From 3a10e8f4f5f716e3a8956b005dfd9be3b47ea4c4 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Wed, 17 Dec 2025 07:13:59 +0100
Subject: [PATCH 01/30] feat: Add configurable permissions for Actions
 automatic tokens

---
 models/perm/access/repo_permission.go        |  41 +++++--
 models/repo/repo_unit.go                     | 120 +++++++++++++++++++
 models/repo/repo_unit_test.go                |  75 ++++++++++++
 options/locale/locale_en-US.ini              |  19 +++
 routers/web/repo/setting/actions.go          |  40 ++++++-
 routers/web/web.go                           |   1 +
 templates/repo/settings/actions_general.tmpl |  39 ++++++
 tests/integration/actions_job_token_test.go  |  44 +++++++
 8 files changed, 368 insertions(+), 11 deletions(-)

diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index 15526cb1e6f1f..f5b7c9ef33589 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -266,13 +266,18 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito
 		return perm, err
 	}
 
-	var accessMode perm_model.AccessMode
+	if err := repo.LoadUnits(ctx); err != nil {
+		return perm, err
+	}
+
+	actionsUnit := repo.MustGetUnit(ctx, unit.TypeActions)
+	actionsCfg := actionsUnit.ActionsConfig()
+
 	if task.RepoID != repo.ID {
 		taskRepo, exist, err := db.GetByID[repo_model.Repository](ctx, task.RepoID)
 		if err != nil || !exist {
 			return perm, err
 		}
-		actionsCfg := repo.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
 		if !actionsCfg.IsCollaborativeOwner(taskRepo.OwnerID) || !taskRepo.IsPrivate {
 			// The task repo can access the current repo only if the task repo is private and
 			// the owner of the task repo is a collaborative owner of the current repo.
@@ -280,17 +285,33 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito
 			// FIXME should owner's visibility also be considered here?
 			return perm, nil
 		}
-		accessMode = perm_model.AccessModeRead
-	} else if task.IsForkPullRequest {
-		accessMode = perm_model.AccessModeRead
-	} else {
-		accessMode = perm_model.AccessModeWrite
+		// Cross-repo access is always read-only
+		perm.SetUnitsWithDefaultAccessMode(repo.Units, perm_model.AccessModeRead)
+		return perm, nil
 	}
 
-	if err := repo.LoadUnits(ctx); err != nil {
-		return perm, err
+	// Get effective token permissions from repository settings
+	effectivePerms := actionsCfg.GetEffectiveTokenPermissions(task.IsForkPullRequest)
+
+	// Set up per-unit access modes based on configured permissions
+	perm.units = repo.Units
+	perm.unitsMode = make(map[unit.Type]perm_model.AccessMode)
+	perm.unitsMode[unit.TypeCode] = effectivePerms.Contents
+	perm.unitsMode[unit.TypeIssues] = effectivePerms.Issues
+	perm.unitsMode[unit.TypePullRequests] = effectivePerms.PullRequests
+	perm.unitsMode[unit.TypePackages] = effectivePerms.Packages
+	perm.unitsMode[unit.TypeActions] = effectivePerms.Actions
+	perm.unitsMode[unit.TypeWiki] = effectivePerms.Wiki
+
+	// Set base access mode to the maximum of all unit permissions
+	maxMode := perm_model.AccessModeNone
+	for _, mode := range perm.unitsMode {
+		if mode > maxMode {
+			maxMode = mode
+		}
 	}
-	perm.SetUnitsWithDefaultAccessMode(repo.Units, accessMode)
+	perm.AccessMode = maxMode
+
 	return perm, nil
 }
 
diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go
index ad0bb9d3f82ec..6e420373daa3d 100644
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@@ -168,11 +168,78 @@ func (cfg *PullRequestsConfig) GetDefaultMergeStyle() MergeStyle {
 	return MergeStyleMerge
 }
 
+// ActionsTokenPermissionMode defines the default permission mode for Actions tokens
+type ActionsTokenPermissionMode string
+
+const (
+	// ActionsTokenPermissionModePermissive - write access by default (current behavior, backwards compatible)
+	ActionsTokenPermissionModePermissive ActionsTokenPermissionMode = "permissive"
+	// ActionsTokenPermissionModeRestricted - read access by default
+	ActionsTokenPermissionModeRestricted ActionsTokenPermissionMode = "restricted"
+)
+
+// ActionsTokenPermissions defines the permissions for different repository units
+type ActionsTokenPermissions struct {
+	// Contents (repository code) - read/write/none
+	Contents perm.AccessMode `json:"contents"`
+	// Issues - read/write/none
+	Issues perm.AccessMode `json:"issues"`
+	// PullRequests - read/write/none
+	PullRequests perm.AccessMode `json:"pull_requests"`
+	// Packages - read/write/none
+	Packages perm.AccessMode `json:"packages"`
+	// Actions - read/write/none
+	Actions perm.AccessMode `json:"actions"`
+	// Wiki - read/write/none
+	Wiki perm.AccessMode `json:"wiki"`
+}
+
+// DefaultActionsTokenPermissions returns the default permissions for permissive mode
+func DefaultActionsTokenPermissions(mode ActionsTokenPermissionMode) ActionsTokenPermissions {
+	if mode == ActionsTokenPermissionModeRestricted {
+		return ActionsTokenPermissions{
+			Contents:     perm.AccessModeRead,
+			Issues:       perm.AccessModeRead,
+			PullRequests: perm.AccessModeRead,
+			Packages:     perm.AccessModeRead,
+			Actions:      perm.AccessModeRead,
+			Wiki:         perm.AccessModeRead,
+		}
+	}
+	// Permissive mode (default)
+	return ActionsTokenPermissions{
+		Contents:     perm.AccessModeWrite,
+		Issues:       perm.AccessModeWrite,
+		PullRequests: perm.AccessModeWrite,
+		Packages:     perm.AccessModeRead, // Packages read by default for security
+		Actions:      perm.AccessModeWrite,
+		Wiki:         perm.AccessModeWrite,
+	}
+}
+
+// ForkPullRequestPermissions returns the restricted permissions for fork pull requests
+func ForkPullRequestPermissions() ActionsTokenPermissions {
+	return ActionsTokenPermissions{
+		Contents:     perm.AccessModeRead,
+		Issues:       perm.AccessModeRead,
+		PullRequests: perm.AccessModeRead,
+		Packages:     perm.AccessModeRead,
+		Actions:      perm.AccessModeRead,
+		Wiki:         perm.AccessModeRead,
+	}
+}
+
 type ActionsConfig struct {
 	DisabledWorkflows []string
 	// CollaborativeOwnerIDs is a list of owner IDs used to share actions from private repos.
 	// Only workflows from the private repos whose owners are in CollaborativeOwnerIDs can access the current repo's actions.
 	CollaborativeOwnerIDs []int64
+	// TokenPermissionMode defines the default permission mode (permissive or restricted)
+	TokenPermissionMode ActionsTokenPermissionMode `json:"token_permission_mode,omitempty"`
+	// DefaultTokenPermissions defines the default permissions for workflow tokens
+	DefaultTokenPermissions *ActionsTokenPermissions `json:"default_token_permissions,omitempty"`
+	// MaxTokenPermissions defines the maximum permissions (cannot be exceeded by workflow permissions keyword)
+	MaxTokenPermissions *ActionsTokenPermissions `json:"max_token_permissions,omitempty"`
 }
 
 func (cfg *ActionsConfig) EnableWorkflow(file string) {
@@ -209,6 +276,59 @@ func (cfg *ActionsConfig) IsCollaborativeOwner(ownerID int64) bool {
 	return slices.Contains(cfg.CollaborativeOwnerIDs, ownerID)
 }
 
+// GetTokenPermissionMode returns the token permission mode (defaults to permissive for backwards compatibility)
+func (cfg *ActionsConfig) GetTokenPermissionMode() ActionsTokenPermissionMode {
+	if cfg.TokenPermissionMode == "" {
+		return ActionsTokenPermissionModePermissive
+	}
+	return cfg.TokenPermissionMode
+}
+
+// GetEffectiveTokenPermissions returns the effective token permissions based on settings and context
+func (cfg *ActionsConfig) GetEffectiveTokenPermissions(isForkPullRequest bool) ActionsTokenPermissions {
+	// Fork pull requests always get restricted read-only access for security
+	if isForkPullRequest {
+		return ForkPullRequestPermissions()
+	}
+
+	// Use custom default permissions if set
+	if cfg.DefaultTokenPermissions != nil {
+		return *cfg.DefaultTokenPermissions
+	}
+
+	// Otherwise use mode-based defaults
+	return DefaultActionsTokenPermissions(cfg.GetTokenPermissionMode())
+}
+
+// GetMaxTokenPermissions returns the maximum allowed permissions
+func (cfg *ActionsConfig) GetMaxTokenPermissions() ActionsTokenPermissions {
+	if cfg.MaxTokenPermissions != nil {
+		return *cfg.MaxTokenPermissions
+	}
+	// Default max is write for everything except packages
+	return ActionsTokenPermissions{
+		Contents:     perm.AccessModeWrite,
+		Issues:       perm.AccessModeWrite,
+		PullRequests: perm.AccessModeWrite,
+		Packages:     perm.AccessModeWrite,
+		Actions:      perm.AccessModeWrite,
+		Wiki:         perm.AccessModeWrite,
+	}
+}
+
+// ClampPermissions ensures that the given permissions don't exceed the maximum
+func (cfg *ActionsConfig) ClampPermissions(perms ActionsTokenPermissions) ActionsTokenPermissions {
+	maxPerms := cfg.GetMaxTokenPermissions()
+	return ActionsTokenPermissions{
+		Contents:     min(perms.Contents, maxPerms.Contents),
+		Issues:       min(perms.Issues, maxPerms.Issues),
+		PullRequests: min(perms.PullRequests, maxPerms.PullRequests),
+		Packages:     min(perms.Packages, maxPerms.Packages),
+		Actions:      min(perms.Actions, maxPerms.Actions),
+		Wiki:         min(perms.Wiki, maxPerms.Wiki),
+	}
+}
+
 // FromDB fills up a ActionsConfig from serialized format.
 func (cfg *ActionsConfig) FromDB(bs []byte) error {
 	return json.UnmarshalHandleDoubleEncode(bs, &cfg)
diff --git a/models/repo/repo_unit_test.go b/models/repo/repo_unit_test.go
index 56dda5672d4ff..11b430e485fc7 100644
--- a/models/repo/repo_unit_test.go
+++ b/models/repo/repo_unit_test.go
@@ -6,6 +6,8 @@ package repo
 import (
 	"testing"
 
+	"code.gitea.io/gitea/models/perm"
+
 	"github.com/stretchr/testify/assert"
 )
 
