		}
+
+		// Return dummy payload if GET receive-pack
+		if ctx.Req.Method == http.MethodGet {
+			dummyInfoRefs(ctx)
+			return nil
+		}
+
+		repo, err = repo_service.PushCreateRepo(ctx, ctx.Doer, owner, reponame)
+		if err != nil {
+			log.Error("pushCreateRepo: %v", err)
+			ctx.Status(http.StatusNotFound)
+			return nil
+		}
+	}
+
+	if isWiki {
+		// Ensure the wiki is enabled before we allow access to it
+		if _, err := repo.GetUnit(ctx, unit.TypeWiki); err != nil {
+			if repo_model.IsErrUnitTypeNotExist(err) {
+				ctx.PlainText(http.StatusForbidden, "repository wiki is disabled")
+				return nil
+			}
+			ctx.ServerError("GetUnit(UnitTypeWiki) for "+repo.FullName(), err)
+			return nil
+		}
+	}
+
+	var environ []string
+	if !isPull {
+		// if not "pull", then must be "push", and doer must exist
+		environ = repo_module.DoerPushingEnvironment(ctx.Doer, repo, isWiki)
+	}
+
+	return &serviceHandler{serviceType, repo, isWiki, environ}
+}
+
+var (
+	infoRefsCache []byte
+	infoRefsOnce  sync.Once
+)
+
+func dummyInfoRefs(ctx *context.Context) {
+	infoRefsOnce.Do(func() {
+		tmpDir, cleanup, err := setting.AppDataTempDir("git-repo-content").MkdirTempRandom("gitea-info-refs-cache")
+		if err != nil {
+			log.Error("Failed to create temp dir for git-receive-pack cache: %v", err)
+			return
+		}
+		defer cleanup()
+
+		if err := git.InitRepository(ctx, tmpDir, true, git.Sha1ObjectFormat.Name()); err != nil {
+			log.Error("Failed to init bare repo for git-receive-pack cache: %v", err)
+			return
+		}
+
+		refs, _, err := gitcmd.NewCommand("receive-pack", "--stateless-rpc", "--advertise-refs", ".").
+			WithDir(tmpDir).
+			RunStdBytes(ctx)
+		if err != nil {
+			log.Error(fmt.Sprintf("%v - %s", err, string(refs)))
+		}
+
+		log.Debug("populating infoRefsCache: \n%s", string(refs))
+		infoRefsCache = refs
+	})
+
+	ctx.RespHeader().Set("Expires", "Fri, 01 Jan 1980 00:00:00 GMT")
+	ctx.RespHeader().Set("Pragma", "no-cache")
+	ctx.RespHeader().Set("Cache-Control", "no-cache, max-age=0, must-revalidate")
+	ctx.RespHeader().Set("Content-Type", "application/x-git-receive-pack-advertisement")
+	_, _ = ctx.Write(packetWrite("# service=git-receive-pack\n"))
+	_, _ = ctx.Write([]byte("0000"))
+	_, _ = ctx.Write(infoRefsCache)
+}
+
+type serviceHandler struct {
+	serviceType string
+
+	repo    *repo_model.Repository
+	isWiki  bool
+	environ []string
+}
+
+func (h *serviceHandler) getStorageRepo() gitrepo.Repository {
+	if h.isWiki {
+		return h.repo.WikiStorageRepo()
+	}
+	return h.repo
+}
+
+func setHeaderNoCache(ctx *context.Context) {
+	ctx.Resp.Header().Set("Expires", "Fri, 01 Jan 1980 00:00:00 GMT")
+	ctx.Resp.Header().Set("Pragma", "no-cache")
+	ctx.Resp.Header().Set("Cache-Control", "no-cache, max-age=0, must-revalidate")
+}
+
+func setHeaderCacheForever(ctx *context.Context) {
+	now := time.Now().Unix()
+	expires := now + 365*86400 // 365 days
+	ctx.Resp.Header().Set("Date", strconv.FormatInt(now, 10))
+	ctx.Resp.Header().Set("Expires", strconv.FormatInt(expires, 10))
+	ctx.Resp.Header().Set("Cache-Control", "public, max-age=31536000")
+}
+
+func containsParentDirectorySeparator(v string) bool {
+	if !strings.Contains(v, "..") {
+		return false
+	}
+	return slices.Contains(strings.FieldsFunc(v, isSlashRune), "..")
+}
+
+func isSlashRune(r rune) bool { return r == '/' || r == '\\' }
+
+func (h *serviceHandler) sendFile(ctx *context.Context, contentType, file string) {
+	if containsParentDirectorySeparator(file) {
+		log.Debug("request file path contains invalid path: %v", file)
+		ctx.Resp.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	fs := gitrepo.GetRepoFS(h.getStorageRepo())
+	ctx.Resp.Header().Set("Content-Type", contentType)
+	http.ServeFileFS(ctx.Resp, ctx.Req, fs, path.Clean(file))
+}
+
+// one or more key=value pairs separated by colons
+var safeGitProtocolHeader = regexp.MustCompile(`^[0-9a-zA-Z]+=[0-9a-zA-Z]+(:[0-9a-zA-Z]+=[0-9a-zA-Z]+)*$`)
+
+func prepareGitCmdWithAllowedService(service string, allowedServices []string) *gitcmd.Command {
+	if !slices.Contains(allowedServices, service) {
+		return nil
+	}
+	switch service {
+	case ServiceTypeReceivePack:
+		return gitcmd.NewCommand(ServiceTypeReceivePack)
+	case ServiceTypeUploadPack:
+		return gitcmd.NewCommand(ServiceTypeUploadPack)
+	case ServiceTypeUploadArchive:
+		return gitcmd.NewCommand(ServiceTypeUploadArchive)
+	default:
+		return nil
+	}
+}
+
+func serviceRPC(ctx *context.Context, service string) {
+	defer ctx.Req.Body.Close()
+	h := httpBase(ctx, "git-"+service)
+	if h == nil {
+		return
+	}
+
+	expectedContentType := fmt.Sprintf("application/x-git-%s-request", service)
+	if ctx.Req.Header.Get("Content-Type") != expectedContentType {
+		log.Debug("Content-Type (%q) doesn't match expected: %q", ctx.Req.Header.Get("Content-Type"), expectedContentType)
+		ctx.Resp.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	cmd := prepareGitCmdWithAllowedService(service, []string{ServiceTypeUploadPack, ServiceTypeReceivePack, ServiceTypeUploadArchive})
+	if cmd == nil {
+		ctx.Resp.WriteHeader(http.StatusBadRequest)
+		return
+	}
+	// git upload-archive does not have a "--stateless-rpc" option
+	if service == ServiceTypeUploadPack || service == ServiceTypeReceivePack {
+		cmd.AddArguments("--stateless-rpc")
+	}
+
+	ctx.Resp.Header().Set("Content-Type", fmt.Sprintf("application/x-git-%s-result", service))
+
+	reqBody := ctx.Req.Body
+
+	// Handle GZIP.
+	if ctx.Req.Header.Get("Content-Encoding") == "gzip" {
+		var err error
+		reqBody, err = gzip.NewReader(reqBody)
+		if err != nil {
+			ctx.Resp.WriteHeader(http.StatusBadRequest)
+			return
+		}
+	}
+
+	// set this for allow pre-receive and post-receive execute
+	h.environ = append(h.environ, "SSH_ORIGINAL_COMMAND="+service)
+
+	if protocol := ctx.Req.Header.Get("Git-Protocol"); protocol != "" && safeGitProtocolHeader.MatchString(protocol) {
+		h.environ = append(h.environ, "GIT_PROTOCOL="+protocol)
+	}
+
+	if err := gitrepo.RunCmdWithStderr(ctx, h.getStorageRepo(), cmd.AddArguments(".").
+		WithEnv(append(os.Environ(), h.environ...)).
+		WithStdinCopy(reqBody).
+		WithStdoutCopy(ctx.Resp),
+	); err != nil {
+		if !gitcmd.IsErrorCanceledOrKilled(err) {
+			log.Error("Fail to serve RPC(%s) in %s: %v", service, h.getStorageRepo().RelativePath(), err)
+		}
+	}
+}
+
+const (
+	ServiceTypeUploadPack    = "upload-pack"
+	ServiceTypeReceivePack   = "receive-pack"
+	ServiceTypeUploadArchive = "upload-archive"
+)
+
+// ServiceUploadPack implements Git Smart HTTP protocol
+func ServiceUploadPack(ctx *context.Context) {
+	serviceRPC(ctx, ServiceTypeUploadPack)
+}
+
+// ServiceReceivePack implements Git Smart HTTP protocol
+func ServiceReceivePack(ctx *context.Context) {
+	serviceRPC(ctx, ServiceTypeReceivePack)
+}
+
+func ServiceUploadArchive(ctx *context.Context) {
+	serviceRPC(ctx, ServiceTypeUploadArchive)
+}
+
+func packetWrite(str string) []byte {
+	s := strconv.FormatInt(int64(len(str)+4), 16)
+	if len(s)%4 != 0 {
+		s = strings.Repeat("0", 4-len(s)%4) + s
+	}
+	return []byte(s + str)
+}
+
+// GetInfoRefs implements Git dumb HTTP
+func GetInfoRefs(ctx *context.Context) {
+	h := httpBase(ctx, ctx.FormString("service")) // git http protocol: "?service=git-<service>"
+	if h == nil {
+		return
+	}
+	setHeaderNoCache(ctx)
+	if h.serviceType == "" {
+		// it's said that some legacy git clients will send requests to "/info/refs" without "service" parameter,
+		// although there should be no such case client in the modern days. TODO: not quite sure why we need this UpdateServerInfo logic
+		if err := gitrepo.UpdateServerInfo(ctx, h.getStorageRepo()); err != nil {
+			ctx.ServerError("UpdateServerInfo", err)
+			return
+		}
+		h.sendFile(ctx, "text/plain; charset=utf-8", "info/refs")
+		return
+	}
+
+	cmd := prepareGitCmdWithAllowedService(h.serviceType, []string{ServiceTypeUploadPack, ServiceTypeReceivePack})
+	if cmd == nil {
+		ctx.Resp.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	if protocol := ctx.Req.Header.Get("Git-Protocol"); protocol != "" && safeGitProtocolHeader.MatchString(protocol) {
+		h.environ = append(h.environ, "GIT_PROTOCOL="+protocol)
+	}
+	h.environ = append(os.Environ(), h.environ...)
+
+	cmd = cmd.AddArguments("--stateless-rpc", "--advertise-refs", ".").WithEnv(h.environ)
+	refs, _, err := gitrepo.RunCmdBytes(ctx, h.getStorageRepo(), cmd)
+	if err != nil {
+		ctx.ServerError("RunGitServiceAdvertiseRefs", err)
+		return
+	}
+
+	ctx.Resp.Header().Set("Content-Type", fmt.Sprintf("application/x-git-%s-advertisement", h.serviceType))
+	ctx.Resp.WriteHeader(http.StatusOK)
+	_, _ = ctx.Resp.Write(packetWrite("# service=git-" + h.serviceType + "\n"))
+	_, _ = ctx.Resp.Write([]byte("0000"))
+	_, _ = ctx.Resp.Write(refs)
+}
+
+// GetTextFile implements Git dumb HTTP
+func GetTextFile(p string) func(*context.Context) {
+	return func(ctx *context.Context) {
+		h := httpBase(ctx)
+		if h != nil {
+			setHeaderNoCache(ctx)
+			file := ctx.PathParam("file")
+			if file != "" {
+				h.sendFile(ctx, "text/plain", "objects/info/"+file)
+			} else {
+				h.sendFile(ctx, "text/plain", p)
+			}
+		}
+	}
+}
+
+// GetInfoPacks implements Git dumb HTTP
+func GetInfoPacks(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		setHeaderCacheForever(ctx)
+		h.sendFile(ctx, "text/plain; charset=utf-8", "objects/info/packs")
+	}
+}
+
+// GetLooseObject implements Git dumb HTTP
+func GetLooseObject(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		setHeaderCacheForever(ctx)
+		h.sendFile(ctx, "application/x-git-loose-object", fmt.Sprintf("objects/%s/%s",
+			ctx.PathParam("head"), ctx.PathParam("hash")))
+	}
+}
+
+// GetPackFile implements Git dumb HTTP
+func GetPackFile(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		setHeaderCacheForever(ctx)
+		h.sendFile(ctx, "application/x-git-packed-objects", "objects/pack/pack-"+ctx.PathParam("file")+".pack")
+	}
+}
+
+// GetIdxFile implements Git dumb HTTP
+func GetIdxFile(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		setHeaderCacheForever(ctx)
+		h.sendFile(ctx, "application/x-git-packed-objects-toc", "objects/pack/pack-"+ctx.PathParam("file")+".idx")
+	}
+}
@@ -0,0 +1,42 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestContainsParentDirectorySeparator(t *testing.T) {
+	tests := []struct {
+		v string
+		b bool
+	}{
+		{
+			v: `user2/repo1/info/refs`,
+			b: false,
+		},
+		{
+			v: `user2/repo1/HEAD`,
+			b: false,
+		},
+		{
+			v: `user2/repo1/some.../strange_file...mp3`,
+			b: false,
+		},
+		{
+			v: `user2/repo1/../../custom/conf/app.ini`,
+			b: true,
+		},
+		{
+			v: `user2/repo1/objects/info/..\..\..\..\custom\conf\app.ini`,
+			b: true,
+		},
+	}
+
+	for i := range tests {
+		assert.Equal(t, tests[i].b, containsParentDirectorySeparator(tests[i].v))
+	}
+}
@@ -0,0 +1,19 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"gitea.dev/modules/git"
+	"gitea.dev/services/context"
+)
+
+func HandleGitError(ctx *context.Context, msg string, err error) {
+	if git.IsErrNotExist(err) {
+		ctx.Data["NotFoundPrompt"] = ctx.Locale.Tr("repo.tree_path_not_found", ctx.Repo.TreePath, ctx.Repo.RefTypeNameSubURL())
+		ctx.Data["NotFoundGoBackURL"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL()
+		ctx.NotFound(err)
+	} else {
+		ctx.ServerError(msg, err)
+	}
+}
@@ -0,0 +1,650 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"html/template"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"gitea.dev/models/db"
+	issues_model "gitea.dev/models/issues"
+	access_model "gitea.dev/models/perm/access"
+	project_model "gitea.dev/models/project"
+	"gitea.dev/models/renderhelper"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/htmlutil"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/markup/markdown"
+	"gitea.dev/modules/optional"
+	api "gitea.dev/modules/structs"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/routers/common"
+	"gitea.dev/services/context"
+	"gitea.dev/services/convert"
+	"gitea.dev/services/forms"
+	issue_service "gitea.dev/services/issue"
+)
+
+const (
+	tplAttachment templates.TplName = "repo/issue/view_content/attachments"
+
+	tplIssues      templates.TplName = "repo/issue/list"
+	tplIssueNew    templates.TplName = "repo/issue/new"
+	tplIssueChoose templates.TplName = "repo/issue/choose"
+	tplIssueView   templates.TplName = "repo/issue/view"
+
+	tplPullMergeBox templates.TplName = "repo/issue/view_content/pull_merge_box"
+	tplReactions    templates.TplName = "repo/issue/view_content/reactions"
+
+	issueTemplateKey      = "IssueTemplate"
+	issueTemplateTitleKey = "IssueTemplateTitle"
+)
+
+// IssueTemplateCandidates issue templates
+var IssueTemplateCandidates = []string{
+	"ISSUE_TEMPLATE.md",
+	"ISSUE_TEMPLATE.yaml",
+	"ISSUE_TEMPLATE.yml",
+	"issue_template.md",
+	"issue_template.yaml",
+	"issue_template.yml",
+	".gitea/ISSUE_TEMPLATE.md",
+	".gitea/ISSUE_TEMPLATE.yaml",
+	".gitea/ISSUE_TEMPLATE.yml",
+	".gitea/issue_template.md",
+	".gitea/issue_template.yaml",
+	".gitea/issue_template.yml",
+	".github/ISSUE_TEMPLATE.md",
+	".github/ISSUE_TEMPLATE.yaml",
+	".github/ISSUE_TEMPLATE.yml",
+	".github/issue_template.md",
+	".github/issue_template.yaml",
+	".github/issue_template.yml",
+}
+
+// MustAllowUserComment checks to make sure if an issue is locked.
+// If locked and user has permissions to write to the repository,
+// then the comment is allowed, else it is blocked
+func MustAllowUserComment(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
+		ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked"))
+		ctx.Redirect(issue.Link())
+		return
+	}
+}
+
+// MustEnableIssues check if repository enable internal issues
+func MustEnableIssues(ctx *context.Context) {
+	if !ctx.Repo.Permission.CanRead(unit.TypeIssues) &&
+		!ctx.Repo.Permission.CanRead(unit.TypeExternalTracker) {
+		ctx.NotFound(nil)
+		return
+	}
+
+	unit, err := ctx.Repo.Repository.GetUnit(ctx, unit.TypeExternalTracker)
+	if err == nil {
+		ctx.Redirect(unit.ExternalTrackerConfig().ExternalTrackerURL)
+		return
+	}
+}
+
+// MustAllowPulls check if repository enable pull requests and user have right to do that
+func MustAllowPulls(ctx *context.Context) {
+	if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.Permission.CanRead(unit.TypePullRequests) {
+		ctx.NotFound(nil)
+		return
+	}
+}
+
+func retrieveProjectsInternal(ctx *context.Context, repo *repo_model.Repository) (open, closed []*project_model.Project) {
+	// Distinguish whether the owner of the repository
+	// is an individual or an organization
+	repoOwnerType := project_model.TypeIndividual
+	if repo.Owner.IsOrganization() {
+		repoOwnerType = project_model.TypeOrganization
+	}
+
+	projectsUnit := repo.MustGetUnit(ctx, unit.TypeProjects)
+
+	var openProjects []*project_model.Project
+	var closedProjects []*project_model.Project
+	var err error
+
+	if projectsUnit.ProjectsConfig().IsProjectsAllowed(repo_model.ProjectsModeRepo) {
+		openProjects, err = db.Find[project_model.Project](ctx, project_model.SearchOptions{
+			ListOptions: db.ListOptionsAll,
+			RepoID:      repo.ID,
+			IsClosed:    optional.Some(false),
+			Type:        project_model.TypeRepository,
+		})
+		if err != nil {
+			ctx.ServerError("GetProjects", err)
+			return nil, nil
+		}
+		closedProjects, err = db.Find[project_model.Project](ctx, project_model.SearchOptions{
+			ListOptions: db.ListOptionsAll,
+			RepoID:      repo.ID,
+			IsClosed:    optional.Some(true),
+			Type:        project_model.TypeRepository,
+		})
+		if err != nil {
+			ctx.ServerError("GetProjects", err)
+			return nil, nil
+		}
+	}
+
+	if projectsUnit.ProjectsConfig().IsProjectsAllowed(repo_model.ProjectsModeOwner) {
+		openProjects2, err := db.Find[project_model.Project](ctx, project_model.SearchOptions{
+			ListOptions: db.ListOptionsAll,
+			OwnerID:     repo.OwnerID,
+			IsClosed:    optional.Some(false),
+			Type:        repoOwnerType,
+		})
+		if err != nil {
+			ctx.ServerError("GetProjects", err)
+			return nil, nil
+		}
+		openProjects = append(openProjects, openProjects2...)
+		closedProjects2, err := db.Find[project_model.Project](ctx, project_model.SearchOptions{
+			ListOptions: db.ListOptionsAll,
+			OwnerID:     repo.OwnerID,
+			IsClosed:    optional.Some(true),
+			Type:        repoOwnerType,
+		})
+		if err != nil {
+			ctx.ServerError("GetProjects", err)
+			return nil, nil
+		}
+		closedProjects = append(closedProjects, closedProjects2...)
+	}
+	return openProjects, closedProjects
+}
+
+// GetActionIssue will return the issue which is used in the context.
+func GetActionIssue(ctx *context.Context) *issues_model.Issue {
+	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
+	if err != nil {
+		ctx.NotFoundOrServerError("GetIssueByIndex", issues_model.IsErrIssueNotExist, err)
+		return nil
+	}
+	issue.Repo = ctx.Repo.Repository
+	checkIssueRights(ctx, issue)
+	if ctx.Written() {
+		return nil
+	}
+	if err = issue.LoadAttributes(ctx); err != nil {
+		ctx.ServerError("LoadAttributes", err)
+		return nil
+	}
+	return issue
+}
+
+func checkIssueRights(ctx *context.Context, issue *issues_model.Issue) {
+	if issue.IsPull && !ctx.Repo.Permission.CanRead(unit.TypePullRequests) ||
+		!issue.IsPull && !ctx.Repo.Permission.CanRead(unit.TypeIssues) {
+		ctx.NotFound(nil)
+	}
+}
+
+func getActionIssues(ctx *context.Context) issues_model.IssueList {
+	commaSeparatedIssueIDs := ctx.FormString("issue_ids")
+	if len(commaSeparatedIssueIDs) == 0 {
+		return nil
+	}
+	issueIDs := make([]int64, 0, 10)
+	for stringIssueID := range strings.SplitSeq(commaSeparatedIssueIDs, ",") {
+		issueID, err := strconv.ParseInt(stringIssueID, 10, 64)
+		if err != nil {
+			ctx.ServerError("ParseInt", err)
+			return nil
+		}
+		issueIDs = append(issueIDs, issueID)
+	}
+	issues, err := issues_model.GetIssuesByIDs(ctx, issueIDs)
+	if err != nil {
+		ctx.ServerError("GetIssuesByIDs", err)
+		return nil
+	}
+	// Check access rights for all issues
+	issueUnitEnabled := ctx.Repo.Permission.CanRead(unit.TypeIssues)
+	prUnitEnabled := ctx.Repo.Permission.CanRead(unit.TypePullRequests)
+	for _, issue := range issues {
+		if issue.RepoID != ctx.Repo.Repository.ID {
+			ctx.NotFound(errors.New("some issue's RepoID is incorrect"))
+			return nil
+		}
+		if issue.IsPull && !prUnitEnabled || !issue.IsPull && !issueUnitEnabled {
+			ctx.NotFound(nil)
+			return nil
+		}
+		if err = issue.LoadAttributes(ctx); err != nil {
+			ctx.ServerError("LoadAttributes", err)
+			return nil
+		}
+	}
+	return issues
+}
+
+// GetIssueInfo get an issue of a repository
+func GetIssueInfo(ctx *context.Context) {
+	issue, err := issues_model.GetIssueWithAttrsByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
+	if err != nil {
+		if issues_model.IsErrIssueNotExist(err) {
+			ctx.HTTPError(http.StatusNotFound)
+		} else {
+			ctx.HTTPError(http.StatusInternalServerError, "GetIssueByIndex", err.Error())
+		}
+		return
+	}
+
+	if issue.IsPull {
+		// Need to check if Pulls are enabled and we can read Pulls
+		if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.Permission.CanRead(unit.TypePullRequests) {
+			ctx.HTTPError(http.StatusNotFound)
+			return
+		}
+	} else {
+		// Need to check if Issues are enabled and we can read Issues
+		if !ctx.Repo.Permission.CanRead(unit.TypeIssues) {
+			ctx.HTTPError(http.StatusNotFound)
+			return
+		}
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"convertedIssue": convert.ToIssue(ctx, ctx.Doer, issue),
+		"renderedLabels": templates.NewRenderUtils(ctx).RenderLabels(issue.Labels, ctx.Repo.RepoLink, issue),
+	})
+}
+
+// UpdateIssueTitle change issue's title
+func UpdateIssueTitle(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) {
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	title := ctx.FormTrim("title")
+	if len(title) == 0 {
+		ctx.HTTPError(http.StatusNoContent)
+		return
+	}
+
+	if err := issue_service.ChangeTitle(ctx, issue, ctx.Doer, title); err != nil {
+		ctx.ServerError("ChangeTitle", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"title": issue.Title,
+	})
+}
+
+// UpdateIssueRef change issue's ref (branch)
+func UpdateIssueRef(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) || issue.IsPull {
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	ref := ctx.FormTrim("ref")
+
+	if err := issue_service.ChangeIssueRef(ctx, issue, ctx.Doer, ref); err != nil {
+		ctx.ServerError("ChangeRef", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"ref": ref,
+	})
+}
+
+// UpdateIssueContent change issue's content
+func UpdateIssueContent(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) {
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	if err := issue_service.ChangeContent(ctx, issue, ctx.Doer, ctx.Req.FormValue("content"), ctx.FormInt("content_version")); err != nil {
+		if errors.Is(err, user_model.ErrBlockedUser) {
+			ctx.JSONError(ctx.Tr("repo.issues.edit.blocked_user"))
+		} else if errors.Is(err, issues_model.ErrIssueAlreadyChanged) {
+			if issue.IsPull {
+				ctx.JSONError(ctx.Tr("repo.pulls.edit.already_changed"))
+			} else {
+				ctx.JSONError(ctx.Tr("repo.issues.edit.already_changed"))
+			}
+		} else {
+			ctx.ServerError("ChangeContent", err)
+		}
+		return
+	}
+
+	// when update the request doesn't intend to update attachments (eg: change checkbox state), ignore attachment updates
+	if !ctx.FormBool("ignore_attachments") {
+		if err := updateAttachments(ctx, issue, ctx.FormStrings("files[]")); err != nil {
+			ctx.ServerError("UpdateAttachments", err)
+			return
+		}
+	}
+
+	rctx := renderhelper.NewRenderContextRepoComment(ctx, ctx.Repo.Repository, renderhelper.RepoCommentOptions{
+		FootnoteContextID: "0",
+	})
+	content, err := markdown.RenderString(rctx, issue.Content)
+	if err != nil {
+		ctx.ServerError("RenderString", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"content":        commentContentHTML(ctx, content),
+		"contentVersion": issue.ContentVersion,
+		"attachments":    attachmentsHTML(ctx, issue.Attachments, issue.Content),
+	})
+}
+
+// UpdateIssueDeadline updates an issue deadline
+func UpdateIssueDeadline(ctx *context.Context) {
+	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
+	if err != nil {
+		if issues_model.IsErrIssueNotExist(err) {
+			ctx.NotFound(err)
+		} else {
+			ctx.HTTPError(http.StatusInternalServerError, "GetIssueByIndex", err.Error())
+		}
+		return
+	}
+
+	if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
+		ctx.HTTPError(http.StatusForbidden, "", "Not repo writer")
+		return
+	}
+
+	deadlineUnix, _ := common.ParseDeadlineDateToEndOfDay(ctx.FormString("deadline"))
+	if err := issues_model.UpdateIssueDeadline(ctx, issue, deadlineUnix, ctx.Doer); err != nil {
+		ctx.HTTPError(http.StatusInternalServerError, "UpdateIssueDeadline", err.Error())
+		return
+	}
+
+	ctx.JSONRedirect("")
+}
+
+// UpdateIssueMilestone change issue's milestone
+func UpdateIssueMilestone(ctx *context.Context) {
+	issues := getActionIssues(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	milestoneID := ctx.FormInt64("id")
+	for _, issue := range issues {
+		oldMilestoneID := issue.MilestoneID
+		if oldMilestoneID == milestoneID {
+			continue
+		}
+		issue.MilestoneID = milestoneID
+		if milestoneID > 0 {
+			var err error
+			issue.Milestone, err = issues_model.GetMilestoneByRepoID(ctx, ctx.Repo.Repository.ID, milestoneID)
+			if err != nil {
+				ctx.ServerError("GetMilestoneByRepoID", err)
+				return
+			}
+		} else {
+			issue.Milestone = nil
+		}
+		if err := issue_service.ChangeMilestoneAssign(ctx, issue, ctx.Doer, oldMilestoneID); err != nil {
+			ctx.ServerError("ChangeMilestoneAssign", err)
+			return
+		}
+	}
+
+	ctx.JSONOK()
+}
+
+// UpdateIssueAssignee change issue's or pull's assignee
+func UpdateIssueAssignee(ctx *context.Context) {
+	issues := getActionIssues(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	assigneeID := ctx.FormInt64("id")
+	action := ctx.FormString("action")
+
+	for _, issue := range issues {
+		switch action {
+		case "clear":
+			if err := issue_service.DeleteNotPassedAssignee(ctx, issue, ctx.Doer, []*user_model.User{}); err != nil {
+				ctx.ServerError("ClearAssignees", err)
+				return
+			}
+		default:
+			assignee, err := user_model.GetUserByID(ctx, assigneeID)
+			if err != nil {
+				ctx.ServerError("GetUserByID", err)
+				return
+			}
+
+			valid, err := access_model.CanBeAssigned(ctx, assignee, issue.Repo, issue.IsPull)
+			if err != nil {
+				ctx.ServerError("canBeAssigned", err)
+				return
+			}
+			if !valid {
+				ctx.ServerError("canBeAssigned", repo_model.ErrUserDoesNotHaveAccessToRepo{UserID: assigneeID, RepoName: issue.Repo.Name})
+				return
+			}
+
+			_, _, err = issue_service.ToggleAssigneeWithNotify(ctx, issue, ctx.Doer, assigneeID)
+			if err != nil {
+				ctx.ServerError("ToggleAssignee", err)
+				return
+			}
+		}
+	}
+	ctx.JSONOK()
+}
+
+// ChangeIssueReaction create a reaction for issue
+func ChangeIssueReaction(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.ReactionForm)
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull)) {
+		if log.IsTrace() {
+			if ctx.IsSigned {
+				issueType := "issues"
+				if issue.IsPull {
+					issueType = "pulls"
+				}
+				log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
+					"User in Repo has Permissions: %-+v",
+					ctx.Doer,
+					issue.PosterID,
+					issueType,
+					ctx.Repo.Repository,
+					ctx.Repo.Permission)
+			} else {
+				log.Trace("Permission Denied: Not logged in")
+			}
+		}
+
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	if ctx.HasError() {
+		ctx.ServerError("ChangeIssueReaction", errors.New(ctx.GetErrMsg()))
+		return
+	}
+
+	switch ctx.PathParam("action") {
+	case "react":
+		reaction, err := issue_service.CreateIssueReaction(ctx, ctx.Doer, issue, form.Content)
+		if err != nil {
+			if issues_model.IsErrForbiddenIssueReaction(err) || errors.Is(err, user_model.ErrBlockedUser) {
+				ctx.ServerError("ChangeIssueReaction", err)
+				return
+			}
+			log.Info("CreateIssueReaction: %s", err)
+			break
+		}
+		// Reload new reactions
+		issue.Reactions = nil
+		if err = issue.LoadAttributes(ctx); err != nil {
+			log.Info("issue.LoadAttributes: %s", err)
+			break
+		}
+
+		log.Trace("Reaction for issue created: %d/%d/%d", ctx.Repo.Repository.ID, issue.ID, reaction.ID)
+	case "unreact":
+		if err := issues_model.DeleteIssueReaction(ctx, ctx.Doer.ID, issue.ID, form.Content); err != nil {
+			ctx.ServerError("DeleteIssueReaction", err)
+			return
+		}
+
+		// Reload new reactions
+		issue.Reactions = nil
+		if err := issue.LoadAttributes(ctx); err != nil {
+			log.Info("issue.LoadAttributes: %s", err)
+			break
+		}
+
+		log.Trace("Reaction for issue removed: %d/%d", ctx.Repo.Repository.ID, issue.ID)
+	default:
+		ctx.NotFound(nil)
+		return
+	}
+
+	if len(issue.Reactions) == 0 {
+		ctx.JSON(http.StatusOK, map[string]any{
+			"empty": true,
+			"html":  "",
+		})
+		return
+	}
+
+	html, err := ctx.RenderToHTML(tplReactions, map[string]any{
+		"ActionURL": fmt.Sprintf("%s/issues/%d/reactions", ctx.Repo.RepoLink, issue.Index),
+		"Reactions": issue.Reactions.GroupByType(),
+	})
+	if err != nil {
+		ctx.ServerError("ChangeIssueReaction.HTMLString", err)
+		return
+	}
+	ctx.JSON(http.StatusOK, map[string]any{
+		"html": html,
+	})
+}
+
+// GetIssueAttachments returns attachments for the issue
+func GetIssueAttachments(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+	attachments := make([]*api.Attachment, len(issue.Attachments))
+	for i := 0; i < len(issue.Attachments); i++ {
+		attachments[i] = convert.ToAttachment(ctx.Repo.Repository, issue.Attachments[i])
+	}
+	ctx.JSON(http.StatusOK, attachments)
+}
+
+func updateAttachments(ctx *context.Context, item any, files []string) error {
+	var attachments []*repo_model.Attachment
+	switch content := item.(type) {
+	case *issues_model.Issue:
+		attachments = content.Attachments
+	case *issues_model.Comment:
+		attachments = content.Attachments
+	default:
+		return fmt.Errorf("unknown Type: %T", content)
+	}
+	for i := 0; i < len(attachments); i++ {
+		if util.SliceContainsString(files, attachments[i].UUID) {
+			continue
+		}
+		if err := repo_model.DeleteAttachment(ctx, attachments[i], true); err != nil {
+			return err
+		}
+	}
+	var err error
+	if len(files) > 0 {
+		switch content := item.(type) {
+		case *issues_model.Issue:
+			err = issues_model.UpdateIssueAttachments(ctx, content.ID, files)
+		case *issues_model.Comment:
+			err = issues_model.UpdateCommentAttachments(ctx, content, files)
+		default:
+			return fmt.Errorf("unknown Type: %T", content)
+		}
+		if err != nil {
+			return err
+		}
+	}
+	switch content := item.(type) {
+	case *issues_model.Issue:
+		content.Attachments, err = repo_model.GetAttachmentsByIssueID(ctx, content.ID)
+	case *issues_model.Comment:
+		content.Attachments, err = repo_model.GetAttachmentsByCommentID(ctx, content.ID)
+	default:
+		return fmt.Errorf("unknown Type: %T", content)
+	}
+	return err
+}
+
+func commentContentHTML(ctx *context.Context, content template.HTML) template.HTML {
+	if strings.TrimSpace(string(content)) == "" {
+		return htmlutil.HTMLFormat(`<span class="no-content">%s</span>`, ctx.Tr("repo.issues.no_content"))
+	}
+	return content
+}
+
+func attachmentsHTML(ctx *context.Context, attachments []*repo_model.Attachment, content string) template.HTML {
+	attachHTML, err := ctx.RenderToHTML(tplAttachment, map[string]any{
+		"ctxData":     ctx.Data,
+		"Attachments": attachments,
+		"Content":     content,
+	})
+	if err != nil {
+		ctx.ServerError("attachmentsHTML.HTMLString", err)
+		return ""
+	}
+	return attachHTML
+}
@@ -0,0 +1,451 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"html/template"
+	"net/http"
+	"strconv"
+
+	git_model "gitea.dev/models/git"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/renderhelper"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/markup/markdown"
+	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/setting"
+	api "gitea.dev/modules/structs"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/convert"
+	"gitea.dev/services/forms"
+	issue_service "gitea.dev/services/issue"
+	pull_service "gitea.dev/services/pull"
+)
+
+// NewComment create a comment for issue
+func NewComment(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if issue == nil {
+		return
+	}
+
+	if ctx.HasError() {
+		ctx.JSONError(ctx.GetErrMsg())
+		return
+	}
+
+	form := web.GetForm(ctx).(*forms.CreateCommentForm)
+	issueType := util.Iif(issue.IsPull, "pulls", "issues")
+
+	if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull)) {
+		log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
+			"User in Repo has Permissions: %-+v", ctx.Doer, issue.PosterID, issueType, ctx.Repo.Repository, ctx.Repo.Permission)
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	if issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
+		ctx.JSONError(ctx.Tr("repo.issues.comment_on_locked"))
+		return
+	}
+
+	redirect := fmt.Sprintf("%s/%s/%d", ctx.Repo.RepoLink, issueType, issue.Index)
+	attachments := util.Iif(setting.Attachment.Enabled, form.Files, nil)
+
+	// allow empty content if there are attachments
+	if form.Content != "" || len(attachments) > 0 {
+		comment, err := issue_service.CreateIssueComment(ctx, ctx.Doer, ctx.Repo.Repository, issue, form.Content, attachments)
+		if err != nil {
+			if errors.Is(err, user_model.ErrBlockedUser) {
+				ctx.JSONError(ctx.Tr("repo.issues.comment.blocked_user"))
+			} else {
+				ctx.ServerError("CreateIssueComment", err)
+			}
+			return
+		}
+		// redirect to the comment's hashtag
+		redirect += "#" + comment.HashTag()
+	} else if form.Status == "" {
+		// if no status change (close, reopen), it is a plain comment, and content is required
+		// "approve/reject" are handled differently in SubmitReview
+		ctx.JSONError(ctx.Tr("repo.issues.comment_no_content"))
+		return
+	}
+
+	// ATTENTION: From now on, do not use ctx.JSONError, don't return on user error, because the comment has been created.
+	// Always use ctx.Flash.Xxx and then redirect, then the message will be displayed
+	// TODO: need further refactoring to the code below
+
+	// Check if doer can change the status of issue (close, reopen).
+	if (ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) || (ctx.IsSigned && issue.IsPoster(ctx.Doer.ID))) &&
+		(form.Status == "reopen" || form.Status == "close") &&
+		!(issue.IsPull && issue.PullRequest.HasMerged) {
+		// Duplication and conflict check should apply to reopen pull request.
+		var branchOtherUnmergedPR *issues_model.PullRequest
+		var err error
+		if form.Status == "reopen" && issue.IsPull {
+			pull := issue.PullRequest
+			branchOtherUnmergedPR, err = issues_model.GetUnmergedPullRequest(ctx, pull.HeadRepoID, pull.BaseRepoID, pull.HeadBranch, pull.BaseBranch, pull.Flow)
+			if err != nil {
+				if !issues_model.IsErrPullRequestNotExist(err) {
+					ctx.Flash.Error(ctx.Tr("repo.issues.dependency.pr_close_blocked"))
+				}
+			}
+
+			if branchOtherUnmergedPR != nil {
+				ctx.Flash.Error(ctx.Tr("repo.pulls.open_unmerged_pull_exists", branchOtherUnmergedPR.Index))
+			} else {
+				// Regenerate patch and test conflict.
+				issue.PullRequest.HeadCommitID = ""
+				pull_service.StartPullRequestCheckImmediately(ctx, issue.PullRequest)
+			}
+
+			// check whether the ref of PR <refs/pulls/pr_index/head> in base repo is consistent with the head commit of head branch in the head repo
+			// get head commit of PR
+			if branchOtherUnmergedPR != nil && pull.Flow == issues_model.PullRequestFlowGithub {
+				prHeadRef := pull.GetGitHeadRefName()
+				if err := pull.LoadBaseRepo(ctx); err != nil {
+					ctx.ServerError("Unable to load base repo", err)
+					return
+				}
+				prHeadCommitID, err := gitrepo.GetFullCommitID(ctx, pull.BaseRepo, prHeadRef)
+				if err != nil {
+					ctx.ServerError("Get head commit Id of pr fail", err)
+					return
+				}
+
+				// get head commit of branch in the head repo
+				if err := pull.LoadHeadRepo(ctx); err != nil {
+					ctx.ServerError("Unable to load head repo", err)
+					return
+				}
+				if exist, _ := git_model.IsBranchExist(ctx, pull.HeadRepo.ID, pull.BaseBranch); !exist {
+					ctx.Flash.Error("The origin branch is delete, cannot reopen.")
+					return
+				}
+				headBranchRef := git.RefNameFromBranch(pull.HeadBranch)
+				headBranchCommitID, err := gitrepo.GetFullCommitID(ctx, pull.HeadRepo, headBranchRef.String())
+				if err != nil {
+					ctx.ServerError("Get head commit Id of head branch fail", err)
+					return
+				}
+
+				err = pull.LoadIssue(ctx)
+				if err != nil {
+					ctx.ServerError("load the issue of pull request error", err)
+					return
+				}
+
+				if prHeadCommitID != headBranchCommitID {
+					// force push to base repo
+					err := gitrepo.Push(ctx, pull.HeadRepo, pull.BaseRepo, git.PushOptions{
+						Branch: pull.HeadBranch + ":" + prHeadRef,
+						Force:  true,
+						Env:    repo_module.InternalPushingEnvironment(pull.Issue.Poster, pull.BaseRepo),
+					})
+					if err != nil {
+						ctx.ServerError("force push error", err)
+						return
+					}
+				}
+			}
+		}
+
+		if form.Status == "close" && !issue.IsClosed {
+			if err := issue_service.CloseIssue(ctx, issue, ctx.Doer, ""); err != nil {
+				log.Error("CloseIssue: %v", err)
+				if issues_model.IsErrDependenciesLeft(err) {
+					if issue.IsPull {
+						ctx.Flash.Error(ctx.Tr("repo.issues.dependency.pr_close_blocked"))
+					} else {
+						ctx.Flash.Error(ctx.Tr("repo.issues.dependency.issue_close_blocked"))
+					}
+				}
+			} else {
+				if err := stopTimerIfAvailable(ctx, ctx.Doer, issue); err != nil {
+					ctx.ServerError("stopTimerIfAvailable", err)
+					return
+				}
+				log.Trace("Issue [%d] status changed to closed: %v", issue.ID, issue.IsClosed)
+			}
+		} else if form.Status == "reopen" && issue.IsClosed && branchOtherUnmergedPR == nil {
+			if err := issue_service.ReopenIssue(ctx, issue, ctx.Doer, ""); err != nil {
+				log.Error("ReopenIssue: %v", err)
+				ctx.Flash.Error("Unable to reopen.")
+			}
+		}
+	} // end if: handle close or reopen
+
+	ctx.JSONRedirect(redirect)
+}
+
+// UpdateCommentContent change comment of issue's content
+func UpdateCommentContent(ctx *context.Context) {
+	comment, err := issues_model.GetCommentByID(ctx, ctx.PathParamInt64("id"))
+	if err != nil {
+		ctx.NotFoundOrServerError("GetCommentByID", issues_model.IsErrCommentNotExist, err)
+		return
+	}
+
+	if err := comment.LoadIssue(ctx); err != nil {
+		ctx.NotFoundOrServerError("LoadIssue", issues_model.IsErrIssueNotExist, err)
+		return
+	}
+
+	if comment.Issue.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound(issues_model.ErrCommentNotExist{})
+		return
+	}
+
+	if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	if !comment.Type.HasContentSupport() {
+		ctx.HTTPError(http.StatusNoContent)
+		return
+	}
+
+	newContent := ctx.FormString("content")
+	contentVersion := ctx.FormInt("content_version")
+	if contentVersion != comment.ContentVersion {
+		ctx.JSONError(ctx.Tr("repo.comments.edit.already_changed"))
+		return
+	}
+
+	if newContent != comment.Content {
+		// allow to save empty content
+		oldContent := comment.Content
+		comment.Content = newContent
+
+		if err = issue_service.UpdateComment(ctx, comment, contentVersion, ctx.Doer, oldContent); err != nil {
+			if errors.Is(err, user_model.ErrBlockedUser) {
+				ctx.JSONError(ctx.Tr("repo.issues.comment.blocked_user"))
+			} else if errors.Is(err, issues_model.ErrCommentAlreadyChanged) {
+				ctx.JSONError(ctx.Tr("repo.comments.edit.already_changed"))
+			} else {
+				ctx.ServerError("UpdateComment", err)
+			}
+			return
+		}
+	}
+
+	if err := comment.LoadAttachments(ctx); err != nil {
+		ctx.ServerError("LoadAttachments", err)
+		return
+	}
+
+	// when the update request doesn't intend to update attachments (eg: change checkbox state), ignore attachment updates
+	if !ctx.FormBool("ignore_attachments") {
+		if err := updateAttachments(ctx, comment, ctx.FormStrings("files[]")); err != nil {
+			ctx.ServerError("UpdateAttachments", err)
+			return
+		}
+	}
+
+	var renderedContent template.HTML
+	if comment.Content != "" {
+		rctx := renderhelper.NewRenderContextRepoComment(ctx, ctx.Repo.Repository, renderhelper.RepoCommentOptions{
+			FootnoteContextID: strconv.FormatInt(comment.ID, 10),
+		})
+		renderedContent, err = markdown.RenderString(rctx, comment.Content)
+		if err != nil {
+			ctx.ServerError("RenderString", err)
+			return
+		}
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"content":        commentContentHTML(ctx, renderedContent),
+		"contentVersion": comment.ContentVersion,
+		"attachments":    attachmentsHTML(ctx, comment.Attachments, comment.Content),
+	})
+}
+
+// DeleteComment delete comment of issue
+func DeleteComment(ctx *context.Context) {
+	comment, err := issues_model.GetCommentByID(ctx, ctx.PathParamInt64("id"))
+	if err != nil {
+		ctx.NotFoundOrServerError("GetCommentByID", issues_model.IsErrCommentNotExist, err)
+		return
+	}
+
+	if err := comment.LoadIssue(ctx); err != nil {
+		ctx.NotFoundOrServerError("LoadIssue", issues_model.IsErrIssueNotExist, err)
+		return
+	}
+
+	if comment.Issue.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound(issues_model.ErrCommentNotExist{})
+		return
+	}
+
+	if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	} else if !comment.Type.HasContentSupport() {
+		ctx.HTTPError(http.StatusNoContent)
+		return
+	}
+
+	if err = issue_service.DeleteComment(ctx, ctx.Doer, comment); err != nil {
+		ctx.ServerError("DeleteComment", err)
+		return
+	}
+
+	ctx.Status(http.StatusOK)
+}
+
+// ChangeCommentReaction create a reaction for comment
+func ChangeCommentReaction(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.ReactionForm)
+	comment, err := issues_model.GetCommentByID(ctx, ctx.PathParamInt64("id"))
+	if err != nil {
+		ctx.NotFoundOrServerError("GetCommentByID", issues_model.IsErrCommentNotExist, err)
+		return
+	}
+
+	if err := comment.LoadIssue(ctx); err != nil {
+		ctx.NotFoundOrServerError("LoadIssue", issues_model.IsErrIssueNotExist, err)
+		return
+	}
+
+	if comment.Issue.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound(issues_model.ErrCommentNotExist{})
+		return
+	}
+
+	if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull)) {
+		if log.IsTrace() {
+			if ctx.IsSigned {
+				issueType := "issues"
+				if comment.Issue.IsPull {
+					issueType = "pulls"
+				}
+				log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
+					"User in Repo has Permissions: %-+v",
+					ctx.Doer,
+					comment.Issue.PosterID,
+					issueType,
+					ctx.Repo.Repository,
+					ctx.Repo.Permission)
+			} else {
+				log.Trace("Permission Denied: Not logged in")
+			}
+		}
+
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	if !comment.Type.HasContentSupport() {
+		ctx.HTTPError(http.StatusNoContent)
+		return
+	}
+
+	switch ctx.PathParam("action") {
+	case "react":
+		reaction, err := issue_service.CreateCommentReaction(ctx, ctx.Doer, comment, form.Content)
+		if err != nil {
+			if issues_model.IsErrForbiddenIssueReaction(err) || errors.Is(err, user_model.ErrBlockedUser) {
+				ctx.ServerError("ChangeIssueReaction", err)
+				return
+			}
+			log.Info("CreateCommentReaction: %s", err)
+			break
+		}
+		// Reload new reactions
+		comment.Reactions = nil
+		if err = comment.LoadReactions(ctx, ctx.Repo.Repository); err != nil {
+			log.Info("comment.LoadReactions: %s", err)
+			break
+		}
+
+		log.Trace("Reaction for comment created: %d/%d/%d/%d", ctx.Repo.Repository.ID, comment.Issue.ID, comment.ID, reaction.ID)
+	case "unreact":
+		if err := issues_model.DeleteCommentReaction(ctx, ctx.Doer.ID, comment.Issue.ID, comment.ID, form.Content); err != nil {
+			ctx.ServerError("DeleteCommentReaction", err)
+			return
+		}
+
+		// Reload new reactions
+		comment.Reactions = nil
+		if err = comment.LoadReactions(ctx, ctx.Repo.Repository); err != nil {
+			log.Info("comment.LoadReactions: %s", err)
+			break
+		}
+
+		log.Trace("Reaction for comment removed: %d/%d/%d", ctx.Repo.Repository.ID, comment.Issue.ID, comment.ID)
+	default:
+		ctx.NotFound(nil)
+		return
+	}
+
+	if len(comment.Reactions) == 0 {
+		ctx.JSON(http.StatusOK, map[string]any{
+			"empty": true,
+			"html":  "",
+		})
+		return
+	}
+
+	html, err := ctx.RenderToHTML(tplReactions, map[string]any{
+		"ActionURL": fmt.Sprintf("%s/comments/%d/reactions", ctx.Repo.RepoLink, comment.ID),
+		"Reactions": comment.Reactions.GroupByType(),
+	})
+	if err != nil {
+		ctx.ServerError("ChangeCommentReaction.HTMLString", err)
+		return
+	}
+	ctx.JSON(http.StatusOK, map[string]any{
+		"html": html,
+	})
+}
+
+// GetCommentAttachments returns attachments for the comment
+func GetCommentAttachments(ctx *context.Context) {
+	comment, err := issues_model.GetCommentByID(ctx, ctx.PathParamInt64("id"))
+	if err != nil {
+		ctx.NotFoundOrServerError("GetCommentByID", issues_model.IsErrCommentNotExist, err)
+		return
+	}
+
+	if err := comment.LoadIssue(ctx); err != nil {
+		ctx.NotFoundOrServerError("LoadIssue", issues_model.IsErrIssueNotExist, err)
+		return
+	}
+
+	if comment.Issue.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound(issues_model.ErrCommentNotExist{})
+		return
+	}
+
+	if !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull) {
+		ctx.NotFound(issues_model.ErrCommentNotExist{})
+		return
+	}
+
+	if !comment.Type.HasAttachmentSupport() {
+		ctx.ServerError("GetCommentAttachments", fmt.Errorf("comment type %v does not support attachments", comment.Type))
+		return
+	}
+
+	attachments := make([]*api.Attachment, 0)
+	if err := comment.LoadAttachments(ctx); err != nil {
+		ctx.ServerError("LoadAttachments", err)
+		return
+	}
+	for i := 0; i < len(comment.Attachments); i++ {
+		attachments = append(attachments, convert.ToAttachment(ctx.Repo.Repository, comment.Attachments[i]))
+	}
+	ctx.JSON(http.StatusOK, attachments)
+}
@@ -0,0 +1,234 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"bytes"
+	"html"
+	"html/template"
+	"net/http"
+	"strings"
+
+	"gitea.dev/models/avatars"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/modules/htmlutil"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+
+	"github.com/sergi/go-diff/diffmatchpatch"
+)
+
+// GetContentHistoryOverview get overview
+func GetContentHistoryOverview(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	editedHistoryCountMap, _ := issues_model.QueryIssueContentHistoryEditedCountMap(ctx, issue.ID)
+	ctx.JSON(http.StatusOK, map[string]any{
+		"i18n": map[string]any{
+			"textEdited":                   ctx.Tr("repo.issues.content_history.edited"),
+			"textDeleteFromHistory":        ctx.Tr("repo.issues.content_history.delete_from_history"),
+			"textDeleteFromHistoryConfirm": ctx.Tr("repo.issues.content_history.delete_from_history_confirm"),
+			"textOptions":                  ctx.Tr("repo.issues.content_history.options"),
+		},
+		"editedHistoryCountMap": editedHistoryCountMap,
+	})
+}
+
+// GetContentHistoryList  get list
+func GetContentHistoryList(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	commentID := ctx.FormInt64("comment_id")
+	items, _ := issues_model.FetchIssueContentHistoryList(ctx, issue.ID, commentID)
+
+	// render history list to HTML for frontend dropdown items: (name, value)
+	// name is HTML of "avatar + userName + userAction + timeSince"
+	// value is historyId
+	var results []map[string]any
+	for _, item := range items {
+		var actionHTML template.HTML
+		if item.IsDeleted {
+			actionHTML = htmlutil.HTMLFormat(`<i data-history-is-deleted="1">%s</i>`, ctx.Locale.TrString("repo.issues.content_history.deleted"))
+		} else if item.IsFirstCreated {
+			actionHTML = ctx.Locale.Tr("repo.issues.content_history.created")
+		} else {
+			actionHTML = ctx.Locale.Tr("repo.issues.content_history.edited")
+		}
+
+		var fullNameHTML template.HTML
+		userName, fullName := item.UserName, strings.TrimSpace(item.UserFullName)
+		if fullName != "" {
+			fullNameHTML = htmlutil.HTMLFormat(` (<span class="tw-inline-flex tw-max-w-[160px]"><span class="gt-ellipsis">%s</span></span>)`, fullName)
+		}
+
+		avatarHTML := templates.AvatarHTML(item.UserAvatarLink, 24, avatars.DefaultAvatarClass+" tw-mr-2", userName)
+		timeSinceHTML := templates.TimeSince(item.EditedUnix)
+		results = append(results, map[string]any{
+			"name":  htmlutil.HTMLFormat("%s <strong>%s</strong>%s %s %s", avatarHTML, userName, fullNameHTML, actionHTML, timeSinceHTML),
+			"value": item.HistoryID,
+		})
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"results": results,
+	})
+}
+
+// canSoftDeleteContentHistory checks whether current user can soft-delete a history revision
+// Admins or owners can always delete history revisions. Normal users can only delete own history revisions.
+func canSoftDeleteContentHistory(ctx *context.Context, issue *issues_model.Issue, comment *issues_model.Comment,
+	history *issues_model.ContentHistory,
+) (canSoftDelete bool) {
+	// CanWrite means the doer can manage the issue/PR list
+	if ctx.Repo.Permission.IsOwner() || ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
+		canSoftDelete = true
+	} else if ctx.Doer != nil {
+		// for read-only users, they could still post issues or comments,
+		// they should be able to delete the history related to their own issue/comment, a case is:
+		// 1. the user posts some sensitive data
+		// 2. then the repo owner edits the post but didn't remove the sensitive data
+		// 3. the poster wants to delete the edited history revision
+		if comment == nil {
+			// the issue poster or the history poster can soft-delete
+			canSoftDelete = ctx.Doer.ID == issue.PosterID || ctx.Doer.ID == history.PosterID
+			canSoftDelete = canSoftDelete && (history.IssueID == issue.ID)
+		} else {
+			// the comment poster or the history poster can soft-delete
+			canSoftDelete = ctx.Doer.ID == comment.PosterID || ctx.Doer.ID == history.PosterID
+			canSoftDelete = canSoftDelete && (history.IssueID == issue.ID)
+			canSoftDelete = canSoftDelete && (history.CommentID == comment.ID)
+		}
+	}
+	return canSoftDelete
+}
+
+// GetContentHistoryDetail get detail
+func GetContentHistoryDetail(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	historyID := ctx.FormInt64("history_id")
+	history, prevHistory, err := issues_model.GetIssueContentHistoryAndPrev(ctx, issue.ID, historyID)
+	if err != nil {
+		ctx.JSON(http.StatusNotFound, map[string]any{
+			"message": "Can not find the content history",
+		})
+		return
+	}
+
+	// get the related comment if this history revision is for a comment, otherwise the history revision is for an issue.
+	var comment *issues_model.Comment
+	if history.CommentID != 0 {
+		var err error
+		if comment, err = issues_model.GetCommentByID(ctx, history.CommentID); err != nil {
+			log.Error("can not get comment for issue content history %v. err=%v", historyID, err)
+			return
+		}
+	}
+
+	// get the previous history revision (if exists)
+	var prevHistoryID int64
+	var prevHistoryContentText string
+	if prevHistory != nil {
+		prevHistoryID = prevHistory.ID
+		prevHistoryContentText = prevHistory.ContentText
+	}
+
+	// compare the current history revision with the previous one
+	dmp := diffmatchpatch.New()
+	// `checklines=false` makes better diff result
+	diff := dmp.DiffMain(prevHistoryContentText, history.ContentText, false)
+	diff = dmp.DiffCleanupEfficiency(diff)
+
+	// use chroma to render the diff html
+	diffHTMLBuf := bytes.Buffer{}
+	diffHTMLBuf.WriteString("<pre class='chroma'>")
+	for _, it := range diff {
+		switch it.Type {
+		case diffmatchpatch.DiffInsert:
+			diffHTMLBuf.WriteString("<span class='gi'>")
+			diffHTMLBuf.WriteString(html.EscapeString(it.Text))
+			diffHTMLBuf.WriteString("</span>")
+		case diffmatchpatch.DiffDelete:
+			diffHTMLBuf.WriteString("<span class='gd'>")
+			diffHTMLBuf.WriteString(html.EscapeString(it.Text))
+			diffHTMLBuf.WriteString("</span>")
+		default:
+			diffHTMLBuf.WriteString(html.EscapeString(it.Text))
+		}
+	}
+	diffHTMLBuf.WriteString("</pre>")
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"canSoftDelete": canSoftDeleteContentHistory(ctx, issue, comment, history),
+		"historyId":     historyID,
+		"prevHistoryId": prevHistoryID,
+		"diffHtml":      diffHTMLBuf.String(),
+	})
+}
+
+// SoftDeleteContentHistory soft delete
+func SoftDeleteContentHistory(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+	if ctx.Doer == nil {
+		ctx.NotFound(nil)
+		return
+	}
+
+	commentID := ctx.FormInt64("comment_id")
+	historyID := ctx.FormInt64("history_id")
+
+	var comment *issues_model.Comment
+	var history *issues_model.ContentHistory
+	var err error
+
+	if history, err = issues_model.GetIssueContentHistoryByID(ctx, historyID); err != nil {
+		log.Error("can not get issue content history %v. err=%v", historyID, err)
+		return
+	}
+	if history.IssueID != issue.ID {
+		ctx.NotFound(issues_model.ErrCommentNotExist{})
+		return
+	}
+	if history.CommentID != commentID {
+		ctx.NotFound(issues_model.ErrCommentNotExist{})
+		return
+	}
+	if commentID != 0 {
+		if comment, err = issues_model.GetCommentByID(ctx, commentID); err != nil {
+			log.Error("can not get comment for issue content history %v. err=%v", historyID, err)
+			return
+		}
+		if comment.IssueID != issue.ID {
+			ctx.NotFound(issues_model.ErrCommentNotExist{})
+			return
+		}
+	}
+
+	canSoftDelete := canSoftDeleteContentHistory(ctx, issue, comment, history)
+	if !canSoftDelete {
+		ctx.JSON(http.StatusForbidden, map[string]any{
+			"message": "Can not delete the content history",
+		})
+		return
+	}
+
+	err = issues_model.SoftDeleteIssueContentHistory(ctx, historyID)
+	log.Debug("soft delete issue content history. issue=%d, comment=%d, history=%d", issue.ID, commentID, historyID)
+	ctx.JSON(http.StatusOK, map[string]any{
+		"ok": err == nil,
+	})
+}
@@ -0,0 +1,144 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	issues_model "gitea.dev/models/issues"
+	access_model "gitea.dev/models/perm/access"
+	"gitea.dev/modules/setting"
+	"gitea.dev/services/context"
+)
+
+// AddDependency adds new dependencies
+func AddDependency(ctx *context.Context) {
+	issueIndex := ctx.PathParamInt64("index")
+	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, issueIndex)
+	if err != nil {
+		ctx.ServerError("GetIssueByIndex", err)
+		return
+	}
+
+	// Check if the Repo is allowed to have dependencies
+	if !ctx.Repo.CanCreateIssueDependencies(ctx, ctx.Doer, issue.IsPull) {
+		ctx.HTTPError(http.StatusForbidden, "CanCreateIssueDependencies")
+		return
+	}
+
+	depID := ctx.FormInt64("newDependency")
+
+	if err = issue.LoadRepo(ctx); err != nil {
+		ctx.ServerError("LoadRepo", err)
+		return
+	}
+
+	// Redirect
+	defer ctx.Redirect(issue.Link())
+
+	// Dependency
+	dep, err := issues_model.GetIssueByID(ctx, depID)
+	if err != nil {
+		ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_dep_issue_not_exist"))
+		return
+	}
+
+	// Check if both issues are in the same repo if cross repository dependencies is not enabled
+	if issue.RepoID != dep.RepoID {
+		if !setting.Service.AllowCrossRepositoryDependencies {
+			ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_dep_not_same_repo"))
+			return
+		}
+		if err := dep.LoadRepo(ctx); err != nil {
+			ctx.ServerError("loadRepo", err)
+			return
+		}
+		// Can ctx.Doer read issues in the dep repo?