@@ -28,3 +30,76 @@ func TestActionsConfig(t *testing.T) {
 	cfg.DisableWorkflow("test3.yaml")
 	assert.Equal(t, "test1.yaml,test2.yaml,test3.yaml", cfg.ToString())
 }
+
+func TestActionsConfigTokenPermissions(t *testing.T) {
+	t.Run("Default Permission Mode", func(t *testing.T) {
+		cfg := &ActionsConfig{}
+		assert.Equal(t, ActionsTokenPermissionModePermissive, cfg.GetTokenPermissionMode())
+	})
+
+	t.Run("Explicit Permission Mode", func(t *testing.T) {
+		cfg := &ActionsConfig{
+			TokenPermissionMode: ActionsTokenPermissionModeRestricted,
+		}
+		assert.Equal(t, ActionsTokenPermissionModeRestricted, cfg.GetTokenPermissionMode())
+	})
+
+	t.Run("Effective Permissions - Permissive Mode", func(t *testing.T) {
+		cfg := &ActionsConfig{
+			TokenPermissionMode: ActionsTokenPermissionModePermissive,
+		}
+		perms := cfg.GetEffectiveTokenPermissions(false)
+		assert.Equal(t, perm.AccessModeWrite, perms.Contents)
+		assert.Equal(t, perm.AccessModeWrite, perms.Issues)
+		assert.Equal(t, perm.AccessModeRead, perms.Packages) // Packages read by default for security
+	})
+
+	t.Run("Effective Permissions - Restricted Mode", func(t *testing.T) {
+		cfg := &ActionsConfig{
+			TokenPermissionMode: ActionsTokenPermissionModeRestricted,
+		}
+		perms := cfg.GetEffectiveTokenPermissions(false)
+		assert.Equal(t, perm.AccessModeRead, perms.Contents)
+		assert.Equal(t, perm.AccessModeRead, perms.Issues)
+		assert.Equal(t, perm.AccessModeRead, perms.Packages)
+	})
+
+	t.Run("Fork Pull Request Always Read-Only", func(t *testing.T) {
+		cfg := &ActionsConfig{
+			TokenPermissionMode: ActionsTokenPermissionModePermissive,
+		}
+		// Even with permissive mode, fork PRs get read-only
+		perms := cfg.GetEffectiveTokenPermissions(true)
+		assert.Equal(t, perm.AccessModeRead, perms.Contents)
+		assert.Equal(t, perm.AccessModeRead, perms.Issues)
+		assert.Equal(t, perm.AccessModeRead, perms.Packages)
+	})
+
+	t.Run("Clamp Permissions", func(t *testing.T) {
+		cfg := &ActionsConfig{
+			MaxTokenPermissions: &ActionsTokenPermissions{
+				Contents:     perm.AccessModeRead,
+				Issues:       perm.AccessModeWrite,
+				PullRequests: perm.AccessModeRead,
+				Packages:     perm.AccessModeRead,
+				Actions:      perm.AccessModeNone,
+				Wiki:         perm.AccessModeWrite,
+			},
+		}
+		input := ActionsTokenPermissions{
+			Contents:     perm.AccessModeWrite, // Should be clamped to Read
+			Issues:       perm.AccessModeWrite, // Should stay Write
+			PullRequests: perm.AccessModeWrite, // Should be clamped to Read
+			Packages:     perm.AccessModeWrite, // Should be clamped to Read
+			Actions:      perm.AccessModeRead,  // Should be clamped to None
+			Wiki:         perm.AccessModeRead,  // Should stay Read
+		}
+		clamped := cfg.ClampPermissions(input)
+		assert.Equal(t, perm.AccessModeRead, clamped.Contents)
+		assert.Equal(t, perm.AccessModeWrite, clamped.Issues)
+		assert.Equal(t, perm.AccessModeRead, clamped.PullRequests)
+		assert.Equal(t, perm.AccessModeRead, clamped.Packages)
+		assert.Equal(t, perm.AccessModeNone, clamped.Actions)
+		assert.Equal(t, perm.AccessModeRead, clamped.Wiki)
+	})
+}
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 981d9de2f8623..9990d30c2c32e 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3928,6 +3928,25 @@ general.collaborative_owner_not_exist = The collaborative owner does not exist.
 general.remove_collaborative_owner = Remove Collaborative Owner
 general.remove_collaborative_owner_desc = Removing a collaborative owner will prevent the repositories of the owner from accessing the actions in this repository. Continue?
 
+general.token_permissions = Workflow Permissions
+general.token_permissions.description = Configure the default permissions granted to the GITHUB_TOKEN when running workflows in this repository.
+general.token_permissions.mode = Permission Mode
+general.token_permissions.permissive = Read and write permissions
+general.token_permissions.permissive.description = Workflows have read and write permissions in the repository for all scopes.
+general.token_permissions.restricted = Read repository contents and packages permissions
+general.token_permissions.restricted.description = Workflows have read permissions in the repository for the contents and packages scopes only.
+general.token_permissions.fork_pr_note = Note: For workflows triggered by a pull request from a forked repository, the default GITHUB_TOKEN is always read-only.
+general.token_permissions.contents = Contents
+general.token_permissions.issues = Issues
+general.token_permissions.pull_requests = Pull Requests
+general.token_permissions.packages = Packages
+general.token_permissions.actions_scope = Actions
+general.token_permissions.wiki = Wiki
+general.token_permissions.access_read = Read
+general.token_permissions.access_write = Write
+general.token_permissions.access_none = No access
+general.token_permissions.update_success = Token permissions updated successfully.
+
 [projects]
 deleted.display_name = Deleted Project
 type-1.display_name = Individual Project
diff --git a/routers/web/repo/setting/actions.go b/routers/web/repo/setting/actions.go
index 9c2c9242d34b6..724233a1532ae 100644
--- a/routers/web/repo/setting/actions.go
+++ b/routers/web/repo/setting/actions.go
@@ -34,8 +34,17 @@ func ActionsGeneralSettings(ctx *context.Context) {
 		return
 	}
 
+	actionsCfg := actionsUnit.ActionsConfig()
+
+	// Token permission settings
+	ctx.Data["TokenPermissionMode"] = actionsCfg.GetTokenPermissionMode()
+	ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive
+	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
+	ctx.Data["EffectiveTokenPermissions"] = actionsCfg.GetEffectiveTokenPermissions(false)
+	ctx.Data["MaxTokenPermissions"] = actionsCfg.GetMaxTokenPermissions()
+
 	if ctx.Repo.Repository.IsPrivate {
-		collaborativeOwnerIDs := actionsUnit.ActionsConfig().CollaborativeOwnerIDs
+		collaborativeOwnerIDs := actionsCfg.CollaborativeOwnerIDs
 		collaborativeOwners, err := user_model.GetUsersByIDs(ctx, collaborativeOwnerIDs)
 		if err != nil {
 			ctx.ServerError("GetUsersByIDs", err)
@@ -119,3 +128,32 @@ func DeleteCollaborativeOwner(ctx *context.Context) {
 
 	ctx.JSONOK()
 }
+
+// UpdateTokenPermissions updates the token permission settings for the repository
+func UpdateTokenPermissions(ctx *context.Context) {
+	redirectURL := ctx.Repo.RepoLink + "/settings/actions/general"
+
+	actionsUnit, err := ctx.Repo.Repository.GetUnit(ctx, unit_model.TypeActions)
+	if err != nil {
+		ctx.ServerError("GetUnit", err)
+		return
+	}
+
+	actionsCfg := actionsUnit.ActionsConfig()
+
+	// Update permission mode
+	permissionMode := ctx.FormString("token_permission_mode")
+	if permissionMode == string(repo_model.ActionsTokenPermissionModeRestricted) {
+		actionsCfg.TokenPermissionMode = repo_model.ActionsTokenPermissionModeRestricted
+	} else {
+		actionsCfg.TokenPermissionMode = repo_model.ActionsTokenPermissionModePermissive
+	}
+
+	if err := repo_model.UpdateRepoUnit(ctx, actionsUnit); err != nil {
+		ctx.ServerError("UpdateRepoUnit", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
+	ctx.Redirect(redirectURL)
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index 89a570dce0773..1c01eb63a1bb7 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1165,6 +1165,7 @@ func registerWebRoutes(m *web.Router) {
 					m.Post("/add", repo_setting.AddCollaborativeOwner)
 					m.Post("/delete", repo_setting.DeleteCollaborativeOwner)
 				})
+				m.Post("/token_permissions", repo_setting.UpdateTokenPermissions)
 			})
 		}, actions.MustEnableActions)
 		// the follow handler must be under "settings", otherwise this incomplete repo can't be accessed
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index 06b7c8bad5025..4a9d2512bacb3 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -65,5 +65,44 @@
 		{{ctx.Locale.Tr "actions.general.collaborative_owners_management_help"}}
 	</div>
 	{{end}}
+
+	{{/* Token Permissions Section */}}
+	<h4 class="ui top attached header">
+		{{ctx.Locale.Tr "actions.general.token_permissions"}}
+	</h4>
+	<div class="ui attached segment">
+		<p class="tw-text-secondary">{{ctx.Locale.Tr "actions.general.token_permissions.description"}}</p>
+		<form class="ui form" action="{{.Link}}/token_permissions" method="post">
+			{{.CsrfTokenHtml}}
+			<div class="grouped fields">
+				<label>{{ctx.Locale.Tr "actions.general.token_permissions.mode"}}</label>
+				<div class="field">
+					<div class="ui radio checkbox">
+						<input type="radio" name="token_permission_mode" value="permissive" {{if eq .TokenPermissionMode .TokenPermissionModePermissive}}checked{{end}}>
+						<label>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.permissive"}}</strong>
+							<p class="tw-text-secondary tw-m-0">{{ctx.Locale.Tr "actions.general.token_permissions.permissive.description"}}</p>
+						</label>
+					</div>
+				</div>
+				<div class="field">
+					<div class="ui radio checkbox">
+						<input type="radio" name="token_permission_mode" value="restricted" {{if eq .TokenPermissionMode .TokenPermissionModeRestricted}}checked{{end}}>
+						<label>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.restricted"}}</strong>
+							<p class="tw-text-secondary tw-m-0">{{ctx.Locale.Tr "actions.general.token_permissions.restricted.description"}}</p>
+						</label>
+					</div>
+				</div>
+			</div>
+			<div class="ui warning message">
+				<p>{{ctx.Locale.Tr "actions.general.token_permissions.fork_pr_note"}}</p>
+			</div>
+			<div class="divider"></div>
+			<div class="field">
+				<button class="ui primary button">{{ctx.Locale.Tr "repo.settings.update_settings"}}</button>
+			</div>
+		</form>
+	</div>
 {{end}}
 </div>
diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index c4e8e880eb824..f2559d618c79f 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -115,3 +115,47 @@ func TestActionsJobTokenAccessLFS(t *testing.T) {
 		}))
 	})
 }
+
+func TestActionsTokenPermissionsModes(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		t.Run("Permissive Mode (default)", testActionsTokenPermissionsMode(u, "permissive", false))
+		t.Run("Restricted Mode", testActionsTokenPermissionsMode(u, "restricted", true))
+	})
+}
+
+func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly bool) func(t *testing.T) {
+	return func(t *testing.T) {
+		// Load a task that can be used for testing
+		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 47})
+		require.NoError(t, task.GenerateToken())
+		task.Status = actions_model.StatusRunning
+		task.IsForkPullRequest = false // Not a fork PR
+		err := actions_model.UpdateTask(t.Context(), task, "token_hash", "token_salt", "token_last_eight", "status", "is_fork_pull_request")
+		require.NoError(t, err)
+
+		session := emptyTestSession(t)
+		context := APITestContext{
+			Session:  session,
+			Token:    task.Token,
+			Username: "user5",
+			Reponame: "repo4",
+		}
+		dstPath := t.TempDir()
+
+		u.Path = context.GitPath()
+		u.User = url.UserPassword("gitea-actions", task.Token)
+
+		// Git clone should always work (read access)
+		t.Run("Git Clone", doGitClone(dstPath, u))
+
+		// API Get should always work (read access)
+		t.Run("API Get Repository", doAPIGetRepository(context, func(t *testing.T, r structs.Repository) {
+			require.Equal(t, "repo4", r.Name)
+			require.Equal(t, "user5", r.Owner.UserName)
+		}))
+
+		// For now, both modes allow write since the mode setting needs to be persisted to the repo unit
+		// This test validates the token permission infrastructure is working
+		// Once mode is applied to repository settings, the expectReadOnly parameter will control behavior
+	}
+}

From 9a69f65ee43694ca2f194b85979482bb9528dd75 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Thu, 18 Dec 2025 04:01:54 +0100
Subject: [PATCH 02/30] Adress all review comments

---
 routers/web/repo/setting/actions.go           | 12 +++++-----
 templates/repo/settings/actions_general.tmpl  |  2 +-
 tests/integration/actions_job_token_test.go   | 24 ++++++++++++++++---
 .../api_helper_for_declarative_test.go        | 18 ++++++++++++++
 4 files changed, 46 insertions(+), 10 deletions(-)

diff --git a/routers/web/repo/setting/actions.go b/routers/web/repo/setting/actions.go
index 724233a1532ae..29e525665b1fa 100644
--- a/routers/web/repo/setting/actions.go
+++ b/routers/web/repo/setting/actions.go
@@ -40,8 +40,6 @@ func ActionsGeneralSettings(ctx *context.Context) {
 	ctx.Data["TokenPermissionMode"] = actionsCfg.GetTokenPermissionMode()
 	ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive
 	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
-	ctx.Data["EffectiveTokenPermissions"] = actionsCfg.GetEffectiveTokenPermissions(false)
-	ctx.Data["MaxTokenPermissions"] = actionsCfg.GetMaxTokenPermissions()
 
 	if ctx.Repo.Repository.IsPrivate {
 		collaborativeOwnerIDs := actionsCfg.CollaborativeOwnerIDs
@@ -142,11 +140,13 @@ func UpdateTokenPermissions(ctx *context.Context) {
 	actionsCfg := actionsUnit.ActionsConfig()
 
 	// Update permission mode
-	permissionMode := ctx.FormString("token_permission_mode")
-	if permissionMode == string(repo_model.ActionsTokenPermissionModeRestricted) {
-		actionsCfg.TokenPermissionMode = repo_model.ActionsTokenPermissionModeRestricted
+	permissionMode := repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode"))
+	if permissionMode == repo_model.ActionsTokenPermissionModeRestricted || permissionMode == repo_model.ActionsTokenPermissionModePermissive {
+		actionsCfg.TokenPermissionMode = permissionMode
 	} else {
-		actionsCfg.TokenPermissionMode = repo_model.ActionsTokenPermissionModePermissive
+		ctx.Flash.Error("Invalid token permission mode")
+		ctx.Redirect(redirectURL)
+		return
 	}
 
 	if err := repo_model.UpdateRepoUnit(ctx, actionsUnit); err != nil {
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index 4a9d2512bacb3..3f2c429a4b824 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -95,7 +95,7 @@
 					</div>
 				</div>
 			</div>
-			<div class="ui warning message">
+			<div class="ui info message">
 				<p>{{ctx.Locale.Tr "actions.general.token_permissions.fork_pr_note"}}</p>
 			</div>
 			<div class="divider"></div>
diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index f2559d618c79f..3b061895b3fd1 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -154,8 +154,26 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 			require.Equal(t, "user5", r.Owner.UserName)
 		}))
 
-		// For now, both modes allow write since the mode setting needs to be persisted to the repo unit
-		// This test validates the token permission infrastructure is working
-		// Once mode is applied to repository settings, the expectReadOnly parameter will control behavior
+		// Test Write Access
+		context.ExpectedCode = util.Iif(expectReadOnly, http.StatusForbidden, http.StatusCreated)
+		t.Run("API Create File", doAPICreateFile(context, "test-permissions.txt", &structs.CreateFileOptions{
+			FileOptions: structs.FileOptions{
+				NewBranchName: "new-branch-permissions",
+				Message:       "Create File",
+			},
+			ContentBase64: base64.StdEncoding.EncodeToString([]byte(`This is a test file for permissions.`)),
+		}))
+
+		// Test Delete Access
+		context.ExpectedCode = util.Iif(expectReadOnly, http.StatusForbidden, http.StatusNoContent)
+		if !expectReadOnly {
+			// Clean up created file if we had write access
+			t.Run("API Delete File", doAPIDeleteFile(context, "test-permissions.txt", &structs.DeleteFileOptions{
+				FileOptions: structs.FileOptions{
+					BranchName: "new-branch-permissions",
+					Message:    "Delete File",
+				},
+			}))
+		}
 	}
 }
diff --git a/tests/integration/api_helper_for_declarative_test.go b/tests/integration/api_helper_for_declarative_test.go
index b30cdfd0fc3b1..d7dcad953ca1c 100644
--- a/tests/integration/api_helper_for_declarative_test.go
+++ b/tests/integration/api_helper_for_declarative_test.go
@@ -374,6 +374,24 @@ func doAPICreateFile(ctx APITestContext, treepath string, options *api.CreateFil
 	}
 }
 
+func doAPIDeleteFile(ctx APITestContext, treepath string, options *api.DeleteFileOptions, callback ...func(*testing.T, api.FileDeleteResponse)) func(*testing.T) {
+	return func(t *testing.T) {
+		req := NewRequestWithJSON(t, "DELETE", fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", ctx.Username, ctx.Reponame, treepath), &options).
+			AddTokenAuth(ctx.Token)
+		if ctx.ExpectedCode != 0 {
+			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
+			return
+		}
+		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+
+		var contents api.FileDeleteResponse
+		DecodeJSON(t, resp, &contents)
+		if len(callback) > 0 {
+			callback[0](t, contents)
+		}
+	}
+}
+
 func doAPICreateOrganization(ctx APITestContext, options *api.CreateOrgOption, callback ...func(*testing.T, api.Organization)) func(t *testing.T) {
 	return func(t *testing.T) {
 		req := NewRequestWithJSON(t, "POST", "/api/v1/orgs", &options).

From 43e96d5ead1856eef337d6a7f9badb803e3c6c11 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Thu, 18 Dec 2025 09:17:07 +0100
Subject: [PATCH 03/30] WIP

---
 models/actions/config.go                    | 43 +++++++++++++
 models/perm/access/repo_permission.go       | 13 ++++
 models/repo/repo_unit.go                    |  2 +
 models/user/setting.go                      |  1 +
 options/locale/locale_en-US.ini             |  2 +
 routers/api/packages/api.go                 | 51 +++++++++++++++
 routers/web/org/setting/actions.go          | 69 +++++++++++++++++++++
 routers/web/web.go                          |  3 +-
 templates/org/settings/actions_general.tmpl | 47 ++++++++++++++
 9 files changed, 230 insertions(+), 1 deletion(-)
 create mode 100644 models/actions/config.go
 create mode 100644 routers/web/org/setting/actions.go
 create mode 100644 templates/org/settings/actions_general.tmpl

diff --git a/models/actions/config.go b/models/actions/config.go
new file mode 100644
index 0000000000000..bb04f8a3ca8d1
--- /dev/null
+++ b/models/actions/config.go
@@ -0,0 +1,43 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"context"
+
+	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/json"
+)
+
+// GetOrgActionsConfig loads the ActionsConfig for an organization from user settings
+// It returns a default config if no setting is found
+func GetOrgActionsConfig(ctx context.Context, orgID int64) (*repo_model.ActionsConfig, error) {
+	val, err := user_model.GetUserSetting(ctx, orgID, "actions.config")
+	if err != nil {
+		return nil, err
+	}
+
+	cfg := &repo_model.ActionsConfig{}
+	if val == "" {
+		// Return defaults if no config exists
+		return cfg, nil
+	}
+
+	if err := json.Unmarshal([]byte(val), cfg); err != nil {
+		return nil, err
+	}
+
+	return cfg, nil
+}
+
+// SetOrgActionsConfig saves the ActionsConfig for an organization to user settings
+func SetOrgActionsConfig(ctx context.Context, orgID int64, cfg *repo_model.ActionsConfig) error {
+	bs, err := json.Marshal(cfg)
+	if err != nil {
+		return err
+	}
+
+	return user_model.SetUserSetting(ctx, orgID, "actions.config", string(bs))
+}
diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index 2ecdef6a48463..3e655d2672c10 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -280,6 +280,19 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito
 		if err != nil || !exist {
 			return perm, err
 		}
+
+		// Check Organization Cross-Repo Access Policy
+		if repo.OwnerID == taskRepo.OwnerID && repo.Owner.IsOrganization() {
+			orgCfg, err := actions_model.GetOrgActionsConfig(ctx, repo.OwnerID)
+			if err != nil {
+				return perm, err
+			}
+			if !orgCfg.AllowCrossRepoAccess {
+				// Deny access if cross-repo is disabled in Org
+				return perm, nil
+			}
+		}
+
 		if !actionsCfg.IsCollaborativeOwner(taskRepo.OwnerID) || !taskRepo.IsPrivate {
 			// The task repo can access the current repo only if the task repo is private and
 			// the owner of the task repo is a collaborative owner of the current repo.
diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go
index 6e420373daa3d..7ae9ad287c702 100644
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@@ -240,6 +240,8 @@ type ActionsConfig struct {
 	DefaultTokenPermissions *ActionsTokenPermissions `json:"default_token_permissions,omitempty"`
 	// MaxTokenPermissions defines the maximum permissions (cannot be exceeded by workflow permissions keyword)
 	MaxTokenPermissions *ActionsTokenPermissions `json:"max_token_permissions,omitempty"`
+	// AllowCrossRepoAccess indicates if actions in this repo/org can access other repos in the same org
+	AllowCrossRepoAccess bool `json:"allow_cross_repo_access,omitempty"`
 }
 
 func (cfg *ActionsConfig) EnableWorkflow(file string) {
diff --git a/models/user/setting.go b/models/user/setting.go
index c65afae76c84f..7b60e4ee83895 100644
--- a/models/user/setting.go
+++ b/models/user/setting.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models/db"
+
 	"code.gitea.io/gitea/modules/cache"
 	setting_module "code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 756aa35b1f63f..50609582ae096 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3955,6 +3955,8 @@ general.token_permissions.access_read = Read
 general.token_permissions.access_write = Write
 general.token_permissions.access_none = No access
 general.token_permissions.update_success = Token permissions updated successfully.
+general.token_permissions.cross_repo = Cross-Repository Access
+general.token_permissions.cross_repo_desc = Allow workflows in this organization to access other repositories within the same organization.
 
 [projects]
 deleted.display_name = Deleted Project
diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index f6ee5958b5bb9..822510dce75cb 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -6,7 +6,9 @@ package packages
 import (
 	"net/http"
 
+	actions_model "code.gitea.io/gitea/models/actions"
 	auth_model "code.gitea.io/gitea/models/auth"
+
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -80,6 +82,55 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
 			}
 		}
 
+		if ctx.Data["IsActionsToken"] == true {
+			if ctx.Package != nil && ctx.Package.Owner.Visibility.IsPrivate() {
+				// Actions rules:
+				// 1. If the package key matches the task repo, allow.
+				// 2. If not, check cross-repo policy.
+
+				taskID, ok := ctx.Data["ActionsTaskID"].(int64)
+				if ok {
+					task, err := actions_model.GetTaskByID(ctx, taskID)
+					if err != nil {
+						log.Error("GetTaskByID: %v", err)
+						ctx.HTTPError(http.StatusInternalServerError, "GetTaskByID", err.Error())
+						return
+					}
+
+					var packageRepoID int64
+					if ctx.Package.Descriptor != nil && ctx.Package.Descriptor.Package != nil {
+						packageRepoID = ctx.Package.Descriptor.Package.RepoID
+					}
+
+					if task.RepoID != packageRepoID {
+						// Not linked to the running repo.
+						// Check Org Policy
+						if ctx.Package.Owner.IsOrganization() {
+							cfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Package.Owner.ID)
+							if err != nil {
+								log.Error("GetOrgActionsConfig: %v", err)
+								ctx.HTTPError(http.StatusInternalServerError, "GetOrgActionsConfig", err.Error())
+								return
+							}
+							if !cfg.AllowCrossRepoAccess {
+								ctx.HTTPError(http.StatusForbidden, "reqPackageAccess", "cross-repository package access is disabled")
+								return
+							}
+						} else {
+							// For user-owned packages, maybe stricter? Or same?
+							// Issue says "only when they have been linked".
+							// If Owner is User, Cross-Repo setting is not available (it's Org setting).
+							// Default to Strict for Users?
+							if task.RepoID != ctx.Package.RepoID {
+								ctx.HTTPError(http.StatusForbidden, "reqPackageAccess", "package must be linked to the repository")
+								return
+							}
+						}
+					}
+				}
+			}
+		}
+
 		if ctx.Package.AccessMode < accessMode && !ctx.IsUserSiteAdmin() {
 			ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea Package API"`)
 			ctx.HTTPError(http.StatusUnauthorized, "reqPackageAccess", "user should have specific permission or be a site admin")
diff --git a/routers/web/org/setting/actions.go b/routers/web/org/setting/actions.go
new file mode 100644
index 0000000000000..44d014b20c357
--- /dev/null
+++ b/routers/web/org/setting/actions.go
@@ -0,0 +1,69 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"net/http"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/services/context"
+)
+
+const (
+	tplSettingsActionsGeneral base.TplName = "org/settings/actions_general"
+)
+
+// ActionsGeneral renders the actions general settings page
+func ActionsGeneral(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("actions.actions")
+	ctx.Data["PageIsOrgSettings"] = true
+	ctx.Data["PageIsOrgSettingsActions"] = true
+
+	// Load Org Actions Config
+	actionsCfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Org.Organization.ID)
+	if err != nil {
+		ctx.ServerError("GetOrgActionsConfig", err)
+		return
+	}
+
+	ctx.Data["TokenPermissionMode"] = actionsCfg.GetTokenPermissionMode()
+	ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive
+	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
+
+	ctx.Data["AllowCrossRepoAccess"] = actionsCfg.AllowCrossRepoAccess
+
+	ctx.HTML(http.StatusOK, tplSettingsActionsGeneral)
+}
+
+// ActionsGeneralPost responses for actions general settings page
+func ActionsGeneralPost(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("actions.actions")
+	ctx.Data["PageIsOrgSettings"] = true
+	ctx.Data["PageIsOrgSettingsActions"] = true
+
+	actionsCfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Org.Organization.ID)
+	if err != nil {
+		ctx.ServerError("GetOrgActionsConfig", err)
+		return
+	}
+
+	// Update Token Permission Mode
+	permissionMode := repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode"))
+	if permissionMode == repo_model.ActionsTokenPermissionModeRestricted || permissionMode == repo_model.ActionsTokenPermissionModePermissive {
+		actionsCfg.TokenPermissionMode = permissionMode
+	}
+
+	// Update Cross-Repo Access
+	actionsCfg.AllowCrossRepoAccess = ctx.FormBool("allow_cross_repo_access")
+
+	if err := actions_model.SetOrgActionsConfig(ctx, ctx.Org.Organization.ID, actionsCfg); err != nil {
+		ctx.ServerError("SetOrgActionsConfig", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("org.settings.update_setting_success"))
+	ctx.Redirect(ctx.Org.OrgLink + "/settings/actions")
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index ea70d8bb62f1d..73b9a5dd0ba0b 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -961,7 +961,8 @@ func registerWebRoutes(m *web.Router) {
 				})
 