+		depRepoPerm, err := access_model.GetDoerRepoPermission(ctx, dep.Repo, ctx.Doer)
+		if err != nil {
+			ctx.ServerError("GetDoerRepoPermission", err)
+			return
+		}
+		if !depRepoPerm.CanReadIssuesOrPulls(dep.IsPull) {
+			// you can't see this dependency
+			return
+		}
+	}
+
+	// Check if issue and dependency is the same
+	if dep.ID == issue.ID {
+		ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_same_issue"))
+		return
+	}
+
+	err = issues_model.CreateIssueDependency(ctx, ctx.Doer, issue, dep)
+	if err != nil {
+		if issues_model.IsErrDependencyExists(err) {
+			ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_dep_exists"))
+			return
+		} else if issues_model.IsErrCircularDependency(err) {
+			ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_cannot_create_circular"))
+			return
+		}
+		ctx.ServerError("CreateOrUpdateIssueDependency", err)
+		return
+	}
+}
+
+// RemoveDependency removes the dependency
+func RemoveDependency(ctx *context.Context) {
+	issueIndex := ctx.PathParamInt64("index")
+	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, issueIndex)
+	if err != nil {
+		ctx.ServerError("GetIssueByIndex", err)
+		return
+	}
+
+	// Check if the Repo is allowed to have dependencies
+	if !ctx.Repo.CanCreateIssueDependencies(ctx, ctx.Doer, issue.IsPull) {
+		ctx.HTTPError(http.StatusForbidden, "CanCreateIssueDependencies")
+		return
+	}
+
+	depID := ctx.FormInt64("removeDependencyID")
+
+	if err = issue.LoadRepo(ctx); err != nil {
+		ctx.ServerError("LoadRepo", err)
+		return
+	}
+
+	// Dependency Type
+	depTypeStr := ctx.Req.PostFormValue("dependencyType")
+
+	var depType issues_model.DependencyType
+
+	switch depTypeStr {
+	case "blockedBy":
+		depType = issues_model.DependencyTypeBlockedBy
+	case "blocking":
+		depType = issues_model.DependencyTypeBlocking
+	default:
+		ctx.HTTPError(http.StatusBadRequest, "GetDependencyType")
+		return
+	}
+
+	// Dependency
+	dep, err := issues_model.GetIssueByID(ctx, depID)
+	if err != nil {
+		ctx.ServerError("GetIssueByID", err)
+		return
+	}
+
+	if err = issues_model.RemoveIssueDependency(ctx, ctx.Doer, issue, dep, depType); err != nil {
+		if issues_model.IsErrDependencyNotExists(err) {
+			ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_dep_not_exist"))
+			return
+		}
+		ctx.ServerError("RemoveIssueDependency", err)
+		return
+	}
+
+	// Redirect
+	ctx.Redirect(issue.Link())
+}
@@ -0,0 +1,231 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"net/http"
+
+	"gitea.dev/models/db"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/organization"
+	"gitea.dev/modules/label"
+	"gitea.dev/modules/log"
+	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	shared_label "gitea.dev/routers/web/shared/label"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	issue_service "gitea.dev/services/issue"
+)
+
+const (
+	tplLabels templates.TplName = "repo/issue/labels"
+)
+
+// Labels render issue's labels page
+func Labels(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.labels")
+	ctx.Data["PageIsIssueList"] = true
+	ctx.Data["PageIsLabels"] = true
+	ctx.Data["LabelTemplateFiles"] = repo_module.LabelTemplateFiles
+	ctx.HTML(http.StatusOK, tplLabels)
+}
+
+// InitializeLabels init labels for a repository
+func InitializeLabels(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.InitializeLabelsForm)
+	if ctx.HasError() {
+		ctx.Redirect(ctx.Repo.RepoLink + "/labels")
+		return
+	}
+
+	if err := repo_module.InitializeLabels(ctx, ctx.Repo.Repository.ID, form.TemplateName, false); err != nil {
+		if label.IsErrTemplateLoad(err) {
+			originalErr := err.(label.ErrTemplateLoad).OriginalError
+			ctx.Flash.Error(ctx.Tr("repo.issues.label_templates.fail_to_load_file", form.TemplateName, originalErr))
+			ctx.Redirect(ctx.Repo.RepoLink + "/labels")
+			return
+		}
+		ctx.ServerError("InitializeLabels", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/labels")
+}
+
+// RetrieveLabelsForList find all the labels of a repository and organization, it is only used by "/labels" page to list all labels
+func RetrieveLabelsForList(ctx *context.Context) {
+	labels, err := issues_model.GetLabelsByRepoID(ctx, ctx.Repo.Repository.ID, ctx.FormString("sort"), db.ListOptions{})
+	if err != nil {
+		ctx.ServerError("RetrieveLabelsForList.GetLabels", err)
+		return
+	}
+
+	for _, l := range labels {
+		l.CalOpenIssues()
+	}
+
+	ctx.Data["Labels"] = labels
+
+	if ctx.Repo.Owner.IsOrganization() {
+		orgLabels, err := issues_model.GetLabelsByOrgID(ctx, ctx.Repo.Owner.ID, ctx.FormString("sort"), db.ListOptions{})
+		if err != nil {
+			ctx.ServerError("GetLabelsByOrgID", err)
+			return
+		}
+		for _, l := range orgLabels {
+			l.CalOpenOrgIssues(ctx, ctx.Repo.Repository.ID, l.ID)
+		}
+		ctx.Data["OrgLabels"] = orgLabels
+
+		org, err := organization.GetOrgByName(ctx, ctx.Repo.Owner.LowerName)
+		if err != nil {
+			ctx.ServerError("GetOrgByName", err)
+			return
+		}
+		if ctx.Doer != nil {
+			ctx.Org.IsOwner, err = org.IsOwnedBy(ctx, ctx.Doer.ID)
+			if err != nil {
+				ctx.ServerError("org.IsOwnedBy", err)
+				return
+			}
+			ctx.Org.OrgLink = org.AsUser().OrganisationLink()
+			ctx.Data["IsOrganizationOwner"] = ctx.Org.IsOwner
+			ctx.Data["OrganizationLink"] = ctx.Org.OrgLink
+		}
+	}
+	ctx.Data["NumLabels"] = len(labels)
+	ctx.Data["SortType"] = ctx.FormString("sort")
+}
+
+// NewLabel create new label for repository
+func NewLabel(ctx *context.Context) {
+	form := shared_label.GetLabelEditForm(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	l := &issues_model.Label{
+		RepoID:         ctx.Repo.Repository.ID,
+		Name:           form.Title,
+		Exclusive:      form.Exclusive,
+		ExclusiveOrder: form.ExclusiveOrder,
+		Description:    form.Description,
+		Color:          form.Color,
+	}
+	if err := issues_model.NewLabel(ctx, l); err != nil {
+		ctx.ServerError("NewLabel", err)
+		return
+	}
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/labels")
+}
+
+// UpdateLabel update a label's name and color
+func UpdateLabel(ctx *context.Context) {
+	form := shared_label.GetLabelEditForm(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	l, err := issues_model.GetLabelInRepoByID(ctx, ctx.Repo.Repository.ID, form.ID)
+	if errors.Is(err, util.ErrNotExist) {
+		ctx.JSONErrorNotFound()
+		return
+	} else if err != nil {
+		ctx.ServerError("GetLabelInRepoByID", err)
+		return
+	}
+
+	l.Name = form.Title
+	l.Exclusive = form.Exclusive
+	l.ExclusiveOrder = form.ExclusiveOrder
+	l.Description = form.Description
+	l.Color = form.Color
+	l.SetArchived(form.IsArchived)
+	if err := issues_model.UpdateLabel(ctx, l); err != nil {
+		ctx.ServerError("UpdateLabel", err)
+		return
+	}
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/labels")
+}
+
+// DeleteLabel delete a label
+func DeleteLabel(ctx *context.Context) {
+	if err := issues_model.DeleteLabel(ctx, ctx.Repo.Repository.ID, ctx.FormInt64("id")); err != nil {
+		ctx.Flash.Error("DeleteLabel: " + err.Error())
+	} else {
+		ctx.Flash.Success(ctx.Tr("repo.issues.label_deletion_success"))
+	}
+
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/labels")
+}
+
+// UpdateIssueLabel change issue's labels
+func UpdateIssueLabel(ctx *context.Context) {
+	issues := getActionIssues(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	switch action := ctx.FormString("action"); action {
+	case "clear":
+		for _, issue := range issues {
+			if err := issue_service.ClearLabels(ctx, issue, ctx.Doer); err != nil {
+				ctx.ServerError("ClearLabels", err)
+				return
+			}
+		}
+	case "attach", "detach", "toggle", "toggle-alt":
+		label, err := issues_model.GetLabelByID(ctx, ctx.FormInt64("id"))
+		if err != nil {
+			if issues_model.IsErrRepoLabelNotExist(err) {
+				ctx.HTTPError(http.StatusNotFound, "GetLabelByID")
+			} else {
+				ctx.ServerError("GetLabelByID", err)
+			}
+			return
+		}
+
+		if action == "toggle" {
+			// detach if any issues already have label, otherwise attach
+			action = "attach"
+			if label.ExclusiveScope() == "" {
+				for _, issue := range issues {
+					if issues_model.HasIssueLabel(ctx, issue.ID, label.ID) {
+						action = "detach"
+						break
+					}
+				}
+			}
+		} else if action == "toggle-alt" {
+			// always detach with alt key pressed, to be able to remove
+			// scoped labels
+			action = "detach"
+		}
+
+		if action == "attach" {
+			for _, issue := range issues {
+				if err = issue_service.AddLabel(ctx, issue, ctx.Doer, label); err != nil {
+					ctx.ServerError("AddLabel", err)
+					return
+				}
+			}
+		} else {
+			for _, issue := range issues {
+				if err = issue_service.RemoveLabel(ctx, issue, ctx.Doer, label); err != nil {
+					ctx.ServerError("RemoveLabel", err)
+					return
+				}
+			}
+		}
+	default:
+		log.Warn("Unrecognized action: %s", action)
+		ctx.HTTPError(http.StatusInternalServerError)
+		return
+	}
+
+	ctx.JSONOK()
+}
@@ -0,0 +1,209 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"strconv"
+	"strings"
+	"testing"
+
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/unittest"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/repository"
+	"gitea.dev/modules/test"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/contexttest"
+	"gitea.dev/services/forms"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIssueLabel(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	t.Run("RetrieveLabels", testRetrieveLabels)
+	t.Run("NewLabel", testNewLabel)
+	t.Run("NewLabelInvalidColor", testNewLabelInvalidColor)
+	t.Run("UpdateLabel", testUpdateLabel)
+	t.Run("UpdateLabelInvalidColor", testUpdateLabelInvalidColor)
+	t.Run("UpdateIssueLabelClear", testUpdateIssueLabelClear)
+	t.Run("UpdateIssueLabelToggle", testUpdateIssueLabelToggle)
+	t.Run("InitializeLabels", testInitializeLabels)
+	t.Run("DeleteLabel", testDeleteLabel)
+}
+
+func testInitializeLabels(t *testing.T) {
+	assert.NoError(t, repository.LoadRepoConfig())
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/labels/initialize")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 2)
+	web.SetForm(ctx, &forms.InitializeLabelsForm{TemplateName: "Default"})
+	InitializeLabels(ctx)
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+	unittest.AssertExistsAndLoadBean(t, &issues_model.Label{
+		RepoID: 2,
+		Name:   "enhancement",
+		Color:  "#84b6eb",
+	})
+	assert.Equal(t, "/user2/repo2/labels", test.RedirectURL(ctx.Resp))
+}
+
+func testRetrieveLabels(t *testing.T) {
+	for _, testCase := range []struct {
+		RepoID           int64
+		Sort             string
+		ExpectedLabelIDs []int64
+	}{
+		{1, "", []int64{1, 2}},
+		{1, "leastissues", []int64{2, 1}},
+		{2, "", []int64{}},
+	} {
+		ctx, _ := contexttest.MockContext(t, "user/repo/issues")
+		contexttest.LoadUser(t, ctx, 2)
+		contexttest.LoadRepo(t, ctx, testCase.RepoID)
+		ctx.Req.Form.Set("sort", testCase.Sort)
+		RetrieveLabelsForList(ctx)
+		assert.False(t, ctx.Written())
+		labels, ok := ctx.Data["Labels"].([]*issues_model.Label)
+		assert.True(t, ok)
+		if assert.Len(t, labels, len(testCase.ExpectedLabelIDs)) {
+			for i, label := range labels {
+				assert.Equal(t, testCase.ExpectedLabelIDs[i], label.ID)
+			}
+		}
+	}
+}
+
+func testNewLabel(t *testing.T) {
+	ctx, respWriter := contexttest.MockContext(t, "user2/repo1/labels/edit")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	web.SetForm(ctx, &forms.CreateLabelForm{
+		Title: "newlabel",
+		Color: "#abcdef",
+	})
+	NewLabel(ctx)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	unittest.AssertExistsAndLoadBean(t, &issues_model.Label{
+		Name:  "newlabel",
+		Color: "#abcdef",
+	})
+	assert.Equal(t, "/user2/repo1/labels", test.RedirectURL(respWriter))
+}
+
+func testNewLabelInvalidColor(t *testing.T) {
+	ctx, respWriter := contexttest.MockContext(t, "user2/repo1/labels/edit")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	web.SetForm(ctx, &forms.CreateLabelForm{
+		Title: "newlabel-x",
+		Color: "bad-label-code",
+	})
+	NewLabel(ctx)
+	assert.Equal(t, http.StatusBadRequest, ctx.Resp.WrittenStatus())
+	assert.Equal(t, "repo.issues.label_color_invalid", test.ParseJSONError(respWriter.Body.Bytes()).ErrorMessage)
+	unittest.AssertNotExistsBean(t, &issues_model.Label{
+		Name: "newlabel-x",
+	})
+}
+
+func testUpdateLabel(t *testing.T) {
+	ctx, respWriter := contexttest.MockContext(t, "user2/repo1/labels/edit")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	web.SetForm(ctx, &forms.CreateLabelForm{
+		ID:         2,
+		Title:      "newnameforlabel",
+		Color:      "#abcdef",
+		IsArchived: true,
+	})
+	UpdateLabel(ctx)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	unittest.AssertExistsAndLoadBean(t, &issues_model.Label{
+		ID:    2,
+		Name:  "newnameforlabel",
+		Color: "#abcdef",
+	})
+	assert.Equal(t, "/user2/repo1/labels", test.RedirectURL(respWriter))
+}
+
+func testUpdateLabelInvalidColor(t *testing.T) {
+	ctx, respWriter := contexttest.MockContext(t, "user2/repo1/labels/edit")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	web.SetForm(ctx, &forms.CreateLabelForm{
+		ID:    1,
+		Title: "label1",
+		Color: "bad-label-code",
+	})
+
+	UpdateLabel(ctx)
+
+	assert.Equal(t, http.StatusBadRequest, ctx.Resp.WrittenStatus())
+	assert.Equal(t, "repo.issues.label_color_invalid", test.ParseJSONError(respWriter.Body.Bytes()).ErrorMessage)
+	unittest.AssertExistsAndLoadBean(t, &issues_model.Label{
+		ID:    1,
+		Name:  "label1",
+		Color: "#abcdef",
+	})
+}
+
+func testDeleteLabel(t *testing.T) {
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/labels/delete")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	ctx.Req.Form.Set("id", "2")
+	DeleteLabel(ctx)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	unittest.AssertNotExistsBean(t, &issues_model.Label{ID: 2})
+	unittest.AssertNotExistsBean(t, &issues_model.IssueLabel{LabelID: 2})
+	assert.EqualValues(t, ctx.Tr("repo.issues.label_deletion_success"), ctx.Flash.SuccessMsg)
+}
+
+func testUpdateIssueLabelClear(t *testing.T) {
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/issues/labels")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	ctx.Req.Form.Set("issue_ids", "1,3")
+	ctx.Req.Form.Set("action", "clear")
+	UpdateIssueLabel(ctx)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	unittest.AssertNotExistsBean(t, &issues_model.IssueLabel{IssueID: 1})
+	unittest.AssertNotExistsBean(t, &issues_model.IssueLabel{IssueID: 3})
+	unittest.CheckConsistencyFor(t, &issues_model.Label{})
+}
+
+func testUpdateIssueLabelToggle(t *testing.T) {
+	for _, testCase := range []struct {
+		Action      string
+		IssueIDs    []int64
+		LabelID     int64
+		ExpectedAdd bool // whether we expect the label to be added to the issues
+	}{
+		{"attach", []int64{1, 3}, 1, true},
+		{"detach", []int64{1, 3}, 1, false},
+		{"toggle", []int64{1, 3}, 1, false},
+		{"toggle", []int64{1, 2}, 2, true},
+	} {
+		unittest.PrepareTestEnv(t)
+		ctx, _ := contexttest.MockContext(t, "user2/repo1/issues/labels")
+		contexttest.LoadUser(t, ctx, 2)
+		contexttest.LoadRepo(t, ctx, 1)
+
+		ctx.Req.Form.Set("issue_ids", strings.Join(base.Int64sToStrings(testCase.IssueIDs), ","))
+		ctx.Req.Form.Set("action", testCase.Action)
+		ctx.Req.Form.Set("id", strconv.Itoa(int(testCase.LabelID)))
+		UpdateIssueLabel(ctx)
+		assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+		for _, issueID := range testCase.IssueIDs {
+			if testCase.ExpectedAdd {
+				unittest.AssertExistsAndLoadBean(t, &issues_model.IssueLabel{IssueID: issueID, LabelID: testCase.LabelID})
+			} else {
+				unittest.AssertNotExistsBean(t, &issues_model.IssueLabel{IssueID: issueID, LabelID: testCase.LabelID})
+			}
+		}
+		unittest.CheckConsistencyFor(t, &issues_model.Label{})
+	}
+}
@@ -0,0 +1,775 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"bytes"
+	"maps"
+	"net/http"
+	"slices"
+	"sort"
+	"strconv"
+	"strings"
+
+	"gitea.dev/models/db"
+	git_model "gitea.dev/models/git"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/organization"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	issue_indexer "gitea.dev/modules/indexer/issues"
+	db_indexer "gitea.dev/modules/indexer/issues/db"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/util"
+	"gitea.dev/routers/common"
+	"gitea.dev/routers/web/shared/issue"
+	shared_user "gitea.dev/routers/web/shared/user"
+	"gitea.dev/services/context"
+	"gitea.dev/services/convert"
+	issue_service "gitea.dev/services/issue"
+	pull_service "gitea.dev/services/pull"
+)
+
+func retrieveProjectsForIssueList(ctx *context.Context, repo *repo_model.Repository) {
+	ctx.Data["OpenProjects"], ctx.Data["ClosedProjects"] = retrieveProjectsInternal(ctx, repo)
+}
+
+// parseProjectIDsFromQuery parses the comma-separated `project` (preferred) or `projects`
+// query parameter into a slice of int64 IDs.
+func parseProjectIDsFromQuery(ctx *context.Context) []int64 {
+	// FIXME: ISSUE-MULTIPLE-PROJECTS-FILTER: no multiple project filter support yet
+	// Although here parses the project parameter as a slice, the "search" logic is wrong
+	return ctx.FormStringInt64s("project")
+}
+
+// SearchIssues searches for issues across the repositories that the user has access to
+func SearchIssues(ctx *context.Context) {
+	before, since, err := context.GetQueryBeforeSince(ctx.Base)
+	if err != nil {
+		ctx.HTTPError(http.StatusUnprocessableEntity, err.Error())
+		return
+	}
+
+	isClosed := common.ParseIssueFilterStateIsClosed(ctx.FormString("state"))
+
+	var (
+		repoIDs   []int64
+		allPublic bool
+	)
+	{
+		// find repos user can access (for issue search)
+		opts := repo_model.SearchRepoOptions{
+			Private:     false,
+			AllPublic:   true,
+			TopicOnly:   false,
+			Collaborate: optional.None[bool](),
+			// This needs to be a column that is not nil in fixtures or
+			// MySQL will return different results when sorting by null in some cases
+			OrderBy: db.SearchOrderByAlphabetically,
+			Actor:   ctx.Doer,
+		}
+		if ctx.IsSigned {
+			opts.Private = true
+			opts.AllLimited = true
+		}
+		if ctx.FormString("owner") != "" {
+			owner, err := user_model.GetUserByName(ctx, ctx.FormString("owner"))
+			if err != nil {
+				if user_model.IsErrUserNotExist(err) {
+					ctx.HTTPError(http.StatusBadRequest, "Owner not found", err.Error())
+				} else {
+					ctx.HTTPError(http.StatusInternalServerError, "GetUserByName", err.Error())
+				}
+				return
+			}
+			opts.OwnerID = owner.ID
+			opts.AllLimited = false
+			opts.AllPublic = false
+			opts.Collaborate = optional.Some(false)
+		}
+		if ctx.FormString("team") != "" {
+			if ctx.FormString("owner") == "" {
+				ctx.HTTPError(http.StatusBadRequest, "", "Owner organisation is required for filtering on team")
+				return
+			}
+			team, err := organization.GetTeam(ctx, opts.OwnerID, ctx.FormString("team"))
+			if err != nil {
+				if organization.IsErrTeamNotExist(err) {
+					ctx.HTTPError(http.StatusBadRequest, "Team not found", err.Error())
+				} else {
+					ctx.HTTPError(http.StatusInternalServerError, "GetUserByName", err.Error())
+				}
+				return
+			}
+			opts.TeamID = team.ID
+		}
+
+		if opts.AllPublic {
+			allPublic = true
+			opts.AllPublic = false // set it false to avoid returning too many repos, we could filter by indexer
+		}
+		repoIDs, _, err = repo_model.SearchRepositoryIDs(ctx, opts)
+		if err != nil {
+			ctx.HTTPError(http.StatusInternalServerError, "SearchRepositoryIDs", err.Error())
+			return
+		}
+		if len(repoIDs) == 0 {
+			// no repos found, don't let the indexer return all repos
+			repoIDs = []int64{0}
+		}
+	}
+
+	keyword := ctx.FormTrim("q")
+	if strings.IndexByte(keyword, 0) >= 0 {
+		keyword = ""
+	}
+
+	isPull := optional.None[bool]()
+	switch ctx.FormString("type") {
+	case "pulls":
+		isPull = optional.Some(true)
+	case "issues":
+		isPull = optional.Some(false)
+	}
+
+	var includedAnyLabels []int64
+	{
+		labels := ctx.FormTrim("labels")
+		var includedLabelNames []string
+		if len(labels) > 0 {
+			includedLabelNames = strings.Split(labels, ",")
+		}
+		includedAnyLabels, err = issues_model.GetLabelIDsByNames(ctx, includedLabelNames)
+		if err != nil {
+			ctx.HTTPError(http.StatusInternalServerError, "GetLabelIDsByNames", err.Error())
+			return
+		}
+	}
+
+	var includedMilestones []int64
+	{
+		milestones := ctx.FormTrim("milestones")
+		var includedMilestoneNames []string
+		if len(milestones) > 0 {
+			includedMilestoneNames = strings.Split(milestones, ",")
+		}
+		includedMilestones, err = issues_model.GetMilestoneIDsByNames(ctx, includedMilestoneNames)
+		if err != nil {
+			ctx.HTTPError(http.StatusInternalServerError, "GetMilestoneIDsByNames", err.Error())
+			return
+		}
+	}
+
+	includedProjectIDs := parseProjectIDsFromQuery(ctx)
+
+	// this api is also used in UI,
+	// so the default limit is set to fit UI needs
+	limit := ctx.FormInt("limit")
+	if limit == 0 {
+		limit = setting.UI.IssuePagingNum
+	} else if limit > setting.API.MaxResponseItems {
+		limit = setting.API.MaxResponseItems
+	}
+
+	searchOpt := &issue_indexer.SearchOptions{
+		Paginator: &db.ListOptions{
+			Page:     ctx.FormInt("page"),
+			PageSize: limit,
+		},
+		Keyword:             keyword,
+		RepoIDs:             repoIDs,
+		AllPublic:           allPublic,
+		IsPull:              isPull,
+		IsClosed:            isClosed,
+		IncludedAnyLabelIDs: includedAnyLabels,
+		MilestoneIDs:        includedMilestones,
+		ProjectIDs:          includedProjectIDs,
+		SortBy:              issue_indexer.SortByCreatedDesc,
+	}
+
+	if since != 0 {
+		searchOpt.UpdatedAfterUnix = optional.Some(since)
+	}
+	if before != 0 {
+		searchOpt.UpdatedBeforeUnix = optional.Some(before)
+	}
+
+	if ctx.IsSigned {
+		ctxUserID := ctx.Doer.ID
+		if ctx.FormBool("created") {
+			searchOpt.PosterID = strconv.FormatInt(ctxUserID, 10)
+		}
+		if ctx.FormBool("assigned") {
+			searchOpt.AssigneeID = strconv.FormatInt(ctxUserID, 10)
+		}
+		if ctx.FormBool("mentioned") {
+			searchOpt.MentionID = optional.Some(ctxUserID)
+		}
+		if ctx.FormBool("review_requested") {
+			searchOpt.ReviewRequestedID = optional.Some(ctxUserID)
+		}
+		if ctx.FormBool("reviewed") {
+			searchOpt.ReviewedID = optional.Some(ctxUserID)
+		}
+	}
+
+	// FIXME: It's unsupported to sort by priority repo when searching by indexer,
+	//        it's indeed an regression, but I think it is worth to support filtering by indexer first.
+	_ = ctx.FormInt64("priority_repo_id")
+
+	ids, total, err := issue_indexer.SearchIssues(ctx, searchOpt)
+	if err != nil {
+		ctx.HTTPError(http.StatusInternalServerError, "SearchIssues", err.Error())
+		return
+	}
+	issues, err := issues_model.GetIssuesByIDs(ctx, ids, true)
+	if err != nil {
+		ctx.HTTPError(http.StatusInternalServerError, "FindIssuesByIDs", err.Error())
+		return
+	}
+
+	ctx.SetTotalCountHeader(total)
+	ctx.JSON(http.StatusOK, convert.ToIssueList(ctx, ctx.Doer, issues))
+}
+
+func getUserIDForFilter(ctx *context.Context, queryName string) int64 {
+	userName := ctx.FormString(queryName)
+	if len(userName) == 0 {
+		return 0
+	}
+
+	user, err := user_model.GetUserByName(ctx, userName)
+	if user_model.IsErrUserNotExist(err) {
+		ctx.NotFound(err)
+		return 0
+	}
+
+	if err != nil {
+		ctx.HTTPError(http.StatusInternalServerError, err.Error())
+		return 0
+	}
+
+	return user.ID
+}
+
+// SearchRepoIssuesJSON lists the issues of a repository
+// This function was copied from API (decouple the web and API routes),
+// it is only used by frontend to search some dependency or related issues
+func SearchRepoIssuesJSON(ctx *context.Context) {
+	before, since, err := context.GetQueryBeforeSince(ctx.Base)
+	if err != nil {
+		ctx.HTTPError(http.StatusUnprocessableEntity, err.Error())
+		return
+	}
+
+	isClosed := common.ParseIssueFilterStateIsClosed(ctx.FormString("state"))
+
+	keyword := ctx.FormTrim("q")
+	if strings.IndexByte(keyword, 0) >= 0 {
+		keyword = ""
+	}
+
+	var mileIDs []int64
+	if part := strings.Split(ctx.FormString("milestones"), ","); len(part) > 0 {
+		for i := range part {
+			// uses names and fall back to ids
+			// non-existent milestones are discarded
+			mile, err := issues_model.GetMilestoneByRepoIDANDName(ctx, ctx.Repo.Repository.ID, part[i])
+			if err == nil {
+				mileIDs = append(mileIDs, mile.ID)
+				continue
+			}
+			if !issues_model.IsErrMilestoneNotExist(err) {
+				ctx.HTTPError(http.StatusInternalServerError, err.Error())
+				return
+			}
+			id, err := strconv.ParseInt(part[i], 10, 64)
+			if err != nil {
+				continue
+			}
+			mile, err = issues_model.GetMilestoneByRepoID(ctx, ctx.Repo.Repository.ID, id)
+			if err == nil {
+				mileIDs = append(mileIDs, mile.ID)
+				continue
+			}
+			if issues_model.IsErrMilestoneNotExist(err) {
+				continue
+			}
+			ctx.HTTPError(http.StatusInternalServerError, err.Error())
+		}
+	}
+
+	isPull := optional.None[bool]()
+	switch ctx.FormString("type") {
+	case "pulls":
+		isPull = optional.Some(true)
+	case "issues":
+		isPull = optional.Some(false)
+	}
+
+	// FIXME: we should be more efficient here
+	createdByID := getUserIDForFilter(ctx, "created_by")
+	if ctx.Written() {
+		return
+	}
+	assignedByID := getUserIDForFilter(ctx, "assigned_by")
+	if ctx.Written() {
+		return
+	}
+	mentionedByID := getUserIDForFilter(ctx, "mentioned_by")
+	if ctx.Written() {
+		return
+	}
+
+	searchOpt := &issue_indexer.SearchOptions{
+		Paginator: &db.ListOptions{
+			Page:     ctx.FormInt("page"),
+			PageSize: convert.ToCorrectPageSize(ctx.FormInt("limit")),
+		},
+		Keyword:  keyword,
+		RepoIDs:  []int64{ctx.Repo.Repository.ID},
+		IsPull:   isPull,
+		IsClosed: isClosed,
+		SortBy:   issue_indexer.SortByCreatedDesc,
+	}
+
+	projectIDs := parseProjectIDsFromQuery(ctx)
+	if len(projectIDs) == 1 && projectIDs[0] == -1 {
+		searchOpt.NoProjectOnly = true
+	} else if len(projectIDs) > 0 {
+		searchOpt.ProjectIDs = projectIDs
+	}
+
+	if since != 0 {
+		searchOpt.UpdatedAfterUnix = optional.Some(since)
+	}
+	if before != 0 {
+		searchOpt.UpdatedBeforeUnix = optional.Some(before)
+	}
+
+	// TODO: the "labels" query parameter is never used, so no need to handle it
+
+	if len(mileIDs) == 1 && mileIDs[0] == db.NoConditionID {
+		searchOpt.MilestoneIDs = []int64{0}
+	} else {
+		searchOpt.MilestoneIDs = mileIDs
+	}
+
+	if createdByID > 0 {
+		searchOpt.PosterID = strconv.FormatInt(createdByID, 10)
+	}
+	if assignedByID > 0 {
+		searchOpt.AssigneeID = strconv.FormatInt(assignedByID, 10)
+	}
+	if mentionedByID > 0 {
+		searchOpt.MentionID = optional.Some(mentionedByID)
+	}
+
+	ids, total, err := issue_indexer.SearchIssues(ctx, searchOpt)
+	if err != nil {
+		ctx.HTTPError(http.StatusInternalServerError, "SearchIssues", err.Error())
+		return
+	}
+	issues, err := issues_model.GetIssuesByIDs(ctx, ids, true)
+	if err != nil {
+		ctx.HTTPError(http.StatusInternalServerError, "FindIssuesByIDs", err.Error())
+		return
+	}
+
+	ctx.SetTotalCountHeader(total)
+	ctx.JSON(http.StatusOK, convert.ToIssueList(ctx, ctx.Doer, issues))
+}
+
+func BatchDeleteIssues(ctx *context.Context) {
+	issues := getActionIssues(ctx)
+	if ctx.Written() {
+		return
+	}
+	for _, issue := range issues {
+		if err := issue_service.DeleteIssue(ctx, ctx.Doer, issue); err != nil {
+			ctx.ServerError("DeleteIssue", err)
+			return
+		}
+	}
+	ctx.JSONOK()
+}
+
+// UpdateIssueStatus change issue's status
+func UpdateIssueStatus(ctx *context.Context) {
+	issues := getActionIssues(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	action := ctx.FormString("action")
+	if action != "open" && action != "close" {
+		log.Warn("Unrecognized action: %s", action)
+		ctx.JSONOK()
+		return
+	}
+
+	if _, err := issues.LoadRepositories(ctx); err != nil {
+		ctx.ServerError("LoadRepositories", err)
+		return
+	}
+	if err := issues.LoadPullRequests(ctx); err != nil {
+		ctx.ServerError("LoadPullRequests", err)
+		return
+	}
+
+	for _, issue := range issues {
+		if issue.IsPull && issue.PullRequest.HasMerged {
+			continue
+		}
+		if action == "close" && !issue.IsClosed {
+			if err := issue_service.CloseIssue(ctx, issue, ctx.Doer, ""); err != nil {
+				if issues_model.IsErrDependenciesLeft(err) {
+					ctx.JSON(http.StatusPreconditionFailed, map[string]any{
+						"error": ctx.Tr("repo.issues.dependency.issue_batch_close_blocked", issue.Index),
+					})
+					return
+				}
+				ctx.ServerError("CloseIssue", err)
+				return
+			}
+		} else if action == "open" && issue.IsClosed {
+			if err := issue_service.ReopenIssue(ctx, issue, ctx.Doer, ""); err != nil {
+				ctx.ServerError("ReopenIssue", err)
+				return
+			}
+		}
+	}
+	ctx.JSONOK()
+}
+
+func prepareIssueFilterExclusiveOrderScopes(ctx *context.Context, allLabels []*issues_model.Label) {
+	scopeSet := make(map[string]bool)
+	for _, label := range allLabels {
+		scope := label.ExclusiveScope()
+		if len(scope) > 0 && label.ExclusiveOrder > 0 {
+			scopeSet[scope] = true
+		}
+	}
+	scopes := slices.Collect(maps.Keys(scopeSet))
+	sort.Strings(scopes)
+	ctx.Data["ExclusiveLabelScopes"] = scopes
+}
+
+func renderMilestones(ctx *context.Context) {
+	// Get milestones
+	milestones, err := db.Find[issues_model.Milestone](ctx, issues_model.FindMilestoneOptions{
+		RepoID: ctx.Repo.Repository.ID,
+	})
+	if err != nil {
+		ctx.ServerError("GetAllRepoMilestones", err)
+		return
+	}
+
+	openMilestones, closedMilestones := issues_model.MilestoneList(milestones).SplitByOpenClosed()
+	ctx.Data["OpenMilestones"] = openMilestones
+	ctx.Data["ClosedMilestones"] = closedMilestones
+}
+
+func prepareIssueFilterAndList(ctx *context.Context, milestoneID int64, projectIDs []int64, isPullOption optional.Option[bool]) {
+	var err error
+	viewType := ctx.FormString("type")
+	sortType := ctx.FormString("sort")
+	types := []string{"all", "your_repositories", "assigned", "created_by", "mentioned", "review_requested", "reviewed_by"}
+	if !util.SliceContainsString(types, viewType, true) {
+		viewType = "all"
+	}
+
+	assigneeID := ctx.FormString("assignee")
+	posterUsername := ctx.FormString("poster")
+	posterUserID := shared_user.GetFilterUserIDByName(ctx, posterUsername)
+	var mentionedID, reviewRequestedID, reviewedID int64
+
+	if ctx.IsSigned {
+		switch viewType {
+		case "created_by":
+			posterUserID = strconv.FormatInt(ctx.Doer.ID, 10)
+		case "mentioned":
+			mentionedID = ctx.Doer.ID
+		case "assigned":
+			assigneeID = strconv.FormatInt(ctx.Doer.ID, 10)
+		case "review_requested":
+			reviewRequestedID = ctx.Doer.ID
+		case "reviewed_by":
+			reviewedID = ctx.Doer.ID
+		}
+	}
+
+	repo := ctx.Repo.Repository
+	keyword := strings.Trim(ctx.FormString("q"), " ")
+	if bytes.Contains([]byte(keyword), []byte{0x00}) {
+		keyword = ""
+	}
+
+	var mileIDs []int64
+	if milestoneID > 0 || milestoneID == db.NoConditionID { // -1 to get those issues which have no any milestone assigned
+		mileIDs = []int64{milestoneID}
+	}
+
+	preparedLabelFilter := issue.PrepareFilterIssueLabels(ctx, repo.ID, ctx.Repo.Owner)
+	if ctx.Written() {
+		return
+	}
+
+	prepareIssueFilterExclusiveOrderScopes(ctx, preparedLabelFilter.AllLabels)
+
+	var keywordMatchedIssueIDs []int64
+	var issueStats *issues_model.IssueStats
+	statsOpts := &issues_model.IssuesOptions{
+		RepoIDs:           []int64{repo.ID},
+		LabelIDs:          preparedLabelFilter.SelectedLabelIDs,
+		MilestoneIDs:      mileIDs,
+		ProjectIDs:        projectIDs,
+		AssigneeID:        assigneeID,
+		MentionedID:       mentionedID,
+		PosterID:          posterUserID,
+		ReviewRequestedID: reviewRequestedID,
+		ReviewedID:        reviewedID,
+		IsPull:            isPullOption,
+		IssueIDs:          nil,
+	}
+
+	if keyword != "" {
+		keywordMatchedIssueIDs, _, err = issue_indexer.SearchIssues(ctx, issue_indexer.ToSearchOptions(keyword, statsOpts))
+		if err != nil {
+			if issue_indexer.IsAvailable(ctx) {
+				ctx.ServerError("issueIDsFromSearch", err)
+				return
+			}
+			ctx.Data["IssueIndexerUnavailable"] = true
+			return
+		}
+		if len(keywordMatchedIssueIDs) == 0 {
+			// It did search with the keyword, but no issue found, just set issueStats to empty, then no need to do query again.
+			issueStats = &issues_model.IssueStats{}
+			// set keywordMatchedIssueIDs to empty slice, so we can distinguish it from "nil"
+			keywordMatchedIssueIDs = []int64{}
+		}
+		statsOpts.IssueIDs = keywordMatchedIssueIDs
+	}
+
+	if issueStats == nil {
+		// Either it did search with the keyword, and found some issues, it needs to get issueStats of these issues.
+		// Or the keyword is empty, so it doesn't need issueIDs as filter, just get issueStats with statsOpts.
+		issueStats, err = issues_model.GetIssueStats(ctx, statsOpts)
+		if err != nil {
+			ctx.ServerError("GetIssueStats", err)
+			return
+		}
+	}
+
+	isShowClosed := common.ParseIssueFilterStateIsClosed(ctx.FormString("state"))
+
+	// if there are closed issues and no open issues, default to showing all issues
+	if ctx.FormString("state") == "" && issueStats.OpenCount == 0 && issueStats.ClosedCount != 0 {
+		isShowClosed = optional.None[bool]()
+	}
+
+	if repo.IsTimetrackerEnabled(ctx) {
+		totalTrackedTime, err := issues_model.GetIssueTotalTrackedTime(ctx, statsOpts, isShowClosed)
+		if err != nil {
+			ctx.ServerError("GetIssueTotalTrackedTime", err)
+			return
+		}
+		ctx.Data["TotalTrackedTime"] = totalTrackedTime
+	}
+
+	// prepare pager
+	total := issueStats.OpenCount + issueStats.ClosedCount
+	if isShowClosed.Has() {
+		total = util.Iif(isShowClosed.Value(), issueStats.ClosedCount, issueStats.OpenCount)
+	}
+	page := max(ctx.FormInt("page"), 1)
+	pager := context.NewPagination(total, setting.UI.IssuePagingNum, page, 5)
+
+	// prepare real issue list:
+	var issues issues_model.IssueList
+	if keywordMatchedIssueIDs == nil || len(keywordMatchedIssueIDs) > 0 {
+		// Either it did search with the keyword, and found some issues, then keywordMatchedIssueIDs is not null, it needs to use db indexer.
+		// Or the keyword is empty, it also needs to usd db indexer.
+		// In either case, no need to use keyword anymore
+		searchResult, err := db_indexer.GetIndexer().FindWithIssueOptions(ctx, &issues_model.IssuesOptions{
+			Paginator: &db.ListOptions{
+				Page:     pager.Paginater.Current(),
+				PageSize: setting.UI.IssuePagingNum,
+			},
+			RepoIDs:           []int64{repo.ID},
+			AssigneeID:        assigneeID,
+			PosterID:          posterUserID,
+			MentionedID:       mentionedID,
+			ReviewRequestedID: reviewRequestedID,
+			ReviewedID:        reviewedID,
+			MilestoneIDs:      mileIDs,
+			ProjectIDs:        projectIDs,
+			IsClosed:          isShowClosed,
+			IsPull:            isPullOption,
+			LabelIDs:          preparedLabelFilter.SelectedLabelIDs,
+			SortType:          sortType,
+			IssueIDs:          keywordMatchedIssueIDs,
+		})
+		if err != nil {
+			ctx.ServerError("DBIndexer.Search", err)
+			return
+		}
+		issueIDs := issue_indexer.SearchResultToIDSlice(searchResult)
+		issues, err = issues_model.GetIssuesByIDs(ctx, issueIDs, true)
+		if err != nil {
+			ctx.ServerError("GetIssuesByIDs", err)
+			return
+		}
+	}
+
+	approvalCounts, err := issues.GetApprovalCounts(ctx)
+	if err != nil {
+		ctx.ServerError("ApprovalCounts", err)
+		return
+	}
+
+	if ctx.IsSigned {
+		if err := issues.LoadIsRead(ctx, ctx.Doer.ID); err != nil {
+			ctx.ServerError("LoadIsRead", err)
+			return
+		}
+	} else {
+		for i := range issues {
+			issues[i].IsRead = true
+		}
+	}
+
+	commitStatuses, lastStatus, err := pull_service.GetIssuesAllCommitStatus(ctx, issues)
+	if err != nil {
+		ctx.ServerError("GetIssuesAllCommitStatus", err)
+		return
+	}
+	if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
+		for key := range commitStatuses {
+			git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key])
+		}
+	}
+
+	if err := issues.LoadAttributes(ctx); err != nil {
+		ctx.ServerError("issues.LoadAttributes", err)
+		return
+	}
+
+	ctx.Data["Issues"] = issues
+	ctx.Data["CommitLastStatus"] = lastStatus
+	ctx.Data["CommitStatuses"] = commitStatuses
+
+	// Get assignees.
+	assigneeUsers, err := repo_model.GetRepoAssignees(ctx, repo)
+	if err != nil {
+		ctx.ServerError("GetRepoAssignees", err)
+		return
+	}
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
+
+	ctx.Data["IssueRefEndNames"], ctx.Data["IssueRefURLs"] = issue_service.GetRefEndNamesAndURLs(issues, ctx.Repo.RepoLink)
+
+	ctx.Data["ApprovalCounts"] = func(issueID int64, typ string) int64 {
+		counts, ok := approvalCounts[issueID]
+		if !ok || len(counts) == 0 {
+			return 0
+		}
+		reviewTyp := issues_model.ReviewTypeApprove
+		switch typ {
+		case "reject":
+			reviewTyp = issues_model.ReviewTypeReject
+		case "waiting":
+			reviewTyp = issues_model.ReviewTypeRequest
+		}
+		for _, count := range counts {
+			if count.Type == reviewTyp {
+				return count.Count
+			}
+		}
+		return 0
+	}
+
+	retrieveProjectsForIssueList(ctx, repo)
+	if ctx.Written() {
+		return
+	}
+
+	pinned, err := issues_model.GetPinnedIssues(ctx, repo.ID, isPullOption.Value())
+	if err != nil {
+		ctx.ServerError("GetPinnedIssues", err)
+		return
+	}
+
+	showArchivedLabels := ctx.FormBool("archived_labels")
+	ctx.Data["ShowArchivedLabels"] = showArchivedLabels
+	ctx.Data["PinnedIssues"] = pinned
+	ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.Permission.IsAdmin() || ctx.Doer.IsAdmin)
+	ctx.Data["IssueStats"] = issueStats
+	ctx.Data["OpenCount"] = issueStats.OpenCount
+	ctx.Data["ClosedCount"] = issueStats.ClosedCount
+	ctx.Data["SelLabelIDs"] = preparedLabelFilter.SelectedLabelIDs
+	ctx.Data["ViewType"] = viewType
+	ctx.Data["SortType"] = sortType
+	ctx.Data["MilestoneID"] = milestoneID
+	ctx.Data["ProjectIDs"] = projectIDs
+	ctx.Data["AssigneeID"] = assigneeID
+	ctx.Data["PosterUsername"] = posterUsername
+	ctx.Data["Keyword"] = keyword
+	ctx.Data["IsShowClosed"] = isShowClosed
+	switch {
+	case isShowClosed.Value():
+		ctx.Data["State"] = "closed"
+	case !isShowClosed.Has():
+		ctx.Data["State"] = "all"
+	default:
+		ctx.Data["State"] = "open"
+	}
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+}
+
+// Issues render issues page
+func Issues(ctx *context.Context) {
+	isPullList := ctx.PathParam("type") == "pulls"
+	if isPullList {
+		MustAllowPulls(ctx)
+		if ctx.Written() {
+			return
+		}
+		ctx.Data["Title"] = ctx.Tr("repo.pulls")
+		ctx.Data["PageIsPullList"] = true
+		prepareRecentlyPushedNewBranches(ctx)
+		if ctx.Written() {
+			return
+		}
+	} else {
+		MustEnableIssues(ctx)
+		if ctx.Written() {
+			return
+		}
+		ctx.Data["Title"] = ctx.Tr("repo.issues")
+		ctx.Data["PageIsIssueList"] = true
+		ctx.Data["NewIssueChooseTemplate"] = issue_service.HasTemplatesOrContactLinks(ctx.Repo.Repository, ctx.Repo.GitRepo)
+	}
+
+	projectIDs := parseProjectIDsFromQuery(ctx)
+
+	prepareIssueFilterAndList(ctx, ctx.FormInt64("milestone"), projectIDs, optional.Some(isPullList))
+	if ctx.Written() {
+		return
+	}
+
+	renderMilestones(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.Data["CanWriteIssuesOrPulls"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(isPullList)
+
+	ctx.HTML(http.StatusOK, tplIssues)
+}
@@ -0,0 +1,60 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+)
+
+// LockIssue locks an issue. This would limit commenting abilities to
+// users with write access to the repo.
+func LockIssue(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.IssueLockForm)
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if issue.IsLocked {
+		ctx.JSONError(ctx.Tr("repo.issues.lock_duplicate"))
+		return
+	}
+
+	if err := issues_model.LockIssue(ctx, &issues_model.IssueLockOptions{
+		Doer:   ctx.Doer,
+		Issue:  issue,
+		Reason: form.Reason,
+	}); err != nil {
+		ctx.ServerError("LockIssue", err)
+		return
+	}
+
+	ctx.JSONRedirect(issue.Link())
+}
+
+// UnlockIssue unlocks a previously locked issue.
+func UnlockIssue(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if !issue.IsLocked {
+		ctx.JSONError(ctx.Tr("repo.issues.unlock_error"))
+		return
+	}
+
+	if err := issues_model.UnlockIssue(ctx, &issues_model.IssueLockOptions{
+		Doer:  ctx.Doer,
+		Issue: issue,
+	}); err != nil {
+		ctx.ServerError("UnlockIssue", err)
+		return
+	}
+
+	ctx.JSONRedirect(issue.Link())
+}
@@ -0,0 +1,401 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"html/template"
+	"maps"
+	"net/http"
+	"slices"
+	"sort"
+	"strconv"
+	"strings"
+
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/organization"
+	project_model "gitea.dev/models/project"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/container"
+	"gitea.dev/modules/git"
+	issue_template "gitea.dev/modules/issue/template"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	api "gitea.dev/modules/structs"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/routers/utils"
+	"gitea.dev/services/context"
+	"gitea.dev/services/context/upload"
+	"gitea.dev/services/forms"
+	issue_service "gitea.dev/services/issue"
+)
+
+// Tries to load and set an issue template. The first return value indicates if a template was loaded.
+func setTemplateIfExists(ctx *context.Context, ctxDataKey string, possibleFiles []string, metaData *IssuePageMetaData) (bool, map[string]error) {
+	commit, err := ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultBranch)
+	if err != nil {
+		return false, nil
+	}
+
+	templateCandidates := make([]string, 0, 1+len(possibleFiles))
+	if t := ctx.FormString("template"); t != "" {
+		templateCandidates = append(templateCandidates, t)
+	}
+	templateCandidates = append(templateCandidates, possibleFiles...) // Append files to the end because they should be fallback
+
+	templateErrs := map[string]error{}
+	for _, filename := range templateCandidates {
+		if ok, _ := commit.HasFile(filename); !ok {
+			continue
+		}
+		template, err := issue_template.UnmarshalFromCommit(commit, filename)
+		if err != nil {
+			templateErrs[filename] = err
+			continue
+		}
+		ctx.Data[issueTemplateTitleKey] = template.Title
+		ctx.Data[ctxDataKey] = template.Content
+
+		if template.Type() == api.IssueTemplateTypeYaml {
+			// Replace field default values by values from query
+			for _, field := range template.Fields {
+				fieldValue := ctx.FormString("field:" + field.ID)
+				if fieldValue != "" {
+					field.Attributes["value"] = fieldValue
+				}
+			}
+
+			ctx.Data["Fields"] = template.Fields
+			ctx.Data["TemplateFile"] = template.FileName
+		}
+
+		metaData.LabelsData.SetSelectedLabelNames(template.Labels)
+
+		selectedAssigneeIDStrings := make([]string, 0, len(template.Assignees))
+		if userIDs, err := user_model.GetUserIDsByNames(ctx, template.Assignees, true); err == nil {
+			for _, userID := range userIDs {
+				selectedAssigneeIDStrings = append(selectedAssigneeIDStrings, strconv.FormatInt(userID, 10))
+			}
+		}
+		metaData.AssigneesData.SelectedAssigneeIDs = strings.Join(selectedAssigneeIDStrings, ",")
+
+		if template.Ref != "" && !strings.HasPrefix(template.Ref, "refs/") { // Assume that the ref intended is always a branch - for tags users should use refs/tags/<ref>
+			template.Ref = git.BranchPrefix + template.Ref
+		}
+
+		ctx.Data["Reference"] = template.Ref
+		ctx.Data["RefEndName"] = git.RefName(template.Ref).ShortName()
+		return true, templateErrs
+	}
+	return false, templateErrs
+}
+
+// NewIssue render creating issue page
+func NewIssue(ctx *context.Context) {
+	issueConfig, _ := issue_service.GetTemplateConfigFromDefaultBranch(ctx.Repo.Repository, ctx.Repo.GitRepo)
+	hasTemplates := issue_service.HasTemplatesOrContactLinks(ctx.Repo.Repository, ctx.Repo.GitRepo)
+
+	ctx.Data["Title"] = ctx.Tr("repo.issues.new")
+	ctx.Data["PageIsIssueList"] = true
+	ctx.Data["NewIssueChooseTemplate"] = hasTemplates
+	ctx.Data["PullRequestWorkInProgressPrefixes"] = setting.Repository.PullRequest.WorkInProgressPrefixes
+	title := ctx.FormString("title")
+	ctx.Data["TitleQuery"] = title
+	body := ctx.FormString("body")
+	ctx.Data["BodyQuery"] = body
+
+	isProjectsEnabled := ctx.Repo.Permission.CanRead(unit.TypeProjects)
+	ctx.Data["IsProjectsEnabled"] = isProjectsEnabled
+	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
+	upload.AddUploadContext(ctx, "comment")
+
+	pageMetaData := retrieveRepoIssueMetaData(ctx, ctx.Repo.Repository, nil, false)
+	if ctx.Written() {
+		return
+	}
+
+	pageMetaData.MilestonesData.SelectedMilestoneID = ctx.FormInt64("milestone")
+
+	pageMetaData.SetSelectedProjectIDs(parseProjectIDsFromQuery(ctx))
+	if len(pageMetaData.ProjectsData.SelectedProjectIDs) == 1 {
+		ctx.Data["redirect_after_creation"] = "project"
+	}
+
+	tags, err := repo_model.GetTagNamesByRepoID(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("GetTagNamesByRepoID", err)
+		return
+	}
+	ctx.Data["Tags"] = tags
+
+	ret := issue_service.ParseTemplatesFromDefaultBranch(ctx.Repo.Repository, ctx.Repo.GitRepo)
+	templateLoaded, errs := setTemplateIfExists(ctx, issueTemplateKey, IssueTemplateCandidates, pageMetaData)
+	maps.Copy(ret.TemplateErrors, errs)
+	if ctx.Written() {
+		return
+	}
+
+	if len(ret.TemplateErrors) > 0 {
+		ctx.Flash.Warning(renderErrorOfTemplates(ctx, ret.TemplateErrors), true)
+	}
+
+	ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWrite(unit.TypeIssues)
+
+	if !issueConfig.BlankIssuesEnabled && hasTemplates && !templateLoaded {
+		// The "issues/new" and "issues/new/choose" share the same query parameters "project" and "milestone", if blank issues are disabled, just redirect to the "issues/choose" page with these parameters.
+		ctx.Redirect(fmt.Sprintf("%s/issues/new/choose?%s", ctx.Repo.Repository.Link(), ctx.Req.URL.RawQuery), http.StatusSeeOther)
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplIssueNew)
+}
+
+func renderErrorOfTemplates(ctx *context.Context, errs map[string]error) template.HTML {
+	var files []string
+	for k := range errs {
+		files = append(files, k)
+	}
+	sort.Strings(files) // keep the output stable
+
+	var lines []string
+	for _, file := range files {
+		lines = append(lines, fmt.Sprintf("%s: %v", file, errs[file]))
+	}
+
+	flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
+		"Message": ctx.Tr("repo.issues.choose.ignore_invalid_templates"),
+		"Summary": ctx.Tr("repo.issues.choose.invalid_templates", len(errs)),
+		"Details": utils.EscapeFlashErrorString(strings.Join(lines, "\n")),
+	})
+	if err != nil {
+		log.Debug("render flash error: %v", err)
+		flashError = ctx.Locale.Tr("repo.issues.choose.ignore_invalid_templates")
+	}
+	return flashError
+}
+
+// NewIssueChooseTemplate render creating issue from template page
+func NewIssueChooseTemplate(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.issues.new")
+	ctx.Data["PageIsIssueList"] = true
+
+	ret := issue_service.ParseTemplatesFromDefaultBranch(ctx.Repo.Repository, ctx.Repo.GitRepo)
+	ctx.Data["IssueTemplates"] = ret.IssueTemplates
+
+	if len(ret.TemplateErrors) > 0 {
+		ctx.Flash.Warning(renderErrorOfTemplates(ctx, ret.TemplateErrors), true)
+	}
+
+	if !issue_service.HasTemplatesOrContactLinks(ctx.Repo.Repository, ctx.Repo.GitRepo) {
+		// The "issues/new" and "issues/new/choose" share the same query parameters "project" and "milestone", if no template here, just redirect to the "issues/new" page with these parameters.
+		ctx.Redirect(fmt.Sprintf("%s/issues/new?%s", ctx.Repo.Repository.Link(), ctx.Req.URL.RawQuery), http.StatusSeeOther)
+		return
+	}
+
+	issueConfig, err := issue_service.GetTemplateConfigFromDefaultBranch(ctx.Repo.Repository, ctx.Repo.GitRepo)
+	ctx.Data["IssueConfig"] = issueConfig
+	ctx.Data["IssueConfigError"] = err // ctx.Flash.Err makes problems here
+
+	ctx.Data["milestone"] = ctx.FormInt64("milestone")
+	ctx.Data["project"] = ctx.FormInt64("project")
+
+	ctx.HTML(http.StatusOK, tplIssueChoose)
+}
+
+// DeleteIssue deletes an issue
+func DeleteIssue(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if err := issue_service.DeleteIssue(ctx, ctx.Doer, issue); err != nil {
+		ctx.ServerError("DeleteIssueByID", err)
+		return
+	}
+
+	if issue.IsPull {
+		ctx.Redirect(ctx.Repo.Repository.Link()+"/pulls", http.StatusSeeOther)
+		return
+	}
+
+	ctx.Redirect(ctx.Repo.Repository.Link()+"/issues", http.StatusSeeOther)
+}
+
+func toSet[ItemType any, KeyType comparable](slice []ItemType, keyFunc func(ItemType) KeyType) container.Set[KeyType] {
+	s := make(container.Set[KeyType])
+	for _, item := range slice {
+		s.Add(keyFunc(item))
+	}
+	return s
+}
+
+// ValidateRepoMetasForNewIssue check and returns repository's meta information
+func ValidateRepoMetasForNewIssue(ctx *context.Context, form forms.CreateIssueForm, isPull bool) (ret struct {
+	LabelIDs, AssigneeIDs []int64
+	MilestoneID           int64
+	ProjectIDs            []int64
+
+	Reviewers     []*user_model.User
+	TeamReviewers []*organization.Team
+},
+) {
+	pageMetaData := retrieveRepoIssueMetaData(ctx, ctx.Repo.Repository, nil, isPull)
+	if ctx.Written() {
+		return ret
+	}
+
+	inputLabelIDs := ctx.FormStringInt64s("label_ids")
+	candidateLabels := toSet(pageMetaData.LabelsData.AllLabels, func(label *issues_model.Label) int64 { return label.ID })
+	if len(inputLabelIDs) > 0 && !candidateLabels.Contains(inputLabelIDs...) {
+		ctx.NotFound(nil)
+		return ret
+	}
+	pageMetaData.LabelsData.SetSelectedLabelIDs(inputLabelIDs)
+
+	allMilestones := append(slices.Clone(pageMetaData.MilestonesData.OpenMilestones), pageMetaData.MilestonesData.ClosedMilestones...)
+	candidateMilestones := toSet(allMilestones, func(milestone *issues_model.Milestone) int64 { return milestone.ID })
+	if form.MilestoneID > 0 && !candidateMilestones.Contains(form.MilestoneID) {
+		ctx.NotFound(nil)
+		return ret
+	}
+	pageMetaData.MilestonesData.SelectedMilestoneID = form.MilestoneID
+
+	inputProjectIDs := ctx.FormStringInt64s("project_ids")
+	pageMetaData.SetSelectedProjectIDs(inputProjectIDs)
+
+	// prepare assignees
+	candidateAssignees := toSet(pageMetaData.AssigneesData.CandidateAssignees, func(user *user_model.User) int64 { return user.ID })
+	inputAssigneeIDs, _ := base.StringsToInt64s(strings.Split(form.AssigneeIDs, ","))
+	var assigneeIDStrings []string
+	for _, inputAssigneeID := range inputAssigneeIDs {
+		if candidateAssignees.Contains(inputAssigneeID) {
+			assigneeIDStrings = append(assigneeIDStrings, strconv.FormatInt(inputAssigneeID, 10))
+		}
+	}
+	pageMetaData.AssigneesData.SelectedAssigneeIDs = strings.Join(assigneeIDStrings, ",")
+
+	// Check if the passed reviewers (user/team) actually exist
+	var reviewers []*user_model.User
+	var teamReviewers []*organization.Team
+	reviewerIDs, _ := base.StringsToInt64s(strings.Split(form.ReviewerIDs, ","))
+	if isPull && len(reviewerIDs) > 0 {
+		userReviewersMap := map[int64]*user_model.User{}
+		teamReviewersMap := map[int64]*organization.Team{}
+		for _, r := range pageMetaData.ReviewersData.Reviewers {
+			userReviewersMap[r.User.ID] = r.User
+		}
+		for _, r := range pageMetaData.ReviewersData.TeamReviewers {
+			teamReviewersMap[r.Team.ID] = r.Team
+		}
+		for _, rID := range reviewerIDs {
+			if rID < 0 { // negative reviewIDs represent team requests
+				team, ok := teamReviewersMap[-rID]
+				if !ok {
+					ctx.NotFound(nil)
+					return ret
+				}
+				teamReviewers = append(teamReviewers, team)
+			} else {
+				user, ok := userReviewersMap[rID]
+				if !ok {
+					ctx.NotFound(nil)
+					return ret
+				}
+				reviewers = append(reviewers, user)
+			}
+		}
+	}
+
+	// Return only the validated IDs.
+	ret.LabelIDs, ret.AssigneeIDs, ret.MilestoneID, ret.ProjectIDs = inputLabelIDs, inputAssigneeIDs, form.MilestoneID, inputProjectIDs
+	ret.Reviewers, ret.TeamReviewers = reviewers, teamReviewers
+	return ret
+}
+
+// NewIssuePost response for creating new issue
+func NewIssuePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateIssueForm)
+
+	repo := ctx.Repo.Repository
+
+	validateRet := ValidateRepoMetasForNewIssue(ctx, *form, false)
+	if ctx.Written() {
+		return
+	}
+
+	labelIDs, assigneeIDs, milestoneID, projectIDs := validateRet.LabelIDs, validateRet.AssigneeIDs, validateRet.MilestoneID, validateRet.ProjectIDs
+
+	if len(projectIDs) > 0 {
+		if !ctx.Repo.Permission.CanRead(unit.TypeProjects) {
+			// User must also be able to see the project.
+			ctx.HTTPError(http.StatusBadRequest, "user hasn't permissions to read projects")
+			return
+		}
+	}
+
+	var attachments []string
+	if setting.Attachment.Enabled {
+		attachments = form.Files
+	}
+
+	if ctx.HasError() {
+		ctx.JSONError(ctx.GetErrMsg())
+		return
+	}
+
+	if util.IsEmptyString(form.Title) {
+		ctx.JSONError(ctx.Tr("repo.issues.new.title_empty"))
+		return
+	}
+
+	content := form.Content
+	if filename := ctx.Req.Form.Get("template-file"); filename != "" {
+		if template, err := issue_template.UnmarshalFromRepo(ctx.Repo.GitRepo, ctx.Repo.Repository.DefaultBranch, filename); err == nil {
+			content = issue_template.RenderToMarkdown(template, ctx.Req.Form)
+		}
+	}
+
+	issue := &issues_model.Issue{
+		RepoID:      repo.ID,
+		Repo:        repo,
+		Title:       form.Title,
+		PosterID:    ctx.Doer.ID,
+		Poster:      ctx.Doer,
+		MilestoneID: milestoneID,
+		Content:     content,
+		Ref:         form.Ref,
+	}
+
+	if err := issue_service.NewIssue(ctx, repo, issue, labelIDs, attachments, assigneeIDs, projectIDs); err != nil {
+		if repo_model.IsErrUserDoesNotHaveAccessToRepo(err) {
+			ctx.HTTPError(http.StatusBadRequest, "UserDoesNotHaveAccessToRepo", err.Error())
+		} else if errors.Is(err, user_model.ErrBlockedUser) {
+			ctx.JSONError(ctx.Tr("repo.issues.new.blocked_user"))
+		} else {
+			ctx.ServerError("NewIssue", err)
+		}
+		return
+	}
+
+	log.Trace("Issue created: %d/%d", repo.ID, issue.ID)
+	if ctx.FormString("redirect_after_creation") == "project" && len(projectIDs) > 0 {
+		// When issue is in multiple projects, redirect to first project from form order.
+		project, err := project_model.GetProjectByID(ctx, projectIDs[0])
+		if err == nil {
+			if project.Type == project_model.TypeOrganization {
+				ctx.JSONRedirect(project_model.ProjectLinkForOrg(ctx.Repo.Owner, project.ID))
+			} else {
+				ctx.JSONRedirect(project_model.ProjectLinkForRepo(repo, project.ID))
+			}
+			return
+		}
+	}
+	ctx.JSONRedirect(issue.Link())
+}
@@ -0,0 +1,530 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"sort"
+	"strconv"
+	"strings"
+
+	"gitea.dev/models/db"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/organization"
+	project_model "gitea.dev/models/project"
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/container"
+	"gitea.dev/modules/optional"
+	shared_user "gitea.dev/routers/web/shared/user"
+	"gitea.dev/services/context"
+	issue_service "gitea.dev/services/issue"
+	pull_service "gitea.dev/services/pull"
+)
+
+type issueSidebarMilestoneData struct {
+	SelectedMilestoneID int64
+	OpenMilestones      []*issues_model.Milestone
+	ClosedMilestones    []*issues_model.Milestone
+}
+
+type issueSidebarAssigneesData struct {
+	SelectedAssigneeIDs string
+	CandidateAssignees  []*user_model.User
+}
+
+type issueSidebarProjectCardData struct {
+	Project        *project_model.Project
+	Columns        []*project_model.Column
+	SelectedColumn *project_model.Column
+}
+
+type issueSidebarProjectsData struct {
+	SelectedProjectIDs []int64
+	ProjectCards       []*issueSidebarProjectCardData
+
+	OpenProjects   []*project_model.Project
+	ClosedProjects []*project_model.Project
+}
+
+type IssuePageMetaData struct {
+	RepoLink             string
+	Repository           *repo_model.Repository
+	Issue                *issues_model.Issue
+	IsPullRequest        bool
+	CanModifyIssueOrPull bool
+
+	ReviewersData  *issueSidebarReviewersData
+	LabelsData     *issueSidebarLabelsData
+	MilestonesData *issueSidebarMilestoneData
+	ProjectsData   *issueSidebarProjectsData
+	AssigneesData  *issueSidebarAssigneesData
+}
+
+func retrieveRepoIssueMetaData(ctx *context.Context, repo *repo_model.Repository, issue *issues_model.Issue, isPull bool) *IssuePageMetaData {
+	data := &IssuePageMetaData{
+		RepoLink:      ctx.Repo.RepoLink,
+		Repository:    repo,
+		Issue:         issue,
+		IsPullRequest: isPull,
+
+		ReviewersData:  &issueSidebarReviewersData{},
+		LabelsData:     &issueSidebarLabelsData{},
+		MilestonesData: &issueSidebarMilestoneData{},
+		ProjectsData:   &issueSidebarProjectsData{},
+		AssigneesData:  &issueSidebarAssigneesData{},
+	}
+	ctx.Data["IssuePageMetaData"] = data
+
+	if isPull {
+		data.retrieveReviewersData(ctx)
+		if ctx.Written() {
+			return data
+		}
+	}
+	data.retrieveLabelsData(ctx)
+	if ctx.Written() {
+		return data
+	}
+
+	// it sets "Branches" template data,
+	// it is used to render the "edit PR target branches" dropdown, and the "branch selector" in the issue's sidebar.
+	PrepareBranchList(ctx)
+	if ctx.Written() {
+		return data
+	}
+
+	// it sets the "Assignees" template data, and the data is also used to "mention" users.
+	data.retrieveAssigneesData(ctx)
+	if ctx.Written() {
+		return data
+	}
+
+	data.retrieveProjectData(ctx)
+	if ctx.Written() {
+		return data
+	}
+
+	// TODO: the issue/pull permissions are quite complex and unclear
+	// A reader could create an issue/PR with setting some meta (eg: assignees from issue template, reviewers, target branch)
+	// A reader(creator) could update some meta (eg: target branch), but can't change assignees anymore.
+	// For non-creator users, only writers could update some meta (eg: assignees, milestone, project)
+	// Need to clarify the logic and add some tests in the future
+	data.CanModifyIssueOrPull = ctx.Repo.Permission.CanWriteIssuesOrPulls(isPull) && !ctx.Repo.Repository.IsArchived
+	if !data.CanModifyIssueOrPull {
+		return data
+	}
+
+	data.retrieveMilestonesDataForIssueWriter(ctx)
+	if ctx.Written() {
+		return data
+	}
+
+	data.retrieveProjectsDataForIssueWriter(ctx)
+	if ctx.Written() {
+		return data
+	}
+
+	ctx.Data["CanCreateIssueDependencies"] = ctx.Repo.CanCreateIssueDependencies(ctx, ctx.Doer, isPull)
+	return data
+}
+
+func (d *IssuePageMetaData) retrieveMilestonesDataForIssueWriter(ctx *context.Context) {
+	var err error
+	if d.Issue != nil {
+		d.MilestonesData.SelectedMilestoneID = d.Issue.MilestoneID
+	}
+	d.MilestonesData.OpenMilestones, err = db.Find[issues_model.Milestone](ctx, issues_model.FindMilestoneOptions{
+		RepoID:   d.Repository.ID,
+		IsClosed: optional.Some(false),
+	})
+	if err != nil {
+		ctx.ServerError("GetMilestones", err)
+		return
+	}
+	d.MilestonesData.ClosedMilestones, err = db.Find[issues_model.Milestone](ctx, issues_model.FindMilestoneOptions{
+		RepoID:   d.Repository.ID,
+		IsClosed: optional.Some(true),
+	})
+	if err != nil {
+		ctx.ServerError("GetMilestones", err)
+		return
+	}
+}
+
+func (d *IssuePageMetaData) retrieveAssigneesData(ctx *context.Context) {
+	var err error
+	d.AssigneesData.CandidateAssignees, err = repo_model.GetRepoAssignees(ctx, d.Repository)
+	if err != nil {
+		ctx.ServerError("GetRepoAssignees", err)
+		return
+	}
+	d.AssigneesData.CandidateAssignees = shared_user.MakeSelfOnTop(ctx.Doer, d.AssigneesData.CandidateAssignees)
+	if d.Issue != nil {
+		_ = d.Issue.LoadAssignees(ctx)
+		ids := make([]string, 0, len(d.Issue.Assignees))
+		for _, a := range d.Issue.Assignees {
+			ids = append(ids, strconv.FormatInt(a.ID, 10))
+		}
+		d.AssigneesData.SelectedAssigneeIDs = strings.Join(ids, ",")
+	}
+	ctx.Data["Assignees"] = d.AssigneesData.CandidateAssignees
+}
+
+func (d *IssuePageMetaData) retrieveProjectCardsForExistingIssue(ctx *context.Context) {
+	if err := d.Issue.LoadProjects(ctx); err != nil {
+		ctx.ServerError("LoadProjects", err)
+		return
+	}
+
+	// Load column mappings for all projects
+	projectColumnMap, err := d.Issue.ProjectColumnMap(ctx)
+	if err != nil {
+		ctx.ServerError("ProjectColumnMap", err)
+		return
+	}
+
+	// Build project cards for each project
+	d.ProjectsData.ProjectCards = make([]*issueSidebarProjectCardData, 0, len(d.Issue.Projects))
+	for _, project := range d.Issue.Projects {
+		columns, err := project.GetColumns(ctx)
+		if err != nil {
+			ctx.ServerError("GetProjectColumns", err)
+			return
+		}
+
+		var selectedColumn *project_model.Column
+		columnID := projectColumnMap[project.ID]
+		for _, col := range columns {
+			if col.ID == columnID {
+				selectedColumn = col
+				break
+			}
+		}
+
+		if selectedColumn == nil {
+			selectedColumn, err = project.MustDefaultColumn(ctx)
+			if err != nil {
+				ctx.ServerError("MustDefaultColumn", err)
+				return
+			}
+		}
+		d.ProjectsData.ProjectCards = append(d.ProjectsData.ProjectCards, &issueSidebarProjectCardData{
+			Project:        project,
+			Columns:        columns,
+			SelectedColumn: selectedColumn,
+		})
+	}
+	d.ProjectsData.SelectedProjectIDs = make([]int64, 0, len(d.ProjectsData.ProjectCards))
+	for _, card := range d.ProjectsData.ProjectCards {
+		d.ProjectsData.SelectedProjectIDs = append(d.ProjectsData.SelectedProjectIDs, card.Project.ID)
+	}
+}
+
+func (d *IssuePageMetaData) retrieveProjectData(ctx *context.Context) {
+	if d.Issue == nil {
+		return
+	}
+	d.retrieveProjectCardsForExistingIssue(ctx)
+}
+
+func (d *IssuePageMetaData) SetSelectedProjectIDs(ids []int64) {
+	allProjects := map[int64]*project_model.Project{}
+	for _, p := range d.ProjectsData.OpenProjects {
+		allProjects[p.ID] = p
+	}
+	for _, p := range d.ProjectsData.ClosedProjects {
+		allProjects[p.ID] = p
+	}
+	for _, id := range ids {
+		if project, ok := allProjects[id]; ok {
+			d.ProjectsData.ProjectCards = append(d.ProjectsData.ProjectCards, &issueSidebarProjectCardData{Project: project})
+		}
+	}
+	d.ProjectsData.SelectedProjectIDs = ids
+}
+
+func (d *IssuePageMetaData) retrieveProjectsDataForIssueWriter(ctx *context.Context) {
+	d.ProjectsData.OpenProjects, d.ProjectsData.ClosedProjects = retrieveProjectsInternal(ctx, ctx.Repo.Repository)
+}
+
+// repoReviewerSelection items to bee shown
+type repoReviewerSelection struct {
+	IsTeam         bool
+	Team           *organization.Team
+	User           *user_model.User
+	Review         *issues_model.Review
+	CanBeDismissed bool
+	CanChange      bool
+	Requested      bool
+	ItemID         int64
+}
+
+type issueSidebarReviewersData struct {
+	CanChooseReviewer    bool
+	OriginalReviews      issues_model.ReviewList
+	TeamReviewers        []*repoReviewerSelection
+	Reviewers            []*repoReviewerSelection
+	CurrentPullReviewers []*repoReviewerSelection
+}
+
+// RetrieveRepoReviewers find all reviewers of a repository. If issue is nil, it means the doer is creating a new PR.
+func (d *IssuePageMetaData) retrieveReviewersData(ctx *context.Context) {
+	data := d.ReviewersData
+	repo := d.Repository
+	if ctx.Doer != nil && ctx.IsSigned {
+		if d.Issue == nil {
+			data.CanChooseReviewer = true
+		} else {
+			data.CanChooseReviewer = issue_service.CanDoerChangeReviewRequests(ctx, ctx.Doer, repo, d.Issue.PosterID)
+		}
+	}
+
+	var posterID int64
+	var isClosed bool
+	var reviews issues_model.ReviewList
+	var err error
+
+	if d.Issue == nil {
+		if ctx.Doer != nil {
+			posterID = ctx.Doer.ID
+		}
+	} else {
+		posterID = d.Issue.PosterID
+		if d.Issue.OriginalAuthorID > 0 {
+			posterID = 0 // for migrated PRs, no poster ID
+		}
+
+		isClosed = d.Issue.IsClosed || d.Issue.PullRequest.HasMerged
+
+		reviews, data.OriginalReviews, err = issues_model.GetReviewsByIssueID(ctx, d.Issue.ID)
+		if err != nil {
+			ctx.ServerError("GetReviewersByIssueID", err)
+			return
+		}
+		if len(reviews) == 0 && !data.CanChooseReviewer {
+			return
+		}
+	}
+
+	var (
+		pullReviews         []*repoReviewerSelection
+		reviewersResult     []*repoReviewerSelection
+		teamReviewersResult []*repoReviewerSelection
+		teamReviewers       []*organization.Team
+		reviewers           []*user_model.User
+	)
+
+	if data.CanChooseReviewer {
+		var err error
+		reviewers, err = pull_service.GetReviewers(ctx, repo, ctx.Doer.ID, posterID)
+		if err != nil {
+			ctx.ServerError("GetReviewers", err)
+			return
+		}
+
+		teamReviewers, err = pull_service.GetReviewerTeams(ctx, repo)
+		if err != nil {
+			ctx.ServerError("GetReviewerTeams", err)
+			return
+		}
+
+		if len(reviewers) > 0 {
+			reviewersResult = make([]*repoReviewerSelection, 0, len(reviewers))
+		}
+
+		if len(teamReviewers) > 0 {
+			teamReviewersResult = make([]*repoReviewerSelection, 0, len(teamReviewers))
+		}
+	}
+
+	pullReviews = make([]*repoReviewerSelection, 0, len(reviews))
+
+	for _, review := range reviews {
+		tmp := &repoReviewerSelection{
+			Requested: review.Type == issues_model.ReviewTypeRequest,
+			Review:    review,
+			ItemID:    review.ReviewerID,
+		}
+		if review.ReviewerTeamID > 0 {
+			tmp.IsTeam = true
+			tmp.ItemID = -review.ReviewerTeamID
+		}
+
+		if data.CanChooseReviewer {
+			// Users who can choose reviewers can also remove review requests
+			tmp.CanChange = true
+		} else if ctx.Doer != nil && ctx.Doer.ID == review.ReviewerID && review.Type == issues_model.ReviewTypeRequest {
+			// A user can refuse review requests
+			tmp.CanChange = true
+		}
+
+		pullReviews = append(pullReviews, tmp)
+
+		if data.CanChooseReviewer {
+			if tmp.IsTeam {
+				teamReviewersResult = append(teamReviewersResult, tmp)
+			} else {
+				reviewersResult = append(reviewersResult, tmp)
+			}
+		}
+	}
+
+	if len(pullReviews) > 0 {
+		// Drop all non-existing users and teams from the reviews
+		currentPullReviewers := make([]*repoReviewerSelection, 0, len(pullReviews))
+		for _, item := range pullReviews {
+			if item.Review.ReviewerID > 0 {
+				if err := item.Review.LoadReviewer(ctx); err != nil {
+					if user_model.IsErrUserNotExist(err) {
+						continue
+					}
+					ctx.ServerError("LoadReviewer", err)
+					return
+				}
+				item.User = item.Review.Reviewer
+			} else if item.Review.ReviewerTeamID > 0 {
+				if err := item.Review.LoadReviewerTeam(ctx); err != nil {
+					if organization.IsErrTeamNotExist(err) {
+						continue
+					}
+					ctx.ServerError("LoadReviewerTeam", err)
+					return
+				}
+				item.Team = item.Review.ReviewerTeam
+			} else {
+				continue
+			}
+			item.CanBeDismissed = ctx.Repo.Permission.IsAdmin() && !isClosed &&
+				(item.Review.Type == issues_model.ReviewTypeApprove || item.Review.Type == issues_model.ReviewTypeReject)
+			currentPullReviewers = append(currentPullReviewers, item)
+		}
+		data.CurrentPullReviewers = currentPullReviewers
+	}
+
+	if data.CanChooseReviewer && reviewersResult != nil {
+		preadded := len(reviewersResult)
+		for _, reviewer := range reviewers {
+			found := false
+		reviewAddLoop:
+			for _, tmp := range reviewersResult[:preadded] {
+				if tmp.ItemID == reviewer.ID {
+					tmp.User = reviewer
+					found = true
+					break reviewAddLoop
+				}
+			}
+
+			if found {
+				continue
+			}
+
+			reviewersResult = append(reviewersResult, &repoReviewerSelection{
+				IsTeam:    false,
+				CanChange: true,
+				User:      reviewer,
+				ItemID:    reviewer.ID,
+			})
+		}
+
+		data.Reviewers = reviewersResult
+	}
+
+	if data.CanChooseReviewer && teamReviewersResult != nil {
+		preadded := len(teamReviewersResult)
+		for _, team := range teamReviewers {
+			found := false
+		teamReviewAddLoop:
+			for _, tmp := range teamReviewersResult[:preadded] {
+				if tmp.ItemID == -team.ID {
+					tmp.Team = team
+					found = true
+					break teamReviewAddLoop
+				}
+			}
+
+			if found {
+				continue
+			}
+
+			teamReviewersResult = append(teamReviewersResult, &repoReviewerSelection{
+				IsTeam:    true,
+				CanChange: true,
+				Team:      team,
+				ItemID:    -team.ID,
+			})
+		}
+
+		data.TeamReviewers = teamReviewersResult
+	}
+}
+
+type issueSidebarLabelsData struct {
+	AllLabels        []*issues_model.Label
+	RepoLabels       []*issues_model.Label
+	OrgLabels        []*issues_model.Label
+	SelectedLabelIDs string
+}
+
+func makeSelectedStringIDs[KeyType, ItemType comparable](
+	allLabels []*issues_model.Label, candidateKey func(candidate *issues_model.Label) KeyType,
+	selectedItems []ItemType, selectedKey func(selected ItemType) KeyType,
+) string {
+	selectedIDSet := make(container.Set[string])
+	allLabelMap := map[KeyType]*issues_model.Label{}
+	for _, label := range allLabels {
+		allLabelMap[candidateKey(label)] = label
+	}
+	for _, item := range selectedItems {
+		if label, ok := allLabelMap[selectedKey(item)]; ok {
+			label.IsChecked = true
+			selectedIDSet.Add(strconv.FormatInt(label.ID, 10))
+		}
+	}
+	ids := selectedIDSet.Values()
+	sort.Strings(ids)
+	return strings.Join(ids, ",")
+}
+
+func (d *issueSidebarLabelsData) SetSelectedLabels(labels []*issues_model.Label) {
+	d.SelectedLabelIDs = makeSelectedStringIDs(
+		d.AllLabels, func(label *issues_model.Label) int64 { return label.ID },
+		labels, func(label *issues_model.Label) int64 { return label.ID },
+	)
+}
+
+func (d *issueSidebarLabelsData) SetSelectedLabelNames(labelNames []string) {
+	d.SelectedLabelIDs = makeSelectedStringIDs(
+		d.AllLabels, func(label *issues_model.Label) string { return strings.ToLower(label.Name) },
+		labelNames, strings.ToLower,
+	)
+}
+
+func (d *issueSidebarLabelsData) SetSelectedLabelIDs(labelIDs []int64) {
+	d.SelectedLabelIDs = makeSelectedStringIDs(
+		d.AllLabels, func(label *issues_model.Label) int64 { return label.ID },
+		labelIDs, func(labelID int64) int64 { return labelID },
+	)
+}
+
+func (d *IssuePageMetaData) retrieveLabelsData(ctx *context.Context) {
+	repo := d.Repository
+	labelsData := d.LabelsData
+
+	labels, err := issues_model.GetLabelsByRepoID(ctx, repo.ID, "", db.ListOptions{})
+	if err != nil {
+		ctx.ServerError("GetLabelsByRepoID", err)
+		return
+	}
+	labelsData.RepoLabels = labels
+
+	if repo.Owner.IsOrganization() {
+		orgLabels, err := issues_model.GetLabelsByOrgID(ctx, repo.Owner.ID, ctx.FormString("sort"), db.ListOptions{})
+		if err != nil {
+			return
+		}
+		labelsData.OrgLabels = orgLabels
+	}
+	labelsData.AllLabels = append(labelsData.AllLabels, labelsData.RepoLabels...)
+	labelsData.AllLabels = append(labelsData.AllLabels, labelsData.OrgLabels...)
+}
@@ -0,0 +1,116 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	"gitea.dev/models/db"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/log"
+	"gitea.dev/services/context"
+)
+
+// IssuePinOrUnpin pin or unpin a Issue
+func IssuePinOrUnpin(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	// If we don't do this, it will crash when trying to add the pin event to the comment history
+	err := issue.LoadRepo(ctx)
+	if err != nil {
+		ctx.ServerError("LoadRepo", err)
+		return
+	}
+
+	// PinOrUnpin pins or unpins a Issue
+	_, err = issues_model.GetIssuePin(ctx, issue)
+	if err != nil && !db.IsErrNotExist(err) {
+		ctx.ServerError("GetIssuePin", err)
+		return
+	}
+
+	if db.IsErrNotExist(err) {
+		err = issues_model.PinIssue(ctx, issue, ctx.Doer)
+	} else {
+		err = issues_model.UnpinIssue(ctx, issue, ctx.Doer)
+	}
+
+	if err != nil {
+		if issues_model.IsErrIssueMaxPinReached(err) {
+			ctx.JSONError(ctx.Tr("repo.issues.max_pinned"))
+		} else {
+			ctx.ServerError("Pin/Unpin failed", err)
+		}
+		return
+	}
+
+	ctx.JSONRedirect(issue.Link())
+}
+
+// IssueUnpin unpins a Issue
+func IssueUnpin(ctx *context.Context) {
+	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))
+	if err != nil {
+		ctx.ServerError("GetIssueByIndex", err)
+		return
+	}
+
+	// If we don't do this, it will crash when trying to add the pin event to the comment history
+	err = issue.LoadRepo(ctx)
+	if err != nil {
+		ctx.ServerError("LoadRepo", err)
+		return
+	}
+
+	err = issues_model.UnpinIssue(ctx, issue, ctx.Doer)
+	if err != nil {
+		ctx.ServerError("UnpinIssue", err)
+		return
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
+
+// IssuePinMove moves a pinned Issue
+func IssuePinMove(ctx *context.Context) {
+	if ctx.Doer == nil {
+		ctx.JSON(http.StatusForbidden, "Only signed in users are allowed to perform this action.")
+		return
+	}
+
+	type movePinIssueForm struct {
+		ID       int64 `json:"id"`
+		Position int   `json:"position"`
+	}
+
+	form := &movePinIssueForm{}
+	if err := json.NewDecoder(ctx.Req.Body).Decode(&form); err != nil {
+		ctx.ServerError("Decode", err)
+		return
+	}
+
+	issue, err := issues_model.GetIssueByID(ctx, form.ID)
+	if err != nil {
+		ctx.ServerError("GetIssueByID", err)
+		return
+	}
+
+	if issue.RepoID != ctx.Repo.Repository.ID {
+		ctx.Status(http.StatusNotFound)
+		log.Error("Issue does not belong to this repository")
+		return
+	}
+
+	err = issues_model.MovePin(ctx, issue, form.Position)
+	if err != nil {
+		ctx.ServerError("MovePin", err)
+		return
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
@@ -0,0 +1,59 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"slices"
+	"strings"
+
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	shared_user "gitea.dev/routers/web/shared/user"
+	"gitea.dev/services/context"
+)
+
+type userSearchInfo struct {
+	UserID     int64  `json:"user_id"`
+	UserName   string `json:"username"`
+	AvatarLink string `json:"avatar_link"`
+	FullName   string `json:"full_name"`
+}
+
+type userSearchResponse struct {
+	Results []*userSearchInfo `json:"results"`
+}
+
+func IssuePullPosters(ctx *context.Context) {
+	isPullList := ctx.PathParam("type") == "pulls"
+	issuePosters(ctx, isPullList)
+}
+
+func issuePosters(ctx *context.Context, isPullList bool) {
+	repo := ctx.Repo.Repository
+	search := strings.TrimSpace(ctx.FormString("q"))
+	posters, err := repo_model.GetIssuePostersWithSearch(ctx, repo, isPullList, search)
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, err)
+		return
+	}
+
+	if search == "" && ctx.Doer != nil {
+		// the returned posters slice only contains limited number of users,
+		// to make the current user (doer) can quickly filter their own issues, always add doer to the posters slice
+		if !slices.ContainsFunc(posters, func(user *user_model.User) bool { return user.ID == ctx.Doer.ID }) {
+			posters = append(posters, ctx.Doer)
+		}
+	}
+
+	posters = shared_user.MakeSelfOnTop(ctx.Doer, posters)
+
+	resp := &userSearchResponse{}
+	resp.Results = make([]*userSearchInfo, len(posters))
+	for i, user := range posters {
+		resp.Results[i] = &userSearchInfo{UserID: user.ID, UserName: user.Name, AvatarLink: user.AvatarLink(ctx)}
+		resp.Results[i].FullName = user.FullName
+	}
+	ctx.JSON(http.StatusOK, resp)
+}
@@ -0,0 +1,86 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"gitea.dev/models/db"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/modules/eventsource"
+	"gitea.dev/services/context"
+)
+
+// IssueStartStopwatch creates a stopwatch for the given issue.
+func IssueStartStopwatch(c *context.Context) {
+	issue := GetActionIssue(c)
+	if c.Written() {
+		return
+	}
+
+	if !c.Repo.CanUseTimetracker(c, issue, c.Doer) {
+		c.NotFound(nil)
+		return
+	}
+
+	if ok, err := issues_model.CreateIssueStopwatch(c, c.Doer, issue); err != nil {
+		c.ServerError("CreateIssueStopwatch", err)
+		return
+	} else if !ok {
+		c.Flash.Warning(c.Tr("repo.issues.stopwatch_already_created"))
+	} else {
+		c.Flash.Success(c.Tr("repo.issues.tracker_auto_close"))
+	}
+	c.JSONRedirect("")
+}
+
+// IssueStopStopwatch stops a stopwatch for the given issue.
+func IssueStopStopwatch(c *context.Context) {
+	issue := GetActionIssue(c)
+	if c.Written() {
+		return
+	}
+
+	if !c.Repo.CanUseTimetracker(c, issue, c.Doer) {
+		c.NotFound(nil)
+		return
+	}
+
+	if ok, err := issues_model.FinishIssueStopwatch(c, c.Doer, issue); err != nil {
+		c.ServerError("FinishIssueStopwatch", err)
+		return
+	} else if !ok {
+		c.Flash.Warning(c.Tr("repo.issues.stopwatch_already_stopped"))
+	}
+	c.JSONRedirect("")
+}
+
+// CancelStopwatch cancel the stopwatch
+func CancelStopwatch(c *context.Context) {
+	issue := GetActionIssue(c)
+	if c.Written() {
+		return
+	}
+	if !c.Repo.CanUseTimetracker(c, issue, c.Doer) {
+		c.NotFound(nil)
+		return
+	}
+
+	if _, err := issues_model.CancelStopwatch(c, c.Doer, issue); err != nil {
+		c.ServerError("CancelStopwatch", err)
+		return
+	}
+
+	stopwatches, err := issues_model.GetUserStopwatches(c, c.Doer.ID, db.ListOptions{})
+	if err != nil {
+		c.ServerError("GetUserStopwatches", err)
+		return
+	}
+	if len(stopwatches) == 0 {
+		eventsource.GetManager().SendMessage(c.Doer.ID, &eventsource.Event{
+			Name: "stopwatches",
+			Data: "{}",
+		})
+	}
+
+	c.JSONRedirect("")
+}
@@ -0,0 +1,36 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/optional"
+	"gitea.dev/services/context"
+	issue_service "gitea.dev/services/issue"
+)
+
+// IssueSuggestions returns a list of issue suggestions
+func IssueSuggestions(ctx *context.Context) {
+	keyword := ctx.Req.FormValue("q")
+
+	canReadIssues := ctx.Repo.Permission.CanRead(unit.TypeIssues)
+	canReadPulls := ctx.Repo.Permission.CanRead(unit.TypePullRequests)
+
+	var isPull optional.Option[bool]
+	if canReadPulls && !canReadIssues {
+		isPull = optional.Some(true)
+	} else if canReadIssues && !canReadPulls {
+		isPull = optional.Some(false)
+	}
+
+	suggestions, err := issue_service.GetSuggestion(ctx, ctx.Repo.Repository, isPull, keyword)
+	if err != nil {
+		ctx.ServerError("GetSuggestion", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, suggestions)
+}
@@ -0,0 +1,375 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"testing"
+
+	issues_model "gitea.dev/models/issues"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCombineLabelComments(t *testing.T) {
+	kases := []struct {
+		name           string
+		beforeCombined []*issues_model.Comment
+		afterCombined  []*issues_model.Comment
+	}{
+		{
+			name: "kase 1",
+			beforeCombined: []*issues_model.Comment{
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:        issues_model.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+			afterCombined: []*issues_model.Comment{
+				{
+					Type:        issues_model.CommentTypeLabel,
+					PosterID:    1,
+					Content:     "1",
+					CreatedUnix: 0,
+					AddedLabels: []*issues_model.Label{},
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+				},
+				{
+					Type:        issues_model.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+		},
+		{
+			name: "kase 2",
+			beforeCombined: []*issues_model.Comment{
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 70,
+				},
+				{
+					Type:        issues_model.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+			afterCombined: []*issues_model.Comment{
+				{
+					Type:        issues_model.CommentTypeLabel,
+					PosterID:    1,
+					Content:     "1",
+					CreatedUnix: 0,
+					AddedLabels: []*issues_model.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+				},
+				{
+					Type:        issues_model.CommentTypeLabel,
+					PosterID:    1,
+					Content:     "",
+					CreatedUnix: 70,
+					RemovedLabels: []*issues_model.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+				},
+				{
+					Type:        issues_model.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+		},
+		{
+			name: "kase 3",
+			beforeCombined: []*issues_model.Comment{
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 2,
+					Content:  "",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:        issues_model.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+			afterCombined: []*issues_model.Comment{
+				{
+					Type:        issues_model.CommentTypeLabel,
+					PosterID:    1,
+					Content:     "1",
+					CreatedUnix: 0,
+					AddedLabels: []*issues_model.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+				},
+				{
+					Type:        issues_model.CommentTypeLabel,
+					PosterID:    2,
+					Content:     "",
+					CreatedUnix: 0,
+					RemovedLabels: []*issues_model.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+				},
+				{
+					Type:        issues_model.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+		},
+		{
+			name: "kase 4",
+			beforeCombined: []*issues_model.Comment{
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "kind/backport",
+					},
+					CreatedUnix: 10,
+				},
+			},
+			afterCombined: []*issues_model.Comment{
+				{
+					Type:        issues_model.CommentTypeLabel,
+					PosterID:    1,
+					Content:     "1",
+					CreatedUnix: 10,
+					AddedLabels: []*issues_model.Label{
+						{
+							Name: "kind/bug",
+						},
+						{
+							Name: "kind/backport",
+						},
+					},
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+				},
+			},
+		},
+		{
+			name: "kase 5",
+			beforeCombined: []*issues_model.Comment{
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:        issues_model.CommentTypeComment,
+					PosterID:    2,
+					Content:     "testtest",
+					CreatedUnix: 0,
+				},
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+			},
+			afterCombined: []*issues_model.Comment{
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					AddedLabels: []*issues_model.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:        issues_model.CommentTypeComment,
+					PosterID:    2,
+					Content:     "testtest",
+					CreatedUnix: 0,
+				},
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "",
+					RemovedLabels: []*issues_model.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+			},
+		},
+		{
+			name: "kase 6",
+			beforeCombined: []*issues_model.Comment{
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "reviewed/confirmed",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "kind/feature",
+					},
+					CreatedUnix: 0,
+				},
+			},
+			afterCombined: []*issues_model.Comment{
+				{
+					Type:     issues_model.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &issues_model.Label{
+						Name: "kind/bug",
+					},
+					AddedLabels: []*issues_model.Label{
+						{
+							Name: "reviewed/confirmed",
+						},
+						{
+							Name: "kind/feature",
+						},
+					},
+					CreatedUnix: 0,
+				},
+			},
+		},
+	}
+
+	for _, kase := range kases {
+		t.Run(kase.name, func(t *testing.T) {
+			issue := issues_model.Issue{
+				Comments: kase.beforeCombined,
+			}
+			combineLabelComments(&issue)
+			assert.EqualValues(t, kase.afterCombined, issue.Comments)
+		})
+	}
+}
@@ -0,0 +1,119 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"strings"
+	"time"
+
+	"gitea.dev/models/db"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	issue_service "gitea.dev/services/issue"
+)
+
+// AddTimeManually tracks time manually
+func AddTimeManually(c *context.Context) {
+	form := web.GetForm(c).(*forms.AddTimeManuallyForm)
+	issue := GetActionIssue(c)
+	if c.Written() {
+		return
+	}
+	if !c.Repo.CanUseTimetracker(c, issue, c.Doer) {
+		c.NotFound(nil)
+		return
+	}
+
+	if c.HasError() {
+		c.JSONError(c.GetErrMsg())
+		return
+	}
+
+	total := time.Duration(form.Hours)*time.Hour + time.Duration(form.Minutes)*time.Minute
+
+	if total <= 0 {
+		c.JSONError(c.Tr("repo.issues.add_time_sum_to_small"))
+		return
+	}
+
+	if _, err := issues_model.AddTime(c, c.Doer, issue, int64(total.Seconds()), time.Now()); err != nil {
+		c.ServerError("AddTime", err)
+		return
+	}
+
+	c.JSONRedirect("")
+}
+
+// DeleteTime deletes tracked time
+func DeleteTime(c *context.Context) {
+	issue := GetActionIssue(c)
+	if c.Written() {
+		return
+	}
+	if !c.Repo.CanUseTimetracker(c, issue, c.Doer) {
+		c.NotFound(nil)
+		return
+	}
+
+	t, err := issues_model.GetTrackedTimeByID(c, issue.ID, c.PathParamInt64("timeid"))
+	if err != nil {
+		if db.IsErrNotExist(err) {
+			c.NotFound(err)
+			return
+		}
+		c.HTTPError(http.StatusInternalServerError, "GetTrackedTimeByID", err.Error())
+		return
+	}
+
+	// only OP or admin may delete
+	if !c.IsSigned || (!c.IsUserSiteAdmin() && c.Doer.ID != t.UserID) {
+		c.HTTPError(http.StatusForbidden, "not allowed")
+		return
+	}
+
+	if err = issues_model.DeleteTime(c, t); err != nil {
+		c.ServerError("DeleteTime", err)
+		return
+	}
+
+	c.Flash.Success(c.Tr("repo.issues.del_time_history", util.SecToHours(t.Time)))
+	c.JSONRedirect("")
+}
+
+func UpdateIssueTimeEstimate(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) {
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	timeStr := strings.TrimSpace(ctx.FormString("time_estimate"))
+
+	total, err := util.TimeEstimateParse(timeStr)
+	if err != nil {
+		ctx.JSONError(ctx.Tr("repo.issues.time_estimate_invalid"))
+		return
+	}
+
+	// No time changed
+	if issue.TimeEstimate == total {
+		ctx.JSONRedirect("")
+		return
+	}
+
+	if err := issue_service.ChangeTimeEstimate(ctx, issue, ctx.Doer, total); err != nil {
+		ctx.ServerError("ChangeTimeEstimate", err)
+		return
+	}
+
+	ctx.JSONRedirect("")
+}
@@ -0,0 +1,57 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+)
+
+const (
+	tplWatching templates.TplName = "repo/issue/view_content/watching"
+)
+
+// IssueWatch sets issue watching
+func IssueWatch(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull)) {
+		if log.IsTrace() {
+			if ctx.IsSigned {
+				issueType := "issues"
+				if issue.IsPull {
+					issueType = "pulls"
+				}
+				log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
+					"User in Repo has Permissions: %-+v",
+					ctx.Doer,
+					issue.PosterID,
+					issueType,
+					ctx.Repo.Repository,
+					ctx.Repo.Permission)
+			} else {
+				log.Trace("Permission Denied: Not logged in")
+			}
+		}
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	watch := ctx.FormBool("watch")
+	if err := issues_model.CreateOrUpdateIssueWatch(ctx, ctx.Doer.ID, issue.ID, watch); err != nil {
+		ctx.ServerError("CreateOrUpdateIssueWatch", err)
+		return
+	}
+
+	ctx.Data["Issue"] = issue
+	ctx.Data["IssueWatch"] = &issues_model.IssueWatch{IsWatching: watch}
+	ctx.HTML(http.StatusOK, tplWatching)
+}
@@ -0,0 +1,14 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"testing"
+
+	"gitea.dev/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m)
+}
@@ -0,0 +1,59 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"net/http"
+
+	issues_model "gitea.dev/models/issues"
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/util"
+	shared_mention "gitea.dev/routers/web/shared/mention"
+	"gitea.dev/services/context"
+)
+
+// GetMentionsInRepo returns JSON data for mention autocomplete (assignees, participants, mentionable teams).
+func GetMentionsInRepo(ctx *context.Context) {
+	c := shared_mention.NewCollector()
+
+	// Get participants if issue_index is provided
+	if issueIndex := ctx.FormInt64("issue_index"); issueIndex > 0 {
+		issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, issueIndex)
+		if err != nil && !errors.Is(err, util.ErrNotExist) {
+			ctx.ServerError("GetIssueByIndex", err)
+			return
+		}
+		if issue != nil {
+			userIDs, err := issue.GetParticipantIDsByIssue(ctx)
+			if err != nil {
+				ctx.ServerError("GetParticipantIDsByIssue", err)
+				return
+			}
+			users, err := user_model.GetUsersByIDs(ctx, userIDs)
+			if err != nil {
+				ctx.ServerError("GetUsersByIDs", err)
+				return
+			}
+			c.AddUsers(ctx, users)
+		}
+	}
+
+	// Get repo assignees
+	assignees, err := repo_model.GetRepoAssignees(ctx, ctx.Repo.Repository)
+	if err != nil {
+		ctx.ServerError("GetRepoAssignees", err)
+		return
+	}
+	c.AddUsers(ctx, assignees)
+
+	// Get mentionable teams for org repos
+	if err := c.AddMentionableTeams(ctx, ctx.Doer, ctx.Repo.Owner); err != nil {
+		ctx.ServerError("AddMentionableTeams", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, util.SliceNilAsEmpty(c.Result))
+}
@@ -0,0 +1,114 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"strconv"
+
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+	"gitea.dev/services/gitdiff"
+	user_service "gitea.dev/services/user"
+)
+
+// SetEditorconfigIfExists set editor config as render variable
+func SetEditorconfigIfExists(ctx *context.Context) {
+	if ctx.Repo.Repository.IsEmpty {
+		return
+	}
+
+	ec, _, err := ctx.Repo.GetEditorconfig()
+	if err != nil {
+		// it used to check `!git.IsErrNotExist(err)` and create a system notice, but it is quite annoying and useless
+		// because network errors also happen frequently, so we just ignore it
+		return
+	}
+
+	ctx.Data["Editorconfig"] = ec
+}
+
+func GetDiffViewStyle(ctx *context.Context) string {
+	return util.Iif(ctx.Data["IsSplitStyle"] == true, gitdiff.DiffStyleSplit, gitdiff.DiffStyleUnified)
+}
+
+// SetDiffViewStyle set diff style as render variable
+func SetDiffViewStyle(ctx *context.Context) {
+	style := ctx.FormString("style")
+	if ctx.IsSigned {
+		style = util.IfZero(style, ctx.Doer.DiffViewStyle)
+		style = util.Iif(style == gitdiff.DiffStyleSplit, gitdiff.DiffStyleSplit, gitdiff.DiffStyleUnified)
+		if style != ctx.Doer.DiffViewStyle {
+			err := user_service.UpdateUser(ctx, ctx.Doer, &user_service.UpdateOptions{DiffViewStyle: optional.Some(style)})
+			if err != nil {
+				log.Error("UpdateUser DiffViewStyle: %v", err)
+			}
+		}
+	}
+	ctx.Data["IsSplitStyle"] = style == "split"
+}
+
+// SetWhitespaceBehavior set whitespace behavior as render variable
+func SetWhitespaceBehavior(ctx *context.Context) {
+	const defaultWhitespaceBehavior = "show-all"
+	whitespaceBehavior := ctx.FormString("whitespace")
+	switch whitespaceBehavior {
+	case "", "ignore-all", "ignore-eol", "ignore-change":
+		break
+	default:
+		whitespaceBehavior = defaultWhitespaceBehavior
+	}
+	if ctx.IsSigned {
+		userWhitespaceBehavior, err := user_model.GetUserSetting(ctx, ctx.Doer.ID, user_model.SettingsKeyDiffWhitespaceBehavior, defaultWhitespaceBehavior)
+		if err == nil {
+			if whitespaceBehavior == "" {
+				whitespaceBehavior = userWhitespaceBehavior
+			} else if whitespaceBehavior != userWhitespaceBehavior {
+				_ = user_model.SetUserSetting(ctx, ctx.Doer.ID, user_model.SettingsKeyDiffWhitespaceBehavior, whitespaceBehavior)
+			}
+		} // else: we can ignore the error safely
+	}
+
+	// these behaviors are for gitdiff.GetWhitespaceFlag
+	if whitespaceBehavior == "" {
+		ctx.Data["WhitespaceBehavior"] = defaultWhitespaceBehavior
+	} else {
+		ctx.Data["WhitespaceBehavior"] = whitespaceBehavior
+	}
+}
+
+func GetWhitespaceBehavior(ctx *context.Context) string {
+	behavior, ok := ctx.Data["WhitespaceBehavior"].(string)
+	if !ok {
+		setting.PanicInDevOrTesting("WhitespaceBehavior is not set in context data or is not a string")
+	}
+	return behavior
+}
+
+// SetShowOutdatedComments set the show outdated comments option as context variable
+func SetShowOutdatedComments(ctx *context.Context) {
+	showOutdatedCommentsValue := ctx.FormString("show-outdated")
+	if showOutdatedCommentsValue != "true" && showOutdatedCommentsValue != "false" {
+		// invalid or no value for this form string -> use default or stored user setting
+		showOutdatedCommentsValue = "true"
+		if ctx.IsSigned {
+			showOutdatedCommentsValue, _ = user_model.GetUserSetting(ctx, ctx.Doer.ID, user_model.SettingsKeyShowOutdatedComments, showOutdatedCommentsValue)
+		}
+	} else if ctx.IsSigned {
+		// valid value -> update user setting if user is logged in
+		_ = user_model.SetUserSetting(ctx, ctx.Doer.ID, user_model.SettingsKeyShowOutdatedComments, showOutdatedCommentsValue)
+	}
+	ctx.Data["ShowOutdatedComments"], _ = strconv.ParseBool(showOutdatedCommentsValue)
+}
+
+func GetShowOutdatedComments(ctx *context.Context) bool {
+	show, ok := ctx.Data["ShowOutdatedComments"].(bool)
+	if !ok {
+		setting.PanicInDevOrTesting("ShowOutdatedComments is not set in context data or is not a bool")
+	}
+	return show
+}
@@ -0,0 +1,59 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"testing"
+
+	"gitea.dev/models/unittest"
+	"gitea.dev/services/contexttest"
+	"gitea.dev/services/gitdiff"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDiffViewStyle(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	t.Run("AnonymousUser", func(t *testing.T) {
+		ctx, _ := contexttest.MockContext(t, "/any")
+		SetDiffViewStyle(ctx)
+		assert.Equal(t, gitdiff.DiffStyleUnified, GetDiffViewStyle(ctx))
+
+		ctx, _ = contexttest.MockContext(t, "/any?style=split")
+		SetDiffViewStyle(ctx)
+		assert.Equal(t, gitdiff.DiffStyleSplit, GetDiffViewStyle(ctx))
+
+		ctx, _ = contexttest.MockContext(t, "/any")
+		SetDiffViewStyle(ctx)
+		assert.Equal(t, gitdiff.DiffStyleUnified, GetDiffViewStyle(ctx)) // at the moment, anonymous users don't have a saved preference
+	})
+
+	t.Run("SignedInUser", func(t *testing.T) {
+		ctx, _ := contexttest.MockContext(t, "/any")
+		contexttest.LoadUser(t, ctx, 2)
+		SetDiffViewStyle(ctx)
+		assert.Equal(t, gitdiff.DiffStyleUnified, GetDiffViewStyle(ctx))
+
+		ctx, _ = contexttest.MockContext(t, "/any?style=split")
+		contexttest.LoadUser(t, ctx, 2)
+		SetDiffViewStyle(ctx)
+		assert.Equal(t, gitdiff.DiffStyleSplit, GetDiffViewStyle(ctx))
+
+		ctx, _ = contexttest.MockContext(t, "/any")
+		contexttest.LoadUser(t, ctx, 2)
+		SetDiffViewStyle(ctx)
+		assert.Equal(t, gitdiff.DiffStyleSplit, GetDiffViewStyle(ctx))
+
+		ctx, _ = contexttest.MockContext(t, "/any?style=unified")
+		contexttest.LoadUser(t, ctx, 2)
+		SetDiffViewStyle(ctx)
+		assert.Equal(t, gitdiff.DiffStyleUnified, GetDiffViewStyle(ctx))
+
+		ctx, _ = contexttest.MockContext(t, "/any")
+		contexttest.LoadUser(t, ctx, 2)
+		SetDiffViewStyle(ctx)
+		assert.Equal(t, gitdiff.DiffStyleUnified, GetDiffViewStyle(ctx))
+	})
+}
@@ -0,0 +1,329 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"net/url"
+	"strings"
+
+	admin_model "gitea.dev/models/admin"
+	"gitea.dev/models/db"
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/lfs"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/structs"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	"gitea.dev/services/migrations"
+	repo_service "gitea.dev/services/repository"
+	"gitea.dev/services/task"
+)
+
+const (
+	tplMigrate templates.TplName = "repo/migrate/migrate"
+)
+
+// Migrate render migration of repository page
+func Migrate(ctx *context.Context) {
+	if setting.Repository.DisableMigrations {
+		ctx.HTTPError(http.StatusForbidden, "Migrate: the site administrator has disabled migrations")
+		return
+	}
+
+	serviceType := structs.GitServiceType(ctx.FormInt("service_type"))
+
+	setMigrationContextData(ctx, serviceType)
+
+	if serviceType == 0 {
+		ctx.Data["Org"] = ctx.FormString("org")
+		ctx.Data["Mirror"] = ctx.FormString("mirror")
+
+		ctx.HTML(http.StatusOK, tplMigrate)
+		return
+	}
+
+	ctx.Data["private"] = getRepoPrivate(ctx)
+	ctx.Data["mirror"] = ctx.FormString("mirror") == "1"
+	ctx.Data["lfs"] = ctx.FormString("lfs") == "1"
+	ctx.Data["wiki"] = ctx.FormString("wiki") == "1"
+	ctx.Data["milestones"] = ctx.FormString("milestones") == "1"
+	ctx.Data["labels"] = ctx.FormString("labels") == "1"
+	ctx.Data["issues"] = ctx.FormString("issues") == "1"
+	ctx.Data["pull_requests"] = ctx.FormString("pull_requests") == "1"
+	ctx.Data["releases"] = ctx.FormString("releases") == "1"
+
+	ctxUser := checkContextUser(ctx, ctx.FormInt64("org"))
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["ContextUser"] = ctxUser
+
+	ctx.HTML(http.StatusOK, templates.TplName("repo/migrate/"+serviceType.Name()))
+}
+
+func handleMigrateError(ctx *context.Context, owner *user_model.User, err error, name string, tpl templates.TplName, form *forms.MigrateRepoForm) {
+	if setting.Repository.DisableMigrations {
+		ctx.HTTPError(http.StatusForbidden, "MigrateError: the site administrator has disabled migrations")
+		return
+	}
+
+	switch {
+	case migrations.IsRateLimitError(err):
+		ctx.RenderWithErrDeprecated(ctx.Tr("form.visit_rate_limit"), tpl, form)
+	case migrations.IsTwoFactorAuthError(err):
+		ctx.RenderWithErrDeprecated(ctx.Tr("form.2fa_auth_required"), tpl, form)
+	case repo_model.IsErrReachLimitOfRepo(err):
+		maxCreationLimit := owner.MaxCreationLimit()
+		msg := ctx.TrN(maxCreationLimit, "repo.form.reach_limit_of_creation_1", "repo.form.reach_limit_of_creation_n", maxCreationLimit)
+		ctx.RenderWithErrDeprecated(msg, tpl, form)
+	case repo_model.IsErrRepoAlreadyExist(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErrDeprecated(ctx.Tr("form.repo_name_been_taken"), tpl, form)
+	case repo_model.IsErrRepoFilesAlreadyExist(err):
+		ctx.Data["Err_RepoName"] = true
+		switch {
+		case ctx.IsUserSiteAdmin() || (setting.Repository.AllowAdoptionOfUnadoptedRepositories && setting.Repository.AllowDeleteOfUnadoptedRepositories):
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.repository_files_already_exist.adopt_or_delete"), tpl, form)
+		case setting.Repository.AllowAdoptionOfUnadoptedRepositories:
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.repository_files_already_exist.adopt"), tpl, form)
+		case setting.Repository.AllowDeleteOfUnadoptedRepositories:
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.repository_files_already_exist.delete"), tpl, form)
+		default:
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.repository_files_already_exist"), tpl, form)
+		}
+	case db.IsErrNameReserved(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErrDeprecated(ctx.Tr("repo.form.name_reserved", err.(db.ErrNameReserved).Name), tpl, form)
+	case db.IsErrNamePatternNotAllowed(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErrDeprecated(ctx.Tr("repo.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), tpl, form)
+	default:
+		err = util.SanitizeErrorCredentialURLs(err)
+		if strings.Contains(err.Error(), "Authentication failed") ||
+			strings.Contains(err.Error(), "Bad credentials") ||
+			strings.Contains(err.Error(), "could not read Username") {
+			ctx.Data["Err_Auth"] = true
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.auth_failed", err.Error()), tpl, form)
+		} else if strings.Contains(err.Error(), "fatal:") {
+			ctx.Data["Err_CloneAddr"] = true
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.migrate.failed", err.Error()), tpl, form)
+		} else {
+			ctx.ServerError(name, err)
+		}
+	}
+}
+
+func handleMigrateRemoteAddrError(ctx *context.Context, err error, tpl templates.TplName, form *forms.MigrateRepoForm) {
+	if git.IsErrInvalidCloneAddr(err) {
+		addrErr := err.(*git.ErrInvalidCloneAddr)
+		switch {
+		case addrErr.IsProtocolInvalid:
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.mirror_address_protocol_invalid"), tpl, form)
+		case addrErr.IsURLError:
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.url_error", addrErr.Host), tpl, form)
+		case addrErr.IsPermissionDenied:
+			if addrErr.LocalPath {
+				ctx.RenderWithErrDeprecated(ctx.Tr("repo.migrate.permission_denied"), tpl, form)
+			} else {
+				ctx.RenderWithErrDeprecated(ctx.Tr("repo.migrate.permission_denied_blocked"), tpl, form)
+			}
+		case addrErr.IsInvalidPath:
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.migrate.invalid_local_path"), tpl, form)
+		default:
+			log.Error("Error whilst updating url: %v", err)
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.url_error", "unknown"), tpl, form)
+		}
+	} else {
+		log.Error("Error whilst updating url: %v", err)
+		ctx.RenderWithErrDeprecated(ctx.Tr("form.url_error", "unknown"), tpl, form)
+	}
+}
+
+// MigratePost response for migrating from external git repository
+func MigratePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.MigrateRepoForm)
+	if setting.Repository.DisableMigrations {
+		ctx.HTTPError(http.StatusForbidden, "MigratePost: the site administrator has disabled migrations")
+		return
+	}
+
+	if form.Mirror && setting.Mirror.DisableNewPull {
+		ctx.HTTPError(http.StatusBadRequest, "MigratePost: the site administrator has disabled creation of new mirrors")
+		return
+	}
+
+	setMigrationContextData(ctx, form.Service)
+
+	ctxUser := checkContextUser(ctx, form.UID)
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["ContextUser"] = ctxUser
+
+	tpl := templates.TplName("repo/migrate/" + form.Service.Name())
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tpl)
+		return
+	}
+
+	remoteAddr, err := git.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
+	if err == nil {
+		err = migrations.IsMigrateURLAllowed(remoteAddr, ctx.Doer)
+	}
+	if err != nil {
+		ctx.Data["Err_CloneAddr"] = true
+		handleMigrateRemoteAddrError(ctx, err, tpl, form)
+		return
+	}
+
+	form.LFS = form.LFS && setting.LFS.StartServer
+
+	if form.LFS && len(form.LFSEndpoint) > 0 {
+		ep := lfs.DetermineEndpoint("", form.LFSEndpoint)
+		if ep == nil {
+			ctx.Data["Err_LFSEndpoint"] = true
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.migrate.invalid_lfs_endpoint"), tpl, &form)
+			return
+		}
+		err = migrations.IsMigrateURLAllowed(ep.String(), ctx.Doer)
+		if err != nil {
+			ctx.Data["Err_LFSEndpoint"] = true
+			handleMigrateRemoteAddrError(ctx, err, tpl, form)
+			return
+		}
+	}
+
+	opts := migrations.MigrateOptions{
+		OriginalURL:    form.CloneAddr,
+		GitServiceType: form.Service,
+		CloneAddr:      remoteAddr,
+		RepoName:       form.RepoName,
+		Description:    form.Description,
+		Private:        form.Private || setting.Repository.ForcePrivate,
+		Mirror:         form.Mirror,
+		LFS:            form.LFS,
+		LFSEndpoint:    form.LFSEndpoint,
+		AuthUsername:   form.AuthUsername,
+		AuthPassword:   form.AuthPassword,
+		AuthToken:      form.AuthToken,
+		Wiki:           form.Wiki,
+		Issues:         form.Issues,
+		Milestones:     form.Milestones,
+		Labels:         form.Labels,
+		Comments:       form.Issues || form.PullRequests,
+		PullRequests:   form.PullRequests,
+		Releases:       form.Releases,
+	}
+	if opts.Mirror {
+		opts.Issues = false
+		opts.Milestones = false
+		opts.Labels = false
+		opts.Comments = false
+		opts.PullRequests = false
+		opts.Releases = false
+	}
+	if form.Service == structs.CodeCommitService {
+		opts.AWSAccessKeyID = form.AWSAccessKeyID
+		opts.AWSSecretAccessKey = form.AWSSecretAccessKey
+	}
+
+	err = repo_service.CheckCreateRepository(ctx, ctx.Doer, ctxUser, opts.RepoName, false)
+	if err != nil {
+		handleMigrateError(ctx, ctxUser, err, "MigratePost", tpl, form)
+		return
+	}
+
+	err = task.MigrateRepository(ctx, ctx.Doer, ctxUser, opts)
+	if err == nil {
+		ctx.Redirect(ctxUser.HomeLink() + "/" + url.PathEscape(opts.RepoName))
+		return
+	}
+
+	handleMigrateError(ctx, ctxUser, err, "MigratePost", tpl, form)
+}
+
+func setMigrationContextData(ctx *context.Context, serviceType structs.GitServiceType) {
+	ctx.Data["Title"] = ctx.Tr("new_migrate")
+
+	ctx.Data["LFSActive"] = setting.LFS.StartServer
+	ctx.Data["IsForcedPrivate"] = setting.Repository.ForcePrivate
+	ctx.Data["DisableNewPullMirrors"] = setting.Mirror.DisableNewPull
+
+	// Plain git should be first
+	ctx.Data["Services"] = append([]structs.GitServiceType{structs.PlainGitService}, structs.SupportedFullGitService...)
+	ctx.Data["service"] = serviceType
+}
+
+func MigrateRetryPost(ctx *context.Context) {
+	if err := task.RetryMigrateTask(ctx, ctx.Repo.Repository.ID); err != nil {
+		log.Error("Retry task failed: %v", err)
+		ctx.ServerError("task.RetryMigrateTask", err)
+		return
+	}
+	ctx.JSONOK()
+}
+
+func MigrateCancelPost(ctx *context.Context) {
+	migratingTask, err := admin_model.GetMigratingTask(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		log.Error("GetMigratingTask: %v", err)
+		ctx.Redirect(ctx.Repo.Repository.Link())
+		return
+	}
+	if migratingTask.Status == structs.TaskStatusRunning {
+		taskUpdate := &admin_model.Task{ID: migratingTask.ID, Status: structs.TaskStatusFailed, Message: "canceled"}
+		if err = taskUpdate.UpdateCols(ctx, "status", "message"); err != nil {
+			ctx.ServerError("task.UpdateCols", err)
+			return
+		}
+	}
+	ctx.Redirect(ctx.Repo.Repository.Link())
+}
+
+// MigrateStatus returns migrate task's status
+func MigrateStatus(ctx *context.Context) {
+	task, err := admin_model.GetMigratingTask(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		if admin_model.IsErrTaskDoesNotExist(err) {
+			ctx.JSON(http.StatusNotFound, map[string]any{
+				"err": "task does not exist or you do not have access to this task",
+			})
+			return
+		}
+		log.Error("GetMigratingTask: %v", err)
+		ctx.JSON(http.StatusInternalServerError, map[string]any{
+			"err": http.StatusText(http.StatusInternalServerError),
+		})
+		return
+	}
+
+	message := task.Message
+
+	if task.Message != "" && task.Message[0] == '{' {
+		// assume message is actually a translatable string
+		var translatableMessage admin_model.TranslatableMessage
+		if err := json.Unmarshal([]byte(message), &translatableMessage); err != nil {
+			translatableMessage = admin_model.TranslatableMessage{
+				Format: "migrate.migrating_failed.error",
+				Args:   []any{task.Message},
+			}
+		}
+		message = ctx.Locale.TrString(translatableMessage.Format, translatableMessage.Args...)
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"status":  task.Status,
+		"message": message,
+	})
+}
@@ -0,0 +1,272 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"net/url"
+
+	"gitea.dev/models/db"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/renderhelper"
+	"gitea.dev/modules/markup/markdown"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/web"
+	"gitea.dev/routers/common"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	"gitea.dev/services/issue"
+
+	"xorm.io/builder"
+)
+
+const (
+	tplMilestone       templates.TplName = "repo/issue/milestones"
+	tplMilestoneNew    templates.TplName = "repo/issue/milestone_new"
+	tplMilestoneIssues templates.TplName = "repo/issue/milestone_issues"
+)
+
+// Milestones render milestones page
+func Milestones(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.milestones")
+	ctx.Data["PageIsIssueList"] = true
+	ctx.Data["PageIsMilestones"] = true
+
+	isShowClosed := ctx.FormString("state") == "closed"
+	sortType := ctx.FormString("sort")
+	keyword := ctx.FormTrim("q")
+	page := max(ctx.FormInt("page"), 1)
+
+	miles, total, err := db.FindAndCount[issues_model.Milestone](ctx, issues_model.FindMilestoneOptions{
+		ListOptions: db.ListOptions{
+			Page:     page,
+			PageSize: setting.UI.IssuePagingNum,
+		},
+		RepoID:   ctx.Repo.Repository.ID,
+		IsClosed: optional.Some(isShowClosed),
+		SortType: sortType,
+		Name:     keyword,
+	})
+	if err != nil {
+		ctx.ServerError("GetMilestones", err)
+		return
+	}
+
+	stats, err := issues_model.GetMilestonesStatsByRepoCondAndKw(ctx, builder.And(builder.Eq{"id": ctx.Repo.Repository.ID}), keyword)
+	if err != nil {
+		ctx.ServerError("GetMilestoneStats", err)
+		return
+	}
+	ctx.Data["OpenCount"] = stats.OpenCount
+	ctx.Data["ClosedCount"] = stats.ClosedCount
+	if ctx.Repo.Repository.IsTimetrackerEnabled(ctx) {
+		if err := issues_model.MilestoneList(miles).LoadTotalTrackedTimes(ctx); err != nil {
+			ctx.ServerError("LoadTotalTrackedTimes", err)
+			return
+		}
+	}
+	for _, m := range miles {
+		rctx := renderhelper.NewRenderContextRepoComment(ctx, ctx.Repo.Repository)
+		m.RenderedContent, err = markdown.RenderString(rctx, m.Content)
+		if err != nil {
+			ctx.ServerError("RenderString", err)
+			return
+		}
+	}
+	ctx.Data["Milestones"] = miles
+
+	if isShowClosed {
+		ctx.Data["State"] = "closed"
+	} else {
+		ctx.Data["State"] = "open"
+	}
+
+	ctx.Data["SortType"] = sortType
+	ctx.Data["Keyword"] = keyword
+	ctx.Data["IsShowClosed"] = isShowClosed
+
+	pager := context.NewPagination(total, setting.UI.IssuePagingNum, page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplMilestone)
+}
+
+// NewMilestone render creating milestone page
+func NewMilestone(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.milestones.new")
+	ctx.Data["PageIsIssueList"] = true
+	ctx.Data["PageIsMilestones"] = true
+	ctx.HTML(http.StatusOK, tplMilestoneNew)
+}
+
+// NewMilestonePost response for creating milestone
+func NewMilestonePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateMilestoneForm)
+	ctx.Data["Title"] = ctx.Tr("repo.milestones.new")
+	ctx.Data["PageIsIssueList"] = true
+	ctx.Data["PageIsMilestones"] = true
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplMilestoneNew)
+		return
+	}
+
+	deadlineUnix, err := common.ParseDeadlineDateToEndOfDay(form.Deadline)
+	if err != nil {
+		ctx.Data["Err_Deadline"] = true
+		ctx.RenderWithErrDeprecated(ctx.Tr("repo.milestones.invalid_due_date_format"), tplMilestoneNew, &form)
+		return
+	}
+
+	if err := issues_model.NewMilestone(ctx, &issues_model.Milestone{
+		RepoID:       ctx.Repo.Repository.ID,
+		Name:         form.Title,
+		Content:      form.Content,
+		DeadlineUnix: deadlineUnix,
+	}); err != nil {
+		ctx.ServerError("NewMilestone", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.milestones.create_success", form.Title))
+	ctx.Redirect(ctx.Repo.RepoLink + "/milestones")
+}
+
+// EditMilestone render edting milestone page
+func EditMilestone(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.milestones.edit")
+	ctx.Data["PageIsMilestones"] = true
+	ctx.Data["PageIsEditMilestone"] = true
+
+	m, err := issues_model.GetMilestoneByRepoID(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("id"))
+	if err != nil {
+		if issues_model.IsErrMilestoneNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetMilestoneByRepoID", err)
+		}
+		return
+	}
+	ctx.Data["title"] = m.Name
+	ctx.Data["content"] = m.Content
+	if len(m.DeadlineString) > 0 {
+		ctx.Data["deadline"] = m.DeadlineString
+	}
+	ctx.HTML(http.StatusOK, tplMilestoneNew)
+}
+
+// EditMilestonePost response for edting milestone
+func EditMilestonePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateMilestoneForm)
+	ctx.Data["Title"] = ctx.Tr("repo.milestones.edit")
+	ctx.Data["PageIsMilestones"] = true
+	ctx.Data["PageIsEditMilestone"] = true
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplMilestoneNew)
+		return
+	}
+
+	deadlineUnix, err := common.ParseDeadlineDateToEndOfDay(form.Deadline)
+	if err != nil {
+		ctx.Data["Err_Deadline"] = true
+		ctx.RenderWithErrDeprecated(ctx.Tr("repo.milestones.invalid_due_date_format"), tplMilestoneNew, &form)
+		return
+	}
+
+	m, err := issues_model.GetMilestoneByRepoID(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("id"))
+	if err != nil {
+		if issues_model.IsErrMilestoneNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetMilestoneByRepoID", err)
+		}
+		return
+	}
+	m.Name = form.Title
+	m.Content = form.Content
+	m.DeadlineUnix = deadlineUnix
+	if err = issues_model.UpdateMilestone(ctx, m, m.IsClosed); err != nil {
+		ctx.ServerError("UpdateMilestone", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.milestones.edit_success", m.Name))
+	ctx.Redirect(ctx.Repo.RepoLink + "/milestones")
+}
+
+// ChangeMilestoneStatus response for change a milestone's status
+func ChangeMilestoneStatus(ctx *context.Context) {
+	var toClose bool
+	switch ctx.PathParam("action") {
+	case "open":
+		toClose = false
+	case "close":
+		toClose = true
+	default:
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/milestones")
+		return
+	}
+	id := ctx.PathParamInt64("id")
+
+	if err := issues_model.ChangeMilestoneStatusByRepoIDAndID(ctx, ctx.Repo.Repository.ID, id, toClose); err != nil {
+		if issues_model.IsErrMilestoneNotExist(err) {
+			ctx.NotFound(err)
+		} else {
+			ctx.ServerError("ChangeMilestoneStatusByIDAndRepoID", err)
+		}
+		return
+	}
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/milestones?state=" + url.QueryEscape(ctx.PathParam("action")))
+}
+
+// DeleteMilestone delete a milestone
+func DeleteMilestone(ctx *context.Context) {
+	if err := issues_model.DeleteMilestoneByRepoID(ctx, ctx.Repo.Repository.ID, ctx.FormInt64("id")); err != nil {
+		ctx.Flash.Error("DeleteMilestoneByRepoID: " + err.Error())
+	} else {
+		ctx.Flash.Success(ctx.Tr("repo.milestones.deletion_success"))
+	}
+
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/milestones")
+}
+
+// MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
+func MilestoneIssuesAndPulls(ctx *context.Context) {
+	milestoneID := ctx.PathParamInt64("id")
+	projectIDs := parseProjectIDsFromQuery(ctx)
+	milestone, err := issues_model.GetMilestoneByRepoID(ctx, ctx.Repo.Repository.ID, milestoneID)
+	if err != nil {
+		if issues_model.IsErrMilestoneNotExist(err) {
+			ctx.NotFound(err)
+			return
+		}
+
+		ctx.ServerError("GetMilestoneByID", err)
+		return
+	}
+
+	rctx := renderhelper.NewRenderContextRepoComment(ctx, ctx.Repo.Repository)
+	milestone.RenderedContent, err = markdown.RenderString(rctx, milestone.Content)
+	if err != nil {
+		ctx.ServerError("RenderString", err)
+		return
+	}
+
+	ctx.Data["Title"] = milestone.Name
+	ctx.Data["Milestone"] = milestone
+
+	prepareIssueFilterAndList(ctx, milestoneID, projectIDs, optional.None[bool]())
+
+	ret := issue.ParseTemplatesFromDefaultBranch(ctx.Repo.Repository, ctx.Repo.GitRepo)
+	ctx.Data["NewIssueChooseTemplate"] = len(ret.IssueTemplates) > 0
+
+	ctx.Data["CanWriteIssues"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(false)
+	ctx.Data["CanWritePulls"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(true)
+
+	ctx.HTML(http.StatusOK, tplMilestoneIssues)
+}
@@ -0,0 +1,72 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	"gitea.dev/models/db"
+	"gitea.dev/models/packages"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+)
+
+const (
+	tplPackagesList templates.TplName = "repo/packages"
+)
+
+// Packages displays a list of all packages in the repository
+func Packages(ctx *context.Context) {
+	page := max(ctx.FormInt("page"), 1)
+	query := ctx.FormTrim("q")
+	packageType := ctx.FormTrim("type")
+
+	pvs, total, err := packages.SearchLatestVersions(ctx, &packages.PackageSearchOptions{
+		Paginator: &db.ListOptions{
+			PageSize: setting.UI.PackagesPagingNum,
+			Page:     page,
+		},
+		OwnerID:    ctx.ContextUser.ID,
+		RepoID:     ctx.Repo.Repository.ID,
+		Type:       packages.Type(packageType),
+		Name:       packages.SearchValue{Value: query},
+		IsInternal: optional.Some(false),
+	})
+	if err != nil {
+		ctx.ServerError("SearchLatestVersions", err)
+		return
+	}
+
+	pds, err := packages.GetPackageDescriptors(ctx, pvs)
+	if err != nil {
+		ctx.ServerError("GetPackageDescriptors", err)
+		return
+	}
+
+	hasPackages, err := packages.HasRepositoryPackages(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("HasRepositoryPackages", err)
+		return
+	}
+
+	ctx.Data["Title"] = ctx.Tr("packages.title")
+	ctx.Data["IsPackagesPage"] = true
+	ctx.Data["Query"] = query
+	ctx.Data["PackageType"] = packageType
+	ctx.Data["AvailableTypes"] = packages.TypeList
+	ctx.Data["HasPackages"] = hasPackages
+	ctx.Data["CanWritePackages"] = ctx.Repo.Permission.CanWrite(unit.TypePackages) || ctx.IsUserSiteAdmin()
+	ctx.Data["PackageDescriptors"] = pds
+	ctx.Data["Total"] = total
+	ctx.Data["RepositoryAccessMap"] = map[int64]bool{ctx.Repo.Repository.ID: true} // There is only the current repository
+
+	pager := context.NewPagination(total, setting.UI.PackagesPagingNum, page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplPackagesList)
+}
@@ -0,0 +1,781 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"gitea.dev/models/db"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/perm"
+	project_model "gitea.dev/models/project"
+	"gitea.dev/models/renderhelper"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/markup/markdown"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/routers/web/shared/issue"
+	shared_user "gitea.dev/routers/web/shared/user"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	project_service "gitea.dev/services/projects"
+)
+
+const (
+	tplProjects     templates.TplName = "repo/projects/list"
+	tplProjectsNew  templates.TplName = "repo/projects/new"
+	tplProjectsView templates.TplName = "repo/projects/view"
+)
+
+// MustEnableRepoProjects check if repo projects are enabled in settings
+func MustEnableRepoProjects(ctx *context.Context) {
+	if unit.TypeProjects.UnitGlobalDisabled() {
+		ctx.NotFound(nil)
+		return
+	}
+
+	if ctx.Repo.Repository != nil {
+		projectsUnit := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeProjects)
+		if !ctx.Repo.Permission.CanRead(unit.TypeProjects) || !projectsUnit.ProjectsConfig().IsProjectsAllowed(repo_model.ProjectsModeRepo) {
+			ctx.NotFound(nil)
+			return
+		}
+	}
+}
+
+// Projects renders the home page of projects
+func Projects(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.projects")
+
+	sortType := ctx.FormTrim("sort")
+
+	isShowClosed := strings.ToLower(ctx.FormTrim("state")) == "closed"
+	keyword := ctx.FormTrim("q")
+	repo := ctx.Repo.Repository
+	page := max(ctx.FormInt("page"), 1)
+
+	ctx.Data["OpenCount"] = repo.NumOpenProjects
+	ctx.Data["ClosedCount"] = repo.NumClosedProjects
+
+	projects, count, err := db.FindAndCount[project_model.Project](ctx, project_model.SearchOptions{
+		ListOptions: db.ListOptions{
+			PageSize: setting.UI.IssuePagingNum,
+			Page:     page,
+		},
+		RepoID:   repo.ID,
+		IsClosed: optional.Some(isShowClosed),
+		OrderBy:  project_model.GetSearchOrderByBySortType(sortType),
+		Type:     project_model.TypeRepository,
+		Title:    keyword,
+	})
+	if err != nil {
+		ctx.ServerError("GetProjects", err)
+		return
+	}
+
+	if err := project_service.LoadIssueNumbersForProjects(ctx, projects, ctx.Doer); err != nil {
+		ctx.ServerError("LoadIssueNumbersForProjects", err)
+		return
+	}
+
+	for i := range projects {
+		rctx := renderhelper.NewRenderContextRepoComment(ctx, repo)
+		projects[i].RenderedContent, err = markdown.RenderString(rctx, projects[i].Description)
+		if err != nil {
+			ctx.ServerError("RenderString", err)
+			return
+		}
+	}
+
+	ctx.Data["Projects"] = projects
+
+	if isShowClosed {
+		ctx.Data["State"] = "closed"
+	} else {
+		ctx.Data["State"] = "open"
+	}
+
+	pager := context.NewPagination(count, setting.UI.IssuePagingNum, page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(unit.TypeProjects)
+	ctx.Data["IsShowClosed"] = isShowClosed
+	ctx.Data["IsProjectsPage"] = true
+	ctx.Data["SortType"] = sortType
+
+	ctx.HTML(http.StatusOK, tplProjects)
+}
+
+// RenderNewProject render creating a project page
+func RenderNewProject(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.projects.new")
+	ctx.Data["TemplateConfigs"] = project_model.GetTemplateConfigs()
+	ctx.Data["CardTypes"] = project_model.GetCardConfig()
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(unit.TypeProjects)
+	ctx.Data["CancelLink"] = ctx.Repo.Repository.Link() + "/projects"
+	ctx.HTML(http.StatusOK, tplProjectsNew)
+}
+
+// NewProjectPost creates a new project
+func NewProjectPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateProjectForm)
+	ctx.Data["Title"] = ctx.Tr("repo.projects.new")
+
+	if ctx.HasError() {
+		RenderNewProject(ctx)
+		return
+	}
+
+	if err := project_model.NewProject(ctx, &project_model.Project{
+		RepoID:       ctx.Repo.Repository.ID,
+		Title:        form.Title,
+		Description:  form.Content,
+		CreatorID:    ctx.Doer.ID,
+		TemplateType: form.TemplateType,
+		CardType:     form.CardType,
+		Type:         project_model.TypeRepository,
+	}); err != nil {
+		ctx.ServerError("NewProject", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.projects.create_success", form.Title))
+	ctx.Redirect(ctx.Repo.RepoLink + "/projects")
+}
+
+// ChangeProjectStatus updates the status of a project between "open" and "close"
+func ChangeProjectStatus(ctx *context.Context) {
+	var toClose bool
+	switch ctx.PathParam("action") {
+	case "open":
+		toClose = false
+	case "close":
+		toClose = true
+	default:
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/projects")
+		return
+	}
+	id := ctx.PathParamInt64("id")
+
+	if err := project_model.ChangeProjectStatusByRepoIDAndID(ctx, ctx.Repo.Repository.ID, id, toClose); err != nil {
+		ctx.NotFoundOrServerError("ChangeProjectStatusByRepoIDAndID", project_model.IsErrProjectNotExist, err)
+		return
+	}
+	ctx.JSONRedirect(project_model.ProjectLinkForRepo(ctx.Repo.Repository, id))
+}
+
+// DeleteProject delete a project
+func DeleteProject(ctx *context.Context) {
+	p, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
+	if err != nil {
+		if project_model.IsErrProjectNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+	if p.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound(nil)
+		return
+	}
+
+	if err := project_model.DeleteProjectByID(ctx, p.ID); err != nil {
+		ctx.Flash.Error("DeleteProjectByID: " + err.Error())
+	} else {
+		ctx.Flash.Success(ctx.Tr("repo.projects.deletion_success"))
+	}
+
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/projects")
+}
+
+// RenderEditProject allows a project to be edited
+func RenderEditProject(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
+	ctx.Data["PageIsEditProjects"] = true
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(unit.TypeProjects)
+	ctx.Data["CardTypes"] = project_model.GetCardConfig()
+
+	p, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
+	if err != nil {
+		if project_model.IsErrProjectNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+	if p.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound(nil)
+		return
+	}
+
+	ctx.Data["projectID"] = p.ID
+	ctx.Data["title"] = p.Title
+	ctx.Data["content"] = p.Description
+	ctx.Data["card_type"] = p.CardType
+	ctx.Data["redirect"] = ctx.FormString("redirect")
+	ctx.Data["CancelLink"] = project_model.ProjectLinkForRepo(ctx.Repo.Repository, p.ID)
+
+	ctx.HTML(http.StatusOK, tplProjectsNew)
+}
+
+// EditProjectPost response for editing a project
+func EditProjectPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateProjectForm)
+	projectID := ctx.PathParamInt64("id")
+
+	ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
+	ctx.Data["PageIsEditProjects"] = true
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(unit.TypeProjects)
+	ctx.Data["CardTypes"] = project_model.GetCardConfig()
+	ctx.Data["CancelLink"] = project_model.ProjectLinkForRepo(ctx.Repo.Repository, projectID)
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplProjectsNew)
+		return
+	}
+
+	p, err := project_model.GetProjectByID(ctx, projectID)
+	if err != nil {
+		if project_model.IsErrProjectNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+	if p.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound(nil)
+		return
+	}
+
+	p.Title = form.Title
+	p.Description = form.Content
+	p.CardType = form.CardType
+	if err = project_model.UpdateProject(ctx, p); err != nil {
+		ctx.ServerError("UpdateProjects", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.projects.edit_success", p.Title))
+	if ctx.FormString("redirect") == "project" {
+		ctx.Redirect(p.Link(ctx))
+	} else {
+		ctx.Redirect(ctx.Repo.RepoLink + "/projects")
+	}
+}
+
+// ViewProject renders the project with board view
+func ViewProject(ctx *context.Context) {
+	project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
+	if err != nil {
+		if project_model.IsErrProjectNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+	if project.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound(nil)
+		return
+	}
+
+	columns, err := project.GetColumns(ctx)
+	if err != nil {
+		ctx.ServerError("GetProjectColumns", err)
+		return
+	}
+
+	preparedLabelFilter := issue.PrepareFilterIssueLabels(ctx, ctx.Repo.Repository.ID, ctx.Repo.Owner)
+	if ctx.Written() {
+		return
+	}
+
+	assigneeID := ctx.FormString("assignee")
+	milestoneID := ctx.FormInt64("milestone")
+
+	var milestoneIDs []int64
+	if milestoneID > 0 {
+		milestoneIDs = []int64{milestoneID}
+	} else if milestoneID == db.NoConditionID {
+		milestoneIDs = []int64{db.NoConditionID}
+	}
+
+	issuesMap, err := project_service.LoadIssuesFromProject(ctx, project, &issues_model.IssuesOptions{
+		RepoIDs:      []int64{ctx.Repo.Repository.ID},
+		LabelIDs:     preparedLabelFilter.SelectedLabelIDs,
+		AssigneeID:   assigneeID,
+		MilestoneIDs: milestoneIDs,
+	})
+	if err != nil {
+		ctx.ServerError("LoadIssuesOfColumns", err)
+		return
+	}
+	for _, column := range columns {
+		column.NumIssues = int64(len(issuesMap[column.ID]))
+	}
+
+	if project.CardType != project_model.CardTypeTextOnly {
+		issuesAttachmentMap := make(map[int64][]*repo_model.Attachment)
+		for _, issuesList := range issuesMap {
+			for _, issue := range issuesList {
+				if issueAttachment, err := repo_model.GetAttachmentsByIssueIDImagesLatest(ctx, issue.ID); err == nil {
+					issuesAttachmentMap[issue.ID] = issueAttachment
+				}
+			}
+		}
+		ctx.Data["issuesAttachmentMap"] = issuesAttachmentMap
+	}
+
+	linkedPrsMap := make(map[int64][]*issues_model.Issue)
+	for _, issuesList := range issuesMap {
+		for _, issue := range issuesList {
+			var referencedIDs []int64
+			for _, comment := range issue.Comments {
+				if comment.RefIssueID != 0 && comment.RefIsPull {
+					referencedIDs = append(referencedIDs, comment.RefIssueID)
+				}
+			}
+
+			if len(referencedIDs) > 0 {
+				if linkedPrs, err := issues_model.Issues(ctx, &issues_model.IssuesOptions{
+					IssueIDs: referencedIDs,
+					IsPull:   optional.Some(true),
+				}); err == nil {
+					linkedPrsMap[issue.ID] = linkedPrs
+				}
+			}
+		}
+	}
+	ctx.Data["LinkedPRs"] = linkedPrsMap
+
+	labels, err := issues_model.GetLabelsByRepoID(ctx, project.RepoID, "", db.ListOptions{})
+	if err != nil {
+		ctx.ServerError("GetLabelsByRepoID", err)
+		return
+	}
+
+	if ctx.Repo.Owner.IsOrganization() {
+		orgLabels, err := issues_model.GetLabelsByOrgID(ctx, ctx.Repo.Owner.ID, "", db.ListOptions{})
+		if err != nil {
+			ctx.ServerError("GetLabelsByOrgID", err)
+			return
+		}
+
+		labels = append(labels, orgLabels...)