 				m.Group("/actions", func() {
-					m.Get("", org_setting.RedirectToDefaultSetting)
+					m.Get("", org_setting.ActionsGeneral)
+					m.Post("", org_setting.ActionsGeneralPost)
 					addSettingsRunnersRoutes()
 					addSettingsSecretsRoutes()
 					addSettingsVariablesRoutes()
diff --git a/templates/org/settings/actions_general.tmpl b/templates/org/settings/actions_general.tmpl
new file mode 100644
index 0000000000000..1057d8d8e165e
--- /dev/null
+++ b/templates/org/settings/actions_general.tmpl
@@ -0,0 +1,47 @@
+{{template "org/settings/layout_head" .}}
+<div class="org-setting-content">
+	<h4 class="ui top attached header">
+		{{.locale.Tr "actions.actions"}}
+	</h4>
+	<div class="ui attached segment">
+		<div class="ui grid">
+			<div class="sixteen wide column">
+				<form class="ui form" action="{{.Link}}" method="post">
+					{{.CsrfTokenHtml}}
+					<div class="field">
+						<label>{{.locale.Tr "actions.general.token_permissions.mode"}}</label>
+						<div class="grouped fields">
+							<div class="field">
+								<div class="ui radio checkbox">
+									<input type="radio" name="token_permission_mode" value="{{.TokenPermissionModePermissive}}" {{if eq .TokenPermissionMode .TokenPermissionModePermissive}}checked{{end}}>
+									<label>{{.locale.Tr "actions.general.token_permissions.permissive"}}</label>
+									<p class="help">{{.locale.Tr "actions.general.token_permissions.permissive.description"}}</p>
+								</div>
+							</div>
+							<div class="field">
+								<div class="ui radio checkbox">
+									<input type="radio" name="token_permission_mode" value="{{.TokenPermissionModeRestricted}}" {{if eq .TokenPermissionMode .TokenPermissionModeRestricted}}checked{{end}}>
+									<label>{{.locale.Tr "actions.general.token_permissions.restricted"}}</label>
+									<p class="help">{{.locale.Tr "actions.general.token_permissions.restricted.description"}}</p>
+								</div>
+							</div>
+						</div>
+					</div>
+
+					<h4 class="ui dividing header">{{.locale.Tr "actions.general.token_permissions.cross_repo"}}</h4>
+					<div class="field">
+						<div class="ui checkbox">
+							<input type="checkbox" name="allow_cross_repo_access" {{if .AllowCrossRepoAccess}}checked{{end}}>
+							<label>{{.locale.Tr "actions.general.token_permissions.cross_repo_desc"}}</label>
+						</div>
+					</div>
+
+					<div class="field">
+						<button class="ui green button">{{.locale.Tr "save"}}</button>
+					</div>
+				</form>
+			</div>
+		</div>
+	</div>
+</div>
+{{template "org/settings/layout_footer" .}}

From 2a204e36a7718f856f6e0279581048ffe7c06571 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Thu, 18 Dec 2025 12:00:47 +0100
Subject: [PATCH 04/30] WIP

---
 models/repo/repo_unit.go                     |  42 +++++++
 options/locale/locale_en-US.ini              |   3 +
 routers/web/org/setting/actions.go           |  30 ++++-
 routers/web/repo/setting/actions.go          |  30 ++++-
 templates/org/settings/actions_general.tmpl  | 116 ++++++++++++++++++
 templates/repo/settings/actions_general.tmpl | 119 +++++++++++++++++++
 6 files changed, 338 insertions(+), 2 deletions(-)

diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go
index 7ae9ad287c702..4c3b212f7b920 100644
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@@ -176,6 +176,8 @@ const (
 	ActionsTokenPermissionModePermissive ActionsTokenPermissionMode = "permissive"
 	// ActionsTokenPermissionModeRestricted - read access by default
 	ActionsTokenPermissionModeRestricted ActionsTokenPermissionMode = "restricted"
+	// ActionsTokenPermissionModeCustom - user-defined permissions
+	ActionsTokenPermissionModeCustom ActionsTokenPermissionMode = "custom"
 )
 
 // ActionsTokenPermissions defines the permissions for different repository units
@@ -194,6 +196,46 @@ type ActionsTokenPermissions struct {
 	Wiki perm.AccessMode `json:"wiki"`
 }
 
+// HasRead checks if the permission has read access for the given scope
+func (p ActionsTokenPermissions) HasRead(scope string) bool {
+	var mode perm.AccessMode
+	switch scope {
+	case "actions":
+		mode = p.Actions
+	case "contents":
+		mode = p.Contents
+	case "issues":
+		mode = p.Issues
+	case "packages":
+		mode = p.Packages
+	case "pull_requests":
+		mode = p.PullRequests
+	case "wiki":
+		mode = p.Wiki
+	}
+	return mode >= perm.AccessModeRead
+}
+
+// HasWrite checks if the permission has write access for the given scope
+func (p ActionsTokenPermissions) HasWrite(scope string) bool {
+	var mode perm.AccessMode
+	switch scope {
+	case "actions":
+		mode = p.Actions
+	case "contents":
+		mode = p.Contents
+	case "issues":
+		mode = p.Issues
+	case "packages":
+		mode = p.Packages
+	case "pull_requests":
+		mode = p.PullRequests
+	case "wiki":
+		mode = p.Wiki
+	}
+	return mode >= perm.AccessModeWrite
+}
+
 // DefaultActionsTokenPermissions returns the default permissions for permissive mode
 func DefaultActionsTokenPermissions(mode ActionsTokenPermissionMode) ActionsTokenPermissions {
 	if mode == ActionsTokenPermissionModeRestricted {
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 50609582ae096..1780f19e5236c 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3957,6 +3957,9 @@ general.token_permissions.access_none = No access
 general.token_permissions.update_success = Token permissions updated successfully.
 general.token_permissions.cross_repo = Cross-Repository Access
 general.token_permissions.cross_repo_desc = Allow workflows in this organization to access other repositories within the same organization.
+general.token_permissions.custom = Custom permissions
+general.token_permissions.custom.description = Configure permissions for each scope individually.
+general.token_permissions.individual = Individual Permissions
 
 [projects]
 deleted.display_name = Deleted Project
diff --git a/routers/web/org/setting/actions.go b/routers/web/org/setting/actions.go
index 44d014b20c357..1b3568188953c 100644
--- a/routers/web/org/setting/actions.go
+++ b/routers/web/org/setting/actions.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 
 	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/services/context"
@@ -32,6 +33,8 @@ func ActionsGeneral(ctx *context.Context) {
 	ctx.Data["TokenPermissionMode"] = actionsCfg.GetTokenPermissionMode()
 	ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive
 	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
+	ctx.Data["TokenPermissionModeCustom"] = repo_model.ActionsTokenPermissionModeCustom
+	ctx.Data["DefaultTokenPermissions"] = actionsCfg.GetEffectiveTokenPermissions(false)
 
 	ctx.Data["AllowCrossRepoAccess"] = actionsCfg.AllowCrossRepoAccess
 
@@ -52,10 +55,35 @@ func ActionsGeneralPost(ctx *context.Context) {
 
 	// Update Token Permission Mode
 	permissionMode := repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode"))
-	if permissionMode == repo_model.ActionsTokenPermissionModeRestricted || permissionMode == repo_model.ActionsTokenPermissionModePermissive {
+	if permissionMode == repo_model.ActionsTokenPermissionModeRestricted ||
+		permissionMode == repo_model.ActionsTokenPermissionModePermissive ||
+		permissionMode == repo_model.ActionsTokenPermissionModeCustom {
 		actionsCfg.TokenPermissionMode = permissionMode
 	}
 
+	if actionsCfg.TokenPermissionMode == repo_model.ActionsTokenPermissionModeCustom {
+		parsePerm := func(name string) perm.AccessMode {
+			if ctx.FormBool(name + "_write") {
+				return perm.AccessModeWrite
+			}
+			if ctx.FormBool(name + "_read") {
+				return perm.AccessModeRead
+			}
+			return perm.AccessModeNone
+		}
+
+		actionsCfg.DefaultTokenPermissions = &repo_model.ActionsTokenPermissions{
+			Actions:      parsePerm("actions"),
+			Contents:     parsePerm("contents"),
+			Issues:       parsePerm("issues"),
+			Packages:     parsePerm("packages"),
+			PullRequests: parsePerm("pull_requests"),
+			Wiki:         parsePerm("wiki"),
+		}
+	} else {
+		actionsCfg.DefaultTokenPermissions = nil
+	}
+
 	// Update Cross-Repo Access
 	actionsCfg.AllowCrossRepoAccess = ctx.FormBool("allow_cross_repo_access")
 
diff --git a/routers/web/repo/setting/actions.go b/routers/web/repo/setting/actions.go
index 29e525665b1fa..79875a00eb304 100644
--- a/routers/web/repo/setting/actions.go
+++ b/routers/web/repo/setting/actions.go
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"strings"
 
+	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -40,6 +41,8 @@ func ActionsGeneralSettings(ctx *context.Context) {
 	ctx.Data["TokenPermissionMode"] = actionsCfg.GetTokenPermissionMode()
 	ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive
 	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
+	ctx.Data["TokenPermissionModeCustom"] = repo_model.ActionsTokenPermissionModeCustom
+	ctx.Data["DefaultTokenPermissions"] = actionsCfg.GetEffectiveTokenPermissions(false)
 
 	if ctx.Repo.Repository.IsPrivate {
 		collaborativeOwnerIDs := actionsCfg.CollaborativeOwnerIDs
@@ -141,7 +144,9 @@ func UpdateTokenPermissions(ctx *context.Context) {
 
 	// Update permission mode
 	permissionMode := repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode"))
-	if permissionMode == repo_model.ActionsTokenPermissionModeRestricted || permissionMode == repo_model.ActionsTokenPermissionModePermissive {
+	if permissionMode == repo_model.ActionsTokenPermissionModeRestricted ||
+		permissionMode == repo_model.ActionsTokenPermissionModePermissive ||
+		permissionMode == repo_model.ActionsTokenPermissionModeCustom {
 		actionsCfg.TokenPermissionMode = permissionMode
 	} else {
 		ctx.Flash.Error("Invalid token permission mode")
@@ -149,6 +154,29 @@ func UpdateTokenPermissions(ctx *context.Context) {
 		return
 	}
 
+	if actionsCfg.TokenPermissionMode == repo_model.ActionsTokenPermissionModeCustom {
+		parsePerm := func(name string) perm.AccessMode {
+			if ctx.FormBool(name + "_write") {
+				return perm.AccessModeWrite
+			}
+			if ctx.FormBool(name + "_read") {
+				return perm.AccessModeRead
+			}
+			return perm.AccessModeNone
+		}
+
+		actionsCfg.DefaultTokenPermissions = &repo_model.ActionsTokenPermissions{
+			Actions:      parsePerm("actions"),
+			Contents:     parsePerm("contents"),
+			Issues:       parsePerm("issues"),
+			Packages:     parsePerm("packages"),
+			PullRequests: parsePerm("pull_requests"),
+			Wiki:         parsePerm("wiki"),
+		}
+	} else {
+		actionsCfg.DefaultTokenPermissions = nil
+	}
+
 	if err := repo_model.UpdateRepoUnit(ctx, actionsUnit); err != nil {
 		ctx.ServerError("UpdateRepoUnit", err)
 		return
diff --git a/templates/org/settings/actions_general.tmpl b/templates/org/settings/actions_general.tmpl
index 1057d8d8e165e..b66c8121e2f12 100644
--- a/templates/org/settings/actions_general.tmpl
+++ b/templates/org/settings/actions_general.tmpl
@@ -25,6 +25,103 @@
 									<p class="help">{{.locale.Tr "actions.general.token_permissions.restricted.description"}}</p>
 								</div>
 							</div>
+							<div class="field">
+								<div class="ui radio checkbox">
+									<input type="radio" name="token_permission_mode" value="custom" {{if eq .TokenPermissionMode .TokenPermissionModeCustom}}checked{{end}}>
+									<label>{{.locale.Tr "actions.general.token_permissions.custom"}}</label>
+									<p class="help">{{.locale.Tr "actions.general.token_permissions.custom.description"}}</p>
+								</div>
+							</div>
+						</div>
+					</div>
+
+					<div id="custom-permissions" class="ui segment" style="display: none;">
+						<h5 class="ui header">{{.locale.Tr "actions.general.token_permissions.individual"}}</h5>
+						<div class="ui grid">
+							<!-- Actions -->
+							<div class="eight wide column">
+								<div class="field">
+									<label>{{.locale.Tr "actions.actions"}}</label>
+									<div class="ui checkbox">
+										<input type="checkbox" name="actions_read" {{if call $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
+									</div>
+									<div class="ui checkbox">
+										<input type="checkbox" name="actions_write" {{if call $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
+									</div>
+								</div>
+							</div>
+							<!-- Contents -->
+							<div class="eight wide column">
+								<div class="field">
+									<label>{{.locale.Tr "general.token_permissions.contents"}}</label>
+									<div class="ui checkbox">
+										<input type="checkbox" name="contents_read" {{if call $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
+									</div>
+									<div class="ui checkbox">
+										<input type="checkbox" name="contents_write" {{if call $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
+									</div>
+								</div>
+							</div>
+							<!-- Issues -->
+							<div class="eight wide column">
+								<div class="field">
+									<label>{{.locale.Tr "general.token_permissions.issues"}}</label>
+									<div class="ui checkbox">
+										<input type="checkbox" name="issues_read" {{if call $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
+									</div>
+									<div class="ui checkbox">
+										<input type="checkbox" name="issues_write" {{if call $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
+									</div>
+								</div>
+							</div>
+							<!-- Packages -->
+							<div class="eight wide column">
+								<div class="field">
+									<label>{{.locale.Tr "general.token_permissions.packages"}}</label>
+									<div class="ui checkbox">
+										<input type="checkbox" name="packages_read" {{if call $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
+									</div>
+									<div class="ui checkbox">
+										<input type="checkbox" name="packages_write" {{if call $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
+									</div>
+								</div>
+							</div>
+							<!-- Pull Requests -->
+							<div class="eight wide column">
+								<div class="field">
+									<label>{{.locale.Tr "general.token_permissions.pull_requests"}}</label>
+									<div class="ui checkbox">
+										<input type="checkbox" name="pull_requests_read" {{if call $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
+									</div>
+									<div class="ui checkbox">
+										<input type="checkbox" name="pull_requests_write" {{if call $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
+									</div>
+								</div>
+							</div>
+							<!-- Wiki -->
+							<div class="eight wide column">
+								<div class="field">
+									<label>{{.locale.Tr "general.token_permissions.wiki"}}</label>
+									<div class="ui checkbox">
+										<input type="checkbox" name="wiki_read" {{if call $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
+									</div>
+									<div class="ui checkbox">
+										<input type="checkbox" name="wiki_write" {{if call $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
+									</div>
+								</div>
+							</div>
 						</div>
 					</div>
 
@@ -45,3 +142,22 @@
 	</div>
 </div>
 {{template "org/settings/layout_footer" .}}
+
+<script>
+window.addEventListener('load', function() {
+	const customPerms = document.getElementById('custom-permissions');
+	const radios = document.querySelectorAll('input[name="token_permission_mode"]');
+	
+	function toggleCustom() {
+		const selected = document.querySelector('input[name="token_permission_mode"]:checked');
+		if (selected && selected.value === 'custom') {
+			customPerms.style.display = 'block';
+		} else {
+			customPerms.style.display = 'none';
+		}
+	}
+
+	radios.forEach(r => r.addEventListener('change', toggleCustom));
+	toggleCustom();
+});
+</script>
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index 3f2c429a4b824..6326ab0a87e06 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -94,7 +94,107 @@
 						</label>
 					</div>
 				</div>
+				<div class="field">
+					<div class="ui radio checkbox">
+						<input type="radio" name="token_permission_mode" value="custom" {{if eq .TokenPermissionMode .TokenPermissionModeCustom}}checked{{end}}>
+						<label>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.custom"}}</strong>
+							<p class="tw-text-secondary tw-m-0">{{ctx.Locale.Tr "actions.general.token_permissions.custom.description"}}</p>
+						</label>
+					</div>
+				</div>
+			</div>
+
+			<div id="custom-permissions" class="ui segment" style="display: none;">
+				<h5 class="ui header">{{ctx.Locale.Tr "actions.general.token_permissions.individual"}}</h5>
+				<div class="ui grid">
+					<!-- Actions -->
+					<div class="eight wide column">
+						<div class="field">
+							<label>{{ctx.Locale.Tr "actions.actions"}}</label>
+							<div class="ui checkbox">
+								<input type="checkbox" name="actions_read" {{if call $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+							</div>
+							<div class="ui checkbox">
+								<input type="checkbox" name="actions_write" {{if call $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+							</div>
+						</div>
+					</div>
+					<!-- Contents -->
+					<div class="eight wide column">
+						<div class="field">
+							<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
+							<div class="ui checkbox">
+								<input type="checkbox" name="contents_read" {{if call $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+							</div>
+							<div class="ui checkbox">
+								<input type="checkbox" name="contents_write" {{if call $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+							</div>
+						</div>
+					</div>
+					<!-- Issues -->
+					<div class="eight wide column">
+						<div class="field">
+							<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
+							<div class="ui checkbox">
+								<input type="checkbox" name="issues_read" {{if call $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+							</div>
+							<div class="ui checkbox">
+								<input type="checkbox" name="issues_write" {{if call $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+							</div>
+						</div>
+					</div>
+					<!-- Packages -->
+					<div class="eight wide column">
+						<div class="field">
+							<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
+							<div class="ui checkbox">
+								<input type="checkbox" name="packages_read" {{if call $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+							</div>
+							<div class="ui checkbox">
+								<input type="checkbox" name="packages_write" {{if call $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+							</div>
+						</div>
+					</div>
+					<!-- Pull Requests -->
+					<div class="eight wide column">
+						<div class="field">
+							<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
+							<div class="ui checkbox">
+								<input type="checkbox" name="pull_requests_read" {{if call $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+							</div>
+							<div class="ui checkbox">
+								<input type="checkbox" name="pull_requests_write" {{if call $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+							</div>
+						</div>
+					</div>
+					<!-- Wiki -->
+					<div class="eight wide column">
+						<div class="field">
+							<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
+							<div class="ui checkbox">
+								<input type="checkbox" name="wiki_read" {{if call $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+							</div>
+							<div class="ui checkbox">
+								<input type="checkbox" name="wiki_write" {{if call $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+							</div>
+						</div>
+					</div>
+				</div>
 			</div>
+
 			<div class="ui info message">
 				<p>{{ctx.Locale.Tr "actions.general.token_permissions.fork_pr_note"}}</p>
 			</div>
@@ -106,3 +206,22 @@
 	</div>
 {{end}}
 </div>
+
+<script>
+window.addEventListener('load', function() {
+	const customPerms = document.getElementById('custom-permissions');
+	const radios = document.querySelectorAll('input[name="token_permission_mode"]');
+	
+	function toggleCustom() {
+		const selected = document.querySelector('input[name="token_permission_mode"]:checked');
+		if (selected && selected.value === 'custom') {
+			customPerms.style.display = 'block';
+		} else {
+			customPerms.style.display = 'none';
+		}
+	}
+
+	radios.forEach(r => r.addEventListener('change', toggleCustom));
+	toggleCustom();
+});
+</script>

From 297ecef8dabe2fa2dc56468380edf0512d4e478a Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Thu, 18 Dec 2025 13:37:15 +0100
Subject: [PATCH 05/30] Final core implementation changes

---
 models/perm/access/repo_permission.go        |  1 +
 options/locale/locale_en-US.ini              |  2 +
 routers/api/packages/api.go                  | 22 ++---
 routers/web/org/setting/actions.go           | 31 +++++--
 routers/web/repo/setting/actions.go          | 21 +++++
 templates/org/settings/actions_general.tmpl  | 90 ++++++++++++++++++++
 templates/repo/settings/actions_general.tmpl | 90 ++++++++++++++++++++
 7 files changed, 241 insertions(+), 16 deletions(-)

diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index 3e655d2672c10..453a90ad5c115 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -313,6 +313,7 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito
 
 	// Get effective token permissions from repository settings
 	effectivePerms := actionsCfg.GetEffectiveTokenPermissions(task.IsForkPullRequest)
+	effectivePerms = actionsCfg.ClampPermissions(effectivePerms)
 
 	// Set up per-unit access modes based on configured permissions
 	perm.units = repo.Units
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 1780f19e5236c..1ea69b6f9c44f 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3960,6 +3960,8 @@ general.token_permissions.cross_repo_desc = Allow workflows in this organization
 general.token_permissions.custom = Custom permissions
 general.token_permissions.custom.description = Configure permissions for each scope individually.
 general.token_permissions.individual = Individual Permissions
+general.token_permissions.maximum = Maximum Permissions
+general.token_permissions.maximum.description = Configure the maximum permissions that can be requested by a workflow.
 
 [projects]
 deleted.display_name = Deleted Project
diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 822510dce75cb..443a14c575795 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -103,8 +103,13 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
 					}
 
 					if task.RepoID != packageRepoID {
-						// Not linked to the running repo.
-						// Check Org Policy
+						// 1. Private packages MUST be linked to a repository
+						if packageRepoID == 0 {
+							ctx.HTTPError(http.StatusForbidden, "reqPackageAccess", "private package must be linked to a repository to be accessed by Actions")
+							return
+						}
+
+						// 2. Check Org Cross-Repo Access Policy
 						if ctx.Package.Owner.IsOrganization() {
 							cfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Package.Owner.ID)
 							if err != nil {
@@ -116,16 +121,11 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
 								ctx.HTTPError(http.StatusForbidden, "reqPackageAccess", "cross-repository package access is disabled")
 								return
 							}
-						} else {
-							// For user-owned packages, maybe stricter? Or same?
-							// Issue says "only when they have been linked".
-							// If Owner is User, Cross-Repo setting is not available (it's Org setting).
-							// Default to Strict for Users?
-							if task.RepoID != ctx.Package.RepoID {
-								ctx.HTTPError(http.StatusForbidden, "reqPackageAccess", "package must be linked to the repository")
-								return
-							}
 						}
+
+						// 3. Fallthrough to GetActionsUserRepoPermission
+						// We rely on the backend permission check below to handle other Cross-Repository restrictions
+						// (e.g., User collaborative owners, token scopes).
 					}
 				}
 			}
diff --git a/routers/web/org/setting/actions.go b/routers/web/org/setting/actions.go
index 1b3568188953c..fba4e2905c8b3 100644
--- a/routers/web/org/setting/actions.go
+++ b/routers/web/org/setting/actions.go
@@ -9,12 +9,12 @@ import (
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
-	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/services/context"
 )
 
 const (
-	tplSettingsActionsGeneral base.TplName = "org/settings/actions_general"
+	tplSettingsActionsGeneral templates.TplName = "org/settings/actions_general"
 )
 
 // ActionsGeneral renders the actions general settings page
@@ -24,7 +24,7 @@ func ActionsGeneral(ctx *context.Context) {
 	ctx.Data["PageIsOrgSettingsActions"] = true
 
 	// Load Org Actions Config
-	actionsCfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Org.Organization.ID)
+	actionsCfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Org.Organization.AsUser().ID)
 	if err != nil {
 		ctx.ServerError("GetOrgActionsConfig", err)
 		return
@@ -35,6 +35,7 @@ func ActionsGeneral(ctx *context.Context) {
 	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
 	ctx.Data["TokenPermissionModeCustom"] = repo_model.ActionsTokenPermissionModeCustom
 	ctx.Data["DefaultTokenPermissions"] = actionsCfg.GetEffectiveTokenPermissions(false)
+	ctx.Data["MaxTokenPermissions"] = actionsCfg.GetMaxTokenPermissions()
 
 	ctx.Data["AllowCrossRepoAccess"] = actionsCfg.AllowCrossRepoAccess
 
@@ -47,7 +48,7 @@ func ActionsGeneralPost(ctx *context.Context) {
 	ctx.Data["PageIsOrgSettings"] = true
 	ctx.Data["PageIsOrgSettingsActions"] = true
 
-	actionsCfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Org.Organization.ID)
+	actionsCfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Org.Organization.AsUser().ID)
 	if err != nil {
 		ctx.ServerError("GetOrgActionsConfig", err)
 		return
@@ -84,10 +85,30 @@ func ActionsGeneralPost(ctx *context.Context) {
 		actionsCfg.DefaultTokenPermissions = nil
 	}
 
+	// Update Maximum Permissions
+	parseMaxPerm := func(name string) perm.AccessMode {
+		if ctx.FormBool("max_" + name + "_write") {
+			return perm.AccessModeWrite
+		}
+		if ctx.FormBool("max_" + name + "_read") {
+			return perm.AccessModeRead
+		}
+		return perm.AccessModeNone
+	}
+
+	actionsCfg.MaxTokenPermissions = &repo_model.ActionsTokenPermissions{
+		Actions:      parseMaxPerm("actions"),
+		Contents:     parseMaxPerm("contents"),
+		Issues:       parseMaxPerm("issues"),
+		Packages:     parseMaxPerm("packages"),
+		PullRequests: parseMaxPerm("pull_requests"),
+		Wiki:         parseMaxPerm("wiki"),
+	}
+
 	// Update Cross-Repo Access
 	actionsCfg.AllowCrossRepoAccess = ctx.FormBool("allow_cross_repo_access")
 