+	}
+
+	// Get the exclusive scope for every label ID
+	labelExclusiveScopes := make([]string, 0, len(preparedLabelFilter.SelectedLabelIDs))
+	for _, labelID := range preparedLabelFilter.SelectedLabelIDs {
+		foundExclusiveScope := false
+		for _, label := range labels {
+			if label.ID == labelID || label.ID == -labelID {
+				labelExclusiveScopes = append(labelExclusiveScopes, label.ExclusiveScope())
+				foundExclusiveScope = true
+				break
+			}
+		}
+		if !foundExclusiveScope {
+			labelExclusiveScopes = append(labelExclusiveScopes, "")
+		}
+	}
+
+	for _, l := range labels {
+		l.LoadSelectedLabelsAfterClick(preparedLabelFilter.SelectedLabelIDs, labelExclusiveScopes)
+	}
+	ctx.Data["Labels"] = labels
+	ctx.Data["NumLabels"] = len(labels)
+
+	// Get assignees.
+	assigneeUsers, err := repo_model.GetRepoAssignees(ctx, ctx.Repo.Repository)
+	if err != nil {
+		ctx.ServerError("GetRepoAssignees", err)
+		return
+	}
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
+	ctx.Data["AssigneeID"] = assigneeID
+
+	renderMilestones(ctx)
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["MilestoneID"] = milestoneID
+
+	rctx := renderhelper.NewRenderContextRepoComment(ctx, ctx.Repo.Repository)
+	project.RenderedContent, err = markdown.RenderString(rctx, project.Description)
+	if err != nil {
+		ctx.ServerError("RenderString", err)
+		return
+	}
+
+	ctx.Data["Title"] = project.Title
+	ctx.Data["IsProjectsPage"] = true
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(unit.TypeProjects)
+	ctx.Data["Project"] = project
+	ctx.Data["IssuesMap"] = issuesMap
+	ctx.Data["Columns"] = columns
+
+	ctx.HTML(http.StatusOK, tplProjectsView)
+}
+
+// UpdateIssueProject change an issue's project
+func UpdateIssueProject(ctx *context.Context) {
+	issues := getActionIssues(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if err := issues.LoadProjects(ctx); err != nil {
+		ctx.ServerError("LoadProjects", err)
+		return
+	}
+	if _, err := issues.LoadRepositories(ctx); err != nil {
+		ctx.ServerError("LoadProjects", err)
+		return
+	}
+
+	projectIDs := ctx.FormStringInt64s("id")
+	var failedIssues []int64
+	for _, issue := range issues {
+		if err := issues_model.IssueAssignOrRemoveProject(ctx, issue, ctx.Doer, projectIDs); err != nil {
+			if errors.Is(err, util.ErrPermissionDenied) {
+				failedIssues = append(failedIssues, issue.ID)
+				continue
+			}
+			ctx.ServerError("IssueAssignOrRemoveProject", err)
+			return
+		}
+	}
+
+	if len(failedIssues) > 0 {
+		log.Warn("Failed to assign projects to %d issues due to permission denied: %v", len(failedIssues), failedIssues)
+	}
+
+	ctx.JSONOK()
+}
+
+// UpdateIssueProjectColumn moves an issue to a different column within its project
+func UpdateIssueProjectColumn(ctx *context.Context) {
+	issue, err := issues_model.GetIssueByRepoID(ctx, ctx.Repo.Repository.ID, ctx.FormInt64("issue_id"))
+	if err != nil {
+		ctx.NotFoundOrServerError("GetIssueByID", issues_model.IsErrIssueNotExist, err)
+		return
+	}
+	column, err := project_model.GetColumn(ctx, ctx.FormInt64("id"))
+	if err != nil {
+		ctx.NotFoundOrServerError("GetColumn", project_model.IsErrProjectColumnNotExist, err)
+		return
+	}
+
+	if err := issue.LoadProjects(ctx); err != nil {
+		ctx.ServerError("LoadProjects", err)
+		return
+	}
+
+	issueProjects := issue.Projects
+
+	// it must make sure the requested column is in this issue's projects
+	var columnProject *project_model.Project
+	for _, project := range issueProjects {
+		if column.ProjectID == project.ID {
+			columnProject = project
+			break
+		}
+	}
+	if columnProject == nil {
+		ctx.NotFound(nil)
+		return
+	}
+
+	// append to the end of the target column so we don't collide with existing sorting values
+	newSorting, err := project_model.GetColumnIssueNextSorting(ctx, columnProject.ID, column.ID)
+	if err != nil {
+		ctx.ServerError("GetColumnIssueNextSorting", err)
+		return
+	}
+
+	if err := project_service.MoveIssuesOnProjectColumn(ctx, ctx.Doer, column, map[int64]int64{newSorting: issue.ID}); err != nil {
+		ctx.ServerError("MoveIssuesOnProjectColumn", err)
+		return
+	}
+
+	ctx.JSONOK()
+}
+
+// DeleteProjectColumn allows for the deletion of a project column
+func DeleteProjectColumn(ctx *context.Context) {
+	if ctx.Doer == nil {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only signed in users are allowed to perform this action.",
+		})
+		return
+	}
+
+	if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only authorized users are allowed to perform this action.",
+		})
+		return
+	}
+
+	project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
+	if err != nil {
+		if project_model.IsErrProjectNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+
+	pb, err := project_model.GetColumn(ctx, ctx.PathParamInt64("columnID"))
+	if err != nil {
+		ctx.ServerError("GetProjectColumn", err)
+		return
+	}
+	if pb.ProjectID != ctx.PathParamInt64("id") {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
+			"message": fmt.Sprintf("ProjectColumn[%d] is not in Project[%d] as expected", pb.ID, project.ID),
+		})
+		return
+	}
+
+	if project.RepoID != ctx.Repo.Repository.ID {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
+			"message": fmt.Sprintf("ProjectColumn[%d] is not in Repository[%d] as expected", pb.ID, ctx.Repo.Repository.ID),
+		})
+		return
+	}
+
+	if err := project_model.DeleteColumnByID(ctx, ctx.PathParamInt64("columnID")); err != nil {
+		ctx.ServerError("DeleteProjectColumnByID", err)
+		return
+	}
+
+	ctx.JSONOK()
+}
+
+// AddColumnToProjectPost allows a new column to be added to a project.
+func AddColumnToProjectPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditProjectColumnForm)
+	if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only authorized users are allowed to perform this action.",
+		})
+		return
+	}
+
+	project, err := project_model.GetProjectForRepoByID(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("id"))
+	if err != nil {
+		if project_model.IsErrProjectNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+
+	if err := project_model.NewColumn(ctx, &project_model.Column{
+		ProjectID: project.ID,
+		Title:     form.Title,
+		Color:     form.Color,
+		CreatorID: ctx.Doer.ID,
+	}); err != nil {
+		ctx.ServerError("NewProjectColumn", err)
+		return
+	}
+
+	ctx.JSONOK()
+}
+
+func checkProjectColumnChangePermissions(ctx *context.Context) (*project_model.Project, *project_model.Column) {
+	if ctx.Doer == nil {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only signed in users are allowed to perform this action.",
+		})
+		return nil, nil
+	}
+
+	if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only authorized users are allowed to perform this action.",
+		})
+		return nil, nil
+	}
+
+	project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
+	if err != nil {
+		if project_model.IsErrProjectNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return nil, nil
+	}
+
+	column, err := project_model.GetColumn(ctx, ctx.PathParamInt64("columnID"))
+	if err != nil {
+		ctx.ServerError("GetProjectColumn", err)
+		return nil, nil
+	}
+	if column.ProjectID != ctx.PathParamInt64("id") {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
+			"message": fmt.Sprintf("ProjectColumn[%d] is not in Project[%d] as expected", column.ID, project.ID),
+		})
+		return nil, nil
+	}
+
+	if project.RepoID != ctx.Repo.Repository.ID {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
+			"message": fmt.Sprintf("ProjectColumn[%d] is not in Repository[%d] as expected", column.ID, ctx.Repo.Repository.ID),
+		})
+		return nil, nil
+	}
+	return project, column
+}
+
+// EditProjectColumn allows a project column's to be updated
+func EditProjectColumn(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditProjectColumnForm)
+	_, column := checkProjectColumnChangePermissions(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if form.Title != "" {
+		column.Title = form.Title
+	}
+	column.Color = form.Color
+	if form.Sorting != 0 {
+		column.Sorting = form.Sorting
+	}
+
+	if err := project_model.UpdateColumn(ctx, column); err != nil {
+		ctx.ServerError("UpdateProjectColumn", err)
+		return
+	}
+
+	ctx.JSONOK()
+}
+
+// SetDefaultProjectColumn set default column for uncategorized issues/pulls
+func SetDefaultProjectColumn(ctx *context.Context) {
+	project, column := checkProjectColumnChangePermissions(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if err := project_model.SetDefaultColumn(ctx, project.ID, column.ID); err != nil {
+		ctx.ServerError("SetDefaultColumn", err)
+		return
+	}
+
+	ctx.JSONOK()
+}
+
+// MoveIssues moves or keeps issues in a column and sorts them inside that column
+func MoveIssues(ctx *context.Context) {
+	if ctx.Doer == nil {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only signed in users are allowed to perform this action.",
+		})
+		return
+	}
+
+	if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only authorized users are allowed to perform this action.",
+		})
+		return
+	}
+
+	project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
+	if err != nil {
+		if project_model.IsErrProjectNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+	if project.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound(nil)
+		return
+	}
+
+	column, err := project_model.GetColumn(ctx, ctx.PathParamInt64("columnID"))
+	if err != nil {
+		if project_model.IsErrProjectColumnNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetProjectColumn", err)
+		}
+		return
+	}
+
+	if column.ProjectID != project.ID {
+		ctx.NotFound(nil)
+		return
+	}
+
+	type movedIssuesForm struct {
+		Issues []struct {
+			IssueID int64 `json:"issueID"`
+			Sorting int64 `json:"sorting"`
+		} `json:"issues"`
+	}
+
+	form := &movedIssuesForm{}
+	if err = json.NewDecoder(ctx.Req.Body).Decode(&form); err != nil {
+		ctx.ServerError("DecodeMovedIssuesForm", err)
+	}
+
+	issueIDs := make([]int64, 0, len(form.Issues))
+	sortedIssueIDs := make(map[int64]int64)
+	for _, issue := range form.Issues {
+		issueIDs = append(issueIDs, issue.IssueID)
+		sortedIssueIDs[issue.Sorting] = issue.IssueID
+	}
+	movedIssues, err := issues_model.GetIssuesByIDs(ctx, issueIDs)
+	if err != nil {
+		if issues_model.IsErrIssueNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetIssueByID", err)
+		}
+		return
+	}
+
+	if len(movedIssues) != len(form.Issues) {
+		ctx.ServerError("some issues do not exist", errors.New("some issues do not exist"))
+		return
+	}
+
+	for _, issue := range movedIssues {
+		if issue.RepoID != project.RepoID {
+			ctx.ServerError("Some issue's repoID is not equal to project's repoID", errors.New("Some issue's repoID is not equal to project's repoID"))
+			return
+		}
+	}
+
+	if err = project_service.MoveIssuesOnProjectColumn(ctx, ctx.Doer, column, sortedIssueIDs); err != nil {
+		ctx.ServerError("MoveIssuesOnProjectColumn", err)
+		return
+	}
+
+	ctx.JSONOK()
+}
@@ -0,0 +1,27 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"testing"
+
+	"gitea.dev/models/unittest"
+	"gitea.dev/services/contexttest"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCheckProjectColumnChangePermissions(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/projects/1/2")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	ctx.SetPathParam("id", "1")
+	ctx.SetPathParam("columnID", "2")
+
+	project, column := checkProjectColumnChangePermissions(ctx)
+	assert.NotNil(t, project)
+	assert.NotNil(t, column)
+	assert.False(t, ctx.Written())
+}
@@ -0,0 +1,196 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"html/template"
+
+	"gitea.dev/modules/htmlutil"
+	"gitea.dev/modules/svg"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+)
+
+type pullMergeBoxInfoItem struct {
+	ItemClass   string
+	SvgIconHTML template.HTML
+	InfoHTML    template.HTML
+	ListItems   []template.HTML
+}
+
+type pullMergeBoxInfoItemCollection struct {
+	items []*pullMergeBoxInfoItem
+}
+
+type pullInfoSection struct {
+	InfoItems []*pullMergeBoxInfoItem
+}
+
+func escapeStringSliceToHTML(s []string) (ret []template.HTML) {
+	for _, v := range s {
+		ret = append(ret, template.HTML(template.HTMLEscapeString(v)))
+	}
+	return ret
+}
+
+func (c *pullMergeBoxInfoItemCollection) AddInfoItem(svg, info template.HTML, optItems ...[]template.HTML) {
+	c.items = append(c.items, &pullMergeBoxInfoItem{
+		SvgIconHTML: svg,
+		InfoHTML:    info,
+		ListItems:   util.OptionalArg(optItems),
+	})
+}
+
+func (c *pullMergeBoxInfoItemCollection) AddErrorItem(svg, info template.HTML, optItems ...[]template.HTML) {
+	c.items = append(c.items, &pullMergeBoxInfoItem{
+		ItemClass:   "tw-text-red",
+		SvgIconHTML: svg,
+		InfoHTML:    info,
+		ListItems:   util.OptionalArg(optItems),
+	})
+}
+
+func (prInfo *pullRequestViewInfo) prepareMergeBoxIconColor() {
+	pull := prInfo.issue.PullRequest
+	mergeBoxData := prInfo.MergeBoxData
+
+	showAsNormalColor := prInfo.issue.IsClosed || prInfo.workInProgressPrefix != "" || pull.IsEmpty() || pull.IsFilesConflicted()
+	showAsErrorColor := false
+	showAsWarningColor := pull.IsChecking()
+
+	if statusCheckData := mergeBoxData.StatusCheckData; statusCheckData != nil {
+		showAsErrorColor = statusCheckData.pullCommitStatusState.IsError() || statusCheckData.pullCommitStatusState.IsFailure() ||
+			statusCheckData.RequiredChecksState.IsError() || statusCheckData.RequiredChecksState.IsFailure()
+
+		showAsWarningColor = showAsWarningColor ||
+			statusCheckData.pullCommitStatusState.IsWarning() || statusCheckData.pullCommitStatusState.IsPending() ||
+			(mergeBoxData.enableStatusCheck && (statusCheckData.RequiredChecksState.IsWarning() || statusCheckData.RequiredChecksState.IsPending()))
+	}
+
+	hasBlockers := len(mergeBoxData.infoCommitBlockers.items) > 0 || len(mergeBoxData.infoProtectionBlockers.items) > 0
+
+	switch {
+	case pull.HasMerged:
+		prInfo.MergeBoxData.TimelineIconClass = "tw-text-purple"
+	case showAsNormalColor:
+		prInfo.MergeBoxData.TimelineIconClass = "tw-text-text-light"
+	case showAsErrorColor:
+		prInfo.MergeBoxData.TimelineIconClass = "tw-text-red"
+	case showAsWarningColor:
+		prInfo.MergeBoxData.TimelineIconClass = "tw-text-yellow"
+	case hasBlockers:
+		prInfo.MergeBoxData.TimelineIconClass = "tw-text-red"
+	case pull.IsStatusMergeable():
+		prInfo.MergeBoxData.TimelineIconClass = "tw-text-green"
+	default:
+		prInfo.MergeBoxData.TimelineIconClass = "tw-text-text-light"
+	}
+}
+
+func (prInfo *pullRequestViewInfo) prepareMergeBoxInfoItems(ctx *context.Context) {
+	pull := prInfo.issue.PullRequest
+	data := prInfo.MergeBoxData
+
+	if pull.HasMerged && data.IsPullBranchDeletable {
+		data.ClosedInfoTitle = ctx.Locale.Tr("repo.pulls.merged_success")
+		data.ClosedInfoBody = ctx.Locale.Tr("repo.pulls.merged_info_text", htmlutil.HTMLFormat("<code>%s</code>", prInfo.headTarget))
+		return
+	} else if prInfo.issue.IsClosed {
+		data.ClosedInfoTitle = ctx.Locale.Tr("repo.pulls.closed")
+		if prInfo.IsPullRequestBroken {
+			data.ClosedInfoBody = ctx.Locale.Tr("repo.pulls.cant_reopen_deleted_branch")
+		} else {
+			data.ClosedInfoBody = ctx.Locale.Tr("repo.pulls.reopen_to_merge")
+		}
+		return
+	}
+
+	if pull.IsFilesConflicted() {
+		detailItems := escapeStringSliceToHTML(pull.ConflictedFiles)
+		if len(detailItems) == 0 {
+			detailItems = append(detailItems, ctx.Locale.Tr("repo.pulls.files_conflicted_no_listed_files"))
+		}
+		if len(detailItems) > 10 {
+			detailItems = detailItems[:10]
+			detailItems = append(detailItems, "...")
+		}
+		prInfo.MergeBoxData.infoCommitBlockers.AddInfoItem(
+			svg.RenderHTML("octicon-x"),
+			ctx.Locale.Tr("repo.pulls.files_conflicted"),
+			detailItems,
+		)
+	}
+
+	if prInfo.IsPullRequestBroken {
+		prInfo.MergeBoxData.infoCommitBlockers.AddInfoItem(
+			svg.RenderHTML("octicon-x"),
+			ctx.Locale.Tr("repo.pulls.data_broken"),
+		)
+	}
+
+	if pull.IsChecking() {
+		prInfo.MergeBoxData.infoCommitBlockers.AddInfoItem(
+			svg.RenderHTML("gitea-running", 16, "rotate-clockwise"),
+			ctx.Locale.Tr("repo.pulls.is_checking"),
+		)
+	}
+
+	if pull.IsAncestor() {
+		prInfo.MergeBoxData.infoCommitBlockers.AddInfoItem(
+			svg.RenderHTML("octicon-alert"),
+			ctx.Locale.Tr("repo.pulls.is_ancestor"),
+		)
+	}
+
+	if !pull.IsStatusMergeable() {
+		// it is only a "protection" level blocker, it can be bypassed by admin (e.g.: manually merged)
+		if pull.IsEmpty() {
+			prInfo.MergeBoxData.infoProtectionBlockers.AddInfoItem(
+				svg.RenderHTML("octicon-alert"),
+				ctx.Locale.Tr("repo.pulls.is_empty"),
+			)
+		} else {
+			prInfo.MergeBoxData.infoProtectionBlockers.AddErrorItem(
+				svg.RenderHTML("octicon-x"),
+				ctx.Locale.Tr("repo.pulls.cannot_auto_merge_desc"),
+			)
+			prInfo.MergeBoxData.infoProtectionBlockers.AddInfoItem(
+				svg.RenderHTML("octicon-info"),
+				ctx.Locale.Tr("repo.pulls.cannot_auto_merge_helper"),
+			)
+		}
+	}
+
+	if !data.hasPermToMerge {
+		prInfo.MergeBoxData.infoProtectionBlockers.AddInfoItem(
+			svg.RenderHTML("octicon-info"),
+			ctx.Locale.Tr("repo.pulls.no_merge_access"),
+		)
+	}
+
+	if data.canMergeNow {
+		if data.hasOverridableBlockers {
+			prompt := ctx.Locale.Tr("repo.pulls.required_status_check_bypass_allowlist")
+			if data.canBypassProtectionAsAdmin {
+				prompt = ctx.Locale.Tr("repo.pulls.required_status_check_administrator")
+			}
+			prInfo.MergeBoxData.infoMergePrompts.AddInfoItem(
+				svg.RenderHTML("octicon-dot-fill"),
+				prompt,
+			)
+		} else if pull.IsStatusMergeable() || pull.IsEmpty() {
+			prInfo.MergeBoxData.infoMergePrompts.AddInfoItem(
+				svg.RenderHTML("octicon-check"),
+				ctx.Locale.Tr("repo.pulls.can_auto_merge_desc"),
+			)
+		}
+	}
+
+	if len(data.infoCommitBlockers.items) > 0 {
+		data.InfoSections = append(data.InfoSections, &pullInfoSection{data.infoCommitBlockers.items})
+	} else {
+		data.InfoSections = append(data.InfoSections, &pullInfoSection{data.infoProtectionBlockers.items})
+	}
+	data.InfoSections = append(data.InfoSections, &pullInfoSection{data.infoMergePrompts.items})
+}
@@ -0,0 +1,184 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"html/template"
+
+	pull_model "gitea.dev/models/pull"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/svg"
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+	pull_service "gitea.dev/services/pull"
+)
+
+func (prInfo *pullRequestViewInfo) prepareMergeBoxFormProps(ctx *context.Context) {
+	pull := prInfo.issue.PullRequest
+	if pull.HasMerged || prInfo.issue.IsClosed {
+		return
+	}
+	if !prInfo.MergeBoxData.hasPermToMerge {
+		return
+	}
+
+	prConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypePullRequests).PullRequestsConfig()
+
+	// Check correct values and select default
+	var mergeStyle repo_model.MergeStyle
+	if prConfig.IsMergeStyleAllowed(prConfig.DefaultMergeStyle) {
+		mergeStyle = prConfig.DefaultMergeStyle
+	} else if prConfig.AllowMerge {
+		mergeStyle = repo_model.MergeStyleMerge
+	} else if prConfig.AllowRebase {
+		mergeStyle = repo_model.MergeStyleRebase
+	} else if prConfig.AllowRebaseMerge {
+		mergeStyle = repo_model.MergeStyleRebaseMerge
+	} else if prConfig.AllowSquash {
+		mergeStyle = repo_model.MergeStyleSquash
+	} else if prConfig.AllowFastForwardOnly {
+		mergeStyle = repo_model.MergeStyleFastForwardOnly
+	} else if prConfig.AllowManualMerge {
+		mergeStyle = repo_model.MergeStyleManuallyMerged
+	}
+	if mergeStyle == "" {
+		return
+	}
+
+	// Check if there is a pending pr merge
+	hasPendingPullRequestMerge, pendingPullRequestMerge, err := pull_model.GetScheduledMergeByPullID(ctx, pull.ID)
+	if err != nil {
+		ctx.ServerError("GetScheduledMergeByPullID", err)
+		return
+	}
+
+	var hasPendingPullRequestMergeTip template.HTML
+	if hasPendingPullRequestMerge {
+		createdPRMergeStr := templates.TimeSince(pendingPullRequestMerge.CreatedUnix)
+		hasPendingPullRequestMergeTip = ctx.Locale.Tr("repo.pulls.auto_merge_has_pending_schedule", pendingPullRequestMerge.Doer.Name, createdPRMergeStr)
+	}
+
+	defaultMergeTitle, defaultMergeBody, err := pull_service.GetDefaultMergeMessage(ctx, ctx.Repo.GitRepo, pull, mergeStyle)
+	if err != nil {
+		ctx.ServerError("GetDefaultMergeMessage", err)
+		return
+	}
+	defaultSquashMergeTitle, defaultSquashMergeBody, err := pull_service.GetDefaultMergeMessage(ctx, ctx.Repo.GitRepo, pull, repo_model.MergeStyleSquash)
+	if err != nil {
+		ctx.ServerError("GetDefaultSquashMergeMessage", err)
+		return
+	}
+
+	var defaultSquashMergeCommitMessages string
+	if !prInfo.IsPullRequestBroken {
+		defaultSquashMergeCommitMessages = pull_service.GetSquashMergeCommitMessages(ctx, pull)
+	}
+
+	allOverridableChecksOk := !prInfo.MergeBoxData.hasOverridableBlockers
+	mergeFormProps := map[string]any{
+		"baseLink":                       prInfo.issue.Link(),
+		"textCancel":                     ctx.Locale.Tr("cancel"),
+		"textDeleteBranch":               ctx.Locale.Tr("repo.branch.delete", prInfo.headTarget),
+		"textAutoMergeButtonWhenSucceed": ctx.Locale.Tr("repo.pulls.auto_merge_button_when_succeed"),
+		"textAutoMergeWhenSucceed":       ctx.Locale.Tr("repo.pulls.auto_merge_when_succeed"),
+		"textAutoMergeCancelSchedule":    ctx.Locale.Tr("repo.pulls.auto_merge_cancel_schedule"),
+		"textClearMergeMessage":          ctx.Locale.Tr("repo.pulls.clear_merge_message"),
+		"textClearMergeMessageHint":      ctx.Locale.Tr("repo.pulls.clear_merge_message_hint"),
+		"textMergeCommitId":              ctx.Locale.Tr("repo.pulls.merge_commit_id"),
+
+		"canMergeNow":                   prInfo.MergeBoxData.canMergeNow,
+		"allOverridableChecksOk":        allOverridableChecksOk,
+		"emptyCommit":                   pull.IsEmpty(),
+		"pullHeadCommitID":              prInfo.CompareInfo.HeadCommitID,
+		"isPullBranchDeletable":         prInfo.MergeBoxData.IsPullBranchDeletable,
+		"defaultMergeStyle":             mergeStyle,
+		"defaultDeleteBranchAfterMerge": prConfig.DefaultDeleteBranchAfterMerge,
+		"mergeMessageFieldPlaceHolder":  ctx.Locale.Tr("repo.editor.commit_message_desc"),
+		"defaultMergeMessage":           defaultMergeBody,
+
+		"hasPendingPullRequestMerge":    hasPendingPullRequestMerge,
+		"hasPendingPullRequestMergeTip": hasPendingPullRequestMergeTip,
+	}
+
+	// if this pr can be merged now, then hide the auto merge
+	generalHideAutoMerge := prInfo.MergeBoxData.canMergeNow && allOverridableChecksOk
+
+	var mergeStyles []any
+	if pull.IsStatusMergeable() {
+		mergeStyles = []any{
+			map[string]any{
+				"name":                  "merge",
+				"allowed":               prConfig.AllowMerge,
+				"textDoMerge":           ctx.Locale.Tr("repo.pulls.merge_pull_request"),
+				"mergeTitleFieldText":   defaultMergeTitle,
+				"mergeMessageFieldText": defaultMergeBody,
+				"hideAutoMerge":         generalHideAutoMerge,
+			},
+			map[string]any{
+				"name":                  "rebase",
+				"allowed":               prConfig.AllowRebase,
+				"textDoMerge":           ctx.Locale.Tr("repo.pulls.rebase_merge_pull_request"),
+				"hideMergeMessageTexts": true,
+				"hideAutoMerge":         generalHideAutoMerge,
+			},
+			map[string]any{
+				"name":                  "rebase-merge",
+				"allowed":               prConfig.AllowRebaseMerge,
+				"textDoMerge":           ctx.Locale.Tr("repo.pulls.rebase_merge_commit_pull_request"),
+				"mergeTitleFieldText":   defaultMergeTitle,
+				"mergeMessageFieldText": defaultMergeBody,
+				"hideAutoMerge":         generalHideAutoMerge,
+			},
+			map[string]any{
+				"name":                  "squash",
+				"allowed":               prConfig.AllowSquash,
+				"textDoMerge":           ctx.Locale.Tr("repo.pulls.squash_merge_pull_request"),
+				"mergeTitleFieldText":   defaultSquashMergeTitle,
+				"mergeMessageFieldText": defaultSquashMergeCommitMessages + defaultSquashMergeBody,
+				"hideAutoMerge":         generalHideAutoMerge,
+			},
+			map[string]any{
+				"name":                  "fast-forward-only",
+				"allowed":               prConfig.AllowFastForwardOnly && pull.CommitsBehind == 0,
+				"textDoMerge":           ctx.Locale.Tr("repo.pulls.fast_forward_only_merge_pull_request"),
+				"hideMergeMessageTexts": true,
+				"hideAutoMerge":         generalHideAutoMerge,
+			},
+		}
+	}
+
+	// Manually Merged is not a well-known feature, it is used to mark a non-mergeable PR (already merged, conflicted) as merged
+	// To test it:
+	//  Enable "Manually Merged" feature in the Repository Settings
+	//  Create a pull request, either:
+	//  - Merge the pull request branch locally and push the merged commit to Gitea
+	//  - Make some conflicts between the base branch and the pull request branch
+	//  Then the Manually Merged form will be shown in the merge form
+	canUseManualMerge := !pull.IsWorkInProgress(ctx) && !pull.IsChecking() && prConfig.AllowManualMerge
+	if canUseManualMerge {
+		mergeStyles = append(mergeStyles, map[string]any{
+			"name":                  "manually-merged",
+			"allowed":               prConfig.AllowManualMerge,
+			"textDoMerge":           ctx.Locale.Tr("repo.pulls.merge_manually"),
+			"hideMergeMessageTexts": true,
+			"hideAutoMerge":         true,
+		})
+	}
+
+	if len(mergeStyles) > 0 {
+		mergeFormProps["mergeStyles"] = mergeStyles
+		prInfo.MergeBoxData.MergeFormProps = mergeFormProps
+	} else if pull.IsStatusMergeable() {
+		// no merge style was set in repo setting
+		prInfo.MergeBoxData.infoCommitBlockers.AddInfoItem(
+			svg.RenderHTML("octicon-x", 16, "tw-text-red"),
+			ctx.Locale.Tr("repo.pulls.no_merge_desc"),
+		)
+		prInfo.MergeBoxData.infoCommitBlockers.AddInfoItem(
+			svg.RenderHTML("octicon-info"),
+			ctx.Locale.Tr("repo.pulls.no_merge_helper"),
+		)
+	}
+}
@@ -0,0 +1,452 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/organization"
+	pull_model "gitea.dev/models/pull"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/context/upload"
+	"gitea.dev/services/forms"
+	issue_service "gitea.dev/services/issue"
+	pull_service "gitea.dev/services/pull"
+	user_service "gitea.dev/services/user"
+)
+
+const (
+	tplDiffConversation     templates.TplName = "repo/diff/conversation"
+	tplConversationOutdated templates.TplName = "repo/diff/conversation_outdated"
+	tplTimelineConversation templates.TplName = "repo/issue/view_content/conversation"
+	tplNewComment           templates.TplName = "repo/diff/new_comment"
+)
+
+// RenderNewCodeCommentForm will render the form for creating a new review comment
+func RenderNewCodeCommentForm(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+	if !issue.IsPull {
+		return
+	}
+	currentReview, err := issues_model.GetCurrentReview(ctx, ctx.Doer, issue)
+	if err != nil && !issues_model.IsErrReviewNotExist(err) {
+		ctx.ServerError("GetCurrentReview", err)
+		return
+	}
+	ctx.Data["PageIsPullFiles"] = true
+	ctx.Data["Issue"] = issue
+	ctx.Data["CurrentReview"] = currentReview
+	pullHeadCommitID, err := ctx.Repo.GitRepo.GetRefCommitID(issue.PullRequest.GetGitHeadRefName())
+	if err != nil {
+		ctx.ServerError("GetRefCommitID", err)
+		return
+	}
+	ctx.Data["AfterCommitID"] = pullHeadCommitID
+	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
+	upload.AddUploadContext(ctx, "comment")
+	ctx.HTML(http.StatusOK, tplNewComment)
+}
+
+// CreateCodeComment will create a code comment including an pending review if required
+func CreateCodeComment(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CodeCommentForm)
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+	if !issue.IsPull {
+		return
+	}
+
+	if ctx.HasError() {
+		ctx.Flash.Error(ctx.GetErrMsg())
+		ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
+		return
+	}
+
+	signedLine := form.Line
+	if form.Side == "previous" {
+		signedLine *= -1
+	}
+
+	var attachments []string
+	if setting.Attachment.Enabled {
+		attachments = form.Files
+	}
+
+	comment, err := pull_service.CreateCodeComment(ctx,
+		ctx.Doer,
+		ctx.Repo.GitRepo,
+		issue,
+		signedLine,
+		form.Content,
+		form.TreePath,
+		!form.SingleReview,
+		form.Reply,
+		form.LatestCommitID,
+		attachments,
+	)
+	if err != nil {
+		ctx.ServerError("CreateCodeComment", err)
+		return
+	}
+
+	if comment == nil {
+		log.Trace("Comment not created: %-v #%d[%d]", ctx.Repo.Repository, issue.Index, issue.ID)
+		ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
+		return
+	}
+
+	log.Trace("Comment created: %-v #%d[%d] Comment[%d]", ctx.Repo.Repository, issue.Index, issue.ID, comment.ID)
+
+	renderConversation(ctx, comment, form.Origin)
+}
+
+// UpdateResolveConversation add or remove an Conversation resolved mark
+func UpdateResolveConversation(ctx *context.Context) {
+	origin := ctx.FormString("origin")
+	action := ctx.FormString("action")
+	commentID := ctx.FormInt64("comment_id")
+
+	comment, err := issues_model.GetCommentByID(ctx, commentID)
+	if err != nil {
+		ctx.ServerError("GetIssueByID", err)
+		return
+	}
+
+	if err = comment.LoadIssue(ctx); err != nil {
+		ctx.ServerError("comment.LoadIssue", err)
+		return
+	}
+
+	if comment.Issue.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound(errors.New("comment's repoID is incorrect"))
+		return
+	}
+
+	var permResult bool
+	if permResult, err = issues_model.CanMarkConversation(ctx, comment.Issue, ctx.Doer); err != nil {
+		ctx.ServerError("CanMarkConversation", err)
+		return
+	}
+	if !permResult {
+		ctx.HTTPError(http.StatusForbidden)
+		return
+	}
+
+	if !comment.Issue.IsPull {
+		ctx.HTTPError(http.StatusBadRequest)
+		return
+	}
+
+	if action == "Resolve" || action == "UnResolve" {
+		err = issues_model.MarkConversation(ctx, comment, ctx.Doer, action == "Resolve")
+		if err != nil {
+			ctx.ServerError("MarkConversation", err)
+			return
+		}
+	} else {
+		ctx.HTTPError(http.StatusBadRequest)
+		return
+	}
+
+	renderConversation(ctx, comment, origin)
+}
+
+func renderConversation(ctx *context.Context, comment *issues_model.Comment, origin string) {
+	ctx.Data["PageIsPullFiles"] = origin == "diff"
+
+	showOutdatedComments := origin == "timeline" || GetShowOutdatedComments(ctx)
+	comments, err := issues_model.FetchCodeCommentsByLine(ctx, comment.Issue, ctx.Doer, comment.TreePath, comment.Line, showOutdatedComments)
+	if err != nil {
+		ctx.ServerError("FetchCodeCommentsByLine", err)
+		return
+	}
+	if len(comments) == 0 {
+		// if the comments are empty (deleted, outdated, etc), it's better to tell the users that it is outdated
+		ctx.HTML(http.StatusOK, tplConversationOutdated)
+		return
+	}
+
+	if err := comments.LoadAttachments(ctx); err != nil {
+		ctx.ServerError("LoadAttachments", err)
+		return
+	}
+
+	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
+	upload.AddUploadContext(ctx, "comment")
+
+	ctx.Data["comments"] = comments
+	if ctx.Data["CanMarkConversation"], err = issues_model.CanMarkConversation(ctx, comment.Issue, ctx.Doer); err != nil {
+		ctx.ServerError("CanMarkConversation", err)
+		return
+	}
+	ctx.Data["Issue"] = comment.Issue
+	if err = comment.Issue.LoadPullRequest(ctx); err != nil {
+		ctx.ServerError("comment.Issue.LoadPullRequest", err)
+		return
+	}
+	pullHeadCommitID, err := ctx.Repo.GitRepo.GetRefCommitID(comment.Issue.PullRequest.GetGitHeadRefName())
+	if err != nil {
+		ctx.ServerError("GetRefCommitID", err)
+		return
+	}
+	ctx.Data["AfterCommitID"] = pullHeadCommitID
+	ctx.Data["CanBlockUser"] = func(blocker, blockee *user_model.User) bool {
+		return user_service.CanBlockUser(ctx, ctx.Doer, blocker, blockee)
+	}
+
+	switch origin {
+	case "diff":
+		ctx.HTML(http.StatusOK, tplDiffConversation)
+	case "timeline":
+		ctx.HTML(http.StatusOK, tplTimelineConversation)
+	default:
+		ctx.HTTPError(http.StatusBadRequest, "Unknown origin: "+origin)
+	}
+}
+
+// SubmitReview creates a review out of the existing pending review or creates a new one if no pending review exist
+func SubmitReview(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.SubmitReviewForm)
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+	if !issue.IsPull {
+		return
+	}
+	if ctx.HasError() {
+		ctx.Flash.Error(ctx.GetErrMsg())
+		ctx.JSONRedirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
+		return
+	}
+
+	reviewType := form.ReviewType()
+	switch reviewType {
+	case issues_model.ReviewTypeUnknown:
+		ctx.ServerError("ReviewType", fmt.Errorf("unknown ReviewType: %s", form.Type))
+		return
+
+	// can not approve/reject your own PR
+	case issues_model.ReviewTypeApprove, issues_model.ReviewTypeReject:
+		if issue.IsPoster(ctx.Doer.ID) {
+			var translated string
+			if reviewType == issues_model.ReviewTypeApprove {
+				translated = ctx.Locale.TrString("repo.issues.review.self.approval")
+			} else {
+				translated = ctx.Locale.TrString("repo.issues.review.self.rejection")
+			}
+
+			ctx.Flash.Error(translated)
+			ctx.JSONRedirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
+			return
+		}
+	}
+
+	var attachments []string
+	if setting.Attachment.Enabled {
+		attachments = form.Files
+	}
+
+	_, comm, err := pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, issue, reviewType, form.Content, form.CommitID, attachments)
+	if err != nil {
+		if issues_model.IsContentEmptyErr(err) {
+			ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty"))
+			ctx.JSONRedirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
+		} else if errors.Is(err, pull_service.ErrSubmitReviewOnClosedPR) {
+			ctx.Status(http.StatusUnprocessableEntity)
+		} else {
+			ctx.ServerError("SubmitReview", err)
+		}
+		return
+	}
+	ctx.JSONRedirect(fmt.Sprintf("%s/pulls/%d#%s", ctx.Repo.RepoLink, issue.Index, comm.HashTag()))
+}
+
+// DismissReview dismissing stale review by repo admin
+func DismissReview(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.DismissReviewForm)
+	comm, err := pull_service.DismissReview(ctx, form.ReviewID, ctx.Repo.Repository.ID, form.Message, ctx.Doer, true, true)
+	if err != nil {
+		if pull_service.IsErrDismissRequestOnClosedPR(err) {
+			ctx.Status(http.StatusForbidden)
+			return
+		}
+		ctx.ServerError("pull_service.DismissReview", err)
+		return
+	}
+
+	ctx.Redirect(fmt.Sprintf("%s/pulls/%d#%s", ctx.Repo.RepoLink, comm.Issue.Index, comm.HashTag()))
+}
+
+// viewedFilesUpdate Struct to parse the body of a request to update the reviewed files of a PR
+// If you want to implement an API to update the review, simply move this struct into modules.
+type viewedFilesUpdate struct {
+	Files         map[string]bool `json:"files"`
+	HeadCommitSHA string          `json:"headCommitSHA"`
+}
+
+func UpdateViewedFiles(ctx *context.Context) {
+	// Find corresponding PR
+	issue, ok := getPullInfo(ctx)
+	if !ok {
+		return
+	}
+	pull := issue.PullRequest
+
+	var data *viewedFilesUpdate
+	err := json.NewDecoder(ctx.Req.Body).Decode(&data)
+	if err != nil {
+		log.Warn("Attempted to update a review but could not parse request body: %v", err)
+		ctx.Resp.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	// Expect the review to have been now if no head commit was supplied
+	if data.HeadCommitSHA == "" {
+		data.HeadCommitSHA = pull.HeadCommitID
+	}
+
+	updatedFiles := make(map[string]pull_model.ViewedState, len(data.Files))
+	for file, viewed := range data.Files {
+		// Only unviewed and viewed are possible, has-changed can not be set from the outside
+		state := pull_model.Unviewed
+		if viewed {
+			state = pull_model.Viewed
+		}
+		updatedFiles[file] = state
+	}
+
+	if _, err := pull_model.UpdateReviewState(ctx, ctx.Doer.ID, pull.ID, data.HeadCommitSHA, updatedFiles); err != nil {
+		ctx.ServerError("UpdateReview", err)
+	}
+}
+
+// UpdatePullReviewRequest add or remove review request
+func UpdatePullReviewRequest(ctx *context.Context) {
+	issues := getActionIssues(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	reviewID := ctx.FormInt64("id")
+	action := ctx.FormString("action")
+
+	// TODO: Not support 'clear' now
+	if action != "attach" && action != "detach" {
+		ctx.Status(http.StatusForbidden)
+		return
+	}
+
+	for _, issue := range issues {
+		if err := issue.LoadRepo(ctx); err != nil {
+			ctx.ServerError("issue.LoadRepo", err)
+			return
+		}
+
+		if !issue.IsPull {
+			log.Warn(
+				"UpdatePullReviewRequest: refusing to add review request for non-PR issue %-v#%d",
+				issue.Repo, issue.Index,
+			)
+			ctx.Status(http.StatusForbidden)
+			return
+		}
+		if reviewID < 0 {
+			// negative reviewIDs represent team requests
+			if err := issue.Repo.LoadOwner(ctx); err != nil {
+				ctx.ServerError("issue.Repo.LoadOwner", err)
+				return
+			}
+
+			if !issue.Repo.Owner.IsOrganization() {
+				log.Warn(
+					"UpdatePullReviewRequest: refusing to add team review request for %s#%d owned by non organization UID[%d]",
+					issue.Repo.FullName(), issue.Index, issue.Repo.ID,
+				)
+				ctx.Status(http.StatusForbidden)
+				return
+			}
+
+			team, err := organization.GetTeamByID(ctx, -reviewID)
+			if err != nil {
+				ctx.ServerError("GetTeamByID", err)
+				return
+			}
+
+			if team.OrgID != issue.Repo.OwnerID {
+				log.Warn(
+					"UpdatePullReviewRequest: refusing to add team review request for UID[%d] team %s to %s#%d owned by UID[%d]",
+					team.OrgID, team.Name, issue.Repo.FullName(), issue.Index, issue.Repo.ID)
+				ctx.Status(http.StatusForbidden)
+				return
+			}
+
+			_, err = issue_service.TeamReviewRequest(ctx, issue, ctx.Doer, team, action == "attach")
+			if err != nil {
+				if issues_model.IsErrNotValidReviewRequest(err) {
+					log.Warn(
+						"UpdatePullReviewRequest: refusing to add invalid team review request for UID[%d] team %s to %s#%d owned by UID[%d]: Error: %v",
+						team.OrgID, team.Name, issue.Repo.FullName(), issue.Index, issue.Repo.ID,
+						err,
+					)
+					ctx.Status(http.StatusForbidden)
+					return
+				}
+				ctx.ServerError("TeamReviewRequest", err)
+				return
+			}
+			continue
+		}
+
+		reviewer, err := user_model.GetUserByID(ctx, reviewID)
+		if err != nil {
+			if user_model.IsErrUserNotExist(err) {
+				log.Warn(
+					"UpdatePullReviewRequest: requested reviewer [%d] for %-v to %-v#%d is not exist: Error: %v",
+					reviewID, issue.Repo, issue.Index,
+					err,
+				)
+				ctx.Status(http.StatusForbidden)
+				return
+			}
+			ctx.ServerError("GetUserByID", err)
+			return
+		}
+
+		_, err = issue_service.ReviewRequest(ctx, issue, ctx.Doer, &ctx.Repo.Permission, reviewer, action == "attach")
+		if err != nil {
+			if issues_model.IsErrNotValidReviewRequest(err) {
+				log.Warn(
+					"UpdatePullReviewRequest: refusing to add invalid review request for %-v to %-v#%d: Error: %v",
+					reviewer, issue.Repo, issue.Index,
+					err,
+				)
+				ctx.Status(http.StatusForbidden)
+				return
+			}
+			if issues_model.IsErrReviewRequestOnClosedPR(err) {
+				ctx.Status(http.StatusForbidden)
+				return
+			}
+			ctx.ServerError("ReviewRequest", err)
+			return
+		}
+	}
+
+	ctx.JSONOK()
+}
@@ -0,0 +1,91 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"gitea.dev/models/db"
+	issues_model "gitea.dev/models/issues"
+	"gitea.dev/models/unittest"
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+	"gitea.dev/services/contexttest"
+	"gitea.dev/services/pull"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestRenderConversation(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	pr, _ := issues_model.GetPullRequestByID(t.Context(), 2)
+	_ = pr.LoadIssue(t.Context())
+	_ = pr.Issue.LoadPoster(t.Context())
+	_ = pr.Issue.LoadRepo(t.Context())
+
+	run := func(name string, cb func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder)) {
+		t.Run(name, func(t *testing.T) {
+			ctx, resp := contexttest.MockContext(t, "/", contexttest.MockContextOption{Render: templates.PageRenderer()})
+			contexttest.LoadUser(t, ctx, pr.Issue.PosterID)
+			contexttest.LoadRepo(t, ctx, pr.BaseRepoID)
+			contexttest.LoadGitRepo(t, ctx)
+			defer ctx.Repo.GitRepo.Close()
+			cb(t, ctx, resp)
+		})
+	}
+
+	var preparedComment *issues_model.Comment
+	run("prepare", func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder) {
+		comment, err := pull.CreateCodeComment(ctx, pr.Issue.Poster, ctx.Repo.GitRepo, pr.Issue, 1, "content", "", false, 0, pr.HeadCommitID, nil)
+		require.NoError(t, err)
+
+		comment.Invalidated = true
+		err = issues_model.UpdateCommentInvalidate(ctx, comment)
+		require.NoError(t, err)
+
+		preparedComment = comment
+	})
+	require.NotNil(t, preparedComment)
+
+	run("diff with outdated", func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder) {
+		ctx.Data["ShowOutdatedComments"] = true
+		renderConversation(ctx, preparedComment, "diff")
+		assert.Contains(t, resp.Body.String(), `<div class="content comment-container"`)
+	})
+	run("diff without outdated", func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder) {
+		ctx.Data["ShowOutdatedComments"] = false
+		renderConversation(ctx, preparedComment, "diff")
+		assert.Contains(t, resp.Body.String(), `conversation-not-existing`)
+	})
+	run("timeline with outdated", func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder) {
+		ctx.Data["ShowOutdatedComments"] = true
+		renderConversation(ctx, preparedComment, "timeline")
+		assert.Contains(t, resp.Body.String(), `<div id="code-comments-`)
+	})
+	run("timeline is not affected by ShowOutdatedComments=false", func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder) {
+		ctx.Data["ShowOutdatedComments"] = false
+		renderConversation(ctx, preparedComment, "timeline")
+		assert.Contains(t, resp.Body.String(), `<div id="code-comments-`)
+	})
+	run("diff non-existing review", func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder) {
+		err := db.TruncateBeans(t.Context(), &issues_model.Review{})
+		assert.NoError(t, err)
+		ctx.Data["ShowOutdatedComments"] = true
+		renderConversation(ctx, preparedComment, "diff")
+		assert.Equal(t, http.StatusOK, resp.Code)
+		assert.NotContains(t, resp.Body.String(), `status-page-500`)
+	})
+	run("timeline non-existing review", func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder) {
+		err := db.TruncateBeans(t.Context(), &issues_model.Review{})
+		assert.NoError(t, err)
+		ctx.Data["ShowOutdatedComments"] = true
+		renderConversation(ctx, preparedComment, "timeline")
+		assert.Equal(t, http.StatusOK, resp.Code)
+		assert.NotContains(t, resp.Body.String(), `status-page-500`)
+	})
+}
@@ -0,0 +1,26 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+)
+
+const (
+	tplRecentCommits templates.TplName = "repo/activity"
+)
+
+// RecentCommits renders the page to show recent commit frequency on repository
+func RecentCommits(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.activity.navbar.recent_commits")
+
+	ctx.Data["PageIsActivity"] = true
+	ctx.Data["PageIsRecentCommits"] = true
+	ctx.PageData["repoLink"] = ctx.Repo.RepoLink
+
+	ctx.HTML(http.StatusOK, tplRecentCommits)
+}
@@ -0,0 +1,705 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	stdCtx "context"
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"gitea.dev/models/db"
+	git_model "gitea.dev/models/git"
+	"gitea.dev/models/renderhelper"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/markup/markdown"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/routers/web/feed"
+	shared_user "gitea.dev/routers/web/shared/user"
+	"gitea.dev/services/context"
+	"gitea.dev/services/context/upload"
+	"gitea.dev/services/forms"
+	release_service "gitea.dev/services/release"
+)
+
+const (
+	tplReleasesList templates.TplName = "repo/release/list"
+	tplReleaseNew   templates.TplName = "repo/release/new"
+	tplTagsList     templates.TplName = "repo/tag/list"
+)
+
+// calReleaseNumCommitsBehind calculates given release has how many commits behind release target.
+func calReleaseNumCommitsBehind(ctx stdCtx.Context, repoCtx *context.Repository, release *repo_model.Release, countCache map[string]int64) error {
+	target := release.Target
+	if target == "" {
+		target = repoCtx.Repository.DefaultBranch
+	}
+	// Get count if not cached
+	if _, ok := countCache[target]; !ok {
+		commit, err := repoCtx.GitRepo.GetBranchCommit(target)
+		if err != nil {
+			var errNotExist git.ErrNotExist
+			if target == repoCtx.Repository.DefaultBranch || !errors.As(err, &errNotExist) {
+				return fmt.Errorf("GetBranchCommit: %w", err)
+			}
+			// fallback to default branch
+			target = repoCtx.Repository.DefaultBranch
+			commit, err = repoCtx.GitRepo.GetBranchCommit(target)
+			if err != nil {
+				return fmt.Errorf("GetBranchCommit(DefaultBranch): %w", err)
+			}
+		}
+		countCache[target], err = gitrepo.CommitsCountOfCommit(ctx, repoCtx.Repository, commit.ID.String())
+		if err != nil {
+			return fmt.Errorf("CommitsCount: %w", err)
+		}
+	}
+	release.NumCommitsBehind = countCache[target] - release.NumCommits
+	release.TargetBehind = target
+	return nil
+}
+
+type ReleaseInfo struct {
+	Release        *repo_model.Release
+	CommitStatus   *git_model.CommitStatus
+	CommitStatuses []*git_model.CommitStatus
+}
+
+func getReleaseInfos(ctx *context.Context, opts *repo_model.FindReleasesOptions) ([]*ReleaseInfo, error) {
+	releases, err := db.Find[repo_model.Release](ctx, opts)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, release := range releases {
+		release.Repo = ctx.Repo.Repository
+	}
+
+	if err = repo_model.GetReleaseAttachments(ctx, releases...); err != nil {
+		return nil, err
+	}
+
+	// Temporary cache commits count of used branches to speed up.
+	countCache := make(map[string]int64)
+	cacheUsers := make(map[int64]*user_model.User)
+	if ctx.Doer != nil {
+		cacheUsers[ctx.Doer.ID] = ctx.Doer
+	}
+	var ok bool
+
+	canReadActions := ctx.Repo.Permission.CanRead(unit.TypeActions)
+
+	releaseInfos := make([]*ReleaseInfo, 0, len(releases))
+	for _, r := range releases {
+		if r.Publisher, ok = cacheUsers[r.PublisherID]; !ok {
+			r.PublisherID, r.Publisher, err = user_model.GetPossibleUserByID(ctx, r.PublisherID)
+			if err != nil {
+				return nil, err
+			}
+			cacheUsers[r.PublisherID] = r.Publisher
+		}
+
+		rctx := renderhelper.NewRenderContextRepoComment(ctx, r.Repo, renderhelper.RepoCommentOptions{
+			FootnoteContextID: strconv.FormatInt(r.ID, 10),
+		})
+		r.RenderedNote, err = markdown.RenderString(rctx, r.Note)
+		if err != nil {
+			return nil, err
+		}
+
+		if !r.IsDraft {
+			if err := calReleaseNumCommitsBehind(ctx, ctx.Repo, r, countCache); err != nil {
+				return nil, err
+			}
+		}
+
+		info := &ReleaseInfo{
+			Release: r,
+		}
+
+		if canReadActions {
+			statuses, err := git_model.GetLatestCommitStatus(ctx, r.Repo.ID, r.Sha1, db.ListOptionsAll)
+			if err != nil {
+				return nil, err
+			}
+
+			info.CommitStatus = git_model.CalcCommitStatus(statuses)
+			info.CommitStatuses = statuses
+		}
+
+		releaseInfos = append(releaseInfos, info)
+	}
+
+	return releaseInfos, nil
+}
+
+// Releases render releases list page
+func Releases(ctx *context.Context) {
+	ctx.Data["PageIsReleaseList"] = true
+	ctx.Data["Title"] = ctx.Tr("repo.release.releases")
+
+	listOptions := db.ListOptions{
+		Page:     ctx.FormInt("page"),
+		PageSize: ctx.FormInt("limit"),
+	}
+	if listOptions.PageSize == 0 {
+		listOptions.PageSize = setting.Repository.Release.DefaultPagingNum
+	}
+	if listOptions.PageSize > setting.API.MaxResponseItems {
+		listOptions.PageSize = setting.API.MaxResponseItems
+	}
+
+	writeAccess := ctx.Repo.Permission.CanWrite(unit.TypeReleases)
+	ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived
+
+	releases, err := getReleaseInfos(ctx, &repo_model.FindReleasesOptions{
+		ListOptions: listOptions,
+		// only show draft releases for users who can write, read-only users shouldn't see draft releases.
+		IncludeDrafts: writeAccess,
+		RepoID:        ctx.Repo.Repository.ID,
+	})
+	if err != nil {
+		ctx.ServerError("getReleaseInfos", err)
+		return
+	}
+	for _, rel := range releases {
+		if rel.Release.IsTag && rel.Release.Title == "" {
+			rel.Release.Title = rel.Release.TagName
+		}
+	}
+
+	ctx.Data["Releases"] = releases
+
+	numReleases := ctx.Data["NumReleases"].(int64)
+	pager := context.NewPagination(numReleases, listOptions.PageSize, listOptions.Page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+	ctx.HTML(http.StatusOK, tplReleasesList)
+}
+
+// TagsList render tags list page
+func TagsList(ctx *context.Context) {
+	ctx.Data["PageIsTagList"] = true
+	ctx.Data["Title"] = ctx.Tr("repo.release.tags")
+	ctx.Data["CanCreateRelease"] = ctx.Repo.Permission.CanWrite(unit.TypeReleases) && !ctx.Repo.Repository.IsArchived
+
+	namePattern := ctx.FormTrim("q")
+
+	listOptions := db.ListOptions{
+		Page:     ctx.FormInt("page"),
+		PageSize: ctx.FormInt("limit"),
+	}
+	if listOptions.PageSize == 0 {
+		listOptions.PageSize = setting.Repository.Release.DefaultPagingNum
+	}
+	if listOptions.PageSize > setting.API.MaxResponseItems {
+		listOptions.PageSize = setting.API.MaxResponseItems
+	}
+
+	opts := repo_model.FindReleasesOptions{
+		ListOptions: listOptions,
+		// for the tags list page, show all releases with real tags (having real commit-id),
+		// the drafts should also be included because a real tag might be used as a draft.
+		IncludeDrafts: true,
+		IncludeTags:   true,
+		HasSha1:       optional.Some(true),
+		RepoID:        ctx.Repo.Repository.ID,
+		NamePattern:   optional.Some(namePattern),
+	}
+
+	releases, err := db.Find[repo_model.Release](ctx, opts)
+	if err != nil {
+		ctx.ServerError("GetReleasesByRepoID", err)
+		return
+	}
+
+	count, err := db.Count[repo_model.Release](ctx, opts)
+	if err != nil {
+		ctx.ServerError("GetReleasesByRepoID", err)
+		return
+	}
+
+	ctx.Data["Keyword"] = namePattern
+	ctx.Data["Releases"] = releases
+	ctx.Data["TagCount"] = count
+
+	pager := context.NewPagination(count, opts.PageSize, opts.Page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+	ctx.Data["PageIsViewCode"] = !ctx.Repo.Repository.UnitEnabled(ctx, unit.TypeReleases)
+	ctx.HTML(http.StatusOK, tplTagsList)
+}
+
+// ReleasesFeedRSS get feeds for releases in RSS format
+func ReleasesFeedRSS(ctx *context.Context) {
+	releasesOrTagsFeed(ctx, true, "rss")
+}
+
+// TagsListFeedRSS get feeds for tags in RSS format
+func TagsListFeedRSS(ctx *context.Context) {
+	releasesOrTagsFeed(ctx, false, "rss")
+}
+
+// ReleasesFeedAtom get feeds for releases in Atom format
+func ReleasesFeedAtom(ctx *context.Context) {
+	releasesOrTagsFeed(ctx, true, "atom")
+}
+
+// TagsListFeedAtom get feeds for tags in RSS format
+func TagsListFeedAtom(ctx *context.Context) {
+	releasesOrTagsFeed(ctx, false, "atom")
+}
+
+func releasesOrTagsFeed(ctx *context.Context, isReleasesOnly bool, formatType string) {
+	feed.ShowReleaseFeed(ctx, ctx.Repo.Repository, isReleasesOnly, formatType)
+}
+
+// SingleRelease renders a single release's page
+func SingleRelease(ctx *context.Context) {
+	ctx.Data["PageIsReleaseList"] = true
+
+	writeAccess := ctx.Repo.Permission.CanWrite(unit.TypeReleases)
+	ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived
+
+	releases, err := getReleaseInfos(ctx, &repo_model.FindReleasesOptions{
+		ListOptions: db.ListOptions{Page: 1, PageSize: 1},
+		RepoID:      ctx.Repo.Repository.ID,
+		TagNames:    []string{ctx.PathParam("*")},
+		// only show draft releases for users who can write, read-only users shouldn't see draft releases.
+		IncludeDrafts: writeAccess,
+		IncludeTags:   true,
+	})
+	if err != nil {
+		ctx.ServerError("getReleaseInfos", err)
+		return
+	}
+	if len(releases) != 1 {
+		ctx.NotFound(err)
+		return
+	}
+
+	release := releases[0].Release
+	if release.IsTag && release.Title == "" {
+		release.Title = release.TagName
+	}
+
+	ctx.Data["PageIsSingleTag"] = release.IsTag
+	ctx.Data["SingleReleaseTagName"] = release.TagName
+	if release.IsTag {
+		ctx.Data["Title"] = release.TagName
+	} else {
+		ctx.Data["Title"] = release.Title
+	}
+
+	ctx.Data["Releases"] = releases
+	ctx.HTML(http.StatusOK, tplReleasesList)
+}
+
+// LatestRelease redirects to the latest release
+func LatestRelease(ctx *context.Context) {
+	release, err := repo_model.GetLatestReleaseByRepoID(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		if repo_model.IsErrReleaseNotExist(err) {
+			ctx.NotFound(err)
+			return
+		}
+		ctx.ServerError("GetLatestReleaseByRepoID", err)
+		return
+	}
+
+	if err := release.LoadAttributes(ctx); err != nil {
+		ctx.ServerError("LoadAttributes", err)
+		return
+	}
+
+	ctx.Redirect(release.Link())
+}
+
+func newReleaseCommon(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.release.new_release")
+	ctx.Data["PageIsReleaseList"] = true
+
+	tags, err := repo_model.GetTagNamesByRepoID(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("GetTagNamesByRepoID", err)
+		return
+	}
+	ctx.Data["Tags"] = tags
+
+	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
+	assigneeUsers, err := repo_model.GetRepoAssignees(ctx, ctx.Repo.Repository)
+	if err != nil {
+		ctx.ServerError("GetRepoAssignees", err)
+		return
+	}
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
+
+	upload.AddUploadContext(ctx, "release")
+
+	PrepareBranchList(ctx) // for New Release page
+}
+
+// NewRelease render creating or edit release page
+func NewRelease(ctx *context.Context) {
+	newReleaseCommon(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.Data["ShowCreateTagOnlyButton"] = true
+
+	// pre-fill the form with the tag name, target branch and the existing release (if exists)
+	ctx.Data["tag_target"] = ctx.Repo.Repository.DefaultBranch
+	if tagName := ctx.FormString("tag"); tagName != "" {
+		rel, err := repo_model.GetRelease(ctx, ctx.Repo.Repository.ID, tagName)
+		if err != nil && !repo_model.IsErrReleaseNotExist(err) {
+			ctx.ServerError("GetRelease", err)
+			return
+		}
+
+		if rel != nil {
+			rel.Repo = ctx.Repo.Repository
+			if err = rel.LoadAttributes(ctx); err != nil {
+				ctx.ServerError("LoadAttributes", err)
+				return
+			}
+
+			ctx.Data["ShowCreateTagOnlyButton"] = false
+			ctx.Data["tag_name"] = rel.TagName
+			ctx.Data["tag_target"] = util.IfZero(rel.Target, ctx.Repo.Repository.DefaultBranch)
+			ctx.Data["title"] = rel.Title
+			ctx.Data["content"] = rel.Note
+			ctx.Data["attachments"] = rel.Attachments
+		}
+	}
+
+	ctx.HTML(http.StatusOK, tplReleaseNew)
+}
+
+// GenerateReleaseNotes builds release notes content for the given tag and base.
+func GenerateReleaseNotes(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.GenerateReleaseNotesForm)
+
+	if ctx.HasError() {
+		ctx.JSONError(ctx.GetErrMsg())
+		return
+	}
+
+	content, err := release_service.GenerateReleaseNotes(ctx, ctx.Repo.Repository, ctx.Repo.GitRepo, release_service.GenerateReleaseNotesOptions{
+		TagName:     form.TagName,
+		TagTarget:   form.TagTarget,
+		PreviousTag: form.PreviousTag,
+	})
+	if err != nil {
+		if errTr := util.ErrorAsTranslatable(err); errTr != nil {
+			ctx.JSONError(errTr.Translate(ctx.Locale))
+		} else {
+			ctx.ServerError("GenerateReleaseNotes", err)
+		}
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{"content": content})
+}
+
+// NewReleasePost response for creating a release
+func NewReleasePost(ctx *context.Context) {
+	newReleaseCommon(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	form := web.GetForm(ctx).(*forms.NewReleaseForm)
+
+	// first, check whether the release exists, and prepare "ShowCreateTagOnlyButton"
+	// the logic should be done before the form error check to make the tmpl has correct variables
+	rel, err := repo_model.GetRelease(ctx, ctx.Repo.Repository.ID, form.TagName)
+	if err != nil && !repo_model.IsErrReleaseNotExist(err) {
+		ctx.ServerError("GetRelease", err)
+		return
+	}
+
+	// We should still show the "tag only" button if the user clicks it, no matter the release exists or not.
+	// Because if error occurs, end users need to have the chance to edit the name and submit the form with "tag-only" again.
+	// It is still not completely right, because there could still be cases like this:
+	// * user visit "new release" page, see the "tag only" button
+	// * input something, click other buttons but not "tag only"
+	// * error occurs, the "new release" page is rendered again, but the "tag only" button is gone
+	// Such cases are not able to be handled by current code, it needs frontend code to toggle the "tag-only" button if the input changes.
+	// Or another choice is "always show the tag-only button" if error occurs.