-	if err := actions_model.SetOrgActionsConfig(ctx, ctx.Org.Organization.ID, actionsCfg); err != nil {
+	if err := actions_model.SetOrgActionsConfig(ctx, ctx.Org.Organization.AsUser().ID, actionsCfg); err != nil {
 		ctx.ServerError("SetOrgActionsConfig", err)
 		return
 	}
diff --git a/routers/web/repo/setting/actions.go b/routers/web/repo/setting/actions.go
index 79875a00eb304..673af0a0bdb22 100644
--- a/routers/web/repo/setting/actions.go
+++ b/routers/web/repo/setting/actions.go
@@ -43,6 +43,7 @@ func ActionsGeneralSettings(ctx *context.Context) {
 	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
 	ctx.Data["TokenPermissionModeCustom"] = repo_model.ActionsTokenPermissionModeCustom
 	ctx.Data["DefaultTokenPermissions"] = actionsCfg.GetEffectiveTokenPermissions(false)
+	ctx.Data["MaxTokenPermissions"] = actionsCfg.GetMaxTokenPermissions()
 
 	if ctx.Repo.Repository.IsPrivate {
 		collaborativeOwnerIDs := actionsCfg.CollaborativeOwnerIDs
@@ -177,6 +178,26 @@ func UpdateTokenPermissions(ctx *context.Context) {
 		actionsCfg.DefaultTokenPermissions = nil
 	}
 
+	// Update Maximum Permissions
+	parseMaxPerm := func(name string) perm.AccessMode {
+		if ctx.FormBool("max_" + name + "_write") {
+			return perm.AccessModeWrite
+		}
+		if ctx.FormBool("max_" + name + "_read") {
+			return perm.AccessModeRead
+		}
+		return perm.AccessModeNone
+	}
+
+	actionsCfg.MaxTokenPermissions = &repo_model.ActionsTokenPermissions{
+		Actions:      parseMaxPerm("actions"),
+		Contents:     parseMaxPerm("contents"),
+		Issues:       parseMaxPerm("issues"),
+		Packages:     parseMaxPerm("packages"),
+		PullRequests: parseMaxPerm("pull_requests"),
+		Wiki:         parseMaxPerm("wiki"),
+	}
+
 	if err := repo_model.UpdateRepoUnit(ctx, actionsUnit); err != nil {
 		ctx.ServerError("UpdateRepoUnit", err)
 		return
diff --git a/templates/org/settings/actions_general.tmpl b/templates/org/settings/actions_general.tmpl
index b66c8121e2f12..dbae8a1cbb5f8 100644
--- a/templates/org/settings/actions_general.tmpl
+++ b/templates/org/settings/actions_general.tmpl
@@ -139,6 +139,96 @@
 				</form>
 			</div>
 		</div>
+			<div class="divider"></div>
+			<h5 class="ui header">{{ctx.Locale.Tr "general.token_permissions.maximum"}}</h5>
+			<p class="tw-text-secondary">{{ctx.Locale.Tr "general.token_permissions.maximum.description"}}</p>
+			<div class="ui grid">
+				<!-- Actions -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "actions.actions"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_actions_read" {{if call $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_actions_write" {{if call $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+				<!-- Contents -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_contents_read" {{if call $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_contents_write" {{if call $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+				<!-- Issues -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_issues_read" {{if call $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_issues_write" {{if call $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+				<!-- Packages -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_packages_read" {{if call $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_packages_write" {{if call $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+				<!-- Pull Requests -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_pull_requests_read" {{if call $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_pull_requests_write" {{if call $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+				<!-- Wiki -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_wiki_read" {{if call $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_wiki_write" {{if call $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+			</div>
+
 	</div>
 </div>
 {{template "org/settings/layout_footer" .}}
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index 6326ab0a87e06..8b2374fa2d52a 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -195,6 +195,96 @@
 				</div>
 			</div>
 
+			<div class="divider"></div>
+			<h5 class="ui header">{{ctx.Locale.Tr "general.token_permissions.maximum"}}</h5>
+			<p class="tw-text-secondary">{{ctx.Locale.Tr "general.token_permissions.maximum.description"}}</p>
+			<div class="ui grid">
+				<!-- Actions -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "actions.actions"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_actions_read" {{if call $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_actions_write" {{if call $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+				<!-- Contents -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_contents_read" {{if call $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_contents_write" {{if call $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+				<!-- Issues -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_issues_read" {{if call $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_issues_write" {{if call $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+				<!-- Packages -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_packages_read" {{if call $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_packages_write" {{if call $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+				<!-- Pull Requests -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_pull_requests_read" {{if call $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_pull_requests_write" {{if call $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+				<!-- Wiki -->
+				<div class="eight wide column">
+					<div class="field">
+						<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_wiki_read" {{if call $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</div>
+						<div class="ui checkbox">
+							<input type="checkbox" name="max_wiki_write" {{if call $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</div>
+					</div>
+				</div>
+			</div>
+
 			<div class="ui info message">
 				<p>{{ctx.Locale.Tr "actions.general.token_permissions.fork_pr_note"}}</p>
 			</div>

From 5317bb0e95403adf0a0f37ac9eeedba67a4757e1 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Thu, 18 Dec 2025 14:06:24 +0100
Subject: [PATCH 06/30] Fix lints

---
 models/user/setting.go                       | 1 -
 routers/api/packages/api.go                  | 1 -
 templates/org/settings/actions_general.tmpl  | 2 +-
 templates/repo/settings/actions_general.tmpl | 2 +-
 4 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/models/user/setting.go b/models/user/setting.go
index 7b60e4ee83895..c65afae76c84f 100644
--- a/models/user/setting.go
+++ b/models/user/setting.go
@@ -10,7 +10,6 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models/db"
-
 	"code.gitea.io/gitea/modules/cache"
 	setting_module "code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 443a14c575795..32195cea99e40 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -8,7 +8,6 @@ import (
 
 	actions_model "code.gitea.io/gitea/models/actions"
 	auth_model "code.gitea.io/gitea/models/auth"
-
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
diff --git a/templates/org/settings/actions_general.tmpl b/templates/org/settings/actions_general.tmpl
index dbae8a1cbb5f8..4c3c5cd2666d9 100644
--- a/templates/org/settings/actions_general.tmpl
+++ b/templates/org/settings/actions_general.tmpl
@@ -237,7 +237,7 @@
 window.addEventListener('load', function() {
 	const customPerms = document.getElementById('custom-permissions');
 	const radios = document.querySelectorAll('input[name="token_permission_mode"]');
-	
+
 	function toggleCustom() {
 		const selected = document.querySelector('input[name="token_permission_mode"]:checked');
 		if (selected && selected.value === 'custom') {
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index 8b2374fa2d52a..93d3da6a896e5 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -301,7 +301,7 @@
 window.addEventListener('load', function() {
 	const customPerms = document.getElementById('custom-permissions');
 	const radios = document.querySelectorAll('input[name="token_permission_mode"]');
-	
+
 	function toggleCustom() {
 		const selected = document.querySelector('input[name="token_permission_mode"]:checked');
 		if (selected && selected.value === 'custom') {

From 0682fd8f0430b0db71155cd46c53a24185e53a44 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Thu, 18 Dec 2025 15:16:51 +0100
Subject: [PATCH 07/30] Fix test

---
 tests/integration/actions_job_token_test.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index 3b061895b3fd1..d5d0d3f1a6343 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -12,6 +12,8 @@ import (
 	actions_model "code.gitea.io/gitea/models/actions"
 	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
+	repo_model "code.gitea.io/gitea/models/repo"
+	unit_model "code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
@@ -125,8 +127,20 @@ func TestActionsTokenPermissionsModes(t *testing.T) {
 
 func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly bool) func(t *testing.T) {
 	return func(t *testing.T) {
+		// Update repository settings to the requested mode
+		if mode != "" {
+			repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{Name: "repo4", OwnerName: "user5"})
+			require.NoError(t, repo.LoadUnits(t.Context()))
+			actionsUnit := repo.MustGetUnit(t.Context(), unit_model.TypeActions)
+			actionsCfg := actionsUnit.ActionsConfig()
+			actionsCfg.TokenPermissionMode = repo_model.ActionsTokenPermissionMode(mode)
+			actionsUnit.Config = actionsCfg
+			require.NoError(t, repo_model.UpdateRepoUnit(t.Context(), actionsUnit))
+		}
+
 		// Load a task that can be used for testing
 		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 47})
+		// Regenerate token to pick up new permissions if any (though currently permissions are checked at runtime)
 		require.NoError(t, task.GenerateToken())
 		task.Status = actions_model.StatusRunning
 		task.IsForkPullRequest = false // Not a fork PR
@@ -154,6 +168,8 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 			require.Equal(t, "user5", r.Owner.UserName)
 		}))
 
+		var sha string
+
 		// Test Write Access
 		context.ExpectedCode = util.Iif(expectReadOnly, http.StatusForbidden, http.StatusCreated)
 		t.Run("API Create File", doAPICreateFile(context, "test-permissions.txt", &structs.CreateFileOptions{
@@ -162,6 +178,8 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 				Message:       "Create File",
 			},
 			ContentBase64: base64.StdEncoding.EncodeToString([]byte(`This is a test file for permissions.`)),
+		}, func(t *testing.T, resp structs.FileResponse) {
+			sha = resp.Content.SHA
 		}))
 
 		// Test Delete Access
@@ -173,6 +191,7 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 					BranchName: "new-branch-permissions",
 					Message:    "Delete File",
 				},
+				SHA: sha,
 			}))
 		}
 	}

From fd1afc5e4c22d87116cef3d10dfc95707cbc6970 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Thu, 18 Dec 2025 15:54:59 +0100
Subject: [PATCH 08/30] Fixing Test Failures for Token Permissions

---
 tests/integration/actions_job_token_test.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index d5d0d3f1a6343..8db132587dc07 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -134,6 +134,8 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 			actionsUnit := repo.MustGetUnit(t.Context(), unit_model.TypeActions)
 			actionsCfg := actionsUnit.ActionsConfig()
 			actionsCfg.TokenPermissionMode = repo_model.ActionsTokenPermissionMode(mode)
+			actionsCfg.DefaultTokenPermissions = nil // Ensure no custom permissions override the mode
+			actionsCfg.MaxTokenPermissions = nil     // Ensure no max permissions interfere
 			actionsUnit.Config = actionsCfg
 			require.NoError(t, repo_model.UpdateRepoUnit(t.Context(), actionsUnit))
 		}
@@ -180,6 +182,7 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 			ContentBase64: base64.StdEncoding.EncodeToString([]byte(`This is a test file for permissions.`)),
 		}, func(t *testing.T, resp structs.FileResponse) {
 			sha = resp.Content.SHA
+			require.NotEmpty(t, sha, "SHA should not be empty")
 		}))
 
 		// Test Delete Access

From a4aae82c187d2149e0863a5cedd4bfec2663216d Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Thu, 18 Dec 2025 16:51:39 +0100
Subject: [PATCH 09/30] Fix test

---
 tests/integration/actions_job_token_test.go | 26 +++++++++++++++------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index 8db132587dc07..e57818dee5c82 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -5,6 +5,7 @@ package integration
 
 import (
 	"encoding/base64"
+	"fmt"
 	"net/http"
 	"net/url"
 	"testing"
@@ -189,13 +190,24 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 		context.ExpectedCode = util.Iif(expectReadOnly, http.StatusForbidden, http.StatusNoContent)
 		if !expectReadOnly {
 			// Clean up created file if we had write access
-			t.Run("API Delete File", doAPIDeleteFile(context, "test-permissions.txt", &structs.DeleteFileOptions{
-				FileOptions: structs.FileOptions{
-					BranchName: "new-branch-permissions",
-					Message:    "Delete File",
-				},
-				SHA: sha,
-			}))
+			t.Run("API Delete File", func(t *testing.T) {
+				t.Logf("Deleting file with SHA: %s", sha)
+				require.NotEmpty(t, sha, "SHA must be captured before deletion")
+				deleteOpts := &structs.DeleteFileOptions{
+					FileOptions: structs.FileOptions{
+						BranchName: "new-branch-permissions",
+						Message:    "Delete File",
+					},
+					SHA: sha,
+				}
+				req := NewRequestWithJSON(t, "DELETE", fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", context.Username, context.Reponame, "test-permissions.txt"), deleteOpts).
+					AddTokenAuth(context.Token)
+				if context.ExpectedCode != 0 {
+					context.Session.MakeRequest(t, req, context.ExpectedCode)
+					return
+				}
+				context.Session.MakeRequest(t, req, http.StatusNoContent)
+			})
 		}
 	}
 }