+	ctx.Data["ShowCreateTagOnlyButton"] = form.TagOnly || rel == nil
+
+	// do some form checks
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplReleaseNew)
+		return
+	}
+
+	form.Target = util.IfZero(form.Target, ctx.Repo.Repository.DefaultBranch)
+	if exist, _ := git_model.IsBranchExist(ctx, ctx.Repo.Repository.ID, form.Target); !exist {
+		ctx.RenderWithErrDeprecated(ctx.Tr("form.target_branch_not_exist"), tplReleaseNew, &form)
+		return
+	}
+
+	if !form.TagOnly && form.Title == "" {
+		// if not "tag only", then the title of the release cannot be empty
+		ctx.RenderWithErrDeprecated(ctx.Tr("repo.release.title_empty"), tplReleaseNew, &form)
+		return
+	}
+
+	handleTagReleaseError := func(err error) {
+		ctx.Data["Err_TagName"] = true
+		switch {
+		case release_service.IsErrTagAlreadyExists(err):
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.branch.tag_collision", form.TagName), tplReleaseNew, &form)
+		case repo_model.IsErrReleaseAlreadyExist(err):
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.release.tag_name_already_exist"), tplReleaseNew, &form)
+		case release_service.IsErrInvalidTagName(err):
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.release.tag_name_invalid"), tplReleaseNew, &form)
+		case release_service.IsErrProtectedTagName(err):
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.release.tag_name_protected"), tplReleaseNew, &form)
+		default:
+			ctx.ServerError("handleTagReleaseError", err)
+		}
+	}
+
+	// prepare the git message for creating a new tag
+	newTagMsg := ""
+	if form.Title != "" && form.AddTagMsg {
+		newTagMsg = form.Title + "\n\n" + form.Content
+	}
+
+	// no release, and tag only
+	if rel == nil && form.TagOnly {
+		if err = release_service.CreateNewTag(ctx, ctx.Doer, ctx.Repo.Repository, form.Target, form.TagName, newTagMsg); err != nil {
+			handleTagReleaseError(err)
+			return
+		}
+		ctx.Flash.Success(ctx.Tr("repo.tag.create_success", form.TagName))
+		ctx.Redirect(ctx.Repo.RepoLink + "/src/tag/" + util.PathEscapeSegments(form.TagName))
+		return
+	}
+
+	attachmentUUIDs := util.Iif(setting.Attachment.Enabled, form.Files, nil)
+
+	// no existing release, create a new release
+	if rel == nil {
+		rel = &repo_model.Release{
+			RepoID:       ctx.Repo.Repository.ID,
+			Repo:         ctx.Repo.Repository,
+			PublisherID:  ctx.Doer.ID,
+			Publisher:    ctx.Doer,
+			Title:        form.Title,
+			TagName:      form.TagName,
+			Target:       form.Target,
+			Note:         form.Content,
+			IsDraft:      form.Draft,
+			IsPrerelease: form.Prerelease,
+			IsTag:        false,
+		}
+		if err = release_service.CreateRelease(ctx.Repo.GitRepo, rel, attachmentUUIDs, newTagMsg); err != nil {
+			handleTagReleaseError(err)
+			return
+		}
+		ctx.Redirect(ctx.Repo.RepoLink + "/releases")
+		return
+	}
+
+	// tag exists, try to convert it to a real release
+	// old logic: if the release is not a tag (it is a real release), do not update it on the "new release" page
+	// add new logic: if tag-only, do not convert the tag to a release
+	if form.TagOnly || !rel.IsTag {
+		ctx.Data["Err_TagName"] = true
+		ctx.RenderWithErrDeprecated(ctx.Tr("repo.release.tag_name_already_exist"), tplReleaseNew, &form)
+		return
+	}
+
+	// convert a tag to a real release (set is_tag=false)
+	rel.Title = form.Title
+	rel.Note = form.Content
+	rel.Target = form.Target
+	rel.IsDraft = form.Draft
+	rel.IsPrerelease = form.Prerelease
+	rel.PublisherID = ctx.Doer.ID
+	rel.IsTag = false
+	if err = release_service.UpdateRelease(ctx, ctx.Doer, ctx.Repo.GitRepo, rel, attachmentUUIDs, nil, nil); err != nil {
+		handleTagReleaseError(err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/releases")
+}
+
+// EditRelease render release edit page
+func EditRelease(ctx *context.Context) {
+	newReleaseCommon(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.Data["Title"] = ctx.Tr("repo.release.edit_release")
+	ctx.Data["PageIsEditRelease"] = true
+
+	tagName := ctx.PathParam("*")
+	rel, err := repo_model.GetRelease(ctx, ctx.Repo.Repository.ID, tagName)
+	if err != nil {
+		if repo_model.IsErrReleaseNotExist(err) {
+			ctx.NotFound(err)
+		} else {
+			ctx.ServerError("GetRelease", err)
+		}
+		return
+	}
+	if rel.IsTag {
+		ctx.NotFound(err) // for a pure tag release, don't allow to edit it as a release
+		return
+	}
+
+	ctx.Data["ID"] = rel.ID
+	ctx.Data["tag_name"] = rel.TagName
+	ctx.Data["tag_target"] = util.IfZero(rel.Target, ctx.Repo.Repository.DefaultBranch)
+	ctx.Data["title"] = rel.Title
+	ctx.Data["content"] = rel.Note
+	ctx.Data["prerelease"] = rel.IsPrerelease
+	ctx.Data["IsDraft"] = rel.IsDraft
+
+	rel.Repo = ctx.Repo.Repository
+	if err := rel.LoadAttributes(ctx); err != nil {
+		ctx.ServerError("LoadAttributes", err)
+		return
+	}
+	ctx.Data["attachments"] = rel.Attachments
+
+	// Get assignees.
+	assigneeUsers, err := repo_model.GetRepoAssignees(ctx, rel.Repo)
+	if err != nil {
+		ctx.ServerError("GetRepoAssignees", err)
+		return
+	}
+	ctx.Data["Assignees"] = shared_user.MakeSelfOnTop(ctx.Doer, assigneeUsers)
+
+	ctx.HTML(http.StatusOK, tplReleaseNew)
+}
+
+// EditReleasePost response for edit release
+func EditReleasePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditReleaseForm)
+
+	newReleaseCommon(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.Data["Title"] = ctx.Tr("repo.release.edit_release")
+	ctx.Data["PageIsEditRelease"] = true
+
+	tagName := ctx.PathParam("*")
+	rel, err := repo_model.GetRelease(ctx, ctx.Repo.Repository.ID, tagName)
+	if err != nil {
+		if repo_model.IsErrReleaseNotExist(err) {
+			ctx.NotFound(err)
+		} else {
+			ctx.ServerError("GetRelease", err)
+		}
+		return
+	}
+	if rel.IsTag {
+		ctx.NotFound(err) // for a pure tag release, don't allow to edit it as a release
+		return
+	}
+	ctx.Data["tag_name"] = rel.TagName
+	ctx.Data["tag_target"] = util.IfZero(rel.Target, ctx.Repo.Repository.DefaultBranch)
+	ctx.Data["title"] = rel.Title
+	ctx.Data["content"] = rel.Note
+	ctx.Data["prerelease"] = rel.IsPrerelease
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplReleaseNew)
+		return
+	}
+
+	const delPrefix = "attachment-del-"
+	const editPrefix = "attachment-edit-"
+	var addAttachmentUUIDs, delAttachmentUUIDs []string
+	editAttachments := make(map[string]string) // uuid -> new name
+	if setting.Attachment.Enabled {
+		addAttachmentUUIDs = form.Files
+		for k, v := range ctx.Req.Form {
+			if strings.HasPrefix(k, delPrefix) && v[0] == "true" {
+				delAttachmentUUIDs = append(delAttachmentUUIDs, k[len(delPrefix):])
+			} else if strings.HasPrefix(k, editPrefix) {
+				editAttachments[k[len(editPrefix):]] = v[0]
+			}
+		}
+	}
+
+	rel.Title = form.Title
+	rel.Note = form.Content
+	rel.IsDraft = len(form.Draft) > 0
+	rel.IsPrerelease = form.Prerelease
+	if err = release_service.UpdateRelease(ctx, ctx.Doer, ctx.Repo.GitRepo,
+		rel, addAttachmentUUIDs, delAttachmentUUIDs, editAttachments); err != nil {
+		ctx.ServerError("UpdateRelease", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/releases")
+}
+
+// DeleteRelease deletes a release
+func DeleteRelease(ctx *context.Context) {
+	deleteReleaseOrTag(ctx, false)
+}
+
+// DeleteTag deletes a tag
+func DeleteTag(ctx *context.Context) {
+	deleteReleaseOrTag(ctx, true)
+}
+
+func deleteReleaseOrTag(ctx *context.Context, isDelTag bool) {
+	redirect := func() {
+		if isDelTag {
+			ctx.JSONRedirect(ctx.Repo.RepoLink + "/tags")
+			return
+		}
+
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/releases")
+	}
+
+	rel, err := repo_model.GetReleaseForRepoByID(ctx, ctx.Repo.Repository.ID, ctx.FormInt64("id"))
+	if err != nil {
+		if repo_model.IsErrReleaseNotExist(err) {
+			ctx.NotFound(err)
+		} else {
+			ctx.Flash.Error("DeleteReleaseByID: " + err.Error())
+			redirect()
+		}
+		return
+	}
+
+	if err := release_service.DeleteReleaseByID(ctx, ctx.Repo.Repository, rel, ctx.Doer, isDelTag); err != nil {
+		if release_service.IsErrProtectedTagName(err) {
+			ctx.Flash.Error(ctx.Tr("repo.release.tag_name_protected"))
+		} else {
+			ctx.Flash.Error("DeleteReleaseByID: " + err.Error())
+		}
+	} else {
+		if isDelTag {
+			ctx.Flash.Success(ctx.Tr("repo.release.deletion_tag_success"))
+		} else {
+			ctx.Flash.Success(ctx.Tr("repo.release.deletion_success"))
+		}
+	}
+
+	redirect()
+}
@@ -0,0 +1,198 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"testing"
+
+	"gitea.dev/models/db"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	"gitea.dev/models/unittest"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/contexttest"
+	"gitea.dev/services/forms"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewReleasePost(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	get := func(t *testing.T, tagName string) *context.Context {
+		ctx, _ := contexttest.MockContext(t, "user2/repo1/releases/new?tag="+tagName)
+		contexttest.LoadUser(t, ctx, 2)
+		contexttest.LoadRepo(t, ctx, 1)
+		contexttest.LoadGitRepo(t, ctx)
+		defer ctx.Repo.GitRepo.Close()
+		NewRelease(ctx)
+		return ctx
+	}
+
+	t.Run("NewReleasePage", func(t *testing.T) {
+		ctx := get(t, "v1.1")
+		assert.Empty(t, ctx.Data["ShowCreateTagOnlyButton"])
+		ctx = get(t, "new-tag-name")
+		assert.NotEmpty(t, ctx.Data["ShowCreateTagOnlyButton"])
+	})
+
+	post := func(t *testing.T, form forms.NewReleaseForm) *context.Context {
+		ctx, _ := contexttest.MockContext(t, "user2/repo1/releases/new")
+		contexttest.LoadUser(t, ctx, 2)
+		contexttest.LoadRepo(t, ctx, 1)
+		contexttest.LoadGitRepo(t, ctx)
+		defer ctx.Repo.GitRepo.Close()
+		web.SetForm(ctx, &form)
+		NewReleasePost(ctx)
+		return ctx
+	}
+
+	loadRelease := func(t *testing.T, tagName string) *repo_model.Release {
+		return unittest.GetBean(t, &repo_model.Release{}, unittest.Cond("repo_id=1 AND tag_name=?", tagName))
+	}
+
+	t.Run("NewTagRelease", func(t *testing.T) {
+		post(t, forms.NewReleaseForm{
+			TagName: "newtag",
+			Target:  "master",
+			Title:   "title",
+			Content: "content",
+		})
+		rel := loadRelease(t, "newtag")
+		require.NotNil(t, rel)
+		assert.False(t, rel.IsTag)
+		assert.Equal(t, "master", rel.Target)
+		assert.Equal(t, "title", rel.Title)
+		assert.Equal(t, "content", rel.Note)
+	})
+
+	t.Run("ReleaseExistsDoUpdate(non-tag)", func(t *testing.T) {
+		ctx := post(t, forms.NewReleaseForm{
+			TagName: "v1.1",
+			Target:  "master",
+			Title:   "updated-title",
+			Content: "updated-content",
+		})
+		rel := loadRelease(t, "v1.1")
+		require.NotNil(t, rel)
+		assert.False(t, rel.IsTag)
+		assert.Equal(t, "testing-release", rel.Title)
+		assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+	})
+
+	t.Run("ReleaseExistsDoUpdate(tag-only)", func(t *testing.T) {
+		ctx := post(t, forms.NewReleaseForm{
+			TagName: "delete-tag", // a strange name, but it is the only "is_tag=true" fixture
+			Target:  "master",
+			Title:   "updated-title",
+			Content: "updated-content",
+			TagOnly: true,
+		})
+		rel := loadRelease(t, "delete-tag")
+		require.NotNil(t, rel)
+		assert.True(t, rel.IsTag) // the record should not be updated because the request is "tag-only". TODO: need to improve the logic?
+		assert.Equal(t, "delete-tag", rel.Title)
+		assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+		assert.NotEmpty(t, ctx.Data["ShowCreateTagOnlyButton"]) // still show the "tag-only" button
+	})
+
+	t.Run("ReleaseExistsDoUpdate(tag-release)", func(t *testing.T) {
+		ctx := post(t, forms.NewReleaseForm{
+			TagName: "delete-tag", // a strange name, but it is the only "is_tag=true" fixture
+			Target:  "master",
+			Title:   "updated-title",
+			Content: "updated-content",
+		})
+		rel := loadRelease(t, "delete-tag")
+		require.NotNil(t, rel)
+		assert.False(t, rel.IsTag) // the tag has been "updated" to be a real "release"
+		assert.Equal(t, "updated-title", rel.Title)
+		assert.Empty(t, ctx.Flash.ErrorMsg)
+	})
+
+	t.Run("TagOnly", func(t *testing.T) {
+		ctx := post(t, forms.NewReleaseForm{
+			TagName: "new-tag-only",
+			Target:  "master",
+			Title:   "title",
+			Content: "content",
+			TagOnly: true,
+		})
+		rel := loadRelease(t, "new-tag-only")
+		require.NotNil(t, rel)
+		assert.True(t, rel.IsTag)
+		assert.Empty(t, ctx.Flash.ErrorMsg)
+	})
+
+	t.Run("TagOnlyConflict", func(t *testing.T) {
+		ctx := post(t, forms.NewReleaseForm{
+			TagName: "v1.1",
+			Target:  "master",
+			Title:   "title",
+			Content: "content",
+			TagOnly: true,
+		})
+		rel := loadRelease(t, "v1.1")
+		require.NotNil(t, rel)
+		assert.False(t, rel.IsTag)
+		assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+	})
+}
+
+func TestCalReleaseNumCommitsBehind(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "user2/repo-release/releases")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 57)
+	contexttest.LoadGitRepo(t, ctx)
+	t.Cleanup(func() { ctx.Repo.GitRepo.Close() })
+
+	releases, err := db.Find[repo_model.Release](ctx, repo_model.FindReleasesOptions{
+		IncludeDrafts: ctx.Repo.Permission.CanWrite(unit.TypeReleases),
+		RepoID:        ctx.Repo.Repository.ID,
+	})
+	assert.NoError(t, err)
+
+	countCache := make(map[string]int64)
+	for _, release := range releases {
+		err := calReleaseNumCommitsBehind(ctx, ctx.Repo, release, countCache)
+		assert.NoError(t, err)
+	}
+
+	type computedFields struct {
+		NumCommitsBehind int64
+		TargetBehind     string
+	}
+	expectedComputation := map[string]computedFields{
+		"v1.0": {
+			NumCommitsBehind: 3,
+			TargetBehind:     "main",
+		},
+		"v1.1": {
+			NumCommitsBehind: 1,
+			TargetBehind:     "main",
+		},
+		"v2.0": {
+			NumCommitsBehind: 0,
+			TargetBehind:     "main",
+		},
+		"non-existing-target-branch": {
+			NumCommitsBehind: 1,
+			TargetBehind:     "main",
+		},
+		"empty-target-branch": {
+			NumCommitsBehind: 1,
+			TargetBehind:     "main",
+		},
+	}
+	for _, r := range releases {
+		actual := computedFields{
+			NumCommitsBehind: r.NumCommitsBehind,
+			TargetBehind:     r.TargetBehind,
+		}
+		assert.Equal(t, expectedComputation[r.TagName], actual, "wrong computed fields for %s: %#v", r.TagName, r)
+	}
+}
@@ -0,0 +1,77 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"path"
+
+	"gitea.dev/models/renderhelper"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/markup"
+	"gitea.dev/services/context"
+)
+
+// RenderFile renders a file by repos path
+func RenderFile(ctx *context.Context) {
+	var blob *git.Blob
+	var err error
+	if ctx.Repo.TreePath != "" {
+		blob, err = ctx.Repo.Commit.GetBlobByPath(ctx.Repo.TreePath)
+	} else {
+		blob, err = ctx.Repo.GitRepo.GetBlob(ctx.PathParam("sha"))
+	}
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound(err)
+		} else {
+			ctx.ServerError("GetBlobByPath", err)
+		}
+		return
+	}
+
+	blobReader, err := blob.DataAsync()
+	if err != nil {
+		ctx.ServerError("DataAsync", err)
+		return
+	}
+	defer blobReader.Close()
+
+	rctx := renderhelper.NewRenderContextRepoFile(ctx, ctx.Repo.Repository, renderhelper.RepoFileOptions{
+		CurrentRefSubURL: ctx.Repo.RefTypeNameSubURL(),
+		CurrentTreePath:  path.Dir(ctx.Repo.TreePath),
+	}).WithRelativePath(ctx.Repo.TreePath).WithStandalonePage(markup.StandalonePageOptions{
+		CurrentWebTheme:   ctx.TemplateContext.CurrentWebTheme(),
+		RenderQueryString: ctx.Req.URL.RawQuery,
+	})
+	renderer, rendererInput, err := rctx.DetectMarkupRendererByReader(blobReader)
+	if err != nil {
+		http.Error(ctx.Resp, "Unable to find renderer", http.StatusBadRequest)
+		return
+	}
+
+	extRenderer, ok := renderer.(markup.ExternalRenderer)
+	if !ok {
+		http.Error(ctx.Resp, "Unable to get external renderer", http.StatusBadRequest)
+		return
+	}
+
+	// To render PDF in iframe, the sandbox must NOT be used (iframe & CSP header).
+	// Chrome blocks the PDF rendering when sandboxed, even if all "allow-*" are set.
+	// HINT: PDF-RENDER-SANDBOX: PDF won't render in sandboxed context
+	extRendererOpts := extRenderer.GetExternalRendererOptions()
+	if extRendererOpts.ContentSandbox != "" {
+		ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox "+extRendererOpts.ContentSandbox)
+	} else {
+		ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'")
+	}
+
+	err = markup.RenderWithRenderer(rctx, renderer, rendererInput, ctx.Resp)
+	if err != nil {
+		log.Error("Failed to render file %q: %v", ctx.Repo.TreePath, err)
+		http.Error(ctx.Resp, "Failed to render file", http.StatusInternalServerError)
+		return
+	}
+}
@@ -0,0 +1,631 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"slices"
+	"strings"
+
+	"gitea.dev/models/db"
+	git_model "gitea.dev/models/git"
+	"gitea.dev/models/organization"
+	access_model "gitea.dev/models/perm/access"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/cache"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/optional"
+	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/setting"
+	api "gitea.dev/modules/structs"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/convert"
+	"gitea.dev/services/forms"
+	repo_service "gitea.dev/services/repository"
+	archiver_service "gitea.dev/services/repository/archiver"
+	commitstatus_service "gitea.dev/services/repository/commitstatus"
+)
+
+const (
+	tplCreate       templates.TplName = "repo/create"
+	tplAlertDetails templates.TplName = "base/alert_details"
+)
+
+// MustBeNotEmpty render when a repo is a empty git dir
+func MustBeNotEmpty(ctx *context.Context) {
+	if ctx.Repo.Repository.IsEmpty {
+		ctx.NotFound(nil)
+	}
+}
+
+// MustBeEditable check that repo can be edited
+func MustBeEditable(ctx *context.Context) {
+	if !ctx.Repo.Repository.CanEnableEditor() {
+		ctx.NotFound(nil)
+		return
+	}
+}
+
+// MustBeAbleToUpload check that repo can be uploaded to
+func MustBeAbleToUpload(ctx *context.Context) {
+	if !setting.Repository.Upload.Enabled {
+		ctx.NotFound(nil)
+	}
+}
+
+func CommitInfoCache(ctx *context.Context) {
+	var err error
+	ctx.Repo.Commit, err = ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultBranch)
+	if err != nil {
+		ctx.ServerError("GetBranchCommit", err)
+		return
+	}
+	ctx.Repo.CommitsCount, err = ctx.Repo.GetCommitsCount(ctx)
+	if err != nil {
+		ctx.ServerError("GetCommitsCount", err)
+		return
+	}
+	ctx.Data["CommitsCount"] = ctx.Repo.CommitsCount
+	ctx.Repo.GitRepo.LastCommitCache = git.NewLastCommitCache(ctx.Repo.CommitsCount, ctx.Repo.Repository.FullName(), ctx.Repo.GitRepo, cache.GetCache())
+}
+
+func checkContextUser(ctx *context.Context, uid int64) *user_model.User {
+	orgs, err := organization.GetOrgsCanCreateRepoByUserID(ctx, ctx.Doer.ID)
+	if err != nil {
+		ctx.ServerError("GetOrgsCanCreateRepoByUserID", err)
+		return nil
+	}
+
+	var orgsAvailable []*organization.Organization
+	for i := range orgs {
+		if ctx.Doer.CanCreateRepoIn(orgs[i].AsUser()) {
+			orgsAvailable = append(orgsAvailable, orgs[i])
+		}
+	}
+	ctx.Data["Orgs"] = orgsAvailable
+
+	// Not equal means current user is an organization.
+	if uid == ctx.Doer.ID || uid == 0 {
+		return ctx.Doer
+	}
+
+	org, err := user_model.GetUserByID(ctx, uid)
+	if user_model.IsErrUserNotExist(err) {
+		return ctx.Doer
+	}
+
+	if err != nil {
+		ctx.ServerError("GetUserByID", fmt.Errorf("[%d]: %w", uid, err))
+		return nil
+	}
+
+	// Check ownership of organization.
+	if !org.IsOrganization() {
+		ctx.HTTPError(http.StatusForbidden)
+		return nil
+	}
+	if !ctx.Doer.IsAdmin {
+		canCreate, err := organization.OrgFromUser(org).CanCreateOrgRepo(ctx, ctx.Doer.ID)
+		if err != nil {
+			ctx.ServerError("CanCreateOrgRepo", err)
+			return nil
+		} else if !canCreate {
+			ctx.HTTPError(http.StatusForbidden)
+			return nil
+		}
+	} else {
+		ctx.Data["Orgs"] = orgs
+	}
+	return org
+}
+
+func getRepoPrivate(ctx *context.Context) bool {
+	switch strings.ToLower(setting.Repository.DefaultPrivate) {
+	case setting.RepoCreatingLastUserVisibility:
+		return ctx.Doer.LastRepoVisibility
+	case setting.RepoCreatingPrivate:
+		return true
+	case setting.RepoCreatingPublic:
+		return false
+	default:
+		return ctx.Doer.LastRepoVisibility
+	}
+}
+
+func createCommon(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("new_repo")
+	ctx.Data["Gitignores"] = repo_module.Gitignores
+	ctx.Data["LabelTemplateFiles"] = repo_module.LabelTemplateFiles
+	ctx.Data["Licenses"] = repo_module.Licenses
+	ctx.Data["Readmes"] = repo_module.Readmes
+	ctx.Data["IsForcedPrivate"] = setting.Repository.ForcePrivate
+	ctx.Data["CanCreateRepoInDoer"] = ctx.Doer.CanCreateRepoIn(ctx.Doer)
+	ctx.Data["MaxCreationLimitOfDoer"] = ctx.Doer.MaxCreationLimit()
+	ctx.Data["SupportedObjectFormats"] = git.DefaultFeatures().SupportedObjectFormats
+	ctx.Data["DefaultObjectFormat"] = git.Sha1ObjectFormat
+}
+
+// Create render creating repository page
+func Create(ctx *context.Context) {
+	createCommon(ctx)
+	ctxUser := checkContextUser(ctx, ctx.FormInt64("org"))
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["ContextUser"] = ctxUser
+
+	ctx.Data["readme"] = "Default"
+	ctx.Data["private"] = getRepoPrivate(ctx)
+	ctx.Data["default_branch"] = setting.Repository.DefaultBranch
+	ctx.Data["repo_template_name"] = ctx.Tr("repo.template_select")
+
+	templateID := ctx.FormInt64("template_id")
+	if templateID > 0 {
+		templateRepo, err := repo_model.GetRepositoryByID(ctx, templateID)
+		if err == nil && access_model.CheckRepoUnitUser(ctx, templateRepo, ctxUser, unit.TypeCode) {
+			ctx.Data["repo_template"] = templateID
+			ctx.Data["repo_template_name"] = templateRepo.Name
+		}
+	}
+
+	ctx.HTML(http.StatusOK, tplCreate)
+}
+
+func handleCreateError(ctx *context.Context, owner *user_model.User, err error, name string, tpl templates.TplName, form any) {
+	switch {
+	case repo_model.IsErrReachLimitOfRepo(err):
+		maxCreationLimit := owner.MaxCreationLimit()
+		msg := ctx.TrN(maxCreationLimit, "repo.form.reach_limit_of_creation_1", "repo.form.reach_limit_of_creation_n", maxCreationLimit)
+		ctx.RenderWithErrDeprecated(msg, tpl, form)
+	case repo_model.IsErrRepoAlreadyExist(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErrDeprecated(ctx.Tr("form.repo_name_been_taken"), tpl, form)
+	case repo_model.IsErrRepoFilesAlreadyExist(err):
+		ctx.Data["Err_RepoName"] = true
+		switch {
+		case ctx.IsUserSiteAdmin() || (setting.Repository.AllowAdoptionOfUnadoptedRepositories && setting.Repository.AllowDeleteOfUnadoptedRepositories):
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.repository_files_already_exist.adopt_or_delete"), tpl, form)
+		case setting.Repository.AllowAdoptionOfUnadoptedRepositories:
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.repository_files_already_exist.adopt"), tpl, form)
+		case setting.Repository.AllowDeleteOfUnadoptedRepositories:
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.repository_files_already_exist.delete"), tpl, form)
+		default:
+			ctx.RenderWithErrDeprecated(ctx.Tr("form.repository_files_already_exist"), tpl, form)
+		}
+	case db.IsErrNameReserved(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErrDeprecated(ctx.Tr("repo.form.name_reserved", err.(db.ErrNameReserved).Name), tpl, form)
+	case db.IsErrNamePatternNotAllowed(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErrDeprecated(ctx.Tr("repo.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), tpl, form)
+	default:
+		ctx.ServerError(name, err)
+	}
+}
+
+// CreatePost response for creating repository
+func CreatePost(ctx *context.Context) {
+	createCommon(ctx)
+	form := web.GetForm(ctx).(*forms.CreateRepoForm)
+
+	ctxUser := checkContextUser(ctx, form.UID)
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["ContextUser"] = ctxUser
+
+	if form.RepoTemplate > 0 {
+		templateRepo, err := repo_model.GetRepositoryByID(ctx, form.RepoTemplate)
+		if err == nil && access_model.CheckRepoUnitUser(ctx, templateRepo, ctxUser, unit.TypeCode) {
+			ctx.Data["repo_template"] = form.RepoTemplate
+			ctx.Data["repo_template_name"] = templateRepo.Name
+		}
+	}
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplCreate)
+		return
+	}
+
+	var repo *repo_model.Repository
+	var err error
+	if form.RepoTemplate > 0 {
+		opts := repo_service.GenerateRepoOptions{
+			Name:            form.RepoName,
+			Description:     form.Description,
+			Private:         form.Private || setting.Repository.ForcePrivate,
+			GitContent:      form.GitContent,
+			Topics:          form.Topics,
+			GitHooks:        form.GitHooks,
+			Webhooks:        form.Webhooks,
+			Avatar:          form.Avatar,
+			IssueLabels:     form.Labels,
+			ProtectedBranch: form.ProtectedBranch,
+		}
+
+		if !opts.IsValid() {
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.template.one_item"), tplCreate, form)
+			return
+		}
+
+		templateRepo := getRepository(ctx, form.RepoTemplate)
+		if ctx.Written() {
+			return
+		}
+
+		if !templateRepo.IsTemplate {
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.template.invalid"), tplCreate, form)
+			return
+		}
+
+		repo, err = repo_service.GenerateRepository(ctx, ctx.Doer, ctxUser, templateRepo, opts)
+		if err == nil {
+			log.Trace("Repository generated [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
+			ctx.Redirect(repo.Link())
+			return
+		}
+	} else {
+		repo, err = repo_service.CreateRepository(ctx, ctx.Doer, ctxUser, repo_service.CreateRepoOptions{
+			Name:             form.RepoName,
+			Description:      form.Description,
+			Gitignores:       form.Gitignores,
+			IssueLabels:      form.IssueLabels,
+			License:          form.License,
+			Readme:           form.Readme,
+			IsPrivate:        form.Private || setting.Repository.ForcePrivate,
+			DefaultBranch:    form.DefaultBranch,
+			AutoInit:         form.AutoInit,
+			IsTemplate:       form.Template,
+			TrustModel:       repo_model.DefaultTrustModel,
+			ObjectFormatName: form.ObjectFormatName,
+		})
+		if err == nil {
+			log.Trace("Repository created [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
+			ctx.Redirect(repo.Link())
+			return
+		}
+	}
+
+	handleCreateError(ctx, ctxUser, err, "CreatePost", tplCreate, &form)
+}
+
+func handleActionError(ctx *context.Context, err error) {
+	switch {
+	case errors.Is(err, user_model.ErrBlockedUser):
+		ctx.JSONError(ctx.Tr("repo.action.blocked_user"))
+	case repo_service.IsRepositoryLimitReached(err):
+		limit := err.(repo_service.LimitReachedError).Limit
+		ctx.JSONError(ctx.TrN(limit, "repo.form.reach_limit_of_creation_1", "repo.form.reach_limit_of_creation_n", limit))
+	case errors.Is(err, util.ErrPermissionDenied):
+		ctx.JSONError(ctx.Tr("error.permission_denied"))
+	default:
+		ctx.ServerError(fmt.Sprintf("Action (%s)", ctx.PathParam("action")), err)
+	}
+}
+
+// RedirectDownload return a file based on the following infos:
+func RedirectDownload(ctx *context.Context) {
+	var (
+		vTag     = ctx.PathParam("vTag")
+		fileName = ctx.PathParam("fileName")
+	)
+	tagNames := []string{vTag}
+	curRepo := ctx.Repo.Repository
+	releases, err := db.Find[repo_model.Release](ctx, repo_model.FindReleasesOptions{
+		IncludeDrafts: ctx.Repo.Permission.CanWrite(unit.TypeReleases),
+		RepoID:        curRepo.ID,
+		TagNames:      tagNames,
+	})
+	if err != nil {
+		ctx.ServerError("RedirectDownload", err)
+		return
+	}
+	if len(releases) == 1 {
+		release := releases[0]
+		att, err := repo_model.GetAttachmentByReleaseIDFileName(ctx, release.ID, fileName)
+		if err != nil {
+			ctx.HTTPError(http.StatusNotFound)
+			return
+		}
+		if att != nil {
+			ServeAttachment(ctx, att.UUID)
+			return
+		}
+	} else if len(releases) == 0 && vTag == "latest" {
+		// GitHub supports the alias "latest" for the latest release
+		// We only fetch the latest release if the tag is "latest" and no release with the tag "latest" exists
+		release, err := repo_model.GetLatestReleaseByRepoID(ctx, ctx.Repo.Repository.ID)
+		if err != nil {
+			ctx.HTTPError(http.StatusNotFound)
+			return
+		}
+		att, err := repo_model.GetAttachmentByReleaseIDFileName(ctx, release.ID, fileName)
+		if err != nil {
+			ctx.HTTPError(http.StatusNotFound)
+			return
+		}
+		if att != nil {
+			ServeAttachment(ctx, att.UUID)
+			return
+		}
+	}
+	ctx.HTTPError(http.StatusNotFound)
+}
+
+// Download an archive of a repository
+func Download(ctx *context.Context) {
+	if !checkDownloadTokenScope(ctx) {
+		return
+	}
+
+	aReq, err := archiver_service.NewRequest(ctx.Repo.Repository, ctx.Repo.GitRepo, ctx.PathParam("*"), ctx.FormStrings("path"))
+	if err != nil {
+		if errors.Is(err, util.ErrInvalidArgument) {
+			ctx.HTTPError(http.StatusBadRequest, err.Error())
+		} else if errors.Is(err, util.ErrNotExist) {
+			ctx.HTTPError(http.StatusNotFound, err.Error())
+		} else {
+			ctx.ServerError("archiver_service.NewRequest", err)
+		}
+		return
+	}
+	err = archiver_service.ServeRepoArchive(ctx.Base, aReq)
+	if err != nil {
+		if errors.Is(err, util.ErrInvalidArgument) {
+			ctx.HTTPError(http.StatusBadRequest, err.Error())
+		} else {
+			ctx.ServerError("archiver_service.ServeRepoArchive", err)
+		}
+	}
+}
+
+// InitiateDownload will enqueue an archival request, as needed.  It may submit
+// a request that's already in-progress, but the archiver service will just
+// kind of drop it on the floor if this is the case.
+func InitiateDownload(ctx *context.Context) {
+	if !checkDownloadTokenScope(ctx) {
+		return
+	}
+
+	paths := ctx.FormStrings("path")
+	if setting.Repository.StreamArchives || len(paths) > 0 {
+		ctx.JSON(http.StatusOK, map[string]any{
+			"complete": true,
+		})
+		return
+	}
+	aReq, err := archiver_service.NewRequest(ctx.Repo.Repository, ctx.Repo.GitRepo, ctx.PathParam("*"), paths)
+	if err != nil {
+		ctx.HTTPError(http.StatusBadRequest, "invalid archive request")
+		return
+	}
+	if aReq == nil {
+		ctx.HTTPError(http.StatusNotFound)
+		return
+	}
+
+	archiver, err := repo_model.GetRepoArchiver(ctx, aReq.Repo.ID, aReq.Type, aReq.CommitID)
+	if err != nil {
+		ctx.ServerError("archiver_service.StartArchive", err)
+		return
+	}
+	if archiver == nil || archiver.Status != repo_model.ArchiverReady {
+		if err := archiver_service.StartArchive(aReq); err != nil {
+			ctx.ServerError("archiver_service.StartArchive", err)
+			return
+		}
+	}
+
+	var completed bool
+	if archiver != nil && archiver.Status == repo_model.ArchiverReady {
+		completed = true
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"complete": completed,
+	})
+}
+
+// SearchRepo repositories via options
+func SearchRepo(ctx *context.Context) {
+	page := ctx.FormInt("page")
+	if page <= 0 {
+		page = 1
+	}
+	opts := repo_model.SearchRepoOptions{
+		ListOptions: db.ListOptions{
+			Page:     page,
+			PageSize: convert.ToCorrectPageSize(ctx.FormInt("limit")),
+		},
+		Actor:              ctx.Doer,
+		Keyword:            ctx.FormTrim("q"),
+		OwnerID:            ctx.FormInt64("uid"),
+		PriorityOwnerID:    ctx.FormInt64("priority_owner_id"),
+		TeamID:             ctx.FormInt64("team_id"),
+		TopicOnly:          ctx.FormBool("topic"),
+		Collaborate:        optional.None[bool](),
+		Private:            ctx.IsSigned && (ctx.FormString("private") == "" || ctx.FormBool("private")),
+		Template:           optional.None[bool](),
+		StarredByID:        ctx.FormInt64("starredBy"),
+		IncludeDescription: ctx.FormBool("includeDesc"),
+	}
+
+	if ctx.FormString("template") != "" {
+		opts.Template = optional.Some(ctx.FormBool("template"))
+	}
+
+	if ctx.FormBool("exclusive") {
+		opts.Collaborate = optional.Some(false)
+	}
+
+	mode := ctx.FormString("mode")
+	switch mode {
+	case "source":
+		opts.Fork = optional.Some(false)
+		opts.Mirror = optional.Some(false)
+	case "fork":
+		opts.Fork = optional.Some(true)
+	case "mirror":
+		opts.Mirror = optional.Some(true)
+	case "collaborative":
+		opts.Mirror = optional.Some(false)
+		opts.Collaborate = optional.Some(true)
+	case "":
+	default:
+		ctx.HTTPError(http.StatusUnprocessableEntity, fmt.Sprintf("Invalid search mode: \"%s\"", mode))
+		return
+	}
+
+	if ctx.FormString("archived") != "" {
+		opts.Archived = optional.Some(ctx.FormBool("archived"))
+	}
+
+	if ctx.FormString("is_private") != "" {
+		opts.IsPrivate = optional.Some(ctx.FormBool("is_private"))
+	}
+
+	sortMode := ctx.FormString("sort")
+	if len(sortMode) > 0 {
+		sortOrder := ctx.FormString("order")
+		if len(sortOrder) == 0 {
+			sortOrder = "asc"
+		}
+		if searchModeMap, ok := repo_model.OrderByMap[sortOrder]; ok {
+			if orderBy, ok := searchModeMap[sortMode]; ok {
+				opts.OrderBy = orderBy
+			} else {
+				ctx.HTTPError(http.StatusUnprocessableEntity, fmt.Sprintf("Invalid sort mode: \"%s\"", sortMode))
+				return
+			}
+		} else {
+			ctx.HTTPError(http.StatusUnprocessableEntity, fmt.Sprintf("Invalid sort order: \"%s\"", sortOrder))
+			return
+		}
+	}
+
+	// To improve performance when only the count is requested
+	if ctx.FormBool("count_only") {
+		if count, err := repo_model.CountRepository(ctx, opts); err != nil {
+			log.Error("CountRepository: %v", err)
+			ctx.JSON(http.StatusInternalServerError, nil) // frontend JS doesn't handle error response (same as below)
+		} else {
+			ctx.SetTotalCountHeader(count)
+			ctx.JSONOK()
+		}
+		return
+	}
+
+	repos, count, err := repo_model.SearchRepository(ctx, opts)
+	if err != nil {
+		log.Error("SearchRepository: %v", err)
+		ctx.JSON(http.StatusInternalServerError, nil)
+		return
+	}
+
+	ctx.SetTotalCountHeader(count)
+
+	latestCommitStatuses, err := commitstatus_service.FindReposLatestCommitStatuses(ctx, repos)
+	if err != nil {
+		log.Error("FindReposLatestCommitStatuses: %v", err)
+		ctx.JSON(http.StatusInternalServerError, nil)
+		return
+	}
+	if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
+		git_model.CommitStatusesHideActionsURL(ctx, latestCommitStatuses)
+	}
+
+	results := make([]*repo_service.WebSearchRepository, len(repos))
+	for i, repo := range repos {
+		results[i] = &repo_service.WebSearchRepository{
+			Repository: &api.Repository{
+				ID:       repo.ID,
+				FullName: repo.FullName(),
+				Fork:     repo.IsFork,
+				Private:  repo.IsPrivate,
+				Template: repo.IsTemplate,
+				Mirror:   repo.IsMirror,
+				Stars:    repo.NumStars,
+				HTMLURL:  repo.HTMLURL(ctx),
+				Link:     repo.Link(),
+				Internal: !repo.IsPrivate && repo.Owner.Visibility == api.VisibleTypePrivate,
+			},
+		}
+
+		if latestCommitStatuses[i] != nil {
+			results[i].LatestCommitStatus = latestCommitStatuses[i]
+			results[i].LocaleLatestCommitStatus = latestCommitStatuses[i].LocaleString(ctx.Locale)
+		}
+	}
+
+	ctx.JSON(http.StatusOK, repo_service.WebSearchResults{
+		OK:   true,
+		Data: results,
+	})
+}
+
+type branchTagSearchResponse struct {
+	Results []string `json:"results"`
+}
+
+// GetBranchesList get branches for current repo'
+func GetBranchesList(ctx *context.Context) {
+	branchOpts := git_model.FindBranchOptions{
+		RepoID:          ctx.Repo.Repository.ID,
+		IsDeletedBranch: optional.Some(false),
+		ListOptions:     db.ListOptionsAll,
+	}
+	branches, err := git_model.FindBranchNames(ctx, branchOpts)
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, err)
+		return
+	}
+	resp := &branchTagSearchResponse{}
+	// always put default branch on the top if it exists
+	if slices.Contains(branches, ctx.Repo.Repository.DefaultBranch) {
+		branches = util.SliceRemoveAll(branches, ctx.Repo.Repository.DefaultBranch)
+		branches = append([]string{ctx.Repo.Repository.DefaultBranch}, branches...)
+	}
+	resp.Results = branches
+	ctx.JSON(http.StatusOK, resp)
+}
+
+// GetTagList get tag list for current repo
+func GetTagList(ctx *context.Context) {
+	tags, err := repo_model.GetTagNamesByRepoID(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, err)
+		return
+	}
+	resp := &branchTagSearchResponse{}
+	resp.Results = tags
+	ctx.JSON(http.StatusOK, resp)
+}
+
+func PrepareBranchList(ctx *context.Context) {
+	branchOpts := git_model.FindBranchOptions{
+		RepoID:          ctx.Repo.Repository.ID,
+		IsDeletedBranch: optional.Some(false),
+		ListOptions:     db.ListOptionsAll,
+	}
+	brs, err := git_model.FindBranchNames(ctx, branchOpts)
+	if err != nil {
+		ctx.ServerError("GetBranches", err)
+		return
+	}
+	// always put default branch on the top if it exists
+	if slices.Contains(brs, ctx.Repo.Repository.DefaultBranch) {
+		brs = util.SliceRemoveAll(brs, ctx.Repo.Repository.DefaultBranch)
+		brs = append([]string{ctx.Repo.Repository.DefaultBranch}, brs...)
+	}
+	ctx.Data["Branches"] = brs
+}
@@ -0,0 +1,79 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	"gitea.dev/models/db"
+	"gitea.dev/modules/git"
+	code_indexer "gitea.dev/modules/indexer/code"
+	"gitea.dev/modules/indexer/code/gitgrep"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/routers/common"
+	"gitea.dev/services/context"
+)
+
+const tplSearch templates.TplName = "repo/search"
+
+// Search render repository search page
+func Search(ctx *context.Context) {
+	ctx.Data["PageIsViewCode"] = true
+	prepareSearch := common.PrepareCodeSearch(ctx)
+	if prepareSearch.Keyword == "" {
+		ctx.HTML(http.StatusOK, tplSearch)
+		return
+	}
+
+	page := ctx.FormInt("page")
+	if page <= 0 {
+		page = 1
+	}
+
+	var total int64
+	var searchResults []*code_indexer.Result
+	var searchResultLanguages []*code_indexer.SearchResultLanguages
+	if setting.Indexer.RepoIndexerEnabled {
+		var err error
+		total, searchResults, searchResultLanguages, err = code_indexer.PerformSearch(ctx, &code_indexer.SearchOptions{
+			RepoIDs:    []int64{ctx.Repo.Repository.ID},
+			Keyword:    prepareSearch.Keyword,
+			SearchMode: prepareSearch.SearchMode,
+			Language:   prepareSearch.Language,
+			Paginator: &db.ListOptions{
+				Page:     page,
+				PageSize: setting.UI.RepoSearchPagingNum,
+			},
+		})
+		if err != nil {
+			if code_indexer.IsAvailable(ctx) {
+				ctx.ServerError("SearchResults", err)
+				return
+			}
+			ctx.Data["CodeIndexerUnavailable"] = true
+		} else {
+			ctx.Data["CodeIndexerUnavailable"] = !code_indexer.IsAvailable(ctx)
+		}
+	} else {
+		var err error
+		// ref should be default branch or the first existing branch
+		searchRef := git.RefNameFromBranch(ctx.Repo.Repository.DefaultBranch)
+		searchResults, total, err = gitgrep.PerformSearch(ctx, page, ctx.Repo.Repository.ID, ctx.Repo.GitRepo, searchRef, prepareSearch.Keyword, prepareSearch.SearchMode)
+		if err != nil {
+			ctx.ServerError("gitgrep.PerformSearch", err)
+			return
+		}
+	}
+
+	ctx.Data["Repo"] = ctx.Repo.Repository
+	ctx.Data["SearchResults"] = searchResults
+	ctx.Data["SearchResultLanguages"] = searchResultLanguages
+
+	pager := context.NewPagination(total, setting.UI.RepoSearchPagingNum, page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplSearch)
+}
@@ -0,0 +1,191 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"errors"
+	"net/http"
+
+	"gitea.dev/models/actions"
+	repo_model "gitea.dev/models/repo"
+	unit_model "gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	shared_actions "gitea.dev/routers/web/shared/actions"
+	"gitea.dev/services/context"
+	repo_service "gitea.dev/services/repository"
+)
+
+const tplRepoActionsGeneralSettings templates.TplName = "repo/settings/actions"
+
+func ActionsGeneralSettings(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("actions.general")
+	ctx.Data["PageType"] = "general"
+	ctx.Data["PageIsActionsSettingsGeneral"] = true
+
+	actionsUnit, err := ctx.Repo.Repository.GetUnit(ctx, unit_model.TypeActions)
+	if err != nil && !repo_model.IsErrUnitTypeNotExist(err) {
+		ctx.ServerError("GetUnit", err)
+		return
+	}
+	if actionsUnit == nil { // no actions unit
+		ctx.HTML(http.StatusOK, tplRepoActionsGeneralSettings)
+		return
+	}
+
+	actionsCfg := actionsUnit.ActionsConfig()
+
+	// Token permission settings
+	ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive
+	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
+
+	// Follow owner config (only for repos in orgs)
+	ctx.Data["OverrideOwnerConfig"] = actionsCfg.OverrideOwnerConfig
+	if actionsCfg.OverrideOwnerConfig {
+		ctx.Data["MaxTokenPermissions"] = actionsCfg.GetMaxTokenPermissions()
+		ctx.Data["TokenPermissionMode"] = actionsCfg.TokenPermissionMode
+		ctx.Data["EnableMaxTokenPermissions"] = actionsCfg.MaxTokenPermissions != nil
+	} else {
+		ownerActionsConfig, err := actions.GetOwnerActionsConfig(ctx, ctx.Repo.Repository.OwnerID)
+		if err != nil {
+			ctx.ServerError("GetOwnerActionsConfig", err)
+			return
+		}
+		ctx.Data["MaxTokenPermissions"] = ownerActionsConfig.GetMaxTokenPermissions()
+		ctx.Data["TokenPermissionMode"] = ownerActionsConfig.TokenPermissionMode
+		ctx.Data["EnableMaxTokenPermissions"] = ownerActionsConfig.MaxTokenPermissions != nil
+	}
+
+	if ctx.Repo.Repository.IsPrivate {
+		collaborativeOwnerIDs := actionsCfg.CollaborativeOwnerIDs
+		collaborativeOwners, err := user_model.GetUsersByIDs(ctx, collaborativeOwnerIDs)
+		if err != nil {
+			ctx.ServerError("GetUsersByIDs", err)
+			return
+		}
+		ctx.Data["CollaborativeOwners"] = collaborativeOwners
+	}
+
+	ctx.HTML(http.StatusOK, tplRepoActionsGeneralSettings)
+}
+
+func ActionsUnitPost(ctx *context.Context) {
+	redirectURL := ctx.Repo.RepoLink + "/settings/actions/general"
+	enableActionsUnit := ctx.FormBool("enable_actions")
+	repo := ctx.Repo.Repository
+
+	var err error
+	if enableActionsUnit && !unit_model.TypeActions.UnitGlobalDisabled() {
+		err = repo_service.UpdateRepositoryUnits(ctx, repo, []repo_model.RepoUnit{newRepoUnit(repo, unit_model.TypeActions, nil)}, nil)
+	} else if !unit_model.TypeActions.UnitGlobalDisabled() {
+		err = repo_service.UpdateRepositoryUnits(ctx, repo, nil, []unit_model.Type{unit_model.TypeActions})
+	}
+
+	if err != nil {
+		ctx.ServerError("UpdateRepositoryUnits", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
+	ctx.Redirect(redirectURL)
+}
+
+func AddCollaborativeOwner(ctx *context.Context) {
+	collUser, err := user_model.GetUserByName(ctx, ctx.FormString("collaborative_owner"))
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.JSONError(ctx.Tr("form.user_not_exist"))
+		} else {
+			ctx.ServerError("GetUserByName", err)
+		}
+		return
+	}
+
+	actionsUnit, err := ctx.Repo.Repository.GetUnit(ctx, unit_model.TypeActions)
+	if err != nil {
+		ctx.ServerError("GetUnit", err)
+		return
+	}
+	actionsCfg := actionsUnit.ActionsConfig()
+	actionsCfg.AddCollaborativeOwner(collUser.ID)
+	if err := repo_model.UpdateRepoUnitConfig(ctx, actionsUnit); err != nil {
+		ctx.ServerError("UpdateRepoUnitConfig", err)
+		return
+	}
+
+	ctx.JSONOK()
+}
+
+func DeleteCollaborativeOwner(ctx *context.Context) {
+	ownerID := ctx.FormInt64("id")
+
+	actionsUnit, err := ctx.Repo.Repository.GetUnit(ctx, unit_model.TypeActions)
+	if err != nil {
+		ctx.ServerError("GetUnit", err)
+		return
+	}
+	actionsCfg := actionsUnit.ActionsConfig()
+	if !actionsCfg.IsCollaborativeOwner(ownerID) {
+		ctx.Flash.Error(ctx.Tr("actions.general.collaborative_owner_not_exist"))
+		ctx.JSONErrorNotFound()
+		return
+	}
+	actionsCfg.RemoveCollaborativeOwner(ownerID)
+	if err := repo_model.UpdateRepoUnitConfig(ctx, actionsUnit); err != nil {
+		ctx.ServerError("UpdateRepoUnitConfig", err)
+		return
+	}
+
+	ctx.JSONOK()
+}
+
+// UpdateTokenPermissions updates the token permission settings for the repository
+func UpdateTokenPermissions(ctx *context.Context) {
+	redirectURL := ctx.Repo.RepoLink + "/settings/actions/general"
+
+	actionsUnit, err := ctx.Repo.Repository.GetUnit(ctx, unit_model.TypeActions)
+	if err != nil {
+		ctx.ServerError("GetUnit", err)
+		return
+	}
+
+	actionsCfg := actionsUnit.ActionsConfig()
+
+	// Update Override Owner Config (for repos in orgs)
+	// If checked, it means we WANT to override (opt-out of following)
+	actionsCfg.OverrideOwnerConfig = ctx.FormBool("override_owner_config")
+
+	// Update permission mode (only if overriding owner config)
+	shouldUpdate := actionsCfg.OverrideOwnerConfig
+
+	if shouldUpdate {
+		permissionMode, permissionModeValid := util.EnumValue(repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode")))
+		if !permissionModeValid {
+			ctx.Flash.Error("Invalid token permission mode")
+			ctx.Redirect(redirectURL)
+			return
+		}
+		actionsCfg.TokenPermissionMode = permissionMode
+	}
+
+	// Update Maximum Permissions (radio buttons: none/read/write)
+	enableMaxPermissions := ctx.FormBool("enable_max_permissions")
+	if shouldUpdate {
+		if enableMaxPermissions {
+			actionsCfg.MaxTokenPermissions = shared_actions.ParseMaxTokenPermissions(ctx)
+		} else {
+			// If not enabled, ensure any sent permissions are ignored and set to nil
+			actionsCfg.MaxTokenPermissions = nil
+		}
+	}
+
+	if err := repo_model.UpdateRepoUnitConfig(ctx, actionsUnit); err != nil {
+		ctx.ServerError("UpdateRepoUnitConfig", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
+	ctx.Redirect(redirectURL)
+}
@@ -0,0 +1,76 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"errors"
+	"fmt"
+	"io"
+
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/typesniffer"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	repo_service "gitea.dev/services/repository"
+)
+
+// UpdateAvatarSetting update repo's avatar
+func UpdateAvatarSetting(ctx *context.Context, form forms.AvatarForm) error {
+	ctxRepo := ctx.Repo.Repository
+
+	if form.Avatar == nil {
+		// No avatar is uploaded and we not removing it here.
+		// No random avatar generated here.
+		// Just exit, no action.
+		if ctxRepo.CustomAvatarRelativePath() == "" {
+			log.Trace("No avatar was uploaded for repo: %d. Default icon will appear instead.", ctxRepo.ID)
+		}
+		return nil
+	}
+
+	r, err := form.Avatar.Open()
+	if err != nil {
+		return fmt.Errorf("Avatar.Open: %w", err)
+	}
+	defer r.Close()
+
+	if form.Avatar.Size > setting.Avatar.MaxFileSize {
+		return errors.New(ctx.Locale.TrString("settings.uploaded_avatar_is_too_big", form.Avatar.Size/1024, setting.Avatar.MaxFileSize/1024))
+	}
+
+	data, err := io.ReadAll(r)
+	if err != nil {
+		return fmt.Errorf("io.ReadAll: %w", err)
+	}
+	st := typesniffer.DetectContentType(data)
+	if !(st.IsImage() && !st.IsSvgImage()) {
+		return errors.New(ctx.Locale.TrString("settings.uploaded_avatar_not_a_image"))
+	}
+	if err = repo_service.UploadAvatar(ctx, ctxRepo, data); err != nil {
+		return fmt.Errorf("UploadAvatar: %w", err)
+	}
+	return nil
+}
+
+// SettingsAvatar save new POSTed repository avatar
+func SettingsAvatar(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.AvatarForm)
+	form.Source = forms.AvatarLocal
+	if err := UpdateAvatarSetting(ctx, *form); err != nil {
+		ctx.Flash.Error(err.Error())
+	} else {
+		ctx.Flash.Success(ctx.Tr("repo.settings.update_avatar_success"))
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings")
+}
+
+// SettingsDeleteAvatar delete repository avatar
+func SettingsDeleteAvatar(ctx *context.Context) {
+	if err := repo_service.DeleteAvatar(ctx, ctx.Repo.Repository); err != nil {
+		ctx.Flash.Error(fmt.Sprintf("DeleteAvatar: %v", err))
+	}
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings")
+}
@@ -0,0 +1,217 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"errors"
+	"net/http"
+	"strings"
+
+	"gitea.dev/models/organization"
+	"gitea.dev/models/perm"
+	repo_model "gitea.dev/models/repo"
+	unit_model "gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/services/context"
+	"gitea.dev/services/mailer"
+	repo_service "gitea.dev/services/repository"
+)
+
+// Collaboration render a repository's collaboration page
+func Collaboration(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.collaboration")
+	ctx.Data["PageIsSettingsCollaboration"] = true
+
+	users, _, err := repo_model.GetCollaborators(ctx, &repo_model.FindCollaborationOptions{RepoID: ctx.Repo.Repository.ID})
+	if err != nil {
+		ctx.ServerError("GetCollaborators", err)
+		return
+	}
+	ctx.Data["Collaborators"] = users
+
+	teams, err := organization.GetRepoTeams(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("GetRepoTeams", err)
+		return
+	}
+	ctx.Data["Teams"] = teams
+	ctx.Data["Repo"] = ctx.Repo.Repository
+	ctx.Data["OrgID"] = ctx.Repo.Repository.OwnerID
+	ctx.Data["OrgName"] = ctx.Repo.Repository.OwnerName
+	ctx.Data["Org"] = ctx.Repo.Repository.Owner
+	ctx.Data["Units"] = unit_model.Units
+
+	ctx.HTML(http.StatusOK, tplCollaboration)
+}
+
+// CollaborationPost response for actions for a collaboration of a repository
+func CollaborationPost(ctx *context.Context) {
+	name := strings.ToLower(ctx.FormString("collaborator"))
+	if len(name) == 0 || ctx.Repo.Owner.LowerName == name {
+		ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
+		return
+	}
+
+	u, err := user_model.GetUserByName(ctx, name)
+	if err != nil {
+		if user_model.IsErrUserNotExist(err) {
+			ctx.Flash.Error(ctx.Tr("form.user_not_exist"))
+			ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
+		} else {
+			ctx.ServerError("GetUserByName", err)
+		}
+		return
+	}
+
+	if !u.IsActive {
+		ctx.Flash.Error(ctx.Tr("repo.settings.add_collaborator_inactive_user"))
+		ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
+		return
+	}
+
+	// Organization is not allowed to be added as a collaborator.
+	if u.IsOrganization() {
+		ctx.Flash.Error(ctx.Tr("repo.settings.org_not_allowed_to_be_collaborator"))
+		ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
+		return
+	}
+
+	if got, err := repo_model.IsCollaborator(ctx, ctx.Repo.Repository.ID, u.ID); err == nil && got {
+		ctx.Flash.Error(ctx.Tr("repo.settings.add_collaborator_duplicate"))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
+		return
+	}
+
+	// find the owner team of the organization the repo belongs too and
+	// check if the user we're trying to add is an owner.
+	if ctx.Repo.Repository.Owner.IsOrganization() {
+		if isOwner, err := organization.IsOrganizationOwner(ctx, ctx.Repo.Repository.Owner.ID, u.ID); err != nil {
+			ctx.ServerError("IsOrganizationOwner", err)
+			return
+		} else if isOwner {
+			ctx.Flash.Error(ctx.Tr("repo.settings.add_collaborator_owner"))
+			ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
+			return
+		}
+	}
+
+	if err = repo_service.AddOrUpdateCollaborator(ctx, ctx.Repo.Repository, u, perm.AccessModeWrite); err != nil {
+		if errors.Is(err, user_model.ErrBlockedUser) {
+			ctx.Flash.Error(ctx.Tr("repo.settings.add_collaborator.blocked_user"))
+			ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
+		} else {
+			ctx.ServerError("AddOrUpdateCollaborator", err)
+		}
+		return
+	}
+
+	if setting.Service.EnableNotifyMail {
+		mailer.SendCollaboratorMail(u, ctx.Doer, ctx.Repo.Repository)
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.add_collaborator_success"))
+	ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
+}
+
+// ChangeCollaborationAccessMode response for changing access of a collaboration
+func ChangeCollaborationAccessMode(ctx *context.Context) {
+	if err := repo_model.ChangeCollaborationAccessMode(
+		ctx,
+		ctx.Repo.Repository,
+		ctx.FormInt64("uid"),
+		perm.AccessMode(ctx.FormInt("mode"))); err != nil {
+		log.Error("ChangeCollaborationAccessMode: %v", err)
+	}
+}
+
+// DeleteCollaboration delete a collaboration for a repository
+func DeleteCollaboration(ctx *context.Context) {
+	if collaborator, err := user_model.GetUserByID(ctx, ctx.FormInt64("id")); err != nil {
+		if user_model.IsErrUserNotExist(err) {
+			ctx.Flash.Error(ctx.Tr("form.user_not_exist"))
+		} else {
+			ctx.ServerError("GetUserByName", err)
+			return
+		}
+	} else {
+		if err := repo_service.DeleteCollaboration(ctx, ctx.Repo.Repository, collaborator); err != nil {
+			ctx.Flash.Error("DeleteCollaboration: " + err.Error())
+		} else {
+			ctx.Flash.Success(ctx.Tr("repo.settings.remove_collaborator_success"))
+		}
+	}
+
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/collaboration")
+}
+
+// AddTeamPost response for adding a team to a repository
+func AddTeamPost(ctx *context.Context) {
+	if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.Permission.IsOwner() {
+		ctx.Flash.Error(ctx.Tr("repo.settings.change_team_access_not_allowed"))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
+		return
+	}
+
+	name := strings.ToLower(ctx.FormString("team"))
+	if len(name) == 0 {
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
+		return
+	}
+
+	team, err := organization.OrgFromUser(ctx.Repo.Owner).GetTeam(ctx, name)
+	if err != nil {
+		if organization.IsErrTeamNotExist(err) {
+			ctx.Flash.Error(ctx.Tr("form.team_not_exist"))
+			ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
+		} else {
+			ctx.ServerError("GetTeam", err)
+		}
+		return
+	}
+
+	if team.OrgID != ctx.Repo.Repository.OwnerID {
+		ctx.Flash.Error(ctx.Tr("repo.settings.team_not_in_organization"))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
+		return
+	}
+
+	if organization.HasTeamRepo(ctx, ctx.Repo.Repository.OwnerID, team.ID, ctx.Repo.Repository.ID) {
+		ctx.Flash.Error(ctx.Tr("repo.settings.add_team_duplicate"))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
+		return
+	}
+
+	if err = repo_service.TeamAddRepository(ctx, team, ctx.Repo.Repository); err != nil {
+		ctx.ServerError("TeamAddRepository", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.add_team_success"))
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
+}
+
+// DeleteTeam response for deleting a team from a repository
+func DeleteTeam(ctx *context.Context) {
+	if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.Permission.IsOwner() {
+		ctx.Flash.Error(ctx.Tr("repo.settings.change_team_access_not_allowed"))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
+		return
+	}
+
+	team, err := organization.GetTeamByID(ctx, ctx.FormInt64("id"))
+	if err != nil {
+		ctx.ServerError("GetTeamByID", err)
+		return
+	}
+
+	if err = repo_service.RemoveRepositoryFromTeam(ctx, team, ctx.Repo.Repository.ID); err != nil {
+		ctx.ServerError("team.RemoveRepositories", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.remove_team_success"))
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/collaboration")
+}
@@ -0,0 +1,54 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"net/http"
+
+	git_model "gitea.dev/models/git"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/routers/web/repo"
+	"gitea.dev/services/context"
+	repo_service "gitea.dev/services/repository"
+)
+
+// SetDefaultBranchPost set default branch
+func SetDefaultBranchPost(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.branches.update_default_branch")
+	ctx.Data["PageIsSettingsBranches"] = true
+
+	repo.PrepareBranchList(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	repo := ctx.Repo.Repository
+
+	switch ctx.FormString("action") {
+	case "default_branch":
+		if ctx.HasError() {
+			ctx.HTML(http.StatusOK, tplBranches)
+			return
+		}
+
+		branch := ctx.FormString("branch")
+		if err := repo_service.SetRepoDefaultBranch(ctx, ctx.Repo.Repository, branch); err != nil {
+			switch {
+			case git_model.IsErrBranchNotExist(err):
+				ctx.Status(http.StatusNotFound)
+			default:
+				ctx.ServerError("SetDefaultBranch", err)
+			}
+			return
+		}
+
+		log.Trace("Repository basic settings updated: %s/%s", ctx.Repo.Owner.Name, repo.Name)
+
+		ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
+		ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
+	default:
+		ctx.NotFound(nil)
+	}
+}
@@ -0,0 +1,109 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"net/http"
+
+	asymkey_model "gitea.dev/models/asymkey"
+	"gitea.dev/models/db"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/web"
+	asymkey_service "gitea.dev/services/asymkey"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+)
+
+// DeployKeys render the deploy keys list of a repository page
+func DeployKeys(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.deploy_keys") + " / " + ctx.Tr("secrets.secrets")
+	ctx.Data["PageIsSettingsKeys"] = true
+	ctx.Data["DisableSSH"] = setting.SSH.Disabled
+
+	keys, err := db.Find[asymkey_model.DeployKey](ctx, asymkey_model.ListDeployKeysOptions{RepoID: ctx.Repo.Repository.ID})
+	if err != nil {
+		ctx.ServerError("ListDeployKeys", err)
+		return
+	}
+	ctx.Data["Deploykeys"] = keys
+
+	ctx.HTML(http.StatusOK, tplDeployKeys)
+}
+
+// DeployKeysPost response for adding a deploy key of a repository
+func DeployKeysPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.AddKeyForm)
+	ctx.Data["Title"] = ctx.Tr("repo.settings.deploy_keys")
+	ctx.Data["PageIsSettingsKeys"] = true
+	ctx.Data["DisableSSH"] = setting.SSH.Disabled
+
+	keys, err := db.Find[asymkey_model.DeployKey](ctx, asymkey_model.ListDeployKeysOptions{RepoID: ctx.Repo.Repository.ID})
+	if err != nil {
+		ctx.ServerError("ListDeployKeys", err)
+		return
+	}
+	ctx.Data["Deploykeys"] = keys
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplDeployKeys)
+		return
+	}
+
+	content, err := asymkey_model.CheckPublicKeyString(form.Content)
+	if err != nil {
+		if db.IsErrSSHDisabled(err) {
+			ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))
+		} else if asymkey_model.IsErrKeyUnableVerify(err) {
+			ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))
+		} else if err == asymkey_model.ErrKeyIsPrivate {
+			ctx.Data["HasError"] = true
+			ctx.Data["Err_Content"] = true
+			ctx.Flash.Error(ctx.Tr("form.must_use_public_key"))
+		} else {
+			ctx.Data["HasError"] = true
+			ctx.Data["Err_Content"] = true
+			ctx.Flash.Error(ctx.Tr("form.invalid_ssh_key", err.Error()))
+		}
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/keys")
+		return
+	}
+
+	key, err := asymkey_model.AddDeployKey(ctx, ctx.Repo.Repository.ID, form.Title, content, !form.IsWritable)
+	if err != nil {
+		ctx.Data["HasError"] = true
+		switch {
+		case asymkey_model.IsErrDeployKeyAlreadyExist(err):
+			ctx.Data["Err_Content"] = true
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.settings.key_been_used"), tplDeployKeys, &form)
+		case asymkey_model.IsErrKeyAlreadyExist(err):
+			ctx.Data["Err_Content"] = true
+			ctx.RenderWithErrDeprecated(ctx.Tr("settings.ssh_key_been_used"), tplDeployKeys, &form)
+		case asymkey_model.IsErrKeyNameAlreadyUsed(err):
+			ctx.Data["Err_Title"] = true
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.settings.key_name_used"), tplDeployKeys, &form)
+		case asymkey_model.IsErrDeployKeyNameAlreadyUsed(err):
+			ctx.Data["Err_Title"] = true
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.settings.key_name_used"), tplDeployKeys, &form)
+		default:
+			ctx.ServerError("AddDeployKey", err)
+		}
+		return
+	}
+
+	log.Trace("Deploy key added: %d", ctx.Repo.Repository.ID)
+	ctx.Flash.Success(ctx.Tr("repo.settings.add_key_success", key.Name))
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/keys")
+}
+
+// DeleteDeployKey response for deleting a deploy key
+func DeleteDeployKey(ctx *context.Context) {
+	if err := asymkey_service.DeleteDeployKey(ctx, ctx.Repo.Repository, ctx.FormInt64("id")); err != nil {
+		ctx.Flash.Error("DeleteDeployKey: " + err.Error())
+	} else {
+		ctx.Flash.Success(ctx.Tr("repo.settings.deploy_key_deletion_success"))
+	}
+
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/keys")
+}
@@ -0,0 +1,67 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"net/http"
+
+	"gitea.dev/modules/git"
+	"gitea.dev/routers/web/repo"
+	"gitea.dev/services/context"
+)
+
+// GitHooks hooks of a repository
+func GitHooks(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.githooks")
+	ctx.Data["PageIsSettingsGitHooks"] = true
+
+	hooks, err := ctx.Repo.GitRepo.Hooks()
+	if err != nil {
+		ctx.ServerError("Hooks", err)
+		return
+	}
+	ctx.Data["Hooks"] = hooks
+
+	ctx.HTML(http.StatusOK, tplGithooks)
+}
+
+// GitHooksEdit render for editing a hook of repository page
+func GitHooksEdit(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.githooks")
+	ctx.Data["PageIsSettingsGitHooks"] = true
+
+	name := ctx.PathParam("name")
+	hook, err := ctx.Repo.GitRepo.GetHook(name)
+	if err != nil {
+		if err == git.ErrNotValidHook {
+			ctx.NotFound(err)
+		} else {
+			ctx.ServerError("GetHook", err)
+		}
+		return
+	}
+	ctx.Data["Hook"] = hook
+	ctx.Data["CodeEditorConfig"] = repo.CodeEditorConfig{Filename: name + ".sh", IndentStyle: "tab", TabWidth: 4}
+	ctx.HTML(http.StatusOK, tplGithookEdit)
+}
+
+// GitHooksEditPost response for editing a git hook of a repository
+func GitHooksEditPost(ctx *context.Context) {
+	name := ctx.PathParam("name")
+	hook, err := ctx.Repo.GitRepo.GetHook(name)
+	if err != nil {
+		if err == git.ErrNotValidHook {
+			ctx.NotFound(err)
+		} else {
+			ctx.ServerError("GetHook", err)
+		}
+		return
+	}
+	hook.Content = ctx.FormString("content")
+	if err = hook.Update(); err != nil {
+		ctx.ServerError("hook.Update", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/hooks/git")
+}
@@ -0,0 +1,535 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"bytes"
+	"fmt"
+	gotemplate "html/template"
+	"io"
+	"net/http"
+	"net/url"
+	"path"
+	"strconv"
+	"strings"
+
+	git_model "gitea.dev/models/git"
+	"gitea.dev/modules/charset"
+	"gitea.dev/modules/container"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/git/attribute"
+	"gitea.dev/modules/git/pipeline"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/lfs"
+	"gitea.dev/modules/log"
+	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/storage"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/typesniffer"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+)
+
+const (
+	tplSettingsLFS         templates.TplName = "repo/settings/lfs"
+	tplSettingsLFSLocks    templates.TplName = "repo/settings/lfs_locks"
+	tplSettingsLFSFile     templates.TplName = "repo/settings/lfs_file"
+	tplSettingsLFSFileFind templates.TplName = "repo/settings/lfs_file_find"
+	tplSettingsLFSPointers templates.TplName = "repo/settings/lfs_pointers"
+)
+
+// LFSFiles shows a repository's LFS files
+func LFSFiles(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound(nil)
+		return
+	}
+	page := max(ctx.FormInt("page"), 1)
+	total, err := git_model.CountLFSMetaObjects(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("LFSFiles", err)
+		return
+	}
+	ctx.Data["Total"] = total
+
+	pager := context.NewPagination(total, setting.UI.ExplorePagingNum, page, 5)
+	ctx.Data["Title"] = ctx.Tr("repo.settings.lfs")
+	ctx.Data["PageIsSettingsLFS"] = true
+	lfsMetaObjects, err := git_model.GetLFSMetaObjects(ctx, ctx.Repo.Repository.ID, pager.Paginater.Current(), setting.UI.ExplorePagingNum)
+	if err != nil {
+		ctx.ServerError("LFSFiles", err)
+		return
+	}
+	ctx.Data["LFSFiles"] = lfsMetaObjects
+	ctx.Data["Page"] = pager
+	ctx.HTML(http.StatusOK, tplSettingsLFS)
+}
+
+// LFSLocks shows a repository's LFS locks
+func LFSLocks(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound(nil)
+		return
+	}
+	ctx.Data["LFSFilesLink"] = ctx.Repo.RepoLink + "/settings/lfs"
+
+	page := max(ctx.FormInt("page"), 1)
+	total, err := git_model.CountLFSLockByRepoID(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+	ctx.Data["Total"] = total
+
+	pager := context.NewPagination(total, setting.UI.ExplorePagingNum, page, 5)
+	ctx.Data["Title"] = ctx.Tr("repo.settings.lfs_locks")
+	ctx.Data["PageIsSettingsLFS"] = true
+	lfsLocks, err := git_model.GetLFSLockByRepoID(ctx, ctx.Repo.Repository.ID, pager.Paginater.Current(), setting.UI.ExplorePagingNum)
+	if err != nil {
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+	if err := lfsLocks.LoadAttributes(ctx); err != nil {
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+
+	ctx.Data["LFSLocks"] = lfsLocks
+
+	if len(lfsLocks) == 0 {
+		ctx.Data["Page"] = pager
+		ctx.HTML(http.StatusOK, tplSettingsLFSLocks)
+		return
+	}
+
+	// Clone base repo.