From 65051b17622a32fe4050b61703557223f119838f Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Thu, 18 Dec 2025 18:13:40 +0100
Subject: [PATCH 10/30] Fix checks

---
 tests/integration/actions_job_token_test.go    | 12 ++++++++++--
 .../api_helper_for_declarative_test.go         | 18 ------------------
 2 files changed, 10 insertions(+), 20 deletions(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index e57818dee5c82..60b6ee8c2b3fa 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -174,7 +174,11 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 		var sha string
 
 		// Test Write Access
-		context.ExpectedCode = util.Iif(expectReadOnly, http.StatusForbidden, http.StatusCreated)
+		if expectReadOnly {
+			context.ExpectedCode = http.StatusForbidden
+		} else {
+			context.ExpectedCode = 0
+		}
 		t.Run("API Create File", doAPICreateFile(context, "test-permissions.txt", &structs.CreateFileOptions{
 			FileOptions: structs.FileOptions{
 				NewBranchName: "new-branch-permissions",
@@ -187,7 +191,11 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 		}))
 
 		// Test Delete Access
-		context.ExpectedCode = util.Iif(expectReadOnly, http.StatusForbidden, http.StatusNoContent)
+		if expectReadOnly {
+			context.ExpectedCode = http.StatusForbidden
+		} else {
+			context.ExpectedCode = 0
+		}
 		if !expectReadOnly {
 			// Clean up created file if we had write access
 			t.Run("API Delete File", func(t *testing.T) {
diff --git a/tests/integration/api_helper_for_declarative_test.go b/tests/integration/api_helper_for_declarative_test.go
index d7dcad953ca1c..b30cdfd0fc3b1 100644
--- a/tests/integration/api_helper_for_declarative_test.go
+++ b/tests/integration/api_helper_for_declarative_test.go
@@ -374,24 +374,6 @@ func doAPICreateFile(ctx APITestContext, treepath string, options *api.CreateFil
 	}
 }
 
-func doAPIDeleteFile(ctx APITestContext, treepath string, options *api.DeleteFileOptions, callback ...func(*testing.T, api.FileDeleteResponse)) func(*testing.T) {
-	return func(t *testing.T) {
-		req := NewRequestWithJSON(t, "DELETE", fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", ctx.Username, ctx.Reponame, treepath), &options).
-			AddTokenAuth(ctx.Token)
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
-
-		var contents api.FileDeleteResponse
-		DecodeJSON(t, resp, &contents)
-		if len(callback) > 0 {
-			callback[0](t, contents)
-		}
-	}
-}
-
 func doAPICreateOrganization(ctx APITestContext, options *api.CreateOrgOption, callback ...func(*testing.T, api.Organization)) func(t *testing.T) {
 	return func(t *testing.T) {
 		req := NewRequestWithJSON(t, "POST", "/api/v1/orgs", &options).

From a6b6e709d9153bc7abc57d1610c5aeb3868b7b51 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Thu, 18 Dec 2025 19:07:51 +0100
Subject: [PATCH 11/30] update tesr

---
 tests/integration/actions_job_token_test.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index 60b6ee8c2b3fa..c065625e798e1 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -181,8 +181,8 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 		}
 		t.Run("API Create File", doAPICreateFile(context, "test-permissions.txt", &structs.CreateFileOptions{
 			FileOptions: structs.FileOptions{
-				NewBranchName: "new-branch-permissions",
-				Message:       "Create File",
+				BranchName: "master",
+				Message:    "Create File",
 			},
 			ContentBase64: base64.StdEncoding.EncodeToString([]byte(`This is a test file for permissions.`)),
 		}, func(t *testing.T, resp structs.FileResponse) {
@@ -203,7 +203,7 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 				require.NotEmpty(t, sha, "SHA must be captured before deletion")
 				deleteOpts := &structs.DeleteFileOptions{
 					FileOptions: structs.FileOptions{
-						BranchName: "new-branch-permissions",
+						BranchName: "master",
 						Message:    "Delete File",
 					},
 					SHA: sha,

From 5eb2f12b0ece8029856f9ce44b7e1057132c4106 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Fri, 19 Dec 2025 03:41:22 +0100
Subject: [PATCH 12/30] wip

---
 tests/integration/actions_job_token_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index c065625e798e1..feac4fc8d5cda 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -214,7 +214,7 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 					context.Session.MakeRequest(t, req, context.ExpectedCode)
 					return
 				}
-				context.Session.MakeRequest(t, req, http.StatusNoContent)
+				context.Session.MakeRequest(t, req, http.StatusOK)
 			})
 		}
 	}

From 8daef631cfc69f9d9290ded5a086989c9a5046ef Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Fri, 19 Dec 2025 05:39:06 +0100
Subject: [PATCH 13/30] Adress all reviewer feedback

---
 models/actions/config.go                     |  2 +-
 models/repo/repo_unit.go                     | 30 +++------
 templates/org/settings/actions_general.tmpl  | 67 +++++++-------------
 templates/repo/settings/actions_general.tmpl | 67 +++++++-------------
 web_src/js/features/repo-settings-actions.ts | 24 +++++++
 web_src/js/index-domready.ts                 |  2 +
 6 files changed, 85 insertions(+), 107 deletions(-)
 create mode 100644 web_src/js/features/repo-settings-actions.ts

diff --git a/models/actions/config.go b/models/actions/config.go
index bb04f8a3ca8d1..7bd64b74d4ccc 100644
--- a/models/actions/config.go
+++ b/models/actions/config.go
@@ -1,4 +1,4 @@
-// Copyright 2024 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package actions
diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go
index 4c3b212f7b920..e84a52439c5b0 100644
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@@ -196,8 +196,8 @@ type ActionsTokenPermissions struct {
 	Wiki perm.AccessMode `json:"wiki"`
 }
 
-// HasRead checks if the permission has read access for the given scope
-func (p ActionsTokenPermissions) HasRead(scope string) bool {
+// HasAccess checks if the permission meets the required access level for the given scope
+func (p ActionsTokenPermissions) HasAccess(scope string, required perm.AccessMode) bool {
 	var mode perm.AccessMode
 	switch scope {
 	case "actions":
@@ -213,27 +213,17 @@ func (p ActionsTokenPermissions) HasRead(scope string) bool {
 	case "wiki":
 		mode = p.Wiki
 	}
-	return mode >= perm.AccessModeRead
+	return mode >= required
 }
 
-// HasWrite checks if the permission has write access for the given scope
+// HasRead checks if the permission has read access for the given scope (convenience wrapper for templates)
+func (p ActionsTokenPermissions) HasRead(scope string) bool {
+	return p.HasAccess(scope, perm.AccessModeRead)
+}
+
+// HasWrite checks if the permission has write access for the given scope (convenience wrapper for templates)
 func (p ActionsTokenPermissions) HasWrite(scope string) bool {
-	var mode perm.AccessMode
-	switch scope {
-	case "actions":
-		mode = p.Actions
-	case "contents":
-		mode = p.Contents
-	case "issues":
-		mode = p.Issues
-	case "packages":
-		mode = p.Packages
-	case "pull_requests":
-		mode = p.PullRequests
-	case "wiki":
-		mode = p.Wiki
-	}
-	return mode >= perm.AccessModeWrite
+	return p.HasAccess(scope, perm.AccessModeWrite)
 }
 
 // DefaultActionsTokenPermissions returns the default permissions for permissive mode
diff --git a/templates/org/settings/actions_general.tmpl b/templates/org/settings/actions_general.tmpl
index 4c3c5cd2666d9..e56925bcff19b 100644
--- a/templates/org/settings/actions_general.tmpl
+++ b/templates/org/settings/actions_general.tmpl
@@ -43,11 +43,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "actions.actions"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="actions_read" {{if call $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
+										<input type="checkbox" name="actions_read" {{if $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="actions_write" {{if call $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
+										<input type="checkbox" name="actions_write" {{if $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -57,11 +57,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "general.token_permissions.contents"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="contents_read" {{if call $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
+										<input type="checkbox" name="contents_read" {{if $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="contents_write" {{if call $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
+										<input type="checkbox" name="contents_write" {{if $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -71,11 +71,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "general.token_permissions.issues"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="issues_read" {{if call $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
+										<input type="checkbox" name="issues_read" {{if $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="issues_write" {{if call $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
+										<input type="checkbox" name="issues_write" {{if $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -85,11 +85,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "general.token_permissions.packages"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="packages_read" {{if call $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
+										<input type="checkbox" name="packages_read" {{if $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="packages_write" {{if call $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
+										<input type="checkbox" name="packages_write" {{if $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -99,11 +99,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "general.token_permissions.pull_requests"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="pull_requests_read" {{if call $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+										<input type="checkbox" name="pull_requests_read" {{if $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="pull_requests_write" {{if call $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+										<input type="checkbox" name="pull_requests_write" {{if $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -113,11 +113,11 @@
 								<div class="field">
 									<label>{{.locale.Tr "general.token_permissions.wiki"}}</label>
 									<div class="ui checkbox">
-										<input type="checkbox" name="wiki_read" {{if call $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
+										<input type="checkbox" name="wiki_read" {{if $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
 									</div>
 									<div class="ui checkbox">
-										<input type="checkbox" name="wiki_write" {{if call $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+										<input type="checkbox" name="wiki_write" {{if $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
 										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
 									</div>
 								</div>
@@ -148,11 +148,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "actions.actions"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_read" {{if call $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
+							<input type="checkbox" name="max_actions_read" {{if $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_write" {{if call $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
+							<input type="checkbox" name="max_actions_write" {{if $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -162,11 +162,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_read" {{if call $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
+							<input type="checkbox" name="max_contents_read" {{if $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_write" {{if call $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
+							<input type="checkbox" name="max_contents_write" {{if $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -176,11 +176,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_read" {{if call $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
+							<input type="checkbox" name="max_issues_read" {{if $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_write" {{if call $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
+							<input type="checkbox" name="max_issues_write" {{if $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -190,11 +190,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_read" {{if call $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
+							<input type="checkbox" name="max_packages_read" {{if $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_write" {{if call $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
+							<input type="checkbox" name="max_packages_write" {{if $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -204,11 +204,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_read" {{if call $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+							<input type="checkbox" name="max_pull_requests_read" {{if $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_write" {{if call $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+							<input type="checkbox" name="max_pull_requests_write" {{if $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -218,11 +218,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_read" {{if call $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
+							<input type="checkbox" name="max_wiki_read" {{if $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_write" {{if call $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+							<input type="checkbox" name="max_wiki_write" {{if $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -232,22 +232,3 @@
 	</div>
 </div>
 {{template "org/settings/layout_footer" .}}
-
-<script>
-window.addEventListener('load', function() {
-	const customPerms = document.getElementById('custom-permissions');
-	const radios = document.querySelectorAll('input[name="token_permission_mode"]');
-
-	function toggleCustom() {
-		const selected = document.querySelector('input[name="token_permission_mode"]:checked');
-		if (selected && selected.value === 'custom') {
-			customPerms.style.display = 'block';
-		} else {
-			customPerms.style.display = 'none';
-		}
-	}
-
-	radios.forEach(r => r.addEventListener('change', toggleCustom));
-	toggleCustom();
-});
-</script>
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index 93d3da6a896e5..4b801936a7acc 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -113,11 +113,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "actions.actions"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="actions_read" {{if call $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
+								<input type="checkbox" name="actions_read" {{if $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="actions_write" {{if call $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
+								<input type="checkbox" name="actions_write" {{if $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -127,11 +127,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="contents_read" {{if call $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
+								<input type="checkbox" name="contents_read" {{if $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="contents_write" {{if call $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
+								<input type="checkbox" name="contents_write" {{if $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -141,11 +141,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="issues_read" {{if call $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
+								<input type="checkbox" name="issues_read" {{if $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="issues_write" {{if call $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
+								<input type="checkbox" name="issues_write" {{if $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -155,11 +155,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="packages_read" {{if call $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
+								<input type="checkbox" name="packages_read" {{if $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="packages_write" {{if call $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
+								<input type="checkbox" name="packages_write" {{if $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -169,11 +169,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="pull_requests_read" {{if call $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+								<input type="checkbox" name="pull_requests_read" {{if $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="pull_requests_write" {{if call $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+								<input type="checkbox" name="pull_requests_write" {{if $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -183,11 +183,11 @@
 						<div class="field">
 							<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
 							<div class="ui checkbox">
-								<input type="checkbox" name="wiki_read" {{if call $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
+								<input type="checkbox" name="wiki_read" {{if $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 							</div>
 							<div class="ui checkbox">
-								<input type="checkbox" name="wiki_write" {{if call $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+								<input type="checkbox" name="wiki_write" {{if $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
 								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 							</div>
 						</div>
@@ -204,11 +204,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "actions.actions"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_read" {{if call $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
+							<input type="checkbox" name="max_actions_read" {{if $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_write" {{if call $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
+							<input type="checkbox" name="max_actions_write" {{if $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -218,11 +218,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_read" {{if call $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
+							<input type="checkbox" name="max_contents_read" {{if $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_write" {{if call $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
+							<input type="checkbox" name="max_contents_write" {{if $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -232,11 +232,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_read" {{if call $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
+							<input type="checkbox" name="max_issues_read" {{if $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_write" {{if call $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
+							<input type="checkbox" name="max_issues_write" {{if $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -246,11 +246,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_read" {{if call $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
+							<input type="checkbox" name="max_packages_read" {{if $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_write" {{if call $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
+							<input type="checkbox" name="max_packages_write" {{if $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -260,11 +260,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_read" {{if call $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
+							<input type="checkbox" name="max_pull_requests_read" {{if $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_write" {{if call $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+							<input type="checkbox" name="max_pull_requests_write" {{if $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -274,11 +274,11 @@
 					<div class="field">
 						<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_read" {{if call $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
+							<input type="checkbox" name="max_wiki_read" {{if $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
 						</div>
 						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_write" {{if call $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+							<input type="checkbox" name="max_wiki_write" {{if $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
 							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
 						</div>
 					</div>
@@ -296,22 +296,3 @@
 	</div>
 {{end}}
 </div>
-
-<script>
-window.addEventListener('load', function() {
-	const customPerms = document.getElementById('custom-permissions');
-	const radios = document.querySelectorAll('input[name="token_permission_mode"]');
-
-	function toggleCustom() {
-		const selected = document.querySelector('input[name="token_permission_mode"]:checked');
-		if (selected && selected.value === 'custom') {
-			customPerms.style.display = 'block';
-		} else {
-			customPerms.style.display = 'none';
-		}
-	}
-
-	radios.forEach(r => r.addEventListener('change', toggleCustom));
-	toggleCustom();
-});
-</script>
diff --git a/web_src/js/features/repo-settings-actions.ts b/web_src/js/features/repo-settings-actions.ts
new file mode 100644
index 0000000000000..3b0f93ba57cfd
--- /dev/null
+++ b/web_src/js/features/repo-settings-actions.ts
@@ -0,0 +1,24 @@
+export function initRepoSettingsActionsPermissions(): void {
+  const radios = document.querySelectorAll<HTMLInputElement>(
+    'input[name="token_permission_mode"]',
+  );
+  if (!radios.length) return;
+
+  function toggleCustom(): void {
+    const customPerms = document.querySelector<HTMLElement>('#custom-permissions');
+    if (!customPerms) return;
+
+    const selected = document.querySelector<HTMLInputElement>(
+      'input[name="token_permission_mode"]:checked',
+    );
+
+    customPerms.style.display =
+      selected?.value === 'custom' ? 'block' : 'none';
+  }
+
+  for (const radio of radios) {
+    radio.addEventListener('change', toggleCustom);
+  }
+
+  toggleCustom();
+}
diff --git a/web_src/js/index-domready.ts b/web_src/js/index-domready.ts
index 660e5c0989610..da1f3f80d0995 100644
--- a/web_src/js/index-domready.ts
+++ b/web_src/js/index-domready.ts
@@ -64,6 +64,7 @@ import {initGlobalButtonClickOnEnter, initGlobalButtons, initGlobalDeleteButton}
 import {initGlobalComboMarkdownEditor, initGlobalEnterQuickSubmit, initGlobalFormDirtyLeaveConfirm} from './features/common-form.ts';
 import {callInitFunctions} from './modules/init.ts';
 import {initRepoViewFileTree} from './features/repo-view-file-tree.ts';
+import {initRepoSettingsActionsPermissions} from './features/repo-settings-actions.ts';
 