+	tmpBasePath, cleanup, err := repo_module.CreateTemporaryPath("locks")
+	if err != nil {
+		log.Error("Failed to create temporary path: %v", err)
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+	defer cleanup()
+
+	if err := gitrepo.CloneRepoToLocal(ctx, ctx.Repo.Repository, tmpBasePath, git.CloneRepoOptions{
+		Bare:   true,
+		Shared: true,
+	}); err != nil {
+		log.Error("Failed to clone repository: %s (%v)", ctx.Repo.Repository.FullName(), err)
+		ctx.ServerError("LFSLocks", fmt.Errorf("failed to clone repository: %s (%w)", ctx.Repo.Repository.FullName(), err))
+		return
+	}
+
+	gitRepo, err := git.OpenRepository(ctx, tmpBasePath)
+	if err != nil {
+		log.Error("Unable to open temporary repository: %s (%v)", tmpBasePath, err)
+		ctx.ServerError("LFSLocks", fmt.Errorf("failed to open new temporary repository in: %s %w", tmpBasePath, err))
+		return
+	}
+	defer gitRepo.Close()
+
+	checker, err := attribute.NewBatchChecker(gitRepo, ctx.Repo.Repository.DefaultBranch, []string{attribute.Lockable})
+	if err != nil {
+		log.Error("Unable to check attributes in %s (%v)", tmpBasePath, err)
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+	defer checker.Close()
+
+	lockables := make([]bool, len(lfsLocks))
+	filenames := make([]string, len(lfsLocks))
+	for i, lock := range lfsLocks {
+		filenames[i] = lock.Path
+		attrs, err := checker.CheckPath(lock.Path)
+		if err != nil {
+			log.Error("Unable to check attributes in %s: %s (%v)", tmpBasePath, lock.Path, err)
+			continue
+		}
+		lockables[i] = attrs.Get(attribute.Lockable).ToBool().Value()
+	}
+	ctx.Data["Lockables"] = lockables
+
+	filelist, err := gitRepo.LsFiles(filenames...)
+	if err != nil {
+		log.Error("Unable to lsfiles in %s (%v)", tmpBasePath, err)
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+
+	fileset := make(container.Set[string], len(filelist))
+	fileset.AddMultiple(filelist...)
+
+	linkable := make([]bool, len(lfsLocks))
+	for i, lock := range lfsLocks {
+		linkable[i] = fileset.Contains(lock.Path)
+	}
+	ctx.Data["Linkable"] = linkable
+
+	ctx.Data["Page"] = pager
+	ctx.HTML(http.StatusOK, tplSettingsLFSLocks)
+}
+
+// LFSLockFile locks a file
+func LFSLockFile(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound(nil)
+		return
+	}
+	originalPath := ctx.FormString("path")
+	lockPath := originalPath
+	if len(lockPath) == 0 {
+		ctx.Flash.Error(ctx.Tr("repo.settings.lfs_invalid_locking_path", originalPath))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+		return
+	}
+	if lockPath[len(lockPath)-1] == '/' {
+		ctx.Flash.Error(ctx.Tr("repo.settings.lfs_invalid_lock_directory", originalPath))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+		return
+	}
+	lockPath = util.PathJoinRel(lockPath)
+	if len(lockPath) == 0 {
+		ctx.Flash.Error(ctx.Tr("repo.settings.lfs_invalid_locking_path", originalPath))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+		return
+	}
+
+	_, err := git_model.CreateLFSLock(ctx, ctx.Repo.Repository, &git_model.LFSLock{
+		Path:    lockPath,
+		OwnerID: ctx.Doer.ID,
+	})
+	if err != nil {
+		if git_model.IsErrLFSLockAlreadyExist(err) {
+			ctx.Flash.Error(ctx.Tr("repo.settings.lfs_lock_already_exists", originalPath))
+			ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+			return
+		}
+		ctx.ServerError("LFSLockFile", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+}
+
+// LFSUnlock forcibly unlocks an LFS lock
+func LFSUnlock(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound(nil)
+		return
+	}
+	_, err := git_model.DeleteLFSLockByID(ctx, ctx.PathParamInt64("lid"), ctx.Repo.Repository, ctx.Doer, true)
+	if err != nil {
+		ctx.ServerError("LFSUnlock", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+}
+
+// LFSFileGet serves a single LFS file
+func LFSFileGet(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound(nil)
+		return
+	}
+	ctx.Data["LFSFilesLink"] = ctx.Repo.RepoLink + "/settings/lfs"
+	oid := ctx.PathParam("oid")
+
+	p := lfs.Pointer{Oid: oid}
+	if !p.IsValid() {
+		ctx.NotFound(nil)
+		return
+	}
+
+	ctx.Data["Title"] = oid
+	ctx.Data["PageIsSettingsLFS"] = true
+	meta, err := git_model.GetLFSMetaObjectByOid(ctx, ctx.Repo.Repository.ID, oid)
+	if err != nil {
+		if err == git_model.ErrLFSObjectNotExist {
+			ctx.NotFound(nil)
+			return
+		}
+		ctx.ServerError("LFSFileGet", err)
+		return
+	}
+	ctx.Data["LFSFile"] = meta
+	dataRc, err := lfs.ReadMetaObject(meta.Pointer)
+	if err != nil {
+		ctx.ServerError("LFSFileGet", err)
+		return
+	}
+	defer dataRc.Close()
+	buf := make([]byte, 1024)
+	n, err := util.ReadAtMost(dataRc, buf)
+	if err != nil {
+		ctx.ServerError("Data", err)
+		return
+	}
+	buf = buf[:n]
+
+	st := typesniffer.DetectContentType(buf)
+	// FIXME: there is no IsPlainText set, but template uses it
+	ctx.Data["IsTextFile"] = st.IsText()
+	ctx.Data["FileSize"] = meta.Size
+	ctx.Data["RawFileLink"] = fmt.Sprintf("%s/%s/%s.git/info/lfs/objects/%s", setting.AppSubURL, url.PathEscape(ctx.Repo.Repository.OwnerName), url.PathEscape(ctx.Repo.Repository.Name), url.PathEscape(meta.Oid))
+	switch {
+	case st.IsRepresentableAsText():
+		if meta.Size >= setting.UI.MaxDisplayFileSize {
+			ctx.Data["IsFileTooLarge"] = true
+			break
+		}
+
+		if st.IsSvgImage() {
+			ctx.Data["IsImageFile"] = true
+		}
+
+		rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc), charset.ConvertOpts{})
+
+		// Building code view blocks with line number on server side.
+		// FIXME: the logic is not right here: it first calls EscapeControlReader then calls HTMLEscapeString: double-escaping
+		escapedContent := &bytes.Buffer{}
+		ctx.Data["EscapeStatus"], _ = charset.EscapeControlReader(rd, escapedContent, ctx.Locale)
+
+		var output bytes.Buffer
+		lines := strings.Split(escapedContent.String(), "\n")
+		// Remove blank line at the end of file
+		if len(lines) > 0 && lines[len(lines)-1] == "" {
+			lines = lines[:len(lines)-1]
+		}
+		for index, line := range lines {
+			line = gotemplate.HTMLEscapeString(line)
+			if index != len(lines)-1 {
+				line += "\n"
+			}
+			fmt.Fprintf(&output, `<li class="L%d" rel="L%d">%s</li>`, index+1, index+1, line)
+		}
+		ctx.Data["FileContent"] = gotemplate.HTML(output.String())
+
+		output.Reset()
+		for i := 0; i < len(lines); i++ {
+			fmt.Fprintf(&output, `<span id="L%d">%d</span>`, i+1, i+1)
+		}
+		ctx.Data["LineNums"] = gotemplate.HTML(output.String())
+
+	case st.IsVideo():
+		ctx.Data["IsVideoFile"] = true
+	case st.IsAudio():
+		ctx.Data["IsAudioFile"] = true
+	case st.IsImage() && (setting.UI.SVG.Enabled || !st.IsSvgImage()):
+		ctx.Data["IsImageFile"] = true
+	default:
+		// TODO: the logic is not the same as "renderFile" in "view.go"
+	}
+	ctx.HTML(http.StatusOK, tplSettingsLFSFile)
+}
+
+// LFSDelete disassociates the provided oid from the repository and if the lfs file is no longer associated with any repositories - deletes it
+func LFSDelete(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound(nil)
+		return
+	}
+	oid := ctx.PathParam("oid")
+	p := lfs.Pointer{Oid: oid}
+	if !p.IsValid() {
+		ctx.NotFound(nil)
+		return
+	}
+
+	count, err := git_model.RemoveLFSMetaObjectByOid(ctx, ctx.Repo.Repository.ID, oid)
+	if err != nil {
+		ctx.ServerError("LFSDelete", err)
+		return
+	}
+	// FIXME: Warning: the LFS store is not locked - and can't be locked - there could be a race condition here
+	// Please note a similar condition happens in models/repo.go DeleteRepository
+	if count == 0 {
+		oidPath := path.Join(oid[0:2], oid[2:4], oid[4:])
+		err = storage.LFS.Delete(oidPath)
+		if err != nil {
+			ctx.ServerError("LFSDelete", err)
+			return
+		}
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs")
+}
+
+// LFSFileFind guesses a sha for the provided oid (or uses the provided sha) and then finds the commits that contain this sha
+func LFSFileFind(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound(nil)
+		return
+	}
+	oid := ctx.FormString("oid")
+	size := ctx.FormInt64("size")
+	if len(oid) == 0 || size == 0 {
+		ctx.NotFound(nil)
+		return
+	}
+	sha := ctx.FormString("sha")
+	ctx.Data["Title"] = oid
+	ctx.Data["PageIsSettingsLFS"] = true
+	objectFormat := ctx.Repo.GetObjectFormat()
+	var objectID git.ObjectID
+	if len(sha) == 0 {
+		pointer := lfs.Pointer{Oid: oid, Size: size}
+		objectID = git.ComputeBlobHash(objectFormat, []byte(pointer.StringContent()))
+		sha = objectID.String()
+	} else {
+		objectID = git.MustIDFromString(sha)
+	}
+	ctx.Data["LFSFilesLink"] = ctx.Repo.RepoLink + "/settings/lfs"
+	ctx.Data["Oid"] = oid
+	ctx.Data["Size"] = size
+	ctx.Data["SHA"] = sha
+
+	results, err := pipeline.FindLFSFile(ctx.Repo.GitRepo, objectID)
+	if err != nil && err != io.EOF {
+		log.Error("Failure in FindLFSFile: %v", err)
+		ctx.ServerError("LFSFind: FindLFSFile.", err)
+		return
+	}
+
+	ctx.Data["Results"] = results
+	ctx.HTML(http.StatusOK, tplSettingsLFSFileFind)
+}
+
+// LFSPointerFiles will search the repository for pointer files and report which are missing LFS files in the content store
+func LFSPointerFiles(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound(nil)
+		return
+	}
+	ctx.Data["PageIsSettingsLFS"] = true
+	ctx.Data["LFSFilesLink"] = ctx.Repo.RepoLink + "/settings/lfs"
+
+	var err error
+	err = func() error {
+		pointerChan := make(chan lfs.PointerBlob)
+		errChan := make(chan error, 1)
+		go func() {
+			errChan <- lfs.SearchPointerBlobs(ctx, ctx.Repo.GitRepo, pointerChan)
+		}()
+
+		numPointers := 0
+		var numAssociated, numNoExist, numAssociatable int
+
+		type pointerResult struct {
+			SHA          string
+			Oid          string
+			Size         int64
+			InRepo       bool
+			Exists       bool
+			Accessible   bool
+			Associatable bool
+		}
+
+		results := []pointerResult{}
+
+		contentStore := lfs.NewContentStore()
+		repo := ctx.Repo.Repository
+
+		for pointerBlob := range pointerChan {
+			numPointers++
+
+			result := pointerResult{
+				SHA:  pointerBlob.Hash,
+				Oid:  pointerBlob.Oid,
+				Size: pointerBlob.Size,
+			}
+
+			if _, err := git_model.GetLFSMetaObjectByOid(ctx, repo.ID, pointerBlob.Oid); err != nil {
+				if err != git_model.ErrLFSObjectNotExist {
+					return err
+				}
+			} else {
+				result.InRepo = true
+			}
+
+			result.Exists, err = contentStore.Exists(pointerBlob.Pointer)
+			if err != nil {
+				return err
+			}
+
+			if result.Exists {
+				if !result.InRepo {
+					// Can we fix?
+					// OK well that's "simple"
+					// - we need to check whether current user has access to a repo that has access to the file
+					result.Associatable, err = git_model.LFSObjectAccessible(ctx, ctx.Doer, pointerBlob.Oid)
+					if err != nil {
+						return err
+					}
+					if !result.Associatable {
+						associated, err := git_model.ExistsLFSObject(ctx, pointerBlob.Oid)
+						if err != nil {
+							return err
+						}
+						result.Associatable = !associated
+					}
+				}
+			}
+
+			result.Accessible = result.InRepo || result.Associatable
+
+			if result.InRepo {
+				numAssociated++
+			}
+			if !result.Exists {
+				numNoExist++
+			}
+			if result.Associatable {
+				numAssociatable++
+			}
+
+			results = append(results, result)
+		}
+
+		ctx.Data["Pointers"] = results
+		ctx.Data["NumPointers"] = numPointers
+		ctx.Data["NumAssociated"] = numAssociated
+		ctx.Data["NumAssociatable"] = numAssociatable
+		ctx.Data["NumNoExist"] = numNoExist
+		ctx.Data["NumNotAssociated"] = numPointers - numAssociated
+
+		err := <-errChan
+		return err
+	}()
+	if err != nil {
+		ctx.ServerError("LFSPointerFiles", err)
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplSettingsLFSPointers)
+}
+
+// LFSAutoAssociate auto associates accessible lfs files
+func LFSAutoAssociate(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound(nil)
+		return
+	}
+	oids := ctx.FormStrings("oid")
+	metas := make([]*git_model.LFSMetaObject, len(oids))
+	for i, oid := range oids {
+		idx := strings.IndexRune(oid, ' ')
+		if idx < 0 || idx+1 > len(oid) {
+			ctx.ServerError("LFSAutoAssociate", fmt.Errorf("illegal oid input: %s", oid))
+			return
+		}
+		var err error
+		metas[i] = &git_model.LFSMetaObject{}
+		metas[i].Size, err = strconv.ParseInt(oid[idx+1:], 10, 64)
+		if err != nil {
+			ctx.ServerError("LFSAutoAssociate", fmt.Errorf("illegal oid input: %s %w", oid, err))
+			return
+		}
+		metas[i].Oid = oid[:idx]
+		// metas[i].RepositoryID = ctx.Repo.Repository.ID
+	}
+	if err := git_model.LFSAutoAssociate(ctx, metas, ctx.Doer, ctx.Repo.Repository.ID); err != nil {
+		ctx.ServerError("LFSAutoAssociate", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs")
+}
@@ -0,0 +1,14 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"testing"
+
+	"gitea.dev/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m)
+}
@@ -0,0 +1,390 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	git_model "gitea.dev/models/git"
+	"gitea.dev/models/organization"
+	"gitea.dev/models/perm"
+	access_model "gitea.dev/models/perm/access"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/glob"
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/web"
+	"gitea.dev/routers/web/repo"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	pull_service "gitea.dev/services/pull"
+	"gitea.dev/services/repository"
+)
+
+const (
+	tplProtectedBranch templates.TplName = "repo/settings/protected_branch"
+)
+
+// ProtectedBranchRules render the page to protect the repository
+func ProtectedBranchRules(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.branches")
+	ctx.Data["PageIsSettingsBranches"] = true
+
+	rules, err := git_model.FindRepoProtectedBranchRules(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("GetProtectedBranches", err)
+		return
+	}
+	ctx.Data["ProtectedBranches"] = rules
+
+	repo.PrepareBranchList(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplBranches)
+}
+
+// SettingsProtectedBranch renders the protected branch setting page
+func SettingsProtectedBranch(c *context.Context) {
+	ruleName := c.FormString("rule_name")
+	var rule *git_model.ProtectedBranch
+	if ruleName != "" {
+		var err error
+		rule, err = git_model.GetProtectedBranchRuleByName(c, c.Repo.Repository.ID, ruleName)
+		if err != nil {
+			c.ServerError("GetProtectBranchOfRepoByName", err)
+			return
+		}
+	}
+
+	if rule == nil {
+		// No options found, create defaults.
+		rule = &git_model.ProtectedBranch{}
+	}
+
+	c.Data["PageIsSettingsBranches"] = true
+	c.Data["Title"] = c.Locale.TrString("repo.settings.protected_branch") + " - " + rule.RuleName
+	users, err := access_model.GetUsersWithUnitAccess(c, c.Repo.Repository, perm.AccessModeRead, unit.TypePullRequests)
+	if err != nil {
+		c.ServerError("GetUsersWithUnitAccess", err)
+		return
+	}
+	c.Data["Users"] = users
+	c.Data["whitelist_users"] = strings.Join(base.Int64sToStrings(rule.WhitelistUserIDs), ",")
+	c.Data["force_push_allowlist_users"] = strings.Join(base.Int64sToStrings(rule.ForcePushAllowlistUserIDs), ",")
+	c.Data["merge_whitelist_users"] = strings.Join(base.Int64sToStrings(rule.MergeWhitelistUserIDs), ",")
+	c.Data["bypass_allowlist_users"] = strings.Join(base.Int64sToStrings(rule.BypassAllowlistUserIDs), ",")
+	c.Data["approvals_whitelist_users"] = strings.Join(base.Int64sToStrings(rule.ApprovalsWhitelistUserIDs), ",")
+	c.Data["status_check_contexts"] = strings.Join(rule.StatusCheckContexts, "\n")
+	contexts, _ := git_model.FindRepoRecentCommitStatusContexts(c, c.Repo.Repository.ID, 7*24*time.Hour) // Find last week status check contexts
+	c.Data["recent_status_checks"] = contexts
+
+	if c.Repo.Owner.IsOrganization() {
+		teams, err := organization.GetTeamsWithAccessToAnyRepoUnit(c, c.Repo.Owner.ID, c.Repo.Repository.ID, perm.AccessModeRead, unit.TypeCode, unit.TypePullRequests)
+		if err != nil {
+			c.ServerError("Repo.Owner.TeamsWithAccessToRepo", err)
+			return
+		}
+		c.Data["Teams"] = teams
+		c.Data["whitelist_teams"] = strings.Join(base.Int64sToStrings(rule.WhitelistTeamIDs), ",")
+		c.Data["force_push_allowlist_teams"] = strings.Join(base.Int64sToStrings(rule.ForcePushAllowlistTeamIDs), ",")
+		c.Data["merge_whitelist_teams"] = strings.Join(base.Int64sToStrings(rule.MergeWhitelistTeamIDs), ",")
+		c.Data["bypass_allowlist_teams"] = strings.Join(base.Int64sToStrings(rule.BypassAllowlistTeamIDs), ",")
+		c.Data["approvals_whitelist_teams"] = strings.Join(base.Int64sToStrings(rule.ApprovalsWhitelistTeamIDs), ",")
+	}
+
+	c.Data["Rule"] = rule
+	c.HTML(http.StatusOK, tplProtectedBranch)
+}
+
+// SettingsProtectedBranchPost updates the protected branch settings
+func SettingsProtectedBranchPost(ctx *context.Context) {
+	f := web.GetForm(ctx).(*forms.ProtectBranchForm)
+	var protectBranch *git_model.ProtectedBranch
+	if f.RuleName == "" {
+		ctx.Flash.Error(ctx.Tr("repo.settings.protected_branch_required_rule_name"))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/branches/edit")
+		return
+	}
+
+	var err error
+	if f.RuleID > 0 {
+		// If the RuleID isn't 0, it must be an edit operation. So we get rule by id.
+		protectBranch, err = git_model.GetProtectedBranchRuleByID(ctx, ctx.Repo.Repository.ID, f.RuleID)
+		if err != nil {
+			ctx.ServerError("GetProtectBranchOfRepoByID", err)
+			return
+		}
+		if protectBranch != nil && protectBranch.RuleName != f.RuleName {
+			// RuleName changed. We need to check if there is a rule with the same name.
+			// If a rule with the same name exists, an error should be returned.
+			sameNameProtectBranch, err := git_model.GetProtectedBranchRuleByName(ctx, ctx.Repo.Repository.ID, f.RuleName)
+			if err != nil {
+				ctx.ServerError("GetProtectBranchOfRepoByName", err)
+				return
+			}
+			if sameNameProtectBranch != nil {
+				ctx.Flash.Error(ctx.Tr("repo.settings.protected_branch_duplicate_rule_name"))
+				ctx.Redirect(fmt.Sprintf("%s/settings/branches/edit?rule_name=%s", ctx.Repo.RepoLink, protectBranch.RuleName))
+				return
+			}
+		}
+	} else {
+		// FIXME: If a new ProtectBranch has a duplicate RuleName, an error should be returned.
+		// Currently, if a new ProtectBranch with a duplicate RuleName is created, the existing ProtectBranch will be updated.
+		// But we cannot modify this logic now because many unit tests rely on it.
+		protectBranch, err = git_model.GetProtectedBranchRuleByName(ctx, ctx.Repo.Repository.ID, f.RuleName)
+		if err != nil {
+			ctx.ServerError("GetProtectBranchOfRepoByName", err)
+			return
+		}
+	}
+	if protectBranch == nil {
+		// No options found, create defaults.
+		protectBranch = &git_model.ProtectedBranch{
+			RepoID:   ctx.Repo.Repository.ID,
+			RuleName: f.RuleName,
+		}
+	}
+
+	var whitelistUsers, whitelistTeams, forcePushAllowlistUsers, forcePushAllowlistTeams, mergeWhitelistUsers, mergeWhitelistTeams, approvalsWhitelistUsers, approvalsWhitelistTeams, bypassAllowlistUsers, bypassAllowlistTeams []int64
+	protectBranch.RuleName = f.RuleName
+	if f.RequiredApprovals < 0 {
+		ctx.Flash.Error(ctx.Tr("repo.settings.protected_branch_required_approvals_min"))
+		ctx.Redirect(fmt.Sprintf("%s/settings/branches/edit?rule_name=%s", ctx.Repo.RepoLink, f.RuleName))
+		return
+	}
+
+	switch f.EnablePush {
+	case "all":
+		protectBranch.CanPush = true
+		protectBranch.EnableWhitelist = false
+		protectBranch.WhitelistDeployKeys = false
+	case "whitelist":
+		protectBranch.CanPush = true
+		protectBranch.EnableWhitelist = true
+		protectBranch.WhitelistDeployKeys = f.WhitelistDeployKeys
+		if strings.TrimSpace(f.WhitelistUsers) != "" {
+			whitelistUsers, _ = base.StringsToInt64s(strings.Split(f.WhitelistUsers, ","))
+		}
+		if strings.TrimSpace(f.WhitelistTeams) != "" {
+			whitelistTeams, _ = base.StringsToInt64s(strings.Split(f.WhitelistTeams, ","))
+		}
+	default:
+		protectBranch.CanPush = false
+		protectBranch.EnableWhitelist = false
+		protectBranch.WhitelistDeployKeys = false
+	}
+
+	switch f.EnableForcePush {
+	case "all":
+		protectBranch.CanForcePush = true
+		protectBranch.EnableForcePushAllowlist = false
+		protectBranch.ForcePushAllowlistDeployKeys = false
+	case "whitelist":
+		protectBranch.CanForcePush = true
+		protectBranch.EnableForcePushAllowlist = true
+		protectBranch.ForcePushAllowlistDeployKeys = f.ForcePushAllowlistDeployKeys
+		if strings.TrimSpace(f.ForcePushAllowlistUsers) != "" {
+			forcePushAllowlistUsers, _ = base.StringsToInt64s(strings.Split(f.ForcePushAllowlistUsers, ","))
+		}
+		if strings.TrimSpace(f.ForcePushAllowlistTeams) != "" {
+			forcePushAllowlistTeams, _ = base.StringsToInt64s(strings.Split(f.ForcePushAllowlistTeams, ","))
+		}
+	default:
+		protectBranch.CanForcePush = false
+		protectBranch.EnableForcePushAllowlist = false
+		protectBranch.ForcePushAllowlistDeployKeys = false
+	}
+
+	protectBranch.EnableMergeWhitelist = f.EnableMergeWhitelist
+	if f.EnableMergeWhitelist {
+		if strings.TrimSpace(f.MergeWhitelistUsers) != "" {
+			mergeWhitelistUsers, _ = base.StringsToInt64s(strings.Split(f.MergeWhitelistUsers, ","))
+		}
+		if strings.TrimSpace(f.MergeWhitelistTeams) != "" {
+			mergeWhitelistTeams, _ = base.StringsToInt64s(strings.Split(f.MergeWhitelistTeams, ","))
+		}
+	}
+
+	protectBranch.EnableBypassAllowlist = f.EnableBypassAllowlist
+	if f.EnableBypassAllowlist {
+		if strings.TrimSpace(f.BypassAllowlistUsers) != "" {
+			bypassAllowlistUsers, _ = base.StringsToInt64s(strings.Split(f.BypassAllowlistUsers, ","))
+		}
+		if strings.TrimSpace(f.BypassAllowlistTeams) != "" {
+			bypassAllowlistTeams, _ = base.StringsToInt64s(strings.Split(f.BypassAllowlistTeams, ","))
+		}
+	}
+
+	protectBranch.EnableStatusCheck = f.EnableStatusCheck
+	if f.EnableStatusCheck {
+		patterns := strings.Split(strings.ReplaceAll(f.StatusCheckContexts, "\r", "\n"), "\n")
+		validPatterns := make([]string, 0, len(patterns))
+		for _, pattern := range patterns {
+			trimmed := strings.TrimSpace(pattern)
+			if trimmed == "" {
+				continue
+			}
+			if _, err := glob.Compile(trimmed); err != nil {
+				ctx.Flash.Error(ctx.Tr("repo.settings.protect_invalid_status_check_pattern", pattern))
+				ctx.Redirect(fmt.Sprintf("%s/settings/branches/edit?rule_name=%s", ctx.Repo.RepoLink, url.QueryEscape(protectBranch.RuleName)))
+				return
+			}
+			validPatterns = append(validPatterns, trimmed)
+		}
+		if len(validPatterns) == 0 {
+			// if status check is enabled, patterns slice is not allowed to be empty
+			ctx.Flash.Error(ctx.Tr("repo.settings.protect_no_valid_status_check_patterns"))
+			ctx.Redirect(fmt.Sprintf("%s/settings/branches/edit?rule_name=%s", ctx.Repo.RepoLink, url.QueryEscape(protectBranch.RuleName)))
+			return
+		}
+		protectBranch.StatusCheckContexts = validPatterns
+	} else {
+		protectBranch.StatusCheckContexts = nil
+	}
+
+	protectBranch.RequiredApprovals = f.RequiredApprovals
+	protectBranch.EnableApprovalsWhitelist = f.EnableApprovalsWhitelist
+	if f.EnableApprovalsWhitelist {
+		if strings.TrimSpace(f.ApprovalsWhitelistUsers) != "" {
+			approvalsWhitelistUsers, _ = base.StringsToInt64s(strings.Split(f.ApprovalsWhitelistUsers, ","))
+		}
+		if strings.TrimSpace(f.ApprovalsWhitelistTeams) != "" {
+			approvalsWhitelistTeams, _ = base.StringsToInt64s(strings.Split(f.ApprovalsWhitelistTeams, ","))
+		}
+	}
+	protectBranch.BlockOnRejectedReviews = f.BlockOnRejectedReviews
+	protectBranch.BlockOnOfficialReviewRequests = f.BlockOnOfficialReviewRequests
+	protectBranch.DismissStaleApprovals = f.DismissStaleApprovals
+	protectBranch.IgnoreStaleApprovals = f.IgnoreStaleApprovals
+	protectBranch.RequireSignedCommits = f.RequireSignedCommits
+	protectBranch.ProtectedFilePatterns = f.ProtectedFilePatterns
+	protectBranch.UnprotectedFilePatterns = f.UnprotectedFilePatterns
+	protectBranch.BlockOnOutdatedBranch = f.BlockOnOutdatedBranch
+	protectBranch.BlockAdminMergeOverride = f.BlockAdminMergeOverride
+
+	if err = pull_service.CreateOrUpdateProtectedBranch(ctx, ctx.Repo.Repository, protectBranch, git_model.WhitelistOptions{
+		UserIDs:          whitelistUsers,
+		TeamIDs:          whitelistTeams,
+		ForcePushUserIDs: forcePushAllowlistUsers,
+		ForcePushTeamIDs: forcePushAllowlistTeams,
+		MergeUserIDs:     mergeWhitelistUsers,
+		MergeTeamIDs:     mergeWhitelistTeams,
+		ApprovalsUserIDs: approvalsWhitelistUsers,
+		ApprovalsTeamIDs: approvalsWhitelistTeams,
+		BypassUserIDs:    bypassAllowlistUsers,
+		BypassTeamIDs:    bypassAllowlistTeams,
+	}); err != nil {
+		ctx.ServerError("CreateOrUpdateProtectedBranch", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.update_protect_branch_success", protectBranch.RuleName))
+	ctx.Redirect(fmt.Sprintf("%s/settings/branches?rule_name=%s", ctx.Repo.RepoLink, protectBranch.RuleName))
+}
+
+// DeleteProtectedBranchRulePost delete protected branch rule by id
+func DeleteProtectedBranchRulePost(ctx *context.Context) {
+	ruleID := ctx.PathParamInt64("id")
+	if ruleID <= 0 {
+		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", strconv.FormatInt(ruleID, 10)))
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/branches")
+		return
+	}
+
+	rule, err := git_model.GetProtectedBranchRuleByID(ctx, ctx.Repo.Repository.ID, ruleID)
+	if err != nil {
+		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", strconv.FormatInt(ruleID, 10)))
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/branches")
+		return
+	}
+
+	if rule == nil {
+		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", strconv.FormatInt(ruleID, 10)))
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/branches")
+		return
+	}
+
+	if err := git_model.DeleteProtectedBranch(ctx, ctx.Repo.Repository, ruleID); err != nil {
+		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", rule.RuleName))
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/branches")
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.remove_protected_branch_success", rule.RuleName))
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/branches")
+}
+
+func UpdateBranchProtectionPriories(ctx *context.Context) {
+	var form struct {
+		IDs []int64 `json:"ids"`
+	}
+	if err := json.NewDecoder(ctx.Req.Body).Decode(&form); err != nil {
+		ctx.JSONError("invalid argument")
+		return
+	}
+	if err := git_model.UpdateProtectBranchPriorities(ctx, ctx.Repo.Repository, form.IDs); err != nil {
+		ctx.ServerError("UpdateProtectBranchPriorities", err)
+		return
+	}
+}
+
+// RenameBranchPost responses for rename a branch
+func RenameBranchPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.RenameBranchForm)
+
+	if !ctx.Repo.CanCreateBranch() {
+		ctx.NotFound(nil)
+		return
+	}
+
+	if ctx.HasError() {
+		ctx.Flash.Error(ctx.GetErrMsg())
+		ctx.Redirect(ctx.Repo.RepoLink + "/branches")
+		return
+	}
+
+	msg, err := repository.RenameBranch(ctx, ctx.Repo.Repository, ctx.Doer, form.From, form.To)
+	if err != nil {
+		switch {
+		case repo_model.IsErrUserDoesNotHaveAccessToRepo(err):
+			ctx.Flash.Error(ctx.Tr("repo.branch.rename_default_or_protected_branch_error"))
+			ctx.Redirect(ctx.Repo.RepoLink + "/branches")
+		case git_model.IsErrBranchAlreadyExists(err):
+			ctx.Flash.Error(ctx.Tr("repo.branch.branch_already_exists", form.To))
+			ctx.Redirect(ctx.Repo.RepoLink + "/branches")
+		case errors.Is(err, git_model.ErrBranchIsProtected):
+			ctx.Flash.Error(ctx.Tr("repo.branch.rename_protected_branch_failed"))
+			ctx.Redirect(ctx.Repo.RepoLink + "/branches")
+		default:
+			ctx.ServerError("RenameBranch", err)
+		}
+		return
+	}
+
+	if msg == "target_exist" {
+		ctx.Flash.Error(ctx.Tr("repo.settings.rename_branch_failed_exist", form.To))
+		ctx.Redirect(ctx.Repo.RepoLink + "/branches")
+		return
+	}
+
+	if msg == "from_not_exist" {
+		ctx.Flash.Error(ctx.Tr("repo.settings.rename_branch_failed_not_exist", form.From))
+		ctx.Redirect(ctx.Repo.RepoLink + "/branches")
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.rename_branch_success", form.From, form.To))
+	ctx.Redirect(ctx.Repo.RepoLink + "/branches")
+}
@@ -0,0 +1,190 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	git_model "gitea.dev/models/git"
+	"gitea.dev/models/organization"
+	"gitea.dev/models/perm"
+	access_model "gitea.dev/models/perm/access"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+)
+
+const (
+	tplTags templates.TplName = "repo/settings/tags"
+)
+
+// Tags render the page to protect tags
+func ProtectedTags(ctx *context.Context) {
+	if setTagsContext(ctx) != nil {
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplTags)
+}
+
+// NewProtectedTagPost handles creation of a protect tag
+func NewProtectedTagPost(ctx *context.Context) {
+	if setTagsContext(ctx) != nil {
+		return
+	}
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplTags)
+		return
+	}
+
+	repo := ctx.Repo.Repository
+	form := web.GetForm(ctx).(*forms.ProtectTagForm)
+
+	pt := &git_model.ProtectedTag{
+		RepoID:      repo.ID,
+		NamePattern: strings.TrimSpace(form.NamePattern),
+	}
+
+	if strings.TrimSpace(form.AllowlistUsers) != "" {
+		pt.AllowlistUserIDs, _ = base.StringsToInt64s(strings.Split(form.AllowlistUsers, ","))
+	}
+	if strings.TrimSpace(form.AllowlistTeams) != "" {
+		pt.AllowlistTeamIDs, _ = base.StringsToInt64s(strings.Split(form.AllowlistTeams, ","))
+	}
+
+	if err := git_model.InsertProtectedTag(ctx, pt); err != nil {
+		ctx.ServerError("InsertProtectedTag", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
+	ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
+}
+
+// EditProtectedTag render the page to edit a protect tag
+func EditProtectedTag(ctx *context.Context) {
+	if setTagsContext(ctx) != nil {
+		return
+	}
+
+	ctx.Data["PageIsEditProtectedTag"] = true
+
+	pt := selectProtectedTagByContext(ctx)
+	if pt == nil {
+		return
+	}
+
+	ctx.Data["name_pattern"] = pt.NamePattern
+	ctx.Data["allowlist_users"] = strings.Join(base.Int64sToStrings(pt.AllowlistUserIDs), ",")
+	ctx.Data["allowlist_teams"] = strings.Join(base.Int64sToStrings(pt.AllowlistTeamIDs), ",")
+
+	ctx.HTML(http.StatusOK, tplTags)
+}
+
+// EditProtectedTagPost handles creation of a protect tag
+func EditProtectedTagPost(ctx *context.Context) {
+	if setTagsContext(ctx) != nil {
+		return
+	}
+
+	ctx.Data["PageIsEditProtectedTag"] = true
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplTags)
+		return
+	}
+
+	pt := selectProtectedTagByContext(ctx)
+	if pt == nil {
+		return
+	}
+
+	form := web.GetForm(ctx).(*forms.ProtectTagForm)
+
+	pt.NamePattern = strings.TrimSpace(form.NamePattern)
+	pt.AllowlistUserIDs, _ = base.StringsToInt64s(strings.Split(form.AllowlistUsers, ","))
+	pt.AllowlistTeamIDs, _ = base.StringsToInt64s(strings.Split(form.AllowlistTeams, ","))
+
+	if err := git_model.UpdateProtectedTag(ctx, pt); err != nil {
+		ctx.ServerError("UpdateProtectedTag", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
+	ctx.Redirect(ctx.Repo.Repository.Link() + "/settings/tags")
+}
+
+// DeleteProtectedTagPost handles deletion of a protected tag
+func DeleteProtectedTagPost(ctx *context.Context) {
+	pt := selectProtectedTagByContext(ctx)
+	if pt == nil {
+		return
+	}
+
+	if err := git_model.DeleteProtectedTag(ctx, pt); err != nil {
+		ctx.ServerError("DeleteProtectedTag", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
+	ctx.Redirect(ctx.Repo.Repository.Link() + "/settings/tags")
+}
+
+func setTagsContext(ctx *context.Context) error {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.tags")
+	ctx.Data["PageIsSettingsTags"] = true
+
+	protectedTags, err := git_model.GetProtectedTags(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("GetProtectedTags", err)
+		return err
+	}
+	ctx.Data["ProtectedTags"] = protectedTags
+
+	users, err := access_model.GetUsersWithUnitAccess(ctx, ctx.Repo.Repository, perm.AccessModeRead, unit.TypePullRequests)
+	if err != nil {
+		ctx.ServerError("GetUsersWithUnitAccess", err)
+		return err
+	}
+	ctx.Data["Users"] = users
+
+	if ctx.Repo.Owner.IsOrganization() {
+		teams, err := organization.GetTeamsWithAccessToAnyRepoUnit(ctx, ctx.Repo.Owner.ID, ctx.Repo.Repository.ID, perm.AccessModeRead, unit.TypeCode, unit.TypePullRequests)
+		if err != nil {
+			ctx.ServerError("Repo.Owner.TeamsWithAccessToRepo", err)
+			return err
+		}
+		ctx.Data["Teams"] = teams
+	}
+
+	return nil
+}
+
+func selectProtectedTagByContext(ctx *context.Context) *git_model.ProtectedTag {
+	id := ctx.FormInt64("id")
+	if id == 0 {
+		id = ctx.PathParamInt64("id")
+	}
+
+	tag, err := git_model.GetProtectedTagByID(ctx, id)
+	if err != nil {
+		ctx.ServerError("GetProtectedTagByID", err)
+		return nil
+	}
+
+	if tag != nil && tag.RepoID == ctx.Repo.Repository.ID {
+		return tag
+	}
+
+	ctx.NotFound(fmt.Errorf("ProtectedTag[%v] not associated to repository %v", id, ctx.Repo.Repository))
+
+	return nil
+}
@@ -0,0 +1,155 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"net/http"
+	"slices"
+	"strconv"
+
+	"gitea.dev/models/perm"
+	"gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+)
+
+const tplRepoSettingsPublicAccess templates.TplName = "repo/settings/public_access"
+
+func parsePublicAccessMode(permission string, allowed []string) (ret struct {
+	AnonymousAccessMode, EveryoneAccessMode perm.AccessMode
+},
+) {
+	ret.AnonymousAccessMode = perm.AccessModeNone
+	ret.EveryoneAccessMode = perm.AccessModeNone
+
+	// if site admin forces repositories to be private, then do not allow any other access mode,
+	// otherwise the "force private" setting would be bypassed
+	if setting.Repository.ForcePrivate {
+		return ret
+	}
+	if !slices.Contains(allowed, permission) {
+		return ret
+	}
+	switch permission {
+	case paAnonymousRead:
+		ret.AnonymousAccessMode = perm.AccessModeRead
+	case paEveryoneRead:
+		ret.EveryoneAccessMode = perm.AccessModeRead
+	case paEveryoneWrite:
+		ret.EveryoneAccessMode = perm.AccessModeWrite
+	}
+	return ret
+}
+
+const (
+	paNotSet        = "not-set"
+	paAnonymousRead = "anonymous-read"
+	paEveryoneRead  = "everyone-read"
+	paEveryoneWrite = "everyone-write"
+)
+
+type repoUnitPublicAccess struct {
+	UnitType          unit.Type
+	FormKey           string
+	DisplayName       string
+	PublicAccessTypes []string
+	UnitPublicAccess  string
+}
+
+func repoUnitPublicAccesses(ctx *context.Context) []*repoUnitPublicAccess {
+	accesses := []*repoUnitPublicAccess{
+		{
+			UnitType:          unit.TypeCode,
+			DisplayName:       ctx.Locale.TrString("repo.code"),
+			PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
+		},
+		{
+			UnitType:          unit.TypeIssues,
+			DisplayName:       ctx.Locale.TrString("issues"),
+			PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
+		},
+		{
+			UnitType:          unit.TypePullRequests,
+			DisplayName:       ctx.Locale.TrString("pull_requests"),
+			PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
+		},
+		{
+			UnitType:          unit.TypeReleases,
+			DisplayName:       ctx.Locale.TrString("repo.releases"),
+			PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
+		},
+		{
+			UnitType:          unit.TypeWiki,
+			DisplayName:       ctx.Locale.TrString("repo.wiki"),
+			PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead, paEveryoneWrite},
+		},
+		{
+			UnitType:          unit.TypeProjects,
+			DisplayName:       ctx.Locale.TrString("repo.projects"),
+			PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
+		},
+		{
+			UnitType:          unit.TypePackages,
+			DisplayName:       ctx.Locale.TrString("repo.packages"),
+			PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
+		},
+		{
+			UnitType:          unit.TypeActions,
+			DisplayName:       ctx.Locale.TrString("repo.actions"),
+			PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
+		},
+	}
+	for _, ua := range accesses {
+		ua.FormKey = "repo-unit-access-" + strconv.Itoa(int(ua.UnitType))
+		for _, u := range ctx.Repo.Repository.Units {
+			if u.Type == ua.UnitType {
+				ua.UnitPublicAccess = paNotSet
+				switch {
+				case u.EveryoneAccessMode == perm.AccessModeWrite:
+					ua.UnitPublicAccess = paEveryoneWrite
+				case u.EveryoneAccessMode == perm.AccessModeRead:
+					ua.UnitPublicAccess = paEveryoneRead
+				case u.AnonymousAccessMode == perm.AccessModeRead:
+					ua.UnitPublicAccess = paAnonymousRead
+				}
+				break
+			}
+		}
+	}
+	return slices.DeleteFunc(accesses, func(ua *repoUnitPublicAccess) bool {
+		return ua.UnitPublicAccess == ""
+	})
+}
+
+func PublicAccess(ctx *context.Context) {
+	ctx.Data["PageIsSettingsPublicAccess"] = true
+	ctx.Data["RepoUnitPublicAccesses"] = repoUnitPublicAccesses(ctx)
+	ctx.Data["GlobalForcePrivate"] = setting.Repository.ForcePrivate
+	if setting.Repository.ForcePrivate {
+		ctx.Flash.Error(ctx.Tr("form.repository_force_private"), true)
+	}
+	ctx.HTML(http.StatusOK, tplRepoSettingsPublicAccess)
+}
+
+func PublicAccessPost(ctx *context.Context) {
+	accesses := repoUnitPublicAccesses(ctx)
+	for _, ua := range accesses {
+		formVal := ctx.FormString(ua.FormKey)
+		parsed := parsePublicAccessMode(formVal, ua.PublicAccessTypes)
+		err := repo.UpdateRepoUnitPublicAccess(ctx, &repo.RepoUnit{
+			RepoID:              ctx.Repo.Repository.ID,
+			Type:                ua.UnitType,
+			AnonymousAccessMode: parsed.AnonymousAccessMode,
+			EveryoneAccessMode:  parsed.EveryoneAccessMode,
+		})
+		if err != nil {
+			ctx.ServerError("UpdateRepoUnitPublicAccess", err)
+			return
+		}
+	}
+	ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
+	ctx.Redirect(ctx.Repo.Repository.Link() + "/settings/public_access")
+}
@@ -0,0 +1,126 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"errors"
+	"net/http"
+
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	shared "gitea.dev/routers/web/shared/secrets"
+	shared_user "gitea.dev/routers/web/shared/user"
+	"gitea.dev/services/context"
+)
+
+const (
+	// TODO: Separate secrets from runners when layout is ready
+	tplRepoSecrets templates.TplName = "repo/settings/actions"
+	tplOrgSecrets  templates.TplName = "org/settings/actions"
+	tplUserSecrets templates.TplName = "user/settings/actions"
+)
+
+type secretsCtx struct {
+	OwnerID         int64
+	RepoID          int64
+	IsRepo          bool
+	IsOrg           bool
+	IsUser          bool
+	SecretsTemplate templates.TplName
+	RedirectLink    string
+}
+
+func getSecretsCtx(ctx *context.Context) (*secretsCtx, error) {
+	if ctx.Data["PageIsRepoSettings"] == true {
+		return &secretsCtx{
+			OwnerID:         0,
+			RepoID:          ctx.Repo.Repository.ID,
+			IsRepo:          true,
+			SecretsTemplate: tplRepoSecrets,
+			RedirectLink:    ctx.Repo.RepoLink + "/settings/actions/secrets",
+		}, nil
+	}
+
+	if ctx.Data["PageIsOrgSettings"] == true {
+		if _, err := shared_user.RenderUserOrgHeader(ctx); err != nil {
+			ctx.ServerError("RenderUserOrgHeader", err)
+			return nil, nil //nolint:nilnil // error is already handled by ctx.ServerError
+		}
+		return &secretsCtx{
+			OwnerID:         ctx.ContextUser.ID,
+			RepoID:          0,
+			IsOrg:           true,
+			SecretsTemplate: tplOrgSecrets,
+			RedirectLink:    ctx.Org.OrgLink + "/settings/actions/secrets",
+		}, nil
+	}
+
+	if ctx.Data["PageIsUserSettings"] == true {
+		return &secretsCtx{
+			OwnerID:         ctx.Doer.ID,
+			RepoID:          0,
+			IsUser:          true,
+			SecretsTemplate: tplUserSecrets,
+			RedirectLink:    setting.AppSubURL + "/user/settings/actions/secrets",
+		}, nil
+	}
+
+	return nil, errors.New("unable to set Secrets context")
+}
+
+func Secrets(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("actions.actions")
+	ctx.Data["PageType"] = "secrets"
+	ctx.Data["PageIsSharedSettingsSecrets"] = true
+
+	sCtx, err := getSecretsCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getSecretsCtx", err)
+		return
+	}
+
+	if sCtx.IsRepo {
+		ctx.Data["DisableSSH"] = setting.SSH.Disabled
+	}
+
+	shared.SetSecretsContext(ctx, sCtx.OwnerID, sCtx.RepoID)
+	if ctx.Written() {
+		return
+	}
+	ctx.HTML(http.StatusOK, sCtx.SecretsTemplate)
+}
+
+func SecretsPost(ctx *context.Context) {
+	sCtx, err := getSecretsCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getSecretsCtx", err)
+		return
+	}
+
+	if ctx.HasError() {
+		ctx.JSONError(ctx.GetErrMsg())
+		return
+	}
+
+	shared.PerformSecretsPost(
+		ctx,
+		sCtx.OwnerID,
+		sCtx.RepoID,
+		sCtx.RedirectLink,
+	)
+}
+
+func SecretsDelete(ctx *context.Context) {
+	sCtx, err := getSecretsCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getSecretsCtx", err)
+		return
+	}
+	shared.PerformSecretsDelete(
+		ctx,
+		sCtx.OwnerID,
+		sCtx.RepoID,
+		sCtx.RedirectLink,
+	)
+}
@@ -0,0 +1,433 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"net/http"
+	"testing"
+
+	asymkey_model "gitea.dev/models/asymkey"
+	"gitea.dev/models/organization"
+	"gitea.dev/models/perm"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unittest"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/test"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/context"
+	"gitea.dev/services/contexttest"
+	"gitea.dev/services/forms"
+	mirror_service "gitea.dev/services/mirror"
+	repo_service "gitea.dev/services/repository"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAddReadOnlyDeployKey(t *testing.T) {
+	defer test.MockVariableValue(&setting.SSH.RootPath, t.TempDir())()
+	unittest.PrepareTestEnv(t)
+
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/settings/keys")
+
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 2)
+
+	addKeyForm := forms.AddKeyForm{
+		Title:   "read-only",
+		Content: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
+	}
+	web.SetForm(ctx, &addKeyForm)
+	DeployKeysPost(ctx)
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+
+	unittest.AssertExistsAndLoadBean(t, &asymkey_model.DeployKey{
+		Name:    addKeyForm.Title,
+		Content: addKeyForm.Content,
+		Mode:    perm.AccessModeRead,
+	})
+}
+
+func TestAddReadWriteOnlyDeployKey(t *testing.T) {
+	defer test.MockVariableValue(&setting.SSH.RootPath, t.TempDir())()
+
+	unittest.PrepareTestEnv(t)
+
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/settings/keys")
+
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 2)
+
+	addKeyForm := forms.AddKeyForm{
+		Title:      "read-write",
+		Content:    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
+		IsWritable: true,
+	}
+	web.SetForm(ctx, &addKeyForm)
+	DeployKeysPost(ctx)
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+
+	unittest.AssertExistsAndLoadBean(t, &asymkey_model.DeployKey{
+		Name:    addKeyForm.Title,
+		Content: addKeyForm.Content,
+		Mode:    perm.AccessModeWrite,
+	})
+}
+
+func TestCollaborationPost(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/issues/labels")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadUser(t, ctx, 4)
+	contexttest.LoadRepo(t, ctx, 1)
+
+	ctx.Req.Form.Set("collaborator", "user4")
+
+	u := &user_model.User{
+		LowerName: "user2",
+		Type:      user_model.UserTypeIndividual,
+	}
+
+	re := &repo_model.Repository{
+		ID:    2,
+		Owner: u,
+	}
+
+	repo := &context.Repository{
+		Owner:      u,
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	CollaborationPost(ctx)
+
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+
+	exists, err := repo_model.IsCollaborator(ctx, re.ID, 4)
+	assert.NoError(t, err)
+	assert.True(t, exists)
+}
+
+func TestCollaborationPost_InactiveUser(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/issues/labels")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadUser(t, ctx, 9)
+	contexttest.LoadRepo(t, ctx, 1)
+
+	ctx.Req.Form.Set("collaborator", "user9")
+
+	repo := &context.Repository{
+		Owner: &user_model.User{
+			LowerName: "user2",
+		},
+	}
+
+	ctx.Repo = repo
+
+	CollaborationPost(ctx)
+
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestCollaborationPost_AddCollaboratorTwice(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/issues/labels")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadUser(t, ctx, 4)
+	contexttest.LoadRepo(t, ctx, 1)
+
+	ctx.Req.Form.Set("collaborator", "user4")
+
+	u := &user_model.User{
+		LowerName: "user2",
+		Type:      user_model.UserTypeIndividual,
+	}
+
+	re := &repo_model.Repository{
+		ID:    2,
+		Owner: u,
+	}
+
+	repo := &context.Repository{
+		Owner:      u,
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	CollaborationPost(ctx)
+
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+
+	exists, err := repo_model.IsCollaborator(ctx, re.ID, 4)
+	assert.NoError(t, err)
+	assert.True(t, exists)
+
+	// Try adding the same collaborator again
+	CollaborationPost(ctx)
+
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestCollaborationPost_NonExistentUser(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/issues/labels")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+
+	ctx.Req.Form.Set("collaborator", "user34")
+
+	repo := &context.Repository{
+		Owner: &user_model.User{
+			LowerName: "user2",
+		},
+	}
+
+	ctx.Repo = repo
+
+	CollaborationPost(ctx)
+
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestAddTeamPost(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "org26/repo43")
+
+	ctx.Req.Form.Set("team", "team11")
+
+	org := &user_model.User{
+		LowerName: "org26",
+		Type:      user_model.UserTypeOrganization,
+	}
+
+	team := &organization.Team{
+		ID:    11,
+		OrgID: 26,
+	}
+
+	re := &repo_model.Repository{
+		ID:      43,
+		Owner:   org,
+		OwnerID: 26,
+	}
+
+	repo := &context.Repository{
+		Owner: &user_model.User{
+			ID:                        26,
+			LowerName:                 "org26",
+			RepoAdminChangeTeamAccess: true,
+		},
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	AddTeamPost(ctx)
+
+	assert.True(t, repo_service.HasRepository(t.Context(), team, re.ID))
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+	assert.Empty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestAddTeamPost_NotAllowed(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "org26/repo43")
+
+	ctx.Req.Form.Set("team", "team11")
+
+	org := &user_model.User{
+		LowerName: "org26",
+		Type:      user_model.UserTypeOrganization,
+	}
+
+	team := &organization.Team{
+		ID:    11,
+		OrgID: 26,
+	}
+
+	re := &repo_model.Repository{
+		ID:      43,
+		Owner:   org,
+		OwnerID: 26,
+	}
+
+	repo := &context.Repository{
+		Owner: &user_model.User{
+			ID:                        26,
+			LowerName:                 "org26",
+			RepoAdminChangeTeamAccess: false,
+		},
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	AddTeamPost(ctx)
+
+	assert.False(t, repo_service.HasRepository(t.Context(), team, re.ID))
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestAddTeamPost_AddTeamTwice(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "org26/repo43")
+
+	ctx.Req.Form.Set("team", "team11")
+
+	org := &user_model.User{
+		LowerName: "org26",
+		Type:      user_model.UserTypeOrganization,
+	}
+
+	team := &organization.Team{
+		ID:    11,
+		OrgID: 26,
+	}
+
+	re := &repo_model.Repository{
+		ID:      43,
+		Owner:   org,
+		OwnerID: 26,
+	}
+
+	repo := &context.Repository{
+		Owner: &user_model.User{
+			ID:                        26,
+			LowerName:                 "org26",
+			RepoAdminChangeTeamAccess: true,
+		},
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	AddTeamPost(ctx)
+
+	AddTeamPost(ctx)
+	assert.True(t, repo_service.HasRepository(t.Context(), team, re.ID))
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestAddTeamPost_NonExistentTeam(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "org26/repo43")
+
+	ctx.Req.Form.Set("team", "team-non-existent")
+
+	org := &user_model.User{
+		LowerName: "org26",
+		Type:      user_model.UserTypeOrganization,
+	}
+
+	re := &repo_model.Repository{
+		ID:      43,
+		Owner:   org,
+		OwnerID: 26,
+	}
+
+	repo := &context.Repository{
+		Owner: &user_model.User{
+			ID:                        26,
+			LowerName:                 "org26",
+			RepoAdminChangeTeamAccess: true,
+		},
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	AddTeamPost(ctx)
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestDeleteTeam(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	ctx, _ := contexttest.MockContext(t, "org3/team1/repo3")
+
+	ctx.Req.Form.Set("id", "2")
+
+	org := &user_model.User{
+		LowerName: "org3",
+		Type:      user_model.UserTypeOrganization,
+	}
+
+	team := &organization.Team{
+		ID:    2,
+		OrgID: 3,
+	}
+
+	re := &repo_model.Repository{
+		ID:      3,
+		Owner:   org,
+		OwnerID: 3,
+	}
+
+	repo := &context.Repository{
+		Owner: &user_model.User{
+			ID:                        3,
+			LowerName:                 "org3",
+			RepoAdminChangeTeamAccess: true,
+		},
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	DeleteTeam(ctx)
+
+	assert.False(t, repo_service.HasRepository(t.Context(), team, re.ID))
+}
+
+func TestHandleSettingsPostMirrorPreservesExistingUsername(t *testing.T) {
+	defer test.MockVariableValue(&setting.Mirror.Enabled, true)()
+
+	unittest.PrepareTestEnv(t)
+
+	// Use the existing fixture mirror repo (org3/repo5) which has a git repo on disk.
+	mirrorRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 5})
+	mirror := unittest.AssertExistsAndLoadBean(t, &repo_model.Mirror{RepoID: 5})
+
+	require.NoError(t, mirror_service.UpdateAddress(t.Context(), mirror, "https://existing-user:existing-password@example.com/user2/repo1.git"))
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+	ctx, _ := contexttest.MockContext(t, mirrorRepo.Link()+"/settings")
+	contexttest.LoadUser(t, ctx, user.ID)
+	contexttest.LoadRepo(t, ctx, mirrorRepo.ID)
+
+	web.SetForm(ctx, &forms.RepoSettingForm{
+		Interval:       "8h",
+		MirrorAddress:  "https://example.com/user2/repo1.git",
+		MirrorPassword: "updated-password",
+	})
+
+	handleSettingsPostMirror(ctx)
+
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+
+	updatedMirror := unittest.AssertExistsAndLoadBean(t, &repo_model.Mirror{RepoID: mirrorRepo.ID})
+	assert.Equal(t, "https://example.com/user2/repo1.git", updatedMirror.RemoteAddress)
+
+	updatedRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: mirrorRepo.ID})
+	assert.Equal(t, "https://example.com/user2/repo1.git", updatedRepo.OriginalURL)
+
+	remoteURL, err := gitrepo.GitRemoteGetURL(t.Context(), updatedRepo, updatedMirror.GetRemoteName())
+	require.NoError(t, err)
+	require.NotNil(t, remoteURL.User)
+	assert.Equal(t, "existing-user", remoteURL.User.Username())
+	password, ok := remoteURL.User.Password()
+	require.True(t, ok)
+	assert.Equal(t, "updated-password", password)
+}
@@ -0,0 +1,751 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"path"
+	"strings"
+
+	"gitea.dev/models/db"
+	"gitea.dev/models/perm"
+	access_model "gitea.dev/models/perm/access"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/models/webhook"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/setting"
+	api "gitea.dev/modules/structs"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	webhook_module "gitea.dev/modules/webhook"
+	"gitea.dev/services/context"
+	"gitea.dev/services/convert"
+	"gitea.dev/services/forms"
+	webhook_service "gitea.dev/services/webhook"
+)
+
+const (
+	tplHooks        templates.TplName = "repo/settings/webhook/base"
+	tplHookNew      templates.TplName = "repo/settings/webhook/new"
+	tplOrgHookNew   templates.TplName = "org/settings/hook_new"
+	tplUserHookNew  templates.TplName = "user/settings/hook_new"
+	tplAdminHookNew templates.TplName = "admin/hook_new"
+)
+
+// Webhooks render web hooks list page
+func Webhooks(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.hooks")
+	ctx.Data["PageIsSettingsHooks"] = true
+	ctx.Data["BaseLink"] = ctx.Repo.RepoLink + "/settings/hooks"
+	ctx.Data["BaseLinkNew"] = ctx.Repo.RepoLink + "/settings/hooks"
+	ctx.Data["Description"] = ctx.Tr("repo.settings.hooks_desc", "https://docs.gitea.com/usage/webhooks")
+
+	ws, err := db.Find[webhook.Webhook](ctx, webhook.ListWebhookOptions{RepoID: ctx.Repo.Repository.ID})
+	if err != nil {
+		ctx.ServerError("GetWebhooksByRepoID", err)
+		return
+	}
+	ctx.Data["Webhooks"] = ws
+
+	ctx.HTML(http.StatusOK, tplHooks)
+}
+
+type ownerRepoCtx struct {
+	OwnerID         int64
+	RepoID          int64
+	IsAdmin         bool
+	IsSystemWebhook bool
+	Link            string
+	LinkNew         string
+	NewTemplate     templates.TplName
+}
+
+// getOwnerRepoCtx determines whether this is a repo, owner, or admin (both default and system) context.
+func getOwnerRepoCtx(ctx *context.Context) (*ownerRepoCtx, error) {
+	if ctx.Data["PageIsRepoSettings"] == true {
+		return &ownerRepoCtx{
+			RepoID:      ctx.Repo.Repository.ID,
+			Link:        path.Join(ctx.Repo.RepoLink, "settings/hooks"),
+			LinkNew:     path.Join(ctx.Repo.RepoLink, "settings/hooks"),
+			NewTemplate: tplHookNew,
+		}, nil
+	}
+
+	if ctx.Data["PageIsOrgSettings"] == true {
+		return &ownerRepoCtx{
+			OwnerID:     ctx.ContextUser.ID,
+			Link:        path.Join(ctx.Org.OrgLink, "settings/hooks"),
+			LinkNew:     path.Join(ctx.Org.OrgLink, "settings/hooks"),
+			NewTemplate: tplOrgHookNew,
+		}, nil
+	}
+
+	if ctx.Data["PageIsUserSettings"] == true {
+		return &ownerRepoCtx{
+			OwnerID:     ctx.Doer.ID,
+			Link:        path.Join(setting.AppSubURL, "/user/settings/hooks"),
+			LinkNew:     path.Join(setting.AppSubURL, "/user/settings/hooks"),
+			NewTemplate: tplUserHookNew,
+		}, nil
+	}
+
+	if ctx.Data["PageIsAdmin"] == true {
+		return &ownerRepoCtx{
+			IsAdmin:         true,
+			IsSystemWebhook: ctx.PathParam("configType") == "system-hooks",
+			Link:            path.Join(setting.AppSubURL, "/-/admin/hooks"),
+			LinkNew:         path.Join(setting.AppSubURL, "/-/admin/", ctx.PathParam("configType")),
+			NewTemplate:     tplAdminHookNew,
+		}, nil
+	}
+
+	return nil, errors.New("unable to set OwnerRepo context")
+}
+
+func checkHookType(ctx *context.Context) string {
+	hookType := strings.ToLower(ctx.PathParam("type"))
+	if !util.SliceContainsString(setting.Webhook.Types, hookType, true) {
+		ctx.NotFound(nil)
+		return ""
+	}
+	return hookType
+}
+
+// WebhooksNew render creating webhook page
+func WebhooksNew(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.add_webhook")
+	ctx.Data["Webhook"] = webhook.Webhook{HookEvent: &webhook_module.HookEvent{}}
+
+	orCtx, err := getOwnerRepoCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getOwnerRepoCtx", err)
+		return
+	}
+
+	if orCtx.IsAdmin && orCtx.IsSystemWebhook {
+		ctx.Data["PageIsAdminSystemHooks"] = true
+		ctx.Data["PageIsAdminSystemHooksNew"] = true
+	} else if orCtx.IsAdmin {
+		ctx.Data["PageIsAdminDefaultHooks"] = true
+		ctx.Data["PageIsAdminDefaultHooksNew"] = true
+	} else {
+		ctx.Data["PageIsSettingsHooks"] = true
+		ctx.Data["PageIsSettingsHooksNew"] = true
+	}
+
+	hookType := checkHookType(ctx)
+	ctx.Data["HookType"] = hookType
+	if ctx.Written() {
+		return
+	}
+	if hookType == "discord" {
+		ctx.Data["DiscordHook"] = map[string]any{
+			"Username": "Gitea",
+		}
+	}
+	ctx.Data["BaseLink"] = orCtx.LinkNew
+	ctx.Data["BaseLinkNew"] = orCtx.LinkNew
+
+	ctx.HTML(http.StatusOK, orCtx.NewTemplate)
+}
+
+// ParseHookEvent convert web form content to webhook.HookEvent
+func ParseHookEvent(form forms.WebhookForm) *webhook_module.HookEvent {
+	return &webhook_module.HookEvent{
+		PushOnly:       form.PushOnly(),
+		SendEverything: form.SendEverything(),
+		ChooseEvents:   form.ChooseEvents(),
+		HookEvents: webhook_module.HookEvents{
+			webhook_module.HookEventCreate:                   form.Create,
+			webhook_module.HookEventDelete:                   form.Delete,
+			webhook_module.HookEventFork:                     form.Fork,
+			webhook_module.HookEventIssues:                   form.Issues,
+			webhook_module.HookEventIssueAssign:              form.IssueAssign,
+			webhook_module.HookEventIssueLabel:               form.IssueLabel,
+			webhook_module.HookEventIssueMilestone:           form.IssueMilestone,
+			webhook_module.HookEventIssueComment:             form.IssueComment,
+			webhook_module.HookEventRelease:                  form.Release,
+			webhook_module.HookEventPush:                     form.Push,
+			webhook_module.HookEventPullRequest:              form.PullRequest,
+			webhook_module.HookEventPullRequestAssign:        form.PullRequestAssign,
+			webhook_module.HookEventPullRequestLabel:         form.PullRequestLabel,
+			webhook_module.HookEventPullRequestMilestone:     form.PullRequestMilestone,
+			webhook_module.HookEventPullRequestComment:       form.PullRequestComment,
+			webhook_module.HookEventPullRequestReview:        form.PullRequestReview,
+			webhook_module.HookEventPullRequestSync:          form.PullRequestSync,
+			webhook_module.HookEventPullRequestReviewRequest: form.PullRequestReviewRequest,
+			webhook_module.HookEventWiki:                     form.Wiki,
+			webhook_module.HookEventRepository:               form.Repository,
+			webhook_module.HookEventPackage:                  form.Package,
+			webhook_module.HookEventStatus:                   form.Status,
+			webhook_module.HookEventWorkflowRun:              form.WorkflowRun,
+			webhook_module.HookEventWorkflowJob:              form.WorkflowJob,
+		},
+		BranchFilter: form.BranchFilter,
+	}
+}
+
+type webhookParams struct {
+	// Type should be imported from webhook package (webhook.XXX)
+	Type string
+
+	URL         string
+	ContentType webhook.HookContentType
+	HTTPMethod  string
+	WebhookForm forms.WebhookForm
+	Meta        any
+}
+
+func createWebhook(ctx *context.Context, params webhookParams) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.add_webhook")
+	ctx.Data["PageIsSettingsHooks"] = true
+	ctx.Data["PageIsSettingsHooksNew"] = true
+	ctx.Data["Webhook"] = webhook.Webhook{HookEvent: &webhook_module.HookEvent{}}
+	ctx.Data["HookType"] = params.Type
+
+	orCtx, err := getOwnerRepoCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getOwnerRepoCtx", err)
+		return
+	}
+	ctx.Data["BaseLink"] = orCtx.LinkNew
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
+		return
+	}
+
+	var meta []byte
+	if params.Meta != nil {
+		meta, err = json.Marshal(params.Meta)
+		if err != nil {
+			ctx.ServerError("Marshal", err)
+			return
+		}
+	}
+
+	w := &webhook.Webhook{
+		RepoID:          orCtx.RepoID,
+		URL:             params.URL,
+		Name:            strings.TrimSpace(params.WebhookForm.Name),
+		HTTPMethod:      params.HTTPMethod,
+		ContentType:     params.ContentType,
+		Secret:          params.WebhookForm.Secret,
+		HookEvent:       ParseHookEvent(params.WebhookForm),
+		IsActive:        params.WebhookForm.Active,
+		Type:            params.Type,
+		Meta:            string(meta),
+		OwnerID:         orCtx.OwnerID,
+		IsSystemWebhook: orCtx.IsSystemWebhook,
+	}
+	err = w.SetHeaderAuthorization(params.WebhookForm.AuthorizationHeader)
+	if err != nil {
+		ctx.ServerError("SetHeaderAuthorization", err)
+		return
+	}
+	if err := w.UpdateEvent(); err != nil {
+		ctx.ServerError("UpdateEvent", err)
+		return
+	} else if err := webhook.CreateWebhook(ctx, w); err != nil {
+		ctx.ServerError("CreateWebhook", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.add_hook_success"))
+	ctx.Redirect(orCtx.Link)
+}
+
+func editWebhook(ctx *context.Context, params webhookParams) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.update_webhook")
+	ctx.Data["PageIsSettingsHooks"] = true
+	ctx.Data["PageIsSettingsHooksEdit"] = true
+
+	orCtx, w := checkWebhook(ctx)
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["Webhook"] = w
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
+		return
+	}
+
+	var meta []byte
+	var err error
+	if params.Meta != nil {
+		meta, err = json.Marshal(params.Meta)
+		if err != nil {
+			ctx.ServerError("Marshal", err)
+			return
+		}
+	}
+
+	w.URL = params.URL
+	w.Name = strings.TrimSpace(params.WebhookForm.Name)
+	w.ContentType = params.ContentType
+	w.Secret = params.WebhookForm.Secret
+	w.HookEvent = ParseHookEvent(params.WebhookForm)
+	w.IsActive = params.WebhookForm.Active
+	w.HTTPMethod = params.HTTPMethod
+	w.Meta = string(meta)
+
+	err = w.SetHeaderAuthorization(params.WebhookForm.AuthorizationHeader)
+	if err != nil {
+		ctx.ServerError("SetHeaderAuthorization", err)
+		return
+	}
+
+	if err := w.UpdateEvent(); err != nil {
+		ctx.ServerError("UpdateEvent", err)
+		return
+	} else if err := webhook.UpdateWebhook(ctx, w); err != nil {
+		ctx.ServerError("UpdateWebhook", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.update_hook_success"))
+	ctx.Redirect(fmt.Sprintf("%s/%d", orCtx.Link, w.ID))
+}
+
+// GiteaHooksNewPost response for creating Gitea webhook
+func GiteaHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, giteaHookParams(ctx))
+}
+
+// GiteaHooksEditPost response for editing Gitea webhook
+func GiteaHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, giteaHookParams(ctx))
+}
+
+func giteaHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewWebhookForm)
+
+	contentType := webhook.ContentTypeJSON
+	if webhook.HookContentType(form.ContentType) == webhook.ContentTypeForm {
+		contentType = webhook.ContentTypeForm
+	}
+
+	return webhookParams{
+		Type:        webhook_module.GITEA,
+		URL:         form.PayloadURL,
+		ContentType: contentType,
+		HTTPMethod:  form.HTTPMethod,
+		WebhookForm: form.WebhookForm,
+	}
+}
+
+// GogsHooksNewPost response for creating Gogs webhook
+func GogsHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, gogsHookParams(ctx))
+}
+
+// GogsHooksEditPost response for editing Gogs webhook
+func GogsHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, gogsHookParams(ctx))
+}
+
+func gogsHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewGogshookForm)
+
+	contentType := webhook.ContentTypeJSON
+	if webhook.HookContentType(form.ContentType) == webhook.ContentTypeForm {
+		contentType = webhook.ContentTypeForm
+	}
+
+	return webhookParams{
+		Type:        webhook_module.GOGS,
+		URL:         form.PayloadURL,
+		ContentType: contentType,
+		WebhookForm: form.WebhookForm,
+	}
+}
+
+// DiscordHooksNewPost response for creating Discord webhook
+func DiscordHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, discordHookParams(ctx))
+}
+
+// DiscordHooksEditPost response for editing Discord webhook
+func DiscordHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, discordHookParams(ctx))
+}
+
+func discordHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewDiscordHookForm)
+
+	return webhookParams{
+		Type:        webhook_module.DISCORD,
+		URL:         form.PayloadURL,
+		ContentType: webhook.ContentTypeJSON,
+		WebhookForm: form.WebhookForm,
+		Meta: &webhook_service.DiscordMeta{
+			Username: form.Username,
+			IconURL:  form.IconURL,
+		},
+	}
+}
+
+// DingtalkHooksNewPost response for creating Dingtalk webhook
+func DingtalkHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, dingtalkHookParams(ctx))
+}
+
+// DingtalkHooksEditPost response for editing Dingtalk webhook
+func DingtalkHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, dingtalkHookParams(ctx))
+}
+
+func dingtalkHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewDingtalkHookForm)
+
+	return webhookParams{
+		Type:        webhook_module.DINGTALK,
+		URL:         form.PayloadURL,
+		ContentType: webhook.ContentTypeJSON,
+		WebhookForm: form.WebhookForm,
+	}
+}
+
+// TelegramHooksNewPost response for creating Telegram webhook
+func TelegramHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, telegramHookParams(ctx))
+}
+
+// TelegramHooksEditPost response for editing Telegram webhook
+func TelegramHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, telegramHookParams(ctx))
+}
+
+func telegramHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewTelegramHookForm)
+
+	return webhookParams{
+		Type:        webhook_module.TELEGRAM,
+		URL:         fmt.Sprintf("https://api.telegram.org/bot%s/sendMessage?chat_id=%s&message_thread_id=%s", url.PathEscape(form.BotToken), url.QueryEscape(form.ChatID), url.QueryEscape(form.ThreadID)),
+		ContentType: webhook.ContentTypeJSON,
+		WebhookForm: form.WebhookForm,
+		Meta: &webhook_service.TelegramMeta{
+			BotToken: form.BotToken,
+			ChatID:   form.ChatID,
+			ThreadID: form.ThreadID,
+		},
+	}
+}
+
+// MatrixHooksNewPost response for creating Matrix webhook
+func MatrixHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, matrixHookParams(ctx))
+}
+
+// MatrixHooksEditPost response for editing Matrix webhook
+func MatrixHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, matrixHookParams(ctx))
+}
+
+func matrixRoomIDEncode(roomID string) string {
+	// See https://spec.matrix.org/latest/appendices/#room-ids
+	// Some (unrelated) demo links: https://spec.matrix.org/latest/appendices/#matrixto-navigation
+	// API spec: https://spec.matrix.org/v1.18/client-server-api/#sending-events-to-a-room
+	// Some of their examples show links like: "PUT /rooms/!roomid:domain/state/m.example.event"
+	return strings.NewReplacer("%21", "!", "%3A", ":").Replace(url.PathEscape(roomID))
+}
+
+func matrixHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewMatrixHookForm)
+
+	// TODO: need to migrate to the latest (v3) API: https://spec.matrix.org/v1.18/client-server-api/
+	return webhookParams{
+		Type:        webhook_module.MATRIX,
+		URL:         fmt.Sprintf("%s/_matrix/client/r0/rooms/%s/send/m.room.message", form.HomeserverURL, matrixRoomIDEncode(form.RoomID)),
+		ContentType: webhook.ContentTypeJSON,
+		HTTPMethod:  http.MethodPut,
+		WebhookForm: form.WebhookForm,
+		Meta: &webhook_service.MatrixMeta{
+			HomeserverURL: form.HomeserverURL,
+			Room:          form.RoomID,
+			MessageType:   form.MessageType,
+		},
+	}
+}
+
+// MSTeamsHooksNewPost response for creating MSTeams webhook
+func MSTeamsHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, mSTeamsHookParams(ctx))
+}
+
+// MSTeamsHooksEditPost response for editing MSTeams webhook
+func MSTeamsHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, mSTeamsHookParams(ctx))
+}
+
+func mSTeamsHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewMSTeamsHookForm)
+
+	return webhookParams{
+		Type:        webhook_module.MSTEAMS,
+		URL:         form.PayloadURL,
+		ContentType: webhook.ContentTypeJSON,
+		WebhookForm: form.WebhookForm,
+	}
+}
+
+// SlackHooksNewPost response for creating Slack webhook
+func SlackHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, slackHookParams(ctx))
+}
+
+// SlackHooksEditPost response for editing Slack webhook
+func SlackHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, slackHookParams(ctx))
+}
+
+func slackHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewSlackHookForm)
+
+	return webhookParams{
+		Type:        webhook_module.SLACK,
+		URL:         form.PayloadURL,
+		ContentType: webhook.ContentTypeJSON,
+		WebhookForm: form.WebhookForm,
+		Meta: &webhook_service.SlackMeta{
+			Channel:  strings.TrimSpace(form.Channel),
+			Username: form.Username,
+			IconURL:  form.IconURL,
+			Color:    form.Color,
+		},
+	}
+}
+
+// FeishuHooksNewPost response for creating Feishu webhook
+func FeishuHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, feishuHookParams(ctx))
+}
+
+// FeishuHooksEditPost response for editing Feishu webhook
+func FeishuHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, feishuHookParams(ctx))
+}
+
+func feishuHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewFeishuHookForm)
+
+	return webhookParams{
+		Type:        webhook_module.FEISHU,
+		URL:         form.PayloadURL,
+		ContentType: webhook.ContentTypeJSON,
+		WebhookForm: form.WebhookForm,
+	}
+}
+
+// WechatworkHooksNewPost response for creating Wechatwork webhook
+func WechatworkHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, wechatworkHookParams(ctx))
+}
+
+// WechatworkHooksEditPost response for editing Wechatwork webhook
+func WechatworkHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, wechatworkHookParams(ctx))
+}
+
+func wechatworkHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewWechatWorkHookForm)
+
+	return webhookParams{
+		Type:        webhook_module.WECHATWORK,
+		URL:         form.PayloadURL,
+		ContentType: webhook.ContentTypeJSON,
+		WebhookForm: form.WebhookForm,
+	}
+}
+
+// PackagistHooksNewPost response for creating Packagist webhook
+func PackagistHooksNewPost(ctx *context.Context) {
+	createWebhook(ctx, packagistHookParams(ctx))
+}
+
+// PackagistHooksEditPost response for editing Packagist webhook
+func PackagistHooksEditPost(ctx *context.Context) {
+	editWebhook(ctx, packagistHookParams(ctx))
+}
+
+func packagistHookParams(ctx *context.Context) webhookParams {
+	form := web.GetForm(ctx).(*forms.NewPackagistHookForm)
+
+	return webhookParams{
+		Type:        webhook_module.PACKAGIST,
+		URL:         fmt.Sprintf("https://packagist.org/api/update-package?username=%s&apiToken=%s", url.QueryEscape(form.Username), url.QueryEscape(form.APIToken)),
+		ContentType: webhook.ContentTypeJSON,
+		WebhookForm: form.WebhookForm,
+		Meta: &webhook_service.PackagistMeta{
+			Username:   form.Username,
+			APIToken:   form.APIToken,
+			PackageURL: form.PackageURL,
+		},
+	}
+}
+
+func checkWebhook(ctx *context.Context) (*ownerRepoCtx, *webhook.Webhook) {
+	orCtx, err := getOwnerRepoCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getOwnerRepoCtx", err)
+		return nil, nil
+	}
+	ctx.Data["BaseLink"] = orCtx.Link
+	ctx.Data["BaseLinkNew"] = orCtx.LinkNew
+
+	var w *webhook.Webhook
+	if orCtx.RepoID > 0 {
+		w, err = webhook.GetWebhookByRepoID(ctx, orCtx.RepoID, ctx.PathParamInt64("id"))
+	} else if orCtx.OwnerID > 0 {
+		w, err = webhook.GetWebhookByOwnerID(ctx, orCtx.OwnerID, ctx.PathParamInt64("id"))
+	} else if orCtx.IsAdmin {
+		w, err = webhook.GetSystemOrDefaultWebhook(ctx, ctx.PathParamInt64("id"))
+	}
+	if err != nil || w == nil {
+		if webhook.IsErrWebhookNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("GetWebhookByID", err)
+		}
+		return nil, nil
+	}
+
+	ctx.Data["HookType"] = w.Type
+	switch w.Type {
+	case webhook_module.SLACK:
+		ctx.Data["SlackHook"] = webhook_service.GetSlackHook(w)
+	case webhook_module.DISCORD:
+		ctx.Data["DiscordHook"] = webhook_service.GetDiscordHook(w)
+	case webhook_module.TELEGRAM:
+		ctx.Data["TelegramHook"] = webhook_service.GetTelegramHook(w)
+	case webhook_module.MATRIX:
+		ctx.Data["MatrixHook"] = webhook_service.GetMatrixHook(w)
+	case webhook_module.PACKAGIST:
+		ctx.Data["PackagistHook"] = webhook_service.GetPackagistHook(w)
+	}
+
+	ctx.Data["History"], err = w.History(ctx, 1)
+	if err != nil {
+		ctx.ServerError("History", err)
+	}
+	return orCtx, w
+}
+
+// WebHooksEdit render editing web hook page
+func WebHooksEdit(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings.update_webhook")
+	ctx.Data["PageIsSettingsHooks"] = true
+	ctx.Data["PageIsSettingsHooksEdit"] = true
+
+	orCtx, w := checkWebhook(ctx)
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["Webhook"] = w
+
+	ctx.HTML(http.StatusOK, orCtx.NewTemplate)
+}
+
+// TestWebhook test if web hook is work fine
+func TestWebhook(ctx *context.Context) {
+	hookID := ctx.PathParamInt64("id")
+	w, err := webhook.GetWebhookByRepoID(ctx, ctx.Repo.Repository.ID, hookID)
+	if err != nil {
+		ctx.Flash.Error("GetWebhookByRepoID: " + err.Error())
+		ctx.Status(http.StatusInternalServerError)
+		return
+	}
+
+	// Grab latest commit or fake one if it's empty repository.
+	// Note: in old code, the "ctx.Repo.Commit" is the last commit of the default branch.
+	// New code doesn't set that commit, so it always uses the fake commit to test webhook.
+	commit := ctx.Repo.Commit
+	if commit == nil {
+		ghost := user_model.NewGhostUser()
+		objectFormat := git.ObjectFormatFromName(ctx.Repo.Repository.ObjectFormatName)
+		commit = &git.Commit{
+			ID:            objectFormat.EmptyObjectID(),
+			Author:        ghost.NewGitSig(),
+			Committer:     ghost.NewGitSig(),
+			CommitMessage: git.CommitMessage{MessageRaw: "This is a fake commit"},
+		}
+	}
+
+	apiUser := convert.ToUserWithAccessMode(ctx, ctx.Doer, perm.AccessModeNone)
+
+	apiCommit := &api.PayloadCommit{
+		ID:      commit.ID.String(),
+		Message: commit.MessageUTF8(),
+		URL:     ctx.Repo.Repository.HTMLURL() + "/commit/" + url.PathEscape(commit.ID.String()),
+		Author: &api.PayloadUser{
+			Name:  commit.Author.Name,
+			Email: commit.Author.Email,
+		},
+		Committer: &api.PayloadUser{
+			Name:  commit.Committer.Name,
+			Email: commit.Committer.Email,
+		},
+	}
+
+	commitID := commit.ID.String()
+	p := &api.PushPayload{
+		Ref:          git.BranchPrefix + ctx.Repo.Repository.DefaultBranch,
+		Before:       commitID,
+		After:        commitID,
+		CompareURL:   setting.AppURL + ctx.Repo.Repository.ComposeCompareURL(commitID, commitID),
+		Commits:      []*api.PayloadCommit{apiCommit},
+		TotalCommits: 1,
+		HeadCommit:   apiCommit,
+		Repo:         convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeNone}),
+		Pusher:       apiUser,
+		Sender:       apiUser,
+	}
+	if err := webhook_service.PrepareWebhook(ctx, w, webhook_module.HookEventPush, p); err != nil {
+		ctx.Flash.Error("PrepareWebhook: " + err.Error())
+		ctx.Status(http.StatusInternalServerError)
+	} else {
+		ctx.Flash.Info(ctx.Tr("repo.settings.webhook.delivery.success"))
+		ctx.Status(http.StatusOK)
+	}
+}
+
+// ReplayWebhook replays a webhook
+func ReplayWebhook(ctx *context.Context) {
+	hookTaskUUID := ctx.PathParam("uuid")
+
+	orCtx, w := checkWebhook(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if err := webhook_service.ReplayHookTask(ctx, w, hookTaskUUID); err != nil {
+		if webhook.IsErrHookTaskNotExist(err) {
+			ctx.NotFound(nil)
+		} else {
+			ctx.ServerError("ReplayHookTask", err)
+		}
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.webhook.delivery.success"))
+	ctx.Redirect(fmt.Sprintf("%s/%d", orCtx.Link, w.ID))
+}
+
+// DeleteWebhook delete a webhook
+func DeleteWebhook(ctx *context.Context) {
+	if err := webhook.DeleteWebhookByRepoID(ctx, ctx.Repo.Repository.ID, ctx.FormInt64("id")); err != nil {
+		ctx.Flash.Error("DeleteWebhookByRepoID: " + err.Error())
+	} else {
+		ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
+	}
+
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/hooks")
+}
@@ -0,0 +1,15 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestWebhookMatrix(t *testing.T) {
+	assert.Equal(t, "!roomid:domain", matrixRoomIDEncode("!roomid:domain"))
+	assert.Equal(t, "!room%23id:domain", matrixRoomIDEncode("!room#id:domain")) // maybe it should never really happen in real world
+}
@@ -0,0 +1,30 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+)
+
+const tplStarUnstar templates.TplName = "repo/header/star"
+
+func ActionStar(ctx *context.Context) {
+	err := repo_model.StarRepo(ctx, ctx.Doer, ctx.Repo.Repository, ctx.PathParam("action") == "star")
+	if err != nil {
+		handleActionError(ctx, err)
+		return
+	}
+
+	ctx.Data["IsStaringRepo"] = repo_model.IsStaring(ctx, ctx.Doer.ID, ctx.Repo.Repository.ID)
+	ctx.Data["Repository"], err = repo_model.GetRepositoryByName(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.Name)
+	if err != nil {
+		ctx.ServerError("GetRepositoryByName", err)
+		return
+	}
+	ctx.HTML(http.StatusOK, tplStarUnstar)
+}
@@ -0,0 +1,60 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"strings"
+
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/modules/log"
+	"gitea.dev/services/context"
+)
+
+// TopicsPost response for creating repository
+func TopicsPost(ctx *context.Context) {
+	if ctx.Doer == nil {
+		ctx.JSON(http.StatusForbidden, map[string]any{
+			"message": "Only owners could change the topics.",
+		})
+		return
+	}
+
+	topics := make([]string, 0)
+	topicsStr := ctx.FormTrim("topics")
+	if len(topicsStr) > 0 {
+		topics = strings.Split(topicsStr, ",")
+	}
+
+	validTopics, invalidTopics := repo_model.SanitizeAndValidateTopics(topics)
+
+	if len(validTopics) > 25 {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]any{
+			"invalidTopics": nil,
+			"message":       ctx.Tr("repo.topic.count_prompt"),
+		})
+		return
+	}
+
+	if len(invalidTopics) > 0 {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]any{
+			"invalidTopics": invalidTopics,
+			"message":       ctx.Tr("repo.topic.format_prompt"),
+		})
+		return
+	}
+
+	err := repo_model.SaveTopics(ctx, ctx.Repo.Repository.ID, validTopics...)
+	if err != nil {
+		log.Error("SaveTopics failed: %v", err)
+		ctx.JSON(http.StatusInternalServerError, map[string]any{
+			"message": "Save topics failed.",
+		})
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]any{
+		"status": "ok",
+	})
+}
@@ -0,0 +1,38 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"gitea.dev/services/context"
+	repo_service "gitea.dev/services/repository"
+)
+
+func acceptTransfer(ctx *context.Context) {
+	err := repo_service.AcceptTransferOwnership(ctx, ctx.Repo.Repository, ctx.Doer)
+	if err == nil {
+		ctx.Flash.Success(ctx.Tr("repo.settings.transfer.success"))
+		ctx.JSONRedirect(ctx.Repo.Repository.Link())
+		return
+	}
+	handleActionError(ctx, err)
+}
+
+func rejectTransfer(ctx *context.Context) {
+	err := repo_service.RejectRepositoryTransfer(ctx, ctx.Repo.Repository, ctx.Doer)
+	if err == nil {
+		ctx.Flash.Success(ctx.Tr("repo.settings.transfer.rejected"))
+		ctx.JSONRedirect(ctx.Repo.Repository.Link())
+		return
+	}
+	handleActionError(ctx, err)
+}
+
+func ActionTransfer(ctx *context.Context) {
+	switch ctx.PathParam("action") {
+	case "accept_transfer":
+		acceptTransfer(ctx)
+	case "reject_transfer":
+		rejectTransfer(ctx)
+	}
+}
@@ -0,0 +1,153 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"html/template"
+	"net/http"
+	"path"
+	"strings"
+
+	pull_model "gitea.dev/models/pull"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/fileicon"
+	"gitea.dev/modules/git"
+	"gitea.dev/services/context"
+	"gitea.dev/services/gitdiff"
+	files_service "gitea.dev/services/repository/files"
+
+	"github.com/go-enry/go-enry/v2"
+)
+
+// TreeList get all files' entries of a repository
+func TreeList(ctx *context.Context) {
+	tree, err := ctx.Repo.Commit.SubTree("/")
+	if err != nil {
+		ctx.ServerError("Repo.Commit.SubTree", err)
+		return
+	}
+
+	entries, err := tree.ListEntriesRecursiveFast()
+	if err != nil {
+		ctx.ServerError("ListEntriesRecursiveFast", err)
+		return
+	}
+	entries.CustomSort(base.NaturalSortCompare)
+
+	files := make([]string, 0, len(entries))
+	for _, entry := range entries {
+		if !isExcludedEntry(entry) {
+			files = append(files, entry.Name())
+		}
+	}
+	ctx.JSON(http.StatusOK, files)
+}
+
+func isExcludedEntry(entry *git.TreeEntry) bool {
+	if entry.IsDir() {
+		return true
+	}
+
+	if entry.IsSubModule() {
+		return true
+	}
+
+	if enry.IsVendor(entry.Name()) {
+		return true
+	}
+
+	return false
+}
+
+// WebDiffFileItem is used by frontend, check the field names in frontend before changing
+type WebDiffFileItem struct {
+	FullName    string
+	DisplayName string
+	NameHash    string
+	DiffStatus  string
+	EntryMode   string
+	IsViewed    bool
+	Children    []*WebDiffFileItem
+	FileIcon    template.HTML
+}
+
+// WebDiffFileTree is used by frontend, check the field names in frontend before changing
+type WebDiffFileTree struct {
+	TreeRoot WebDiffFileItem
+}
+
+// transformDiffTreeForWeb transforms a gitdiff.DiffTree into a WebDiffFileTree for Web UI rendering
+// it also takes a map of file names to their viewed state, which is used to mark files as viewed
+func transformDiffTreeForWeb(renderedIconPool *fileicon.RenderedIconPool, diffTree *gitdiff.DiffTree, filesViewedState map[string]pull_model.ViewedState) (dft WebDiffFileTree) {
+	dirNodes := map[string]*WebDiffFileItem{"": &dft.TreeRoot}
+	addItem := func(item *WebDiffFileItem) {
+		var parentPath string
+		pos := strings.LastIndexByte(item.FullName, '/')
+		if pos == -1 {
+			item.DisplayName = item.FullName
+		} else {
+			parentPath = item.FullName[:pos]
+			item.DisplayName = item.FullName[pos+1:]
+		}
+		parentNode, parentExists := dirNodes[parentPath]
+		if !parentExists {
+			parentNode = &dft.TreeRoot
+			fields := strings.Split(parentPath, "/")
+			for idx, field := range fields {
+				nodePath := strings.Join(fields[:idx+1], "/")
+				node, ok := dirNodes[nodePath]
+				if !ok {
+					node = &WebDiffFileItem{EntryMode: "tree", DisplayName: field, FullName: nodePath}
+					dirNodes[nodePath] = node
+					parentNode.Children = append(parentNode.Children, node)
+				}
+				parentNode = node
+			}
+		}
+		parentNode.Children = append(parentNode.Children, item)
+	}
+
+	for _, file := range diffTree.Files {
+		item := &WebDiffFileItem{FullName: file.HeadPath, DiffStatus: file.Status}
+		item.IsViewed = filesViewedState[item.FullName] == pull_model.Viewed
+		item.NameHash = git.HashFilePathForWebUI(item.FullName)
+		item.FileIcon = fileicon.RenderEntryIconHTML(renderedIconPool, &fileicon.EntryInfo{BaseName: path.Base(file.HeadPath), EntryMode: file.HeadMode})
+
+		switch file.HeadMode {
+		case git.EntryModeTree:
+			item.EntryMode = "tree"
+		case git.EntryModeCommit:
+			item.EntryMode = "commit" // submodule
+		default:
+			// default to empty, and will be treated as "blob" file because there is no "symlink" support yet
+		}
+		addItem(item)
+	}
+
+	var mergeSingleDir func(node *WebDiffFileItem)
+	mergeSingleDir = func(node *WebDiffFileItem) {
+		if len(node.Children) == 1 {
+			if child := node.Children[0]; child.EntryMode == "tree" {
+				node.FullName = child.FullName
+				node.DisplayName = node.DisplayName + "/" + child.DisplayName
+				node.Children = child.Children
+				mergeSingleDir(node)
+			}
+		}
+	}
+	for _, node := range dft.TreeRoot.Children {
+		mergeSingleDir(node)
+	}
+	return dft
+}
+
+func TreeViewNodes(ctx *context.Context) {
+	renderedIconPool := fileicon.NewRenderedIconPool()
+	results, err := files_service.GetTreeViewNodes(ctx, ctx.Repo.RepoLink, renderedIconPool, ctx.Repo.Commit, ctx.Repo.TreePath, ctx.FormString("sub_path"))
+	if err != nil {
+		ctx.ServerError("GetTreeViewNodes", err)
+		return
+	}
+	ctx.JSON(http.StatusOK, map[string]any{"fileTreeNodes": results, "renderedIconPool": renderedIconPool.IconSVGs})
+}
@@ -0,0 +1,68 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"html/template"
+	"testing"
+
+	pull_model "gitea.dev/models/pull"
+	"gitea.dev/modules/fileicon"
+	"gitea.dev/modules/git"
+	"gitea.dev/services/gitdiff"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTransformDiffTreeForWeb(t *testing.T) {
+	renderedIconPool := fileicon.NewRenderedIconPool()
+	ret := transformDiffTreeForWeb(renderedIconPool, &gitdiff.DiffTree{Files: []*gitdiff.DiffTreeRecord{
+		{
+			Status:   "changed",
+			HeadPath: "dir-a/dir-a-x/file-deep",
+			HeadMode: git.EntryModeBlob,
+		},
+		{
+			Status:   "added",
+			HeadPath: "file1",
+			HeadMode: git.EntryModeBlob,
+		},
+	}}, map[string]pull_model.ViewedState{
+		"dir-a/dir-a-x/file-deep": pull_model.Viewed,
+	})
+
+	mockIconForFile := func(id string) template.HTML {
+		return template.HTML(`<svg class="svg git-entry-icon octicon-file" width="16" height="16" aria-hidden="true"><use href="#` + id + `"></use></svg>`)
+	}
+	assert.Equal(t, WebDiffFileTree{
+		TreeRoot: WebDiffFileItem{
+			Children: []*WebDiffFileItem{
+				{
+					EntryMode:   "tree",
+					DisplayName: "dir-a/dir-a-x",
+					FullName:    "dir-a/dir-a-x",
+					Children: []*WebDiffFileItem{
+						{
+							EntryMode:   "",
+							DisplayName: "file-deep",
+							FullName:    "dir-a/dir-a-x/file-deep",
+							NameHash:    "4acf7eef1c943a09e9f754e93ff190db8583236b",
+							DiffStatus:  "changed",
+							IsViewed:    true,
+							FileIcon:    mockIconForFile(`svg-mfi-file`),
+						},
+					},
+				},
+				{
+					EntryMode:   "",
+					DisplayName: "file1",
+					FullName:    "file1",
+					NameHash:    "60b27f004e454aca81b0480209cce5081ec52390",
+					DiffStatus:  "added",
+					FileIcon:    mockIconForFile(`svg-mfi-file`),
+				},
+			},
+		},
+	}, ret)
+}
@@ -0,0 +1,412 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	gocontext "context"
+	"errors"
+	"fmt"
+	"html/template"
+	"io"
+	"net/http"
+	"net/url"
+	"path"
+	"strings"
+	"time"
+
+	activities_model "gitea.dev/models/activities"
+	admin_model "gitea.dev/models/admin"
+	asymkey_model "gitea.dev/models/asymkey"
+	"gitea.dev/models/db"
+	git_model "gitea.dev/models/git"
+	repo_model "gitea.dev/models/repo"
+	unit_model "gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/charset"
+	"gitea.dev/modules/fileicon"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/lfs"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/markup"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/structs"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/typesniffer"
+	"gitea.dev/modules/util"
+	asymkey_service "gitea.dev/services/asymkey"
+	"gitea.dev/services/context"
+	repo_service "gitea.dev/services/repository"
+
+	_ "golang.org/x/image/bmp"  // for processing bmp images
+	_ "golang.org/x/image/webp" // for processing webp images
+	_ "image/gif"               // for processing gif images
+	_ "image/jpeg"              // for processing jpeg images
+	_ "image/png"               // for processing png images
+)
+
+const (
+	tplRepoEMPTY       templates.TplName = "repo/empty"
+	tplRepoHome        templates.TplName = "repo/home"
+	tplRepoView        templates.TplName = "repo/view"
+	tplRepoViewContent templates.TplName = "repo/view_content"
+	tplRepoViewList    templates.TplName = "repo/view_list"
+	tplWatchers        templates.TplName = "repo/watchers"
+	tplForks           templates.TplName = "repo/forks"
+	tplMigrating       templates.TplName = "repo/migrate/migrating"
+)
+
+type fileInfo struct {
+	blobOrLfsSize int64
+	lfsMeta       *lfs.Pointer
+	st            typesniffer.SniffedType
+}
+
+func (fi *fileInfo) isLFSFile() bool {
+	return fi.lfsMeta != nil && fi.lfsMeta.Oid != ""
+}
+
+func getFileReader(ctx gocontext.Context, repoID int64, blob *git.Blob) (buf []byte, dataRc io.ReadCloser, fi *fileInfo, err error) {
+	dataRc, err = blob.DataAsync()
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	const prefetchSize = lfs.MetaFileMaxSize
+
+	buf = make([]byte, prefetchSize)
+	n, _ := util.ReadAtMost(dataRc, buf)
+	buf = buf[:n]
+
+	fi = &fileInfo{blobOrLfsSize: blob.Size(), st: typesniffer.DetectContentType(buf)}
+
+	// FIXME: what happens when README file is an image?
+	if !fi.st.IsText() || !setting.LFS.StartServer {
+		return buf, dataRc, fi, nil
+	}
+
+	pointer, _ := lfs.ReadPointerFromBuffer(buf)
+	if !pointer.IsValid() { // fallback to a plain file
+		return buf, dataRc, fi, nil
+	}
+
+	meta, err := git_model.GetLFSMetaObjectByOid(ctx, repoID, pointer.Oid)
+	if err != nil { // fallback to a plain file
+		fi.lfsMeta = &pointer
+		log.Warn("Unable to access LFS pointer %s in repo %d: %v", pointer.Oid, repoID, err)
+		return buf, dataRc, fi, nil
+	}
+
+	// close the old dataRc and open the real LFS target
+	_ = dataRc.Close()
+	dataRc, err = lfs.ReadMetaObject(pointer)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	buf = make([]byte, prefetchSize)
+	n, err = util.ReadAtMost(dataRc, buf)
+	if err != nil {
+		_ = dataRc.Close()
+		return nil, nil, fi, err
+	}
+	buf = buf[:n]
+	fi.st = typesniffer.DetectContentType(buf)
+	fi.blobOrLfsSize = meta.Pointer.Size
+	fi.lfsMeta = &meta.Pointer
+	return buf, dataRc, fi, nil
+}
+
+func loadLatestCommitData(ctx *context.Context, latestCommit *git.Commit) bool {
+	// Show latest commit info of repository in table header,
+	// or of directory if not in root directory.
+	ctx.Data["LatestCommit"] = latestCommit
+	if latestCommit != nil {
+		verification := asymkey_service.ParseCommitWithSignature(ctx, latestCommit)
+
+		if err := asymkey_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
+			return repo_model.IsOwnerMemberCollaborator(ctx, ctx.Repo.Repository, user.ID)
+		}, nil); err != nil {
+			ctx.ServerError("CalculateTrustStatus", err)
+			return false
+		}
+		ctx.Data["LatestCommitVerification"] = verification
+		ctx.Data["LatestCommitUser"] = user_model.ValidateCommitWithEmail(ctx, latestCommit)
+
+		statuses, err := git_model.GetLatestCommitStatus(ctx, ctx.Repo.Repository.ID, latestCommit.ID.String(), db.ListOptionsAll)
+		if err != nil {
+			log.Error("GetLatestCommitStatus: %v", err)
+		}
+		if !ctx.Repo.Permission.CanRead(unit_model.TypeActions) {
+			git_model.CommitStatusesHideActionsURL(ctx, statuses)
+		}
+
+		ctx.Data["LatestCommitStatus"] = git_model.CalcCommitStatus(statuses)
+		ctx.Data["LatestCommitStatuses"] = statuses
+	}
+
+	return true
+}
+
+func markupRenderToHTML(ctx *context.Context, renderCtx *markup.RenderContext, renderer markup.Renderer, input io.Reader) (escaped *charset.EscapeStatus, output template.HTML, err error) {
+	markupRd, markupWr := io.Pipe()
+	defer markupWr.Close()
+
+	done := make(chan struct{})
+	go func() {
+		sb := &strings.Builder{}
+		if markup.RendererNeedPostProcess(renderer) {
+			escaped, _ = charset.EscapeControlReader(markupRd, sb, ctx.Locale, charset.EscapeOptionsForView())
+		} else {
+			escaped = &charset.EscapeStatus{}
+			_, _ = io.Copy(sb, markupRd)
+		}
+		output = template.HTML(sb.String())
+		close(done)
+	}()
+
+	err = markup.RenderWithRenderer(renderCtx, renderer, input, markupWr)
+	_ = markupWr.CloseWithError(err)
+	<-done
+	return escaped, output, err
+}
+
+func checkHomeCodeViewable(ctx *context.Context) {
+	if ctx.Repo.Permission.HasUnits() {
+		if ctx.Repo.Repository.IsBeingCreated() {
+			task, err := admin_model.GetMigratingTask(ctx, ctx.Repo.Repository.ID)
+			if err != nil {
+				if admin_model.IsErrTaskDoesNotExist(err) {
+					ctx.Data["CloneAddr"] = ""
+					ctx.Data["Failed"] = true
+					ctx.HTML(http.StatusOK, tplMigrating)
+					return
+				}
+				ctx.ServerError("models.GetMigratingTask", err)
+				return
+			}
+			cfg, err := task.MigrateConfig()
+			if err != nil {
+				ctx.ServerError("task.MigrateConfig", err)
+				return
+			}
+
+			ctx.Data["MigrateTask"] = task
+			ctx.Data["CloneAddr"], _ = util.SanitizeURL(cfg.CloneAddr)
+			ctx.Data["Failed"] = task.Status == structs.TaskStatusFailed
+			ctx.HTML(http.StatusOK, tplMigrating)
+			return
+		}
+
+		if ctx.IsSigned {
+			// Set repo notification-status read if unread
+			if err := activities_model.SetRepoReadBy(ctx, ctx.Repo.Repository.ID, ctx.Doer.ID); err != nil {
+				ctx.ServerError("ReadBy", err)
+				return
+			}
+		}
+
+		var firstUnit *unit_model.Unit
+		for _, repoUnitType := range ctx.Repo.Permission.ReadableUnitTypes() {
+			if repoUnitType == unit_model.TypeCode {
+				// we are doing this check in "code" unit related pages, so if the code unit is readable, no need to do any further redirection
+				return
+			}
+
+			unit, ok := unit_model.Units[repoUnitType]
+			if ok && (firstUnit == nil || !firstUnit.IsLessThan(unit)) {
+				firstUnit = &unit
+			}
+		}
+
+		if firstUnit != nil {
+			ctx.Redirect(fmt.Sprintf("%s%s", ctx.Repo.Repository.Link(), firstUnit.URI))
+			return
+		}
+	}
+
+	ctx.NotFound(errors.New(ctx.Locale.TrString("units.error.no_unit_allowed_repo")))
+}
+
+// LastCommit returns lastCommit data for the provided branch/tag/commit and directory (in url) and filenames in body
+func LastCommit(ctx *context.Context) {
+	checkHomeCodeViewable(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	// The "/lastcommit/" endpoint is used to render the embedded HTML content for the directory file listing with latest commit info
+	// It needs to construct correct links to the file items, but the route only accepts a commit ID, not a full ref name (branch or tag).
+	// So we need to get the ref name from the query parameter "refSubUrl".
+	// TODO: LAST-COMMIT-ASYNC-LOADING: it needs more tests to cover this
+	refSubURL := path.Clean(ctx.FormString("refSubUrl"))
+	prepareRepoViewContent(ctx, util.IfZero(refSubURL, ctx.Repo.RefTypeNameSubURL()))
+	renderDirectoryFiles(ctx, 0)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplRepoViewList)
+}
+
+func prepareDirectoryFileIcons(ctx *context.Context, files []git.CommitInfo) {
+	renderedIconPool := fileicon.NewRenderedIconPool()
+	fileIcons := map[string]template.HTML{}
+	for _, f := range files {
+		fullPath := path.Join(ctx.Repo.TreePath, f.Entry.Name())
+		entryInfo := fileicon.EntryInfoFromGitTreeEntry(ctx.Repo.Commit, fullPath, f.Entry)
+		fileIcons[f.Entry.Name()] = fileicon.RenderEntryIconHTML(renderedIconPool, entryInfo)
+	}
+	fileIcons[".."] = fileicon.RenderEntryIconHTML(renderedIconPool, fileicon.EntryInfoFolder())
+	ctx.Data["FileIcons"] = fileIcons
+	ctx.Data["FileIconPoolHTML"] = renderedIconPool.RenderToHTML()
+}
+
+func renderDirectoryFiles(ctx *context.Context, timeout time.Duration) git.Entries {
+	tree, err := ctx.Repo.Commit.SubTree(ctx.Repo.TreePath)
+	if err != nil {
+		HandleGitError(ctx, "Repo.Commit.SubTree", err)
+		return nil
+	}
+
+	// TODO: LAST-COMMIT-ASYNC-LOADING: search this keyword to see more details
+	lastCommitLoaderURL := ctx.Repo.RepoLink + "/lastcommit/" + url.PathEscape(ctx.Repo.CommitID) + "/" + util.PathEscapeSegments(ctx.Repo.TreePath)
+	ctx.Data["LastCommitLoaderURL"] = lastCommitLoaderURL + "?refSubUrl=" + url.QueryEscape(ctx.Repo.RefTypeNameSubURL())
+
+	// Get current entry user currently looking at.
+	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(ctx.Repo.TreePath)
+	if err != nil {
+		HandleGitError(ctx, "Repo.Commit.GetTreeEntryByPath", err)
+		return nil
+	}
+
+	if !entry.IsDir() {
+		HandleGitError(ctx, "Repo.Commit.GetTreeEntryByPath", err)
+		return nil
+	}
+
+	allEntries, err := tree.ListEntries()
+	if err != nil {
+		ctx.ServerError("ListEntries", err)
+		return nil
+	}
+	allEntries.CustomSort(base.NaturalSortCompare)
+
+	commitInfoCtx := gocontext.Context(ctx)
+	if timeout > 0 {
+		var cancel gocontext.CancelFunc
+		commitInfoCtx, cancel = gocontext.WithTimeout(ctx, timeout)
+		defer cancel()
+	}
+
+	files, latestCommit, err := allEntries.GetCommitsInfo(commitInfoCtx, ctx.Repo.RepoLink, ctx.Repo.Commit, ctx.Repo.TreePath)
+	if err != nil {
+		ctx.ServerError("GetCommitsInfo", err)
+		return nil
+	}
+
+	{ // this block is for testing purpose only
+		if timeout != 0 && !setting.IsProd && !setting.IsInTesting {
+			log.Debug("first call to get directory file commit info")
+			clearFilesCommitInfo := func() {
+				log.Warn("clear directory file commit info to force async loading on frontend")
+				for i := range files {
+					if i%2 == 0 { // for testing purpose, only clear half of the files' commit info
+						files[i].Commit = nil
+					}
+				}
+			}
+			_ = clearFilesCommitInfo
+			// clearFilesCommitInfo() // TODO: LAST-COMMIT-ASYNC-LOADING: debug the frontend async latest commit info loading, uncomment this line, and it needs more tests
+		}
+	}
+
+	ctx.Data["Files"] = files
+	prepareDirectoryFileIcons(ctx, files)
+	for _, f := range files {
+		if f.Commit == nil {
+			ctx.Data["HasFilesWithoutLatestCommit"] = true
+			break
+		}
+	}
+
+	if !loadLatestCommitData(ctx, latestCommit) {
+		return nil
+	}
+	return allEntries
+}
+
+// RenderUserCards render a page show users according the input template
+func RenderUserCards(ctx *context.Context, total int, getter func(opts db.ListOptions) ([]*user_model.User, error), tpl templates.TplName) {
+	page := ctx.FormInt("page")
+	if page <= 0 {
+		page = 1
+	}
+	pager := context.NewPagination(int64(total), setting.ItemsPerPage, page, 5)
+	ctx.Data["Page"] = pager
+
+	items, err := getter(db.ListOptions{
+		Page:     pager.Paginater.Current(),
+		PageSize: setting.ItemsPerPage,
+	})
+	if err != nil {
+		ctx.ServerError("getter", err)
+		return
+	}
+	ctx.Data["Cards"] = items
+
+	ctx.HTML(http.StatusOK, tpl)
+}
+
+// Watchers render repository's watch users
+func Watchers(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.watchers")
+	ctx.Data["CardsTitle"] = ctx.Tr("repo.watchers")
+	RenderUserCards(ctx, ctx.Repo.Repository.NumWatches, func(opts db.ListOptions) ([]*user_model.User, error) {
+		return repo_model.GetRepoWatchers(ctx, ctx.Repo.Repository.ID, opts)
+	}, tplWatchers)
+}
+
+// Stars render repository's starred users
+func Stars(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.stargazers")
+	ctx.Data["CardsTitle"] = ctx.Tr("repo.stargazers")
+	RenderUserCards(ctx, ctx.Repo.Repository.NumStars, func(opts db.ListOptions) ([]*user_model.User, error) {
+		return repo_model.GetStargazers(ctx, ctx.Repo.Repository, opts)
+	}, tplWatchers)
+}
+
+// Forks render repository's forked users
+func Forks(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.forks")
+
+	page := ctx.FormInt("page")
+	if page <= 0 {
+		page = 1
+	}
+	pageSize := setting.ItemsPerPage
+
+	forks, total, err := repo_service.FindForks(ctx, ctx.Repo.Repository, ctx.Doer, db.ListOptions{
+		Page:     page,
+		PageSize: pageSize,
+	})
+	if err != nil {
+		ctx.ServerError("FindForks", err)
+		return
+	}
+
+	if err := repo_model.RepositoryList(forks).LoadOwners(ctx); err != nil {
+		ctx.ServerError("LoadAttributes", err)
+		return
+	}
+
+	pager := context.NewPagination(total, pageSize, page, 5)
+	ctx.Data["ShowRepoOwnerAvatar"] = true
+	ctx.Data["ShowRepoOwnerOnList"] = true
+	ctx.Data["Page"] = pager
+	ctx.Data["Repos"] = forks
+
+	ctx.HTML(http.StatusOK, tplForks)
+}
@@ -0,0 +1,301 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"bytes"
+	"fmt"
+	"image"
+	"io"
+	"path"
+	"strings"
+
+	git_model "gitea.dev/models/git"
+	issue_model "gitea.dev/models/issues"
+	"gitea.dev/models/renderhelper"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/actions"
+	"gitea.dev/modules/charset"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/git/attribute"
+	"gitea.dev/modules/highlight"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/markup"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+	issue_service "gitea.dev/services/issue"
+)
+
+func prepareLatestCommitInfo(ctx *context.Context) bool {
+	commit, err := ctx.Repo.Commit.GetCommitByPath(ctx.Repo.TreePath)
+	if err != nil {
+		ctx.ServerError("GetCommitByPath", err)
+		return false
+	}
+
+	return loadLatestCommitData(ctx, commit)
+}
+
+func prepareFileViewLfsAttrs(ctx *context.Context) (*attribute.Attributes, bool) {
+	attrsMap, err := attribute.CheckAttributes(ctx, ctx.Repo.GitRepo, ctx.Repo.CommitID, attribute.CheckAttributeOpts{
+		Filenames:  []string{ctx.Repo.TreePath},
+		Attributes: []string{attribute.LinguistGenerated, attribute.LinguistVendored, attribute.LinguistLanguage, attribute.GitlabLanguage},
+	})
+	if err != nil {
+		ctx.ServerError("attribute.CheckAttributes", err)
+		return nil, false
+	}
+	attrs := attrsMap[ctx.Repo.TreePath]
+	if attrs == nil {
+		// this case shouldn't happen, just in case.
+		setting.PanicInDevOrTesting("no attributes found for %s", ctx.Repo.TreePath)
+		attrs = attribute.NewAttributes()
+	}
+	ctx.Data["IsVendored"], ctx.Data["IsGenerated"] = attrs.GetVendored().Value(), attrs.GetGenerated().Value()
+	return attrs, true
+}
+
+func handleFileViewRenderMarkup(ctx *context.Context, prefetchBuf []byte, utf8Reader io.Reader) bool {
+	rctx := renderhelper.NewRenderContextRepoFile(ctx, ctx.Repo.Repository, renderhelper.RepoFileOptions{
+		CurrentRefSubURL: ctx.Repo.RefTypeNameSubURL(),
+		CurrentTreePath:  path.Dir(ctx.Repo.TreePath),
+	}).WithRelativePath(ctx.Repo.TreePath)
+
+	renderer := rctx.DetectMarkupRenderer(prefetchBuf)
+	if renderer == nil {
+		return false // not supported markup
+	}
+	metas := ctx.Repo.Repository.ComposeRepoFileMetas(ctx)
+	metas["RefTypeNameSubURL"] = ctx.Repo.RefTypeNameSubURL()
+	rctx.WithMetas(metas)
+
+	ctx.Data["HasSourceRenderedToggle"] = true
+
+	if ctx.FormString("display") == "source" {
+		return false
+	}
+
+	var err error
+	ctx.Data["EscapeStatus"], ctx.Data["FileContent"], err = markupRenderToHTML(ctx, rctx, renderer, utf8Reader)
+	if err != nil {
+		ctx.ServerError("Render", err)
+		return true
+	}
+
+	opts, ok := markup.GetExternalRendererOptions(renderer)
+	usingIframe := ok && opts.DisplayInIframe
+	ctx.Data["MarkupType"] = rctx.RenderOptions.MarkupType
+	ctx.Data["RenderAsMarkup"] = util.Iif(usingIframe, "markup-iframe", "markup-inplace")
+	return true
+}
+
+func handleFileViewRenderSource(ctx *context.Context, attrs *attribute.Attributes, fInfo *fileInfo, utf8Reader io.Reader) bool {
+	filename := ctx.Repo.TreePath
+	if ctx.FormString("display") == "rendered" || !fInfo.st.IsRepresentableAsText() {
+		return false
+	}
+
+	if !fInfo.st.IsText() {
+		if ctx.FormString("display") == "" {
+			// not text but representable as text, e.g. SVG
+			// since there is no "display" is specified, let other renders to handle
+			return false
+		}
+		ctx.Data["HasSourceRenderedToggle"] = true
+	}
+
+	buf, _ := io.ReadAll(utf8Reader)
+	// The Open Group Base Specification: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html
+	//   empty: 0 lines; "a": 1 incomplete-line; "a\n": 1 line; "a\nb": 1 line, 1 incomplete-line;
+	// Gitea uses the definition (like most modern editors):
+	//   empty: 0 lines; "a": 1 line; "a\n": 2 lines; "a\nb": 2 lines;
+	//   When rendering, the last empty line is not rendered in UI, while the line-number is still counted, to tell users that the file contains a trailing EOL.
+	//   To make the UI more consistent, it could use an icon mark to indicate that there is no trailing EOL, and show line-number as the rendered lines.
+	// This NumLines is only used for the display on the UI: "xxx lines"
+	if len(buf) == 0 {
+		ctx.Data["NumLines"] = 0
+	} else {
+		ctx.Data["NumLines"] = bytes.Count(buf, []byte{'\n'}) + 1
+	}
+
+	language := attrs.GetLanguage().Value()
+	fileContent, lexerName := highlight.RenderFullFile(filename, language, buf)
+	ctx.Data["LexerName"] = lexerName
+	status := &charset.EscapeStatus{}
+	statuses := make([]*charset.EscapeStatus, len(fileContent))
+	for i, line := range fileContent {
+		statuses[i], fileContent[i] = charset.EscapeControlHTML(line, ctx.Locale)
+		status = status.Or(statuses[i])
+	}
+	ctx.Data["EscapeStatus"] = status
+	ctx.Data["FileContent"] = fileContent
+	ctx.Data["LineEscapeStatus"] = statuses
+	return true
+}
+
+func handleFileViewRenderImage(ctx *context.Context, fInfo *fileInfo, prefetchBuf []byte) bool {
+	if !fInfo.st.IsImage() {
+		return false
+	}
+	if fInfo.st.IsSvgImage() && !setting.UI.SVG.Enabled {
+		return false
+	}
+	if fInfo.st.IsSvgImage() {
+		ctx.Data["HasSourceRenderedToggle"] = true
+	} else {
+		img, _, err := image.DecodeConfig(bytes.NewReader(prefetchBuf))
+		if err == nil { // ignore the error for the formats that are not supported by image.DecodeConfig
+			ctx.Data["ImageSize"] = fmt.Sprintf("%dx%dpx", img.Width, img.Height)
+		}
+	}
+	return true
+}
+
+func prepareFileView(ctx *context.Context, entry *git.TreeEntry) {
+	ctx.Data["IsViewFile"] = true
+	ctx.Data["HideRepoInfo"] = true
+
+	if !prepareLatestCommitInfo(ctx) {
+		return
+	}
+
+	blob := entry.Blob()
+
+	ctx.Data["Title"] = ctx.Tr("repo.file.title", ctx.Repo.Repository.Name+"/"+ctx.Repo.TreePath, ctx.Repo.RefFullName.ShortName())
+	ctx.Data["FileIsSymlink"] = entry.IsLink()
+	ctx.Data["FileTreePath"] = ctx.Repo.TreePath
+	ctx.Data["RawFileLink"] = ctx.Repo.RepoLink + "/raw/" + ctx.Repo.RefTypeNameSubURL() + "/" + util.PathEscapeSegments(ctx.Repo.TreePath)
+
+	if ctx.Repo.TreePath == ".editorconfig" {
+		_, editorconfigWarning, editorconfigErr := ctx.Repo.GetEditorconfig(ctx.Repo.Commit)
+		if editorconfigWarning != nil {
+			ctx.Data["FileWarning"] = strings.TrimSpace(editorconfigWarning.Error())
+		}
+		if editorconfigErr != nil {
+			ctx.Data["FileError"] = strings.TrimSpace(editorconfigErr.Error())
+		}
+	} else if issue_service.IsTemplateConfig(ctx.Repo.TreePath) {
+		_, issueConfigErr := issue_service.GetTemplateConfig(ctx.Repo.GitRepo, ctx.Repo.TreePath, ctx.Repo.Commit)
+		if issueConfigErr != nil {
+			ctx.Data["FileError"] = strings.TrimSpace(issueConfigErr.Error())
+		}
+	} else if actions.IsWorkflow(ctx.Repo.TreePath) {
+		content, err := actions.GetContentFromEntry(entry)
+		if err != nil {
+			log.Error("actions.GetContentFromEntry: %v", err)
+		}
+		if workFlowErr := actions.ValidateWorkflowContent(content); workFlowErr != nil {
+			ctx.Data["FileError"] = ctx.Locale.Tr("actions.runs.invalid_workflow_helper", workFlowErr.Error())
+		}
+	} else if issue_service.IsCodeOwnerFile(ctx.Repo.TreePath) {
+		if data, err := blob.GetBlobContent(setting.UI.MaxDisplayFileSize); err == nil {
+			_, warnings := issue_model.GetCodeOwnersFromContent(ctx, data)
+			if len(warnings) > 0 {
+				ctx.Data["FileWarning"] = strings.Join(warnings, "\n")
+			}
+		}
+	}
+
+	// Don't call any other repository functions depends on git.Repository until the dataRc closed to
+	// avoid creating an unnecessary temporary cat file.
+	buf, dataRc, fInfo, err := getFileReader(ctx, ctx.Repo.Repository.ID, blob)
+	if err != nil {
+		ctx.ServerError("getFileReader", err)
+		return
+	}
+	defer dataRc.Close()
+
+	if fInfo.isLFSFile() {
+		ctx.Data["RawFileLink"] = ctx.Repo.RepoLink + "/media/" + ctx.Repo.RefTypeNameSubURL() + "/" + util.PathEscapeSegments(ctx.Repo.TreePath)
+	}
+
+	if !prepareFileViewEditorButtons(ctx) {
+		return
+	}
+
+	ctx.Data["IsLFSFile"] = fInfo.isLFSFile()
+	ctx.Data["FileSize"] = fInfo.blobOrLfsSize
+	ctx.Data["IsRepresentableAsText"] = fInfo.st.IsRepresentableAsText()
+	ctx.Data["IsExecutable"] = entry.IsExecutable()
+	ctx.Data["CanCopyContent"] = fInfo.st.IsRepresentableAsText() || fInfo.st.IsImage()
+
+	attrs, ok := prepareFileViewLfsAttrs(ctx)
+	if !ok {
+		return
+	}
+
+	// TODO: in the future maybe we need more accurate flags, for example:
+	// * IsRepresentableAsText: some files are text, some are not
+	// * IsRenderableXxx: some files are rendered by backend "markup" engine, some are rendered by frontend (pdf, 3d)
+	// * DefaultViewMode: when there is no "display" query parameter, which view mode should be used by default, source or rendered
+
+	contentReader := io.MultiReader(bytes.NewReader(buf), dataRc)
+	if fInfo.st.IsRepresentableAsText() {
+		contentReader = charset.ToUTF8WithFallbackReader(contentReader, charset.ConvertOpts{})
+	}
+	switch {
+	case fInfo.blobOrLfsSize >= setting.UI.MaxDisplayFileSize:
+		ctx.Data["IsFileTooLarge"] = true
+	case handleFileViewRenderMarkup(ctx, buf, contentReader):
+	case handleFileViewRenderSource(ctx, attrs, fInfo, contentReader):
+		// it also sets ctx.Data["FileContent"] and more
+		ctx.Data["IsDisplayingSource"] = true
+	case handleFileViewRenderImage(ctx, fInfo, buf):
+		ctx.Data["IsImageFile"] = true
+	case fInfo.st.IsVideo():
+		ctx.Data["IsVideoFile"] = true
+	case fInfo.st.IsAudio():
+		ctx.Data["IsAudioFile"] = true
+	default:
+		// unable to render anything, show the "view raw" or let frontend handle it
+	}
+}
+
+func prepareFileViewEditorButtons(ctx *context.Context) bool {
+	// archived or mirror repository, the buttons should not be shown
+	if !ctx.Repo.Repository.CanEnableEditor() {
+		return true
+	}
+
+	// The buttons should not be shown if it's not a branch
+	if !ctx.Repo.RefFullName.IsBranch() {
+		ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.must_be_on_a_branch")
+		ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_be_on_a_branch")
+		return true
+	}
+
+	if !ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.BranchName) {
+		ctx.Data["CanEditFile"] = true
+		ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.fork_before_edit")
+		ctx.Data["CanDeleteFile"] = true
+		ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_have_write_access")
+		return true
+	}
+
+	lfsLock, err := git_model.GetTreePathLock(ctx, ctx.Repo.Repository.ID, ctx.Repo.TreePath)
+	ctx.Data["LFSLock"] = lfsLock
+	if err != nil {
+		ctx.ServerError("GetTreePathLock", err)
+		return false
+	}
+	if lfsLock != nil {
+		u, err := user_model.GetUserByID(ctx, lfsLock.OwnerID)
+		if err != nil {
+			ctx.ServerError("GetTreePathLock", err)
+			return false
+		}
+		ctx.Data["LFSLockOwner"] = u.Name
+		ctx.Data["LFSLockOwnerHomeLink"] = u.HomeLink()
+		ctx.Data["LFSLockHint"] = ctx.Tr("repo.editor.this_file_locked")
+	}
+
+	// it's a lfs file and the user is not the owner of the lock
+	isLFSLocked := lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID
+	ctx.Data["CanEditFile"] = !isLFSLocked
+	ctx.Data["EditFileTooltip"] = util.Iif(isLFSLocked, ctx.Tr("repo.editor.this_file_locked"), ctx.Tr("repo.editor.edit_this_file"))
+	ctx.Data["CanDeleteFile"] = !isLFSLocked
+	ctx.Data["DeleteFileTooltip"] = util.Iif(isLFSLocked, ctx.Tr("repo.editor.this_file_locked"), ctx.Tr("repo.editor.delete_this_file"))
+	return true
+}
@@ -0,0 +1,493 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"gitea.dev/models/db"
+	git_model "gitea.dev/models/git"
+	repo_model "gitea.dev/models/repo"
+	unit_model "gitea.dev/models/unit"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/htmlutil"
+	"gitea.dev/modules/httplib"
+	"gitea.dev/modules/log"
+	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/svg"
+	"gitea.dev/modules/util"
+	"gitea.dev/routers/web/feed"
+	"gitea.dev/services/context"
+	repo_service "gitea.dev/services/repository"
+)
+
+func checkOutdatedBranch(ctx *context.Context) {
+	if !(ctx.Repo.Permission.IsAdmin() || ctx.Repo.Permission.IsOwner()) {
+		return
+	}
+
+	// get the head commit of the branch since ctx.Repo.CommitID is not always the head commit of `ctx.Repo.BranchName`
+	commit, err := ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.BranchName)
+	if err != nil {
+		log.Error("GetBranchCommitID: %v", err)
+		// Don't return an error page, as it can be rechecked the next time the user opens the page.
+		return
+	}
+
+	dbBranch, err := git_model.GetBranch(ctx, ctx.Repo.Repository.ID, ctx.Repo.BranchName)
+	if err != nil {
+		log.Error("GetBranch: %v", err)
+		// Don't return an error page, as it can be rechecked the next time the user opens the page.
+		return
+	}
+
+	if dbBranch.CommitID != commit.ID.String() {
+		ctx.Flash.Warning(ctx.Tr("repo.error.broken_git_hook", "https://docs.gitea.com/help/faq#push-hook--webhook--actions-arent-running"), true)
+	}
+}
+
+func prepareHomeSidebarRepoTopics(ctx *context.Context) {
+	topics, err := db.Find[repo_model.Topic](ctx, &repo_model.FindTopicOptions{
+		RepoID: ctx.Repo.Repository.ID,
+	})
+	if err != nil {
+		ctx.ServerError("models.FindTopics", err)
+		return
+	}
+	ctx.Data["Topics"] = topics
+}
+
+func prepareOpenWithEditorApps(ctx *context.Context) {
+	var tmplApps []map[string]any
+	apps := setting.Config().Repository.OpenWithEditorApps.Value(ctx)
+	for _, app := range apps {
+		schema, _, _ := strings.Cut(app.OpenURL, ":")
+
+		var iconName string
+		switch schema {
+		case "vscode":
+			iconName = "octicon-vscode"
+		case "vscodium":
+			iconName = "gitea-vscodium"
+		case "jetbrains":
+			iconName = "gitea-jetbrains"
+		default:
+			// TODO: it could support user's customized icon in the future
+			iconName = "gitea-git"
+		}
+
+		tmplApps = append(tmplApps, map[string]any{
+			"DisplayName": app.DisplayName,
+			"OpenURL":     app.OpenURL,
+			"IconHTML":    svg.RenderHTML(iconName, 16),
+		})
+	}
+	ctx.Data["OpenWithEditorApps"] = tmplApps
+}
+
+func prepareHomeSidebarCitationFile(entry *git.TreeEntry) func(ctx *context.Context) {
+	return func(ctx *context.Context) {
+		if entry.Name() != "" {
+			return
+		}
+		tree, err := ctx.Repo.Commit.SubTree(ctx.Repo.TreePath)
+		if err != nil {
+			HandleGitError(ctx, "Repo.Commit.SubTree", err)
+			return
+		}
+		allEntries, err := tree.ListEntries()
+		if err != nil {
+			ctx.ServerError("ListEntries", err)
+			return
+		}
+		for _, entry := range allEntries {
+			if entry.Name() == "CITATION.cff" || entry.Name() == "CITATION.bib" {
+				// Read Citation file contents
+				if content, err := entry.Blob().GetBlobContent(setting.UI.MaxDisplayFileSize); err != nil {
+					log.Error("checkCitationFile: GetBlobContent: %v", err)
+				} else {
+					ctx.Data["CitiationExist"] = true
+					ctx.PageData["citationFileContent"] = content
+					break
+				}
+			}
+		}
+	}
+}
+
+func prepareHomeSidebarLicenses(ctx *context.Context) {
+	repoLicenses, err := repo_model.GetRepoLicenses(ctx, ctx.Repo.Repository)
+	if err != nil {
+		ctx.ServerError("GetRepoLicenses", err)
+		return
+	}
+	ctx.Data["DetectedRepoLicenses"] = repoLicenses.StringList()
+	ctx.Data["LicenseFileName"] = repo_service.LicenseFileName
+}
+
+func prepareToRenderDirectory(ctx *context.Context) {
+	entries := renderDirectoryFiles(ctx, 1*time.Second)
+	if ctx.Written() {
+		return
+	}
+
+	if ctx.Repo.TreePath != "" {
+		ctx.Data["HideRepoInfo"] = true
+		ctx.Data["Title"] = ctx.Tr("repo.file.title", ctx.Repo.Repository.Name+"/"+ctx.Repo.TreePath, ctx.Repo.RefFullName.ShortName())
+	}
+
+	subfolder, readmeFile, err := findReadmeFileInEntries(ctx, ctx.Repo.TreePath, entries, true)
+	if err != nil {
+		ctx.ServerError("findReadmeFileInEntries", err)
+		return
+	}
+
+	prepareToRenderReadmeFile(ctx, subfolder, readmeFile)
+}
+
+func prepareHomeSidebarLanguageStats(ctx *context.Context) {
+	langs, err := repo_model.GetTopLanguageStats(ctx, ctx.Repo.Repository, 5)
+	if err != nil {
+		ctx.ServerError("Repo.GetTopLanguageStats", err)
+		return
+	}
+
+	ctx.Data["LanguageStats"] = langs
+}
+
+func prepareHomeSidebarLatestRelease(ctx *context.Context) {
+	if !ctx.Repo.Repository.UnitEnabled(ctx, unit_model.TypeReleases) {
+		return
+	}
+
+	release, err := repo_model.GetLatestReleaseByRepoID(ctx, ctx.Repo.Repository.ID)
+	if err != nil && !repo_model.IsErrReleaseNotExist(err) {
+		ctx.ServerError("GetLatestReleaseByRepoID", err)
+		return
+	}
+
+	if release != nil {
+		if err = release.LoadAttributes(ctx); err != nil {
+			ctx.ServerError("release.LoadAttributes", err)
+			return
+		}
+		ctx.Data["LatestRelease"] = release
+	}
+}
+
+func prepareUpstreamDivergingInfo(ctx *context.Context) {
+	if !ctx.Repo.Repository.IsFork || !ctx.Repo.RefFullName.IsBranch() || ctx.Repo.TreePath != "" {
+		return
+	}
+	upstreamDivergingInfo, err := repo_service.GetUpstreamDivergingInfo(ctx, ctx.Repo.Repository, ctx.Repo.BranchName)
+	if err != nil {
+		if !errors.Is(err, util.ErrNotExist) && !errors.Is(err, util.ErrInvalidArgument) {
+			log.Error("GetUpstreamDivergingInfo: %v", err)
+		}
+		return
+	}
+	ctx.Data["UpstreamDivergingInfo"] = upstreamDivergingInfo
+}
+
+func updateContextRepoEmptyAndStatus(ctx *context.Context, empty bool, status repo_model.RepositoryStatus) {
+	if ctx.Repo.Repository.IsEmpty == empty && ctx.Repo.Repository.Status == status {
+		return
+	}
+	ctx.Repo.Repository.IsEmpty = empty
+	if ctx.Repo.Repository.Status == repo_model.RepositoryReady || ctx.Repo.Repository.Status == repo_model.RepositoryBroken {
+		ctx.Repo.Repository.Status = status // only handle ready and broken status, leave other status as-is
+	}
+	if err := repo_model.UpdateRepositoryColsNoAutoTime(ctx, ctx.Repo.Repository, "is_empty", "status"); err != nil {
+		ctx.ServerError("updateContextRepoEmptyAndStatus: UpdateRepositoryCols", err)
+		return
+	}
+}
+
+func handleRepoEmptyOrBroken(ctx *context.Context) {
+	showEmpty := true
+	if ctx.Repo.GitRepo == nil {
+		// in case the repo really exists and works, but the status was incorrectly marked as "broken", we need to open and check it again
+		ctx.Repo.GitRepo, _ = gitrepo.RepositoryFromRequestContextOrOpen(ctx, ctx.Repo.Repository)
+	}
+	if ctx.Repo.GitRepo != nil {
+		reallyEmpty, err := ctx.Repo.GitRepo.IsEmpty()
+		if err != nil {
+			showEmpty = true // the repo is broken
+			updateContextRepoEmptyAndStatus(ctx, true, repo_model.RepositoryBroken)
+			log.Error("GitRepo.IsEmpty: %v", err)
+			ctx.Flash.Error(ctx.Tr("error.occurred"), true)
+		} else if reallyEmpty {
+			showEmpty = true // the repo is really empty
+			updateContextRepoEmptyAndStatus(ctx, true, repo_model.RepositoryReady)
+		} else if branches, _, _ := ctx.Repo.GitRepo.GetBranchNames(0, 1); len(branches) == 0 {
+			showEmpty = true // it is not really empty, but there is no branch
+			// at the moment, other repo units like "actions" are not able to handle such case,
+			// so we just mark the repo as empty to prevent from displaying these units.
+			ctx.Data["RepoHasContentsWithoutBranch"] = true
+			updateContextRepoEmptyAndStatus(ctx, true, repo_model.RepositoryReady)
+		} else {
+			// the repo is actually not empty and has branches, need to update the database later
+			showEmpty = false
+		}
+	}
+	if showEmpty {
+		ctx.HTML(http.StatusOK, tplRepoEMPTY)
+		return
+	}
+
+	// The repo is not really empty, so we should update the model in database, such problem may be caused by:
+	// 1) an error occurs during pushing/receiving.
+	// 2) the user replaces an empty git repo manually.
+	updateContextRepoEmptyAndStatus(ctx, false, repo_model.RepositoryReady)
+	if err := repo_module.UpdateRepoSize(ctx, ctx.Repo.Repository); err != nil {
+		ctx.ServerError("UpdateRepoSize", err)
+		return
+	}
+
+	// the repo's IsEmpty has been updated, redirect to this page to make sure middlewares can get the correct values
+	link := ctx.Link
+	if ctx.Req.URL.RawQuery != "" {
+		link += "?" + ctx.Req.URL.RawQuery
+	}
+	ctx.Redirect(link)
+}
+
+func isViewHomeOnlyContent(ctx *context.Context) bool {
+	return ctx.FormBool("only_content")
+}
+
+func handleRepoViewSubmodule(ctx *context.Context, commitSubmoduleFile *git.CommitSubmoduleFile) {
+	submoduleWebLink := commitSubmoduleFile.SubmoduleWebLinkTree(ctx)
+	if submoduleWebLink == nil {
+		ctx.Data["NotFoundPrompt"] = ctx.Repo.TreePath
+		ctx.NotFound(nil)
+		return
+	}
+
+	redirectLink := submoduleWebLink.CommitWebLink
+	if isViewHomeOnlyContent(ctx) {
+		ctx.Resp.Header().Set("Content-Type", "text/html; charset=utf-8")
+		_, _ = htmlutil.HTMLPrintf(ctx.Resp, `<a href="%s">%s</a>`, redirectLink, redirectLink)
+	} else if !httplib.IsCurrentGiteaSiteURL(ctx, redirectLink) {
+		// don't auto-redirect to external URL, to avoid open redirect or phishing
+		ctx.Data["NotFoundPrompt"] = redirectLink
+		ctx.NotFound(nil)
+	} else {
+		ctx.RedirectToCurrentSite(redirectLink)
+	}
+}
+
+func prepareToRenderDirOrFile(entry *git.TreeEntry) func(ctx *context.Context) {
+	return func(ctx *context.Context) {
+		if entry.IsSubModule() {
+			commitSubmoduleFile, err := git.GetCommitInfoSubmoduleFile(ctx.Repo.RepoLink, ctx.Repo.TreePath, ctx.Repo.Commit, entry.ID)
+			if err != nil {
+				HandleGitError(ctx, "prepareToRenderDirOrFile: GetCommitInfoSubmoduleFile", err)
+				return
+			}
+			handleRepoViewSubmodule(ctx, commitSubmoduleFile)
+		} else if entry.IsDir() {
+			prepareToRenderDirectory(ctx)
+		} else {
+			prepareFileView(ctx, entry)
+		}
+	}
+}
+
+func handleRepoHomeFeed(ctx *context.Context) bool {
+	if !setting.Other.EnableFeed {
+		return false
+	}
+	isFeed, showFeedType := feed.GetFeedType(ctx.PathParam("reponame"), ctx.Req)
+	if !isFeed {
+		return false
+	}
+	if ctx.Link == fmt.Sprintf("%s.%s", ctx.Repo.RepoLink, showFeedType) {
+		feed.ShowRepoFeed(ctx, ctx.Repo.Repository, showFeedType)
+	} else if ctx.Repo.TreePath == "" {
+		feed.ShowBranchFeed(ctx, ctx.Repo.Repository, showFeedType)
+	} else {
+		feed.ShowFileFeed(ctx, ctx.Repo.Repository, showFeedType)
+	}
+	return true
+}
+
+func prepareHomeTreeSideBarSwitch(ctx *context.Context) {
+	showFileTree := true
+	if ctx.Doer != nil {
+		v, err := user_model.GetUserSetting(ctx, ctx.Doer.ID, user_model.SettingsKeyCodeViewShowFileTree, "true")
+		if err != nil {
+			log.Error("GetUserSetting: %v", err)
+		} else {
+			showFileTree, _ = strconv.ParseBool(v)
+		}
+	}
+	ctx.Data["UserSettingCodeViewShowFileTree"] = showFileTree
+}
+
+func redirectSrcToRaw(ctx *context.Context) bool {
+	// GitHub redirects a tree path with "?raw=1" to the raw path
+	// It is useful to embed some raw contents into Markdown files,
+	// then viewing the Markdown in "src" path could embed the raw content correctly.
+	if ctx.Repo.TreePath != "" && ctx.FormBool("raw") {
+		ctx.Redirect(ctx.Repo.RepoLink + "/raw/" + ctx.Repo.RefTypeNameSubURL() + "/" + util.PathEscapeSegments(ctx.Repo.TreePath))
+		return true
+	}
+	return false
+}
+
+func redirectFollowSymlink(ctx *context.Context, treePathEntry *git.TreeEntry) bool {
+	if ctx.Repo.TreePath == "" || !ctx.FormBool("follow_symlink") {
+		return false
+	}
+	if treePathEntry.IsLink() {
+		if res, err := git.EntryFollowLinks(ctx.Repo.Commit, ctx.Repo.TreePath, treePathEntry); err == nil {
+			redirect := ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL() + "/" + util.PathEscapeSegments(res.TargetFullPath) + "?" + ctx.Req.URL.RawQuery
+			ctx.Redirect(redirect)
+			return true
+		} // else: don't handle the links we cannot resolve, so ignore the error
+	}
+	return false
+}
+
+func prepareRepoViewContent(ctx *context.Context, refTypeNameSubURL string) {
+	// for: home, file list, file view, blame
+	ctx.Data["PageIsViewCode"] = true
+	ctx.Data["RepositoryUploadEnabled"] = setting.Repository.Upload.Enabled // show Upload File button or menu item
+
+	// prepare the tree path navigation
+	var treeNames, paths []string
+	branchLink := ctx.Repo.RepoLink + "/src/" + refTypeNameSubURL
+	treeLink := branchLink
+	if ctx.Repo.TreePath != "" {
+		treeLink += "/" + util.PathEscapeSegments(ctx.Repo.TreePath)
+		treeNames = strings.Split(ctx.Repo.TreePath, "/")
+		for i := range treeNames {
+			paths = append(paths, strings.Join(treeNames[:i+1], "/"))
+		}
+		ctx.Data["HasParentPath"] = true
+		if len(paths)-2 >= 0 {
+			ctx.Data["ParentPath"] = "/" + paths[len(paths)-2]
+		}
+	}
+	ctx.Data["Paths"] = paths
+	ctx.Data["TreeLink"] = treeLink
+	ctx.Data["TreeNames"] = treeNames
+	ctx.Data["BranchLink"] = branchLink
+}
+
+// Home render repository home page
+func Home(ctx *context.Context) {
+	if handleRepoHomeFeed(ctx) {
+		return
+	}
+	if redirectSrcToRaw(ctx) {
+		return
+	}
+
+	// Check whether the repo is viewable: not in migration, and the code unit should be enabled
+	// Ideally the "feed" logic should be after this, but old code did so, so keep it as-is.
+	checkHomeCodeViewable(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	title := ctx.Repo.Repository.Owner.Name + "/" + ctx.Repo.Repository.Name
+	if ctx.Repo.Repository.Description != "" {
+		title += ": " + ctx.Repo.Repository.Description
+	}
+	ctx.Data["Title"] = title
+	prepareRepoViewContent(ctx, ctx.Repo.RefTypeNameSubURL())
+
+	if ctx.Repo.Commit == nil || ctx.Repo.Repository.IsEmpty || ctx.Repo.Repository.IsBroken() {
+		// empty or broken repositories need to be handled differently
+		handleRepoEmptyOrBroken(ctx)
+		return
+	}
+
+	prepareHomeTreeSideBarSwitch(ctx)
+
+	// get the current git entry which doer user is currently looking at.
+	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(ctx.Repo.TreePath)
+	if err != nil {
+		HandleGitError(ctx, "Repo.Commit.GetTreeEntryByPath", err)
+		return
+	}
+
+	if redirectFollowSymlink(ctx, entry) {
+		return
+	}
+
+	// some UI components are only shown when the tree path is root
+	isTreePathRoot := ctx.Repo.TreePath == ""
+
+	prepareFuncs := []func(*context.Context){
+		prepareOpenWithEditorApps,
+		prepareHomeSidebarRepoTopics,
+		checkOutdatedBranch,
+		prepareToRenderDirOrFile(entry),
+		prepareRecentlyPushedNewBranches,
+	}
+
+	if isTreePathRoot {
+		prepareFuncs = append(prepareFuncs,
+			prepareUpstreamDivergingInfo,
+			prepareHomeSidebarLicenses,
+			prepareHomeSidebarCitationFile(entry),
+			prepareHomeSidebarLanguageStats,
+			prepareHomeSidebarLatestRelease,
+		)
+	}
+
+	for _, prepare := range prepareFuncs {
+		prepare(ctx)
+		if ctx.Written() {
+			return
+		}
+	}
+
+	if isViewHomeOnlyContent(ctx) {
+		ctx.HTML(http.StatusOK, tplRepoViewContent)
+	} else if ctx.Repo.TreePath != "" {
+		ctx.HTML(http.StatusOK, tplRepoView)
+	} else {
+		ctx.HTML(http.StatusOK, tplRepoHome)
+	}
+}
+
+func RedirectRepoTreeToSrc(ctx *context.Context) {
+	// Redirect "/owner/repo/tree/*" requests to "/owner/repo/src/*",
+	// then use the deprecated "/src/*" handler to guess the ref type and render a file list page.
+	// This is done intentionally so that Gitea's repo URL structure matches other forges (GitHub/GitLab) provide,
+	// allowing us to construct submodule URLs across forges easily.
+	// For example, when viewing a submodule, we can simply construct the link as:
+	// * "https://gitea/owner/repo/tree/{CommitID}"
+	// * "https://github/owner/repo/tree/{CommitID}"
+	// * "https://gitlab/owner/repo/tree/{CommitID}"
+	// Then no matter which forge the submodule is using, the link works.
+	redirect := ctx.Repo.RepoLink + "/src/" + ctx.PathParamRaw("*")
+	if ctx.Req.URL.RawQuery != "" {
+		redirect += "?" + ctx.Req.URL.RawQuery
+	}
+	ctx.Redirect(redirect)
+}
+
+func RedirectRepoBlobToCommit(ctx *context.Context) {
+	// redirect "/owner/repo/blob/*" requests to "/owner/repo/src/commit/*"
+	// just like GitHub: browse files of a commit by "https://github/owner/repo/blob/{CommitID}"
+	// TODO: maybe we could guess more types to redirect to the related pages in the future
+	redirect := ctx.Repo.RepoLink + "/src/commit/" + ctx.PathParamRaw("*")
+	if ctx.Req.URL.RawQuery != "" {
+		redirect += "?" + ctx.Req.URL.RawQuery
+	}
+	ctx.Redirect(redirect)
+}
@@ -0,0 +1,37 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+	"testing"
+
+	"gitea.dev/models/unittest"
+	git_module "gitea.dev/modules/git"
+	"gitea.dev/services/contexttest"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestViewHomeSubmoduleRedirect(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	ctx, _ := contexttest.MockContext(t, "/user2/repo1/src/branch/master/test-submodule")
+	submodule := git_module.NewCommitSubmoduleFile("/user2/repo1", "test-submodule", "../repo-other", "any-ref-id")
+	handleRepoViewSubmodule(ctx, submodule)
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+	assert.Equal(t, "/user2/repo-other/tree/any-ref-id", ctx.Resp.Header().Get("Location"))
+
+	ctx, _ = contexttest.MockContext(t, "/user2/repo1/src/branch/master/test-submodule")
+	submodule = git_module.NewCommitSubmoduleFile("/user2/repo1", "test-submodule", "https://other/user2/repo-other.git", "any-ref-id")
+	handleRepoViewSubmodule(ctx, submodule)
+	// do not auto-redirect for external URLs, to avoid open redirect or phishing
+	assert.Equal(t, http.StatusNotFound, ctx.Resp.WrittenStatus())
+
+	ctx, respWriter := contexttest.MockContext(t, "/user2/repo1/src/branch/master/test-submodule?only_content=true")
+	submodule = git_module.NewCommitSubmoduleFile("/user2/repo1", "test-submodule", "../repo-other", "any-ref-id")
+	handleRepoViewSubmodule(ctx, submodule)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	assert.Equal(t, `<a href="/user2/repo-other/tree/any-ref-id">/user2/repo-other/tree/any-ref-id</a>`, respWriter.Body.String())
+}
@@ -0,0 +1,220 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"html/template"
+	"io"
+	"net/url"
+	"path"
+	"strings"
+
+	"gitea.dev/models/renderhelper"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/charset"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+)
+
+// locate a README for a tree in one of the supported paths.
+//
+// entries is passed to reduce calls to ListEntries(), so
+// this has precondition:
+//
+//	entries == ctx.Repo.Commit.SubTree(ctx.Repo.TreePath).ListEntries()
+//
+// FIXME: There has to be a more efficient way of doing this
+func findReadmeFileInEntries(ctx *context.Context, parentDir string, entries []*git.TreeEntry, tryWellKnownDirs bool) (string, *git.TreeEntry, error) {
+	docsEntries := make([]*git.TreeEntry, 3) // (one of docs/, .gitea/ or .github/)
+	for _, entry := range entries {
+		if tryWellKnownDirs && entry.IsDir() {
+			// as a special case for the top-level repo introduction README,
+			// fall back to subfolders, looking for e.g. docs/README.md, .gitea/README.zh-CN.txt, .github/README.txt, ...
+			// (note that docsEntries is ignored unless we are at the root)
+			lowerName := strings.ToLower(entry.Name())
+			switch lowerName {
+			case "docs":
+				if entry.Name() == "docs" || docsEntries[0] == nil {
+					docsEntries[0] = entry
+				}
+			case ".gitea":
+				if entry.Name() == ".gitea" || docsEntries[1] == nil {
+					docsEntries[1] = entry
+				}
+			case ".github":
+				if entry.Name() == ".github" || docsEntries[2] == nil {
+					docsEntries[2] = entry
+				}
+			}
+		}
+	}
+
+	// Create a list of extensions in priority order
+	// 1. Markdown files - with and without localisation - e.g. README.en-us.md or README.md
+	// 2. Txt files - e.g. README.txt
+	// 3. No extension - e.g. README
+	exts := append(localizedExtensions(".md", ctx.Locale.Language()), ".txt", "") // sorted by priority
+	extCount := len(exts)
+	readmeFiles := make([]*git.TreeEntry, extCount+1)
+	for _, entry := range entries {
+		if i, ok := util.IsReadmeFileExtension(entry.Name(), exts...); ok {
+			fullPath := path.Join(parentDir, entry.Name())
+			if readmeFiles[i] == nil || base.NaturalSortCompare(readmeFiles[i].Name(), entry.Blob().Name()) < 0 {
+				if entry.IsLink() {
+					res, err := git.EntryFollowLinks(ctx.Repo.Commit, fullPath, entry)
+					if err == nil && (res.TargetEntry.IsExecutable() || res.TargetEntry.IsRegular()) {
+						readmeFiles[i] = entry
+					}
+				} else {
+					readmeFiles[i] = entry
+				}
+			}
+		}
+	}
+
+	var readmeFile *git.TreeEntry
+	for _, f := range readmeFiles {
+		if f != nil {
+			readmeFile = f
+			break
+		}
+	}
+
+	if ctx.Repo.TreePath == "" && readmeFile == nil {
+		for _, subTreeEntry := range docsEntries {
+			if subTreeEntry == nil {
+				continue
+			}
+			subTree := subTreeEntry.Tree()
+			if subTree == nil {
+				// this should be impossible; if subTreeEntry exists so should this.
+				continue
+			}
+			childEntries, err := subTree.ListEntries()
+			if err != nil {
+				return "", nil, err
+			}
+
+			subfolder, readmeFile, err := findReadmeFileInEntries(ctx, path.Join(parentDir, subTreeEntry.Name()), childEntries, false)
+			if err != nil && !git.IsErrNotExist(err) {
+				return "", nil, err
+			}
+			if readmeFile != nil {
+				return path.Join(subTreeEntry.Name(), subfolder), readmeFile, nil
+			}
+		}
+	}
+
+	return "", readmeFile, nil
+}
+
+// localizedExtensions prepends the provided language code with and without a
+// regional identifier to the provided extension.
+// Note: the language code will always be lower-cased, if a region is present it must be separated with a `-`
+// Note: ext should be prefixed with a `.`
+func localizedExtensions(ext, languageCode string) (localizedExts []string) {
+	if len(languageCode) < 1 {
+		return []string{ext}
+	}
+
+	lowerLangCode := "." + strings.ToLower(languageCode)
+
+	if strings.Contains(lowerLangCode, "-") {
+		underscoreLangCode := strings.ReplaceAll(lowerLangCode, "-", "_")
+		indexOfDash := strings.Index(lowerLangCode, "-")
+		// e.g. [.zh-cn.md, .zh_cn.md, .zh.md, _zh.md, .md]
+		return []string{lowerLangCode + ext, underscoreLangCode + ext, lowerLangCode[:indexOfDash] + ext, "_" + lowerLangCode[1:indexOfDash] + ext, ext}
+	}
+
+	// e.g. [.en.md, .md]
+	return []string{lowerLangCode + ext, ext}
+}
+
+func prepareToRenderReadmeFile(ctx *context.Context, subfolder string, readmeFile *git.TreeEntry) {
+	if readmeFile == nil {
+		return
+	}
+
+	readmeFullPath := path.Join(ctx.Repo.TreePath, subfolder, readmeFile.Name())
+	readmeTargetEntry := readmeFile
+	if readmeFile.IsLink() {
+		if res, err := git.EntryFollowLinks(ctx.Repo.Commit, readmeFullPath, readmeFile); err == nil {
+			readmeTargetEntry = res.TargetEntry
+		} else {
+			readmeTargetEntry = nil // if we cannot resolve the symlink, we cannot render the readme, ignore the error
+		}
+	}
+	if readmeTargetEntry == nil {
+		return // if no valid README entry found, skip rendering the README
+	}
+
+	ctx.Data["RawFileLink"] = ""
+	ctx.Data["ReadmeInList"] = path.Join(subfolder, readmeFile.Name()) // the relative path to the readme file to the current tree path
+	ctx.Data["ReadmeExist"] = true
+	ctx.Data["FileIsSymlink"] = readmeFile.IsLink()
+
+	buf, dataRc, fInfo, err := getFileReader(ctx, ctx.Repo.Repository.ID, readmeTargetEntry.Blob())
+	if err != nil {
+		ctx.ServerError("getFileReader", err)
+		return
+	}
+	defer dataRc.Close()
+
+	ctx.Data["FileIsText"] = fInfo.st.IsText()
+	ctx.Data["FileTreePath"] = readmeFullPath
+	ctx.Data["FileSize"] = fInfo.blobOrLfsSize
+	ctx.Data["IsLFSFile"] = fInfo.isLFSFile()
+
+	if fInfo.isLFSFile() {
+		filenameBase64 := base64.RawURLEncoding.EncodeToString([]byte(readmeFile.Name()))
+		ctx.Data["RawFileLink"] = fmt.Sprintf("%s.git/info/lfs/objects/%s/%s", ctx.Repo.Repository.Link(), url.PathEscape(fInfo.lfsMeta.Oid), url.PathEscape(filenameBase64))
+	}
+
+	if !fInfo.st.IsText() {
+		return
+	}
+
+	if fInfo.blobOrLfsSize >= setting.UI.MaxDisplayFileSize {
+		// Pretend that this is a normal text file to display 'This file is too large to be shown'
+		ctx.Data["IsFileTooLarge"] = true
+		return
+	}
+
+	rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc), charset.ConvertOpts{})
+
+	rctx := renderhelper.NewRenderContextRepoFile(ctx, ctx.Repo.Repository, renderhelper.RepoFileOptions{
+		CurrentRefSubURL: ctx.Repo.RefTypeNameSubURL(),
+		CurrentTreePath:  path.Dir(readmeFullPath),
+	}).WithRelativePath(readmeFullPath)
+	renderer := rctx.DetectMarkupRenderer(buf)
+	if renderer != nil {
+		ctx.Data["RenderAsMarkup"] = "markup-inplace"
+		ctx.Data["MarkupType"] = rctx.RenderOptions.MarkupType
+		ctx.Data["EscapeStatus"], ctx.Data["FileContent"], err = markupRenderToHTML(ctx, rctx, renderer, rd)
+		if err != nil {
+			log.Error("Render failed for %s in %-v: %v Falling back to rendering source", readmeFile.Name(), ctx.Repo.Repository, err)
+			delete(ctx.Data, "RenderAsMarkup")
+		}
+	}
+
+	if ctx.Data["RenderAsMarkup"] == nil {
+		ctx.Data["IsPlainText"] = true
+		content, err := io.ReadAll(rd)
+		if err != nil {
+			log.Error("Read readme content failed: %v", err)
+		}
+		contentEscaped := template.HTMLEscapeString(util.UnsafeBytesToString(content))
+		ctx.Data["EscapeStatus"], ctx.Data["FileContent"] = charset.EscapeControlHTML(template.HTML(contentEscaped), ctx.Locale)
+	}
+
+	if !fInfo.isLFSFile() && ctx.Repo.Repository.CanEnableEditor() {
+		ctx.Data["CanEditReadmeFile"] = true
+	}
+}
@@ -0,0 +1,70 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"fmt"
+	"path"
+	"testing"
+
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/git/gitcmd"
+	"gitea.dev/services/contexttest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFindReadmeFileInEntriesWithSymlinkInSubfolder(t *testing.T) {
+	for _, subdir := range []string{".github", ".gitea", "docs"} {
+		t.Run(subdir, func(t *testing.T) {
+			repoPath := t.TempDir()
+			stdin := fmt.Sprintf(`commit refs/heads/master
+author Test <test@example.com> 1700000000 +0000
+committer Test <test@example.com> 1700000000 +0000
+data <<EOT
+initial
+EOT
+M 100644 inline target.md
+data <<EOT
+target-content
+EOT
+M 120000 inline %s/README.md
+data 12
+../target.md
+`, subdir)
+
+			var err error
+			err = gitcmd.NewCommand("init", "--bare", ".").WithDir(repoPath).RunWithStderr(t.Context())
+			require.NoError(t, err)
+			err = gitcmd.NewCommand("fast-import").WithDir(repoPath).WithStdinBytes([]byte(stdin)).RunWithStderr(t.Context())
+			require.NoError(t, err)
+
+			gitRepo, err := git.OpenRepository(t.Context(), repoPath)
+			require.NoError(t, err)
+			defer gitRepo.Close()
+
+			commit, err := gitRepo.GetBranchCommit("master")
+			require.NoError(t, err)
+
+			entries, err := commit.ListEntries()
+			require.NoError(t, err)
+
+			ctx, _ := contexttest.MockContext(t, "/")
+			ctx.Repo.Commit = commit
+			foundDir, foundReadme, err := findReadmeFileInEntries(ctx, "", entries, true)
+			require.NoError(t, err)
+			require.NotNil(t, foundReadme)
+
+			assert.Equal(t, subdir, foundDir)
+			assert.Equal(t, "README.md", foundReadme.Name())
+			assert.True(t, foundReadme.IsLink())
+
+			// Verify that it can follow the link
+			res, err := git.EntryFollowLinks(commit, path.Join(foundDir, foundReadme.Name()), foundReadme)
+			require.NoError(t, err)
+			assert.Equal(t, "target.md", res.TargetFullPath)
+		})
+	}
+}
@@ -0,0 +1,62 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"reflect"
+	"testing"
+)
+
+func Test_localizedExtensions(t *testing.T) {
+	tests := []struct {
+		name              string
+		ext               string
+		languageCode      string
+		wantLocalizedExts []string
+	}{
+		{
+			name:              "empty language",
+			ext:               ".md",
+			wantLocalizedExts: []string{".md"},
+		},
+		{
+			name:              "No region - lowercase",
+			languageCode:      "en",
+			ext:               ".csv",
+			wantLocalizedExts: []string{".en.csv", ".csv"},
+		},
+		{
+			name:              "No region - uppercase",
+			languageCode:      "FR",
+			ext:               ".txt",
+			wantLocalizedExts: []string{".fr.txt", ".txt"},
+		},
+		{
+			name:              "With region - lowercase",
+			languageCode:      "en-us",
+			ext:               ".md",
+			wantLocalizedExts: []string{".en-us.md", ".en_us.md", ".en.md", "_en.md", ".md"},
+		},
+		{
+			name:              "With region - uppercase",
+			languageCode:      "en-CA",
+			ext:               ".MD",
+			wantLocalizedExts: []string{".en-ca.MD", ".en_ca.MD", ".en.MD", "_en.MD", ".MD"},
+		},
+		{
+			name:              "With region - all uppercase",
+			languageCode:      "ZH-TW",
+			ext:               ".md",
+			wantLocalizedExts: []string{".zh-tw.md", ".zh_tw.md", ".zh.md", "_zh.md", ".md"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if gotLocalizedExts := localizedExtensions(tt.ext, tt.languageCode); !reflect.DeepEqual(gotLocalizedExts, tt.wantLocalizedExts) {
+				t.Errorf("localizedExtensions() = %v, want %v", gotLocalizedExts, tt.wantLocalizedExts)
+			}
+		})
+	}
+}
@@ -0,0 +1,30 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/modules/templates"
+	"gitea.dev/services/context"
+)
+
+const tplWatchUnwatch templates.TplName = "repo/header/watch"
+
+func ActionWatch(ctx *context.Context) {
+	err := repo_model.WatchRepo(ctx, ctx.Doer, ctx.Repo.Repository, ctx.PathParam("action") == "watch")
+	if err != nil {
+		handleActionError(ctx, err)
+		return
+	}
+
+	ctx.Data["IsWatchingRepo"] = repo_model.IsWatching(ctx, ctx.Doer.ID, ctx.Repo.Repository.ID)
+	ctx.Data["Repository"], err = repo_model.GetRepositoryByName(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.Name)
+	if err != nil {
+		ctx.ServerError("GetRepositoryByName", err)
+		return
+	}
+	ctx.HTML(http.StatusOK, tplWatchUnwatch)
+}
@@ -0,0 +1,40 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/context"
+	files_service "gitea.dev/services/repository/files"
+)
+
+func WebGitOperationCommonData(ctx *context.Context) {
+	// TODO: more places like "wiki page" and "merging a pull request or creating an auto merge merging task"
+	emails, err := user_model.GetActivatedEmailAddresses(ctx, ctx.Doer.ID)
+	if err != nil {
+		log.Error("WebGitOperationCommonData: GetActivatedEmailAddresses: %v", err)
+	}
+	if ctx.Doer.KeepEmailPrivate {
+		emails = append([]string{ctx.Doer.GetPlaceholderEmail()}, emails...)
+	}
+	ctx.Data["CommitCandidateEmails"] = emails
+	ctx.Data["CommitDefaultEmail"] = ctx.Doer.GetEmail()
+}
+
+func WebGitOperationGetCommitChosenEmailIdentity(ctx *context.Context, email string) (_ *files_service.IdentityOptions, valid bool) {
+	if ctx.Data["CommitCandidateEmails"] == nil {
+		setting.PanicInDevOrTesting("no CommitCandidateEmails in context data")
+	}
+	emails, _ := ctx.Data["CommitCandidateEmails"].([]string)
+	if email == "" {
+		return nil, true
+	}
+	if util.SliceContainsString(emails, email, true) {
+		return &files_service.IdentityOptions{GitUserEmail: email}, true
+	}
+	return nil, false
+}
@@ -0,0 +1,754 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"bytes"
+	"html/template"
+	"io"
+	"net/http"
+	"net/url"
+	"path"
+	"strings"
+
+	"gitea.dev/models/renderhelper"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unit"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/charset"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/markup"
+	"gitea.dev/modules/markup/markdown"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/timeutil"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/web"
+	"gitea.dev/routers/common"
+	"gitea.dev/services/context"
+	"gitea.dev/services/forms"
+	git_service "gitea.dev/services/git"
+	notify_service "gitea.dev/services/notify"
+	repo_service "gitea.dev/services/repository"
+	wiki_service "gitea.dev/services/wiki"
+)
+
+const (
+	tplWikiStart    templates.TplName = "repo/wiki/start"
+	tplWikiView     templates.TplName = "repo/wiki/view"
+	tplWikiRevision templates.TplName = "repo/wiki/revision"
+	tplWikiNew      templates.TplName = "repo/wiki/new"
+	tplWikiPages    templates.TplName = "repo/wiki/pages"
+)
+
+// MustEnableWiki check if wiki is enabled, if external then redirect
+func MustEnableWiki(ctx *context.Context) {
+	if !ctx.Repo.Permission.CanRead(unit.TypeWiki) &&
+		!ctx.Repo.Permission.CanRead(unit.TypeExternalWiki) {
+		if log.IsTrace() {
+			log.Trace("Permission Denied: User %-v cannot read %-v or %-v of repo %-v\n"+
+				"User in repo has Permissions: %-+v",
+				ctx.Doer,
+				unit.TypeWiki,
+				unit.TypeExternalWiki,
+				ctx.Repo.Repository,
+				ctx.Repo.Permission)
+		}
+		ctx.NotFound(nil)
+		return
+	}
+
+	repoUnit, err := ctx.Repo.Repository.GetUnit(ctx, unit.TypeExternalWiki)
+	if err == nil {
+		ctx.Redirect(repoUnit.ExternalWikiConfig().ExternalWikiURL)
+		return
+	}
+}
+
+// PageMeta wiki page meta information
+type PageMeta struct {
+	Name         string
+	SubURL       string
+	GitEntryName string
+	UpdatedUnix  timeutil.TimeStamp
+}
+
+// findEntryForFile finds the tree entry for a target filepath.
+func findEntryForFile(commit *git.Commit, target string) (*git.TreeEntry, error) {
+	entry, err := commit.GetTreeEntryByPath(target)
+	if err != nil && !git.IsErrNotExist(err) {
+		return nil, err
+	}
+	if entry != nil {
+		return entry, nil
+	}
+
+	// Then the unescaped, the shortest alternative
+	var unescapedTarget string
+	if unescapedTarget, err = url.QueryUnescape(target); err != nil {
+		return nil, err
+	}
+	return commit.GetTreeEntryByPath(unescapedTarget)
+}
+
+func findWikiRepoCommit(ctx *context.Context) (*git.Repository, *git.Commit, error) {
+	wikiGitRepo, errGitRepo := gitrepo.RepositoryFromRequestContextOrOpen(ctx, ctx.Repo.Repository.WikiStorageRepo())
+	if errGitRepo != nil {
+		ctx.ServerError("OpenRepository", errGitRepo)
+		return nil, nil, errGitRepo
+	}
+
+	commit, errCommit := wikiGitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultWikiBranch)
+	if git.IsErrNotExist(errCommit) {
+		// if the default branch recorded in database is out of sync, then re-sync it
+		gitRepoDefaultBranch, errBranch := gitrepo.GetDefaultBranch(ctx, ctx.Repo.Repository.WikiStorageRepo())
+		if errBranch != nil {
+			return wikiGitRepo, nil, errBranch
+		}
+		// update the default branch in the database
+		errDb := repo_model.UpdateRepositoryColsNoAutoTime(ctx, &repo_model.Repository{ID: ctx.Repo.Repository.ID, DefaultWikiBranch: gitRepoDefaultBranch}, "default_wiki_branch")
+		if errDb != nil {
+			return wikiGitRepo, nil, errDb
+		}
+		ctx.Repo.Repository.DefaultWikiBranch = gitRepoDefaultBranch
+		// retry to get the commit from the correct default branch
+		commit, errCommit = wikiGitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultWikiBranch)
+	}
+	if errCommit != nil {
+		return wikiGitRepo, nil, errCommit
+	}
+	return wikiGitRepo, commit, nil
+}
+
+// wikiContentsByEntry returns the contents of the wiki page referenced by the
+// given tree entry. Writes to ctx if an error occurs.
+func wikiContentsByEntry(ctx *context.Context, entry *git.TreeEntry) []byte {
+	reader, err := entry.Blob().DataAsync()
+	if err != nil {
+		ctx.ServerError("Blob.Data", err)
+		return nil
+	}
+	defer reader.Close()
+	content, err := util.ReadWithLimit(reader, 5*1024*1024) // 5MB should be enough for a wiki page
+	if err != nil {
+		ctx.ServerError("ReadAll", err)
+		return nil
+	}
+	return content
+}
+
+// wikiEntryByName returns the entry of a wiki page, along with a boolean
+// indicating whether the entry exists. Writes to ctx if an error occurs.
+// The last return value indicates whether the file should be returned as a raw file
+func wikiEntryByName(ctx *context.Context, commit *git.Commit, wikiName wiki_service.WebPath) (*git.TreeEntry, string, bool, bool) {
+	isRaw := false
+	gitFilename := wiki_service.WebPathToGitPath(wikiName)
+	entry, err := findEntryForFile(commit, gitFilename)
+	if err != nil && !git.IsErrNotExist(err) {
+		ctx.ServerError("findEntryForFile", err)
+		return nil, "", false, false
+	}
+	if entry == nil {
+		// check if the file without ".md" suffix exists
+		gitFilename := strings.TrimSuffix(gitFilename, ".md")
+		entry, err = findEntryForFile(commit, gitFilename)
+		if err != nil && !git.IsErrNotExist(err) {
+			ctx.ServerError("findEntryForFile", err)
+			return nil, "", false, false
+		}
+		isRaw = true
+	}
+	if entry == nil {
+		return nil, "", true, false
+	}
+	return entry, gitFilename, false, isRaw
+}
+
+// wikiContentsByName returns the contents of a wiki page, along with a boolean
+// indicating whether the page exists. Writes to ctx if an error occurs.
+func wikiContentsByName(ctx *context.Context, commit *git.Commit, wikiName wiki_service.WebPath) ([]byte, *git.TreeEntry, string, bool) {
+	entry, gitFilename, noEntry, _ := wikiEntryByName(ctx, commit, wikiName)
+	if entry == nil {
+		return nil, nil, "", true
+	}
+	return wikiContentsByEntry(ctx, entry), entry, gitFilename, noEntry
+}
+
+func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
+	wikiGitRepo, commit, err := findWikiRepoCommit(ctx)
+	if err != nil {
+		if !git.IsErrNotExist(err) {
+			ctx.ServerError("GetBranchCommit", err)
+		}
+		return nil, nil
+	}
+
+	// get the wiki pages list.
+	entries, err := commit.ListEntries()
+	if err != nil {
+		ctx.ServerError("ListEntries", err)
+		return nil, nil
+	}
+	pages := make([]PageMeta, 0, len(entries))
+	for _, entry := range entries {
+		if !entry.IsRegular() {
+			continue
+		}
+		wikiName, err := wiki_service.GitPathToWebPath(entry.Name())
+		if err != nil {
+			if repo_model.IsErrWikiInvalidFileName(err) {
+				continue
+			}
+			ctx.ServerError("WikiFilenameToName", err)
+			return nil, nil
+		} else if wikiName == "_Sidebar" || wikiName == "_Footer" {
+			continue
+		}
+		_, displayName := wiki_service.WebPathToUserTitle(wikiName)
+		pages = append(pages, PageMeta{
+			Name:         displayName,
+			SubURL:       wiki_service.WebPathToURLPath(wikiName),
+			GitEntryName: entry.Name(),
+		})
+	}
+	ctx.Data["Pages"] = pages
+
+	// get requested page name
+	pageName := wiki_service.WebPathFromRequest(ctx.PathParamRaw("*"))
+	if len(pageName) == 0 {
+		pageName = "Home"
+	}
+
+	_, displayName := wiki_service.WebPathToUserTitle(pageName)
+	ctx.Data["PageURL"] = wiki_service.WebPathToURLPath(pageName)
+	ctx.Data["old_title"] = displayName
+	ctx.Data["Title"] = displayName
+	ctx.Data["title"] = displayName
+
+	isSideBar := pageName == "_Sidebar"
+	isFooter := pageName == "_Footer"
+
+	// lookup filename in wiki - get gitTree entry , real filename
+	entry, pageFilename, noEntry, isRaw := wikiEntryByName(ctx, commit, pageName)
+	if noEntry {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki/?action=_pages")
+	}
+	if isRaw {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki/raw/" + string(pageName))
+	}
+	if entry == nil || ctx.Written() {
+		return nil, nil
+	}
+
+	// get page content
+	data := wikiContentsByEntry(ctx, entry)
+	if ctx.Written() {
+		return nil, nil
+	}
+
+	rctx := renderhelper.NewRenderContextRepoWiki(ctx, ctx.Repo.Repository)
+
+	renderFn := func(data []byte) (escaped *charset.EscapeStatus, output template.HTML, err error) {
+		buf := &strings.Builder{}
+		markupRd, markupWr := io.Pipe()
+		defer markupWr.Close()
+		done := make(chan struct{})
+		go func() {
+			escaped, _ = charset.EscapeControlReader(markupRd, buf, ctx.Locale, charset.EscapeOptionsForView())
+			output = template.HTML(buf.String())
+			buf.Reset()
+			close(done)
+		}()
+
+		err = markdown.Render(rctx, bytes.NewReader(data), markupWr)
+		_ = markupWr.CloseWithError(err)
+		<-done
+		return escaped, output, err
+	}
+
+	ctx.Data["EscapeStatus"], ctx.Data["WikiContentHTML"], err = renderFn(data)
+	if err != nil {
+		ctx.ServerError("Render", err)
+		return nil, nil
+	}
+
+	if rctx.TocShowInSection == markup.TocShowInSidebar && len(rctx.TocHeadingItems) > 0 {
+		sb := strings.Builder{}
+		markup.RenderTocHeadingItems(rctx, map[string]string{"open": ""}, &sb)
+		ctx.Data["WikiSidebarTocHTML"] = template.HTML(sb.String())
+	}
+
+	if !isSideBar {
+		sidebarContent, _, _, _ := wikiContentsByName(ctx, commit, "_Sidebar")
+		if ctx.Written() {
+			return nil, nil
+		}
+		ctx.Data["WikiSidebarEscapeStatus"], ctx.Data["WikiSidebarHTML"], err = renderFn(sidebarContent)
+		if err != nil {
+			ctx.ServerError("Render", err)
+			return nil, nil
+		}
+	}
+
+	if !isFooter {
+		footerContent, _, _, _ := wikiContentsByName(ctx, commit, "_Footer")
+		if ctx.Written() {
+			return nil, nil
+		}
+		ctx.Data["WikiFooterEscapeStatus"], ctx.Data["WikiFooterHTML"], err = renderFn(footerContent)
+		if err != nil {
+			ctx.ServerError("Render", err)
+			return nil, nil
+		}
+	}
+
+	// get commit count - wiki revisions
+	commitsCount, _ := gitrepo.FileCommitsCount(ctx, ctx.Repo.Repository.WikiStorageRepo(), ctx.Repo.Repository.DefaultWikiBranch, pageFilename)
+	ctx.Data["CommitCount"] = commitsCount
+
+	return wikiGitRepo, entry
+}
+
+func renderRevisionPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
+	wikiGitRepo, commit, err := findWikiRepoCommit(ctx)
+	if err != nil {
+		if !git.IsErrNotExist(err) {
+			ctx.ServerError("GetBranchCommit", err)
+		}
+		return nil, nil
+	}
+
+	// get requested page name
+	pageName := wiki_service.WebPathFromRequest(ctx.PathParamRaw("*"))
+	if len(pageName) == 0 {
+		pageName = "Home"
+	}
+
+	_, displayName := wiki_service.WebPathToUserTitle(pageName)
+	ctx.Data["PageURL"] = wiki_service.WebPathToURLPath(pageName)
+	ctx.Data["old_title"] = displayName
+	ctx.Data["Title"] = displayName
+	ctx.Data["title"] = displayName
+
+	// lookup filename in wiki - get page content, gitTree entry , real filename
+	_, entry, pageFilename, noEntry := wikiContentsByName(ctx, commit, pageName)
+	if noEntry {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki/?action=_pages")
+	}
+	if entry == nil || ctx.Written() {
+		return nil, nil
+	}
+
+	// get commit count - wiki revisions
+	commitsCount, _ := gitrepo.FileCommitsCount(ctx, ctx.Repo.Repository.WikiStorageRepo(), ctx.Repo.Repository.DefaultWikiBranch, pageFilename)
+	ctx.Data["CommitCount"] = commitsCount
+
+	// get page
+	page := max(ctx.FormInt("page"), 1)
+
+	// get Commit Count
+	commitsHistory, err := wikiGitRepo.CommitsByFileAndRange(
+		git.CommitsByFileAndRangeOptions{
+			Revision: ctx.Repo.Repository.DefaultWikiBranch,
+			File:     pageFilename,
+			Page:     page,
+		})
+	if err != nil {
+		ctx.ServerError("CommitsByFileAndRange", err)
+		return nil, nil
+	}
+	ctx.Data["Commits"], err = git_service.ConvertFromGitCommit(ctx, commitsHistory, ctx.Repo.Repository)
+	if err != nil {
+		ctx.ServerError("ConvertFromGitCommit", err)
+		return nil, nil
+	}
+
+	pager := context.NewPagination(commitsCount, setting.Git.CommitsRangeSize, page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+
+	return wikiGitRepo, entry
+}
+
+func renderEditPage(ctx *context.Context) {
+	_, commit, err := findWikiRepoCommit(ctx)
+	if err != nil {
+		if !git.IsErrNotExist(err) {
+			ctx.ServerError("GetBranchCommit", err)
+		}
+		return
+	}
+
+	// get requested page name
+	pageName := wiki_service.WebPathFromRequest(ctx.PathParamRaw("*"))
+	if len(pageName) == 0 {
+		pageName = "Home"
+	}
+
+	_, displayName := wiki_service.WebPathToUserTitle(pageName)
+	ctx.Data["PageURL"] = wiki_service.WebPathToURLPath(pageName)
+	ctx.Data["old_title"] = displayName
+	ctx.Data["Title"] = displayName
+	ctx.Data["title"] = displayName
+
+	// lookup filename in wiki -  gitTree entry , real filename
+	entry, _, noEntry, isRaw := wikiEntryByName(ctx, commit, pageName)
+	if noEntry {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki/?action=_pages")
+	}
+	if isRaw {
+		ctx.HTTPError(http.StatusForbidden, "Editing of raw wiki files is not allowed")
+	}
+	if entry == nil || ctx.Written() {
+		return
+	}
+
+	// get wiki page content
+	data := wikiContentsByEntry(ctx, entry)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.Data["WikiEditContent"] = string(data)
+}
+
+// WikiPost renders post of wiki page
+func WikiPost(ctx *context.Context) {
+	switch ctx.FormString("action") {
+	case "_new":
+		if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) {
+			ctx.NotFound(nil)
+			return
+		}
+		NewWikiPost(ctx)
+		return
+	case "_delete":
+		if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) {
+			ctx.NotFound(nil)
+			return
+		}
+		DeleteWikiPagePost(ctx)
+		return
+	}
+
+	if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) {
+		ctx.NotFound(nil)
+		return
+	}
+	EditWikiPost(ctx)
+}
+
+// Wiki renders single wiki page
+func Wiki(ctx *context.Context) {
+	ctx.Data["CanWriteWiki"] = ctx.Repo.Permission.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived
+
+	switch ctx.FormString("action") {
+	case "_pages":
+		WikiPages(ctx)
+		return
+	case "_revision":
+		WikiRevision(ctx)
+		return
+	case "_edit":
+		if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) {
+			ctx.NotFound(nil)
+			return
+		}
+		EditWiki(ctx)
+		return
+	case "_new":
+		if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) {
+			ctx.NotFound(nil)
+			return
+		}
+		NewWiki(ctx)
+		return
+	}
+
+	if !repo_service.HasWiki(ctx, ctx.Repo.Repository) {
+		ctx.Data["Title"] = ctx.Tr("repo.wiki")
+		ctx.HTML(http.StatusOK, tplWikiStart)
+		return
+	}
+
+	wikiGitRepo, entry := renderViewPage(ctx)
+	if ctx.Written() {
+		return
+	}
+	if entry == nil {
+		ctx.Data["Title"] = ctx.Tr("repo.wiki")
+		ctx.HTML(http.StatusOK, tplWikiStart)
+		return
+	}
+
+	wikiPath := entry.Name()
+	detectedRender := markup.DetectRendererTypeByFilename(wikiPath)
+	if detectedRender == nil || detectedRender.Name() != markdown.MarkupName {
+		ctx.Data["FormatWarning"] = "File extension " + path.Ext(wikiPath) + " is not supported at the moment. Rendered as Markdown."
+	}
+	// Get last change information.
+	lastCommit, err := wikiGitRepo.GetCommitByPath(wikiPath)
+	if err != nil {
+		ctx.ServerError("GetCommitByPath", err)
+		return
+	}
+	ctx.Data["Author"] = lastCommit.Author
+
+	ctx.HTML(http.StatusOK, tplWikiView)
+}
+
+// WikiRevision renders file revision list of wiki page
+func WikiRevision(ctx *context.Context) {
+	ctx.Data["CanWriteWiki"] = ctx.Repo.Permission.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived
+
+	if !repo_service.HasWiki(ctx, ctx.Repo.Repository) {
+		ctx.Data["Title"] = ctx.Tr("repo.wiki")
+		ctx.HTML(http.StatusOK, tplWikiStart)
+		return
+	}
+
+	wikiGitRepo, entry := renderRevisionPage(ctx)
+	if ctx.Written() {
+		return
+	}
+	if entry == nil {
+		ctx.Data["Title"] = ctx.Tr("repo.wiki")
+		ctx.HTML(http.StatusOK, tplWikiStart)
+		return
+	}
+
+	// Get last change information.
+	wikiPath := entry.Name()
+	lastCommit, err := wikiGitRepo.GetCommitByPath(wikiPath)
+	if err != nil {
+		ctx.ServerError("GetCommitByPath", err)
+		return
+	}
+	ctx.Data["Author"] = lastCommit.Author
+
+	ctx.HTML(http.StatusOK, tplWikiRevision)
+}
+
+// WikiPages render wiki pages list page
+func WikiPages(ctx *context.Context) {
+	if !repo_service.HasWiki(ctx, ctx.Repo.Repository) {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki")
+		return
+	}
+
+	ctx.Data["Title"] = ctx.Tr("repo.wiki.pages")
+	ctx.Data["CanWriteWiki"] = ctx.Repo.Permission.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived
+
+	_, commit, err := findWikiRepoCommit(ctx)
+	if err != nil {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki")
+		return
+	}
+
+	treePath := "" // To support list sub folders' pages in the future
+	tree, err := commit.SubTree(treePath)
+	if err != nil {
+		ctx.ServerError("SubTree", err)
+		return
+	}
+
+	allEntries, err := tree.ListEntries()
+	if err != nil {
+		ctx.ServerError("ListEntries", err)
+		return
+	}
+	allEntries.CustomSort(base.NaturalSortCompare)
+
+	entries, _, err := allEntries.GetCommitsInfo(ctx, ctx.Repo.RepoLink, commit, treePath)
+	if err != nil {
+		ctx.ServerError("GetCommitsInfo", err)
+		return
+	}
+
+	pages := make([]PageMeta, 0, len(entries))
+	for _, entry := range entries {
+		if !entry.Entry.IsRegular() {
+			continue
+		}
+		wikiName, err := wiki_service.GitPathToWebPath(entry.Entry.Name())
+		if err != nil {
+			if repo_model.IsErrWikiInvalidFileName(err) {
+				continue
+			}
+			ctx.ServerError("WikiFilenameToName", err)
+			return
+		}
+		_, displayName := wiki_service.WebPathToUserTitle(wikiName)
+		pages = append(pages, PageMeta{
+			Name:         displayName,
+			SubURL:       wiki_service.WebPathToURLPath(wikiName),
+			GitEntryName: entry.Entry.Name(),
+			UpdatedUnix:  timeutil.TimeStamp(entry.Commit.Author.When.Unix()),
+		})
+	}
+	ctx.Data["Pages"] = pages
+
+	ctx.HTML(http.StatusOK, tplWikiPages)
+}
+
+// WikiRaw outputs raw blob requested by user (image for example)
+func WikiRaw(ctx *context.Context) {
+	_, commit, err := findWikiRepoCommit(ctx)
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound(nil)
+			return
+		}
+		ctx.ServerError("findEntryForfile", err)
+		return
+	}
+
+	providedWebPath := wiki_service.WebPathFromRequest(ctx.PathParamRaw("*"))
+	providedGitPath := wiki_service.WebPathToGitPath(providedWebPath)
+	var entry *git.TreeEntry
+	if commit != nil {
+		// Try to find a file with that name
+		entry, err = findEntryForFile(commit, providedGitPath)
+		if err != nil && !git.IsErrNotExist(err) {
+			ctx.ServerError("findFile", err)
+			return
+		}
+
+		if entry == nil {
+			// Try to find a wiki page with that name
+			providedGitPath = strings.TrimSuffix(providedGitPath, ".md")
+			entry, err = findEntryForFile(commit, providedGitPath)
+			if err != nil && !git.IsErrNotExist(err) {
+				ctx.ServerError("findFile", err)
+				return
+			}
+		}
+	}
+
+	if entry != nil {
+		if err = common.ServeBlob(ctx.Base, ctx.Repo.Repository, ctx.Repo.TreePath, entry.Blob(), nil); err != nil {
+			ctx.ServerError("ServeBlob", err)
+		}
+		return
+	}
+
+	ctx.NotFound(nil)
+}
+
+// NewWiki render wiki create page
+func NewWiki(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.wiki.new_page")
+
+	if !repo_service.HasWiki(ctx, ctx.Repo.Repository) {
+		ctx.Data["title"] = "Home"
+	}
+	if ctx.FormString("title") != "" {
+		ctx.Data["title"] = ctx.FormString("title")
+	}
+
+	ctx.HTML(http.StatusOK, tplWikiNew)
+}
+
+// NewWikiPost response for wiki create request
+func NewWikiPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.NewWikiForm)
+	ctx.Data["Title"] = ctx.Tr("repo.wiki.new_page")
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplWikiNew)
+		return
+	}
+
+	if util.IsEmptyString(form.Title) {
+		ctx.RenderWithErrDeprecated(ctx.Tr("repo.issues.new.title_empty"), tplWikiNew, form)
+		return
+	}
+
+	wikiName := wiki_service.UserTitleToWebPath("", form.Title)
+
+	if len(form.Message) == 0 {
+		form.Message = ctx.Locale.TrString("repo.editor.add", form.Title)
+	}
+
+	if err := wiki_service.AddWikiPage(ctx, ctx.Doer, ctx.Repo.Repository, wikiName, form.Content, form.Message); err != nil {
+		if repo_model.IsErrWikiReservedName(err) {
+			ctx.Data["Err_Title"] = true
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.wiki.reserved_page", wikiName), tplWikiNew, &form)
+		} else if repo_model.IsErrWikiAlreadyExist(err) {
+			ctx.Data["Err_Title"] = true
+			ctx.RenderWithErrDeprecated(ctx.Tr("repo.wiki.page_already_exists"), tplWikiNew, &form)
+		} else {
+			ctx.ServerError("AddWikiPage", err)
+		}
+		return
+	}
+
+	notify_service.NewWikiPage(ctx, ctx.Doer, ctx.Repo.Repository, string(wikiName), form.Message)
+
+	ctx.Redirect(ctx.Repo.RepoLink + "/wiki/" + wiki_service.WebPathToURLPath(wikiName))
+}
+
+// EditWiki render wiki modify page
+func EditWiki(ctx *context.Context) {
+	ctx.Data["PageIsWikiEdit"] = true
+
+	if !repo_service.HasWiki(ctx, ctx.Repo.Repository) {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki")
+		return
+	}
+
+	renderEditPage(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplWikiNew)
+}
+
+// EditWikiPost response for wiki modify request
+func EditWikiPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.NewWikiForm)
+	ctx.Data["Title"] = ctx.Tr("repo.wiki.new_page")
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplWikiNew)
+		return
+	}
+
+	oldWikiName := wiki_service.WebPathFromRequest(ctx.PathParamRaw("*"))
+	newWikiName := wiki_service.UserTitleToWebPath("", form.Title)
+
+	if len(form.Message) == 0 {
+		form.Message = ctx.Locale.TrString("repo.editor.update", form.Title)
+	}
+
+	if err := wiki_service.EditWikiPage(ctx, ctx.Doer, ctx.Repo.Repository, oldWikiName, newWikiName, form.Content, form.Message); err != nil {
+		ctx.ServerError("EditWikiPage", err)
+		return
+	}
+
+	notify_service.EditWikiPage(ctx, ctx.Doer, ctx.Repo.Repository, string(newWikiName), form.Message)
+
+	ctx.Redirect(ctx.Repo.RepoLink + "/wiki/" + wiki_service.WebPathToURLPath(newWikiName))
+}
+
+// DeleteWikiPagePost delete wiki page
+func DeleteWikiPagePost(ctx *context.Context) {
+	wikiName := wiki_service.WebPathFromRequest(ctx.PathParamRaw("*"))
+	if len(wikiName) == 0 {
+		wikiName = "Home"
+	}
+
+	if err := wiki_service.DeleteWikiPage(ctx, ctx.Doer, ctx.Repo.Repository, wikiName); err != nil {
+		ctx.ServerError("DeleteWikiPage", err)
+		return
+	}
+
+	notify_service.DeleteWikiPage(ctx, ctx.Doer, ctx.Repo.Repository, string(wikiName))
+
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/wiki/")
+}
@@ -0,0 +1,277 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"io"
+	"net/http"
+	"net/url"
+	"testing"
+
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/models/unittest"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/web"
+	"gitea.dev/services/contexttest"
+	"gitea.dev/services/forms"
+	repo_service "gitea.dev/services/repository"
+	wiki_service "gitea.dev/services/wiki"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const (
+	content = "Wiki contents for unit tests"
+	message = "Wiki commit message for unit tests"
+)
+
+func wikiEntry(t *testing.T, repo *repo_model.Repository, wikiName wiki_service.WebPath) *git.TreeEntry {
+	wikiRepo, err := gitrepo.OpenRepository(t.Context(), repo.WikiStorageRepo())
+	assert.NoError(t, err)
+	defer wikiRepo.Close()
+	commit, err := wikiRepo.GetBranchCommit("master")
+	assert.NoError(t, err)
+	entries, err := commit.ListEntries()
+	assert.NoError(t, err)
+	for _, entry := range entries {
+		if entry.Name() == wiki_service.WebPathToGitPath(wikiName) {
+			return entry
+		}
+	}
+	return nil
+}
+
+func wikiContent(t *testing.T, repo *repo_model.Repository, wikiName wiki_service.WebPath) string {
+	entry := wikiEntry(t, repo, wikiName)
+	if !assert.NotNil(t, entry) {
+		return ""
+	}
+	reader, err := entry.Blob().DataAsync()
+	assert.NoError(t, err)
+	defer reader.Close()
+	bytes, err := io.ReadAll(reader)
+	assert.NoError(t, err)
+	return string(bytes)
+}
+
+func assertWikiExists(t *testing.T, repo *repo_model.Repository, wikiName wiki_service.WebPath) {
+	assert.NotNil(t, wikiEntry(t, repo, wikiName))
+}
+
+func assertWikiNotExists(t *testing.T, repo *repo_model.Repository, wikiName wiki_service.WebPath) {
+	assert.Nil(t, wikiEntry(t, repo, wikiName))
+}
+
+func assertPagesMetas(t *testing.T, expectedNames []string, metas any) {
+	pageMetas, ok := metas.([]PageMeta)
+	require.True(t, ok)
+	require.Len(t, pageMetas, len(expectedNames))
+
+	for i, pageMeta := range pageMetas {
+		assert.Equal(t, expectedNames[i], pageMeta.Name)
+	}
+}
+
+func TestWiki(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/wiki")
+	ctx.SetPathParam("*", "Home")
+	contexttest.LoadRepo(t, ctx, 1)
+	Wiki(ctx)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	assert.EqualValues(t, "Home", ctx.Data["Title"])
+	assertPagesMetas(t, []string{"Home", "Page With Image", "Page With Spaced Name", "Unescaped File"}, ctx.Data["Pages"])
+
+	ctx, _ = contexttest.MockContext(t, "user2/repo1/jpeg.jpg")
+	ctx.SetPathParam("*", "jpeg.jpg")
+	contexttest.LoadRepo(t, ctx, 1)
+	Wiki(ctx)
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+	assert.Equal(t, "/user2/repo1/wiki/raw/jpeg.jpg", ctx.Resp.Header().Get("Location"))
+}
+
+func TestWikiPages(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/wiki/?action=_pages")
+	contexttest.LoadRepo(t, ctx, 1)
+	WikiPages(ctx)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	assertPagesMetas(t, []string{"Home", "Page With Image", "Page With Spaced Name", "Unescaped File"}, ctx.Data["Pages"])
+}
+
+func TestNewWiki(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/wiki/?action=_new")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	NewWiki(ctx)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	assert.EqualValues(t, ctx.Tr("repo.wiki.new_page"), ctx.Data["Title"])
+}
+
+func TestNewWikiPost(t *testing.T) {
+	for _, title := range []string{
+		"New page",
+		"&&&&",
+	} {
+		unittest.PrepareTestEnv(t)
+
+		ctx, _ := contexttest.MockContext(t, "user2/repo1/wiki/?action=_new")
+		contexttest.LoadUser(t, ctx, 2)
+		contexttest.LoadRepo(t, ctx, 1)
+		web.SetForm(ctx, &forms.NewWikiForm{
+			Title:   title,
+			Content: content,
+			Message: message,
+		})
+		NewWikiPost(ctx)
+		assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+		assertWikiExists(t, ctx.Repo.Repository, wiki_service.UserTitleToWebPath("", title))
+		assert.Equal(t, content, wikiContent(t, ctx.Repo.Repository, wiki_service.UserTitleToWebPath("", title)))
+	}
+}
+
+func TestNewWikiPost_ReservedName(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/wiki/?action=_new")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	web.SetForm(ctx, &forms.NewWikiForm{
+		Title:   "_edit",
+		Content: content,
+		Message: message,
+	})
+	NewWikiPost(ctx)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	assert.EqualValues(t, ctx.Tr("repo.wiki.reserved_page", "_edit"), ctx.Flash.ErrorMsg)
+	assertWikiNotExists(t, ctx.Repo.Repository, "_edit")
+}
+
+func TestEditWiki(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/wiki/Home?action=_edit")
+	ctx.SetPathParam("*", "Home")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	EditWiki(ctx)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	assert.EqualValues(t, "Home", ctx.Data["Title"])
+	assert.Equal(t, wikiContent(t, ctx.Repo.Repository, "Home"), ctx.Data["WikiEditContent"])
+
+	ctx, _ = contexttest.MockContext(t, "user2/repo1/wiki/jpeg.jpg?action=_edit")
+	ctx.SetPathParam("*", "jpeg.jpg")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	EditWiki(ctx)
+	assert.Equal(t, http.StatusForbidden, ctx.Resp.WrittenStatus())
+}
+
+func TestEditWikiPost(t *testing.T) {
+	for _, title := range []string{
+		"Home",
+		"New/<page>",
+	} {
+		unittest.PrepareTestEnv(t)
+		ctx, _ := contexttest.MockContext(t, "user2/repo1/wiki/Home?action=_new")
+		ctx.SetPathParam("*", "Home")
+		contexttest.LoadUser(t, ctx, 2)
+		contexttest.LoadRepo(t, ctx, 1)
+		web.SetForm(ctx, &forms.NewWikiForm{
+			Title:   title,
+			Content: content,
+			Message: message,
+		})
+		EditWikiPost(ctx)
+		assert.Equal(t, http.StatusSeeOther, ctx.Resp.WrittenStatus())
+		assertWikiExists(t, ctx.Repo.Repository, wiki_service.UserTitleToWebPath("", title))
+		assert.Equal(t, content, wikiContent(t, ctx.Repo.Repository, wiki_service.UserTitleToWebPath("", title)))
+		if title != "Home" {
+			assertWikiNotExists(t, ctx.Repo.Repository, "Home")
+		}
+	}
+}
+
+func TestDeleteWikiPagePost(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/wiki/Home?action=_delete")
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	DeleteWikiPagePost(ctx)
+	assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus())
+	assertWikiNotExists(t, ctx.Repo.Repository, "Home")
+}
+
+func TestWikiRaw(t *testing.T) {
+	for filepath, filetype := range map[string]string{
+		"jpeg.jpg":                      "image/jpeg",
+		"images/jpeg.jpg":               "image/jpeg",
+		"files/Non-Renderable-File.zip": "application/octet-stream",
+		"Page With Spaced Name":         "text/plain; charset=utf-8",
+		"Page-With-Spaced-Name":         "text/plain; charset=utf-8",
+		"Page With Spaced Name.md":      "", // there is no "Page With Spaced Name.md" in repo
+		"Page-With-Spaced-Name.md":      "text/plain; charset=utf-8",
+	} {
+		unittest.PrepareTestEnv(t)
+
+		ctx, _ := contexttest.MockContext(t, "user2/repo1/wiki/raw/"+url.PathEscape(filepath))
+		ctx.SetPathParam("*", filepath)
+		contexttest.LoadUser(t, ctx, 2)
+		contexttest.LoadRepo(t, ctx, 1)
+		WikiRaw(ctx)
+		if filetype == "" {
+			assert.Equal(t, http.StatusNotFound, ctx.Resp.WrittenStatus(), "filepath: %s", filepath)
+		} else {
+			assert.Equal(t, http.StatusOK, ctx.Resp.WrittenStatus(), "filepath: %s", filepath)
+			assert.Equal(t, filetype, ctx.Resp.Header().Get("Content-Type"), "filepath: %s", filepath)
+		}
+	}
+}
+
+func TestDefaultWikiBranch(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	// repo with no wiki
+	repoWithNoWiki := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
+	assert.False(t, repo_service.HasWiki(t.Context(), repoWithNoWiki))
+	assert.NoError(t, wiki_service.ChangeDefaultWikiBranch(t.Context(), repoWithNoWiki, "main"))
+
+	// repo with wiki
+	assert.NoError(t, repo_model.UpdateRepositoryColsNoAutoTime(
+		t.Context(),
+		&repo_model.Repository{ID: 1, DefaultWikiBranch: "wrong-branch"},
+		"default_wiki_branch",
+	),
+	)
+
+	ctx, _ := contexttest.MockContext(t, "user2/repo1/wiki")
+	ctx.SetPathParam("*", "Home")
+	contexttest.LoadRepo(t, ctx, 1)
+	assert.Equal(t, "wrong-branch", ctx.Repo.Repository.DefaultWikiBranch)
+	Wiki(ctx) // after the visiting, the out-of-sync database record will update the branch name to "master"
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	assert.Equal(t, "master", ctx.Repo.Repository.DefaultWikiBranch)
+
+	// invalid branch name should fail
+	assert.Error(t, wiki_service.ChangeDefaultWikiBranch(t.Context(), repo, "the bad name"))
+	repo = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	assert.Equal(t, "master", repo.DefaultWikiBranch)
+
+	// the same branch name, should succeed (actually a no-op)
+	assert.NoError(t, wiki_service.ChangeDefaultWikiBranch(t.Context(), repo, "master"))
+	repo = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	assert.Equal(t, "master", repo.DefaultWikiBranch)
+
+	// change to another name
+	assert.NoError(t, wiki_service.ChangeDefaultWikiBranch(t.Context(), repo, "main"))
+	repo = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	assert.Equal(t, "main", repo.DefaultWikiBranch)
+}