 const initStartTime = performance.now();
 const initPerformanceTracer = callInitFunctions([
@@ -158,6 +159,7 @@ const initPerformanceTracer = callInitFunctions([
   initOAuth2SettingsDisableCheckbox,
 
   initRepoFileView,
+  initRepoSettingsActionsPermissions,
 ]);
 
 // it must be the last one, then the "querySelectorAll" only needs to be executed once for global init functions.

From 79a5d079ba4d5323e3e1d1cde7618a5554855105 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 04:30:49 +0100
Subject: [PATCH 14/30] Completely redesign UI

---
 routers/web/org/setting/actions.go           |  14 +-
 routers/web/repo/setting/actions.go          |  12 +-
 templates/org/settings/actions_general.tmpl  | 407 ++++++++---------
 templates/org/settings/navbar.tmpl           |   5 +-
 templates/repo/settings/actions_general.tmpl | 445 ++++++++-----------
 5 files changed, 385 insertions(+), 498 deletions(-)

diff --git a/routers/web/org/setting/actions.go b/routers/web/org/setting/actions.go
index fba4e2905c8b3..e06a06b39047c 100644
--- a/routers/web/org/setting/actions.go
+++ b/routers/web/org/setting/actions.go
@@ -21,7 +21,7 @@ const (
 func ActionsGeneral(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("actions.actions")
 	ctx.Data["PageIsOrgSettings"] = true
-	ctx.Data["PageIsOrgSettingsActions"] = true
+	ctx.Data["PageIsOrgSettingsActionsGeneral"] = true
 
 	// Load Org Actions Config
 	actionsCfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Org.Organization.AsUser().ID)
@@ -85,15 +85,17 @@ func ActionsGeneralPost(ctx *context.Context) {
 		actionsCfg.DefaultTokenPermissions = nil
 	}
 
-	// Update Maximum Permissions
+	// Update Maximum Permissions (radio buttons: none/read/write)
 	parseMaxPerm := func(name string) perm.AccessMode {
-		if ctx.FormBool("max_" + name + "_write") {
+		value := ctx.FormString("max_" + name)
+		switch value {
+		case "write":
 			return perm.AccessModeWrite
-		}
-		if ctx.FormBool("max_" + name + "_read") {
+		case "read":
 			return perm.AccessModeRead
+		default:
+			return perm.AccessModeNone
 		}
-		return perm.AccessModeNone
 	}
 
 	actionsCfg.MaxTokenPermissions = &repo_model.ActionsTokenPermissions{
diff --git a/routers/web/repo/setting/actions.go b/routers/web/repo/setting/actions.go
index 673af0a0bdb22..a4f0c9488e45a 100644
--- a/routers/web/repo/setting/actions.go
+++ b/routers/web/repo/setting/actions.go
@@ -178,15 +178,17 @@ func UpdateTokenPermissions(ctx *context.Context) {
 		actionsCfg.DefaultTokenPermissions = nil
 	}
 
-	// Update Maximum Permissions
+	// Update Maximum Permissions (radio buttons: none/read/write)
 	parseMaxPerm := func(name string) perm.AccessMode {
-		if ctx.FormBool("max_" + name + "_write") {
+		value := ctx.FormString("max_" + name)
+		switch value {
+		case "write":
 			return perm.AccessModeWrite
-		}
-		if ctx.FormBool("max_" + name + "_read") {
+		case "read":
 			return perm.AccessModeRead
+		default:
+			return perm.AccessModeNone
 		}
-		return perm.AccessModeNone
 	}
 
 	actionsCfg.MaxTokenPermissions = &repo_model.ActionsTokenPermissions{
diff --git a/templates/org/settings/actions_general.tmpl b/templates/org/settings/actions_general.tmpl
index e56925bcff19b..ccd42d33617e9 100644
--- a/templates/org/settings/actions_general.tmpl
+++ b/templates/org/settings/actions_general.tmpl
@@ -1,234 +1,199 @@
 {{template "org/settings/layout_head" .}}
 <div class="org-setting-content">
 	<h4 class="ui top attached header">
-		{{.locale.Tr "actions.actions"}}
+		{{ctx.Locale.Tr "actions.actions"}} - {{ctx.Locale.Tr "settings.general"}}
 	</h4>
 	<div class="ui attached segment">
-		<div class="ui grid">
-			<div class="sixteen wide column">
-				<form class="ui form" action="{{.Link}}" method="post">
-					{{.CsrfTokenHtml}}
-					<div class="field">
-						<label>{{.locale.Tr "actions.general.token_permissions.mode"}}</label>
-						<div class="grouped fields">
-							<div class="field">
-								<div class="ui radio checkbox">
-									<input type="radio" name="token_permission_mode" value="{{.TokenPermissionModePermissive}}" {{if eq .TokenPermissionMode .TokenPermissionModePermissive}}checked{{end}}>
-									<label>{{.locale.Tr "actions.general.token_permissions.permissive"}}</label>
-									<p class="help">{{.locale.Tr "actions.general.token_permissions.permissive.description"}}</p>
-								</div>
-							</div>
-							<div class="field">
-								<div class="ui radio checkbox">
-									<input type="radio" name="token_permission_mode" value="{{.TokenPermissionModeRestricted}}" {{if eq .TokenPermissionMode .TokenPermissionModeRestricted}}checked{{end}}>
-									<label>{{.locale.Tr "actions.general.token_permissions.restricted"}}</label>
-									<p class="help">{{.locale.Tr "actions.general.token_permissions.restricted.description"}}</p>
-								</div>
-							</div>
-							<div class="field">
-								<div class="ui radio checkbox">
-									<input type="radio" name="token_permission_mode" value="custom" {{if eq .TokenPermissionMode .TokenPermissionModeCustom}}checked{{end}}>
-									<label>{{.locale.Tr "actions.general.token_permissions.custom"}}</label>
-									<p class="help">{{.locale.Tr "actions.general.token_permissions.custom.description"}}</p>
-								</div>
-							</div>
-						</div>
-					</div>
+		<form class="ui form" action="{{.Link}}" method="post">
+			{{.CsrfTokenHtml}}
 
-					<div id="custom-permissions" class="ui segment" style="display: none;">
-						<h5 class="ui header">{{.locale.Tr "actions.general.token_permissions.individual"}}</h5>
-						<div class="ui grid">
-							<!-- Actions -->
-							<div class="eight wide column">
-								<div class="field">
-									<label>{{.locale.Tr "actions.actions"}}</label>
-									<div class="ui checkbox">
-										<input type="checkbox" name="actions_read" {{if $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
-									</div>
-									<div class="ui checkbox">
-										<input type="checkbox" name="actions_write" {{if $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
-									</div>
-								</div>
-							</div>
-							<!-- Contents -->
-							<div class="eight wide column">
-								<div class="field">
-									<label>{{.locale.Tr "general.token_permissions.contents"}}</label>
-									<div class="ui checkbox">
-										<input type="checkbox" name="contents_read" {{if $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
-									</div>
-									<div class="ui checkbox">
-										<input type="checkbox" name="contents_write" {{if $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
-									</div>
-								</div>
-							</div>
-							<!-- Issues -->
-							<div class="eight wide column">
-								<div class="field">
-									<label>{{.locale.Tr "general.token_permissions.issues"}}</label>
-									<div class="ui checkbox">
-										<input type="checkbox" name="issues_read" {{if $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
-									</div>
-									<div class="ui checkbox">
-										<input type="checkbox" name="issues_write" {{if $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
-									</div>
-								</div>
-							</div>
-							<!-- Packages -->
-							<div class="eight wide column">
-								<div class="field">
-									<label>{{.locale.Tr "general.token_permissions.packages"}}</label>
-									<div class="ui checkbox">
-										<input type="checkbox" name="packages_read" {{if $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
-									</div>
-									<div class="ui checkbox">
-										<input type="checkbox" name="packages_write" {{if $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
-									</div>
-								</div>
-							</div>
-							<!-- Pull Requests -->
-							<div class="eight wide column">
-								<div class="field">
-									<label>{{.locale.Tr "general.token_permissions.pull_requests"}}</label>
-									<div class="ui checkbox">
-										<input type="checkbox" name="pull_requests_read" {{if $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
-									</div>
-									<div class="ui checkbox">
-										<input type="checkbox" name="pull_requests_write" {{if $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
-									</div>
-								</div>
-							</div>
-							<!-- Wiki -->
-							<div class="eight wide column">
-								<div class="field">
-									<label>{{.locale.Tr "general.token_permissions.wiki"}}</label>
-									<div class="ui checkbox">
-										<input type="checkbox" name="wiki_read" {{if $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_read"}}</label>
-									</div>
-									<div class="ui checkbox">
-										<input type="checkbox" name="wiki_write" {{if $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
-										<label>{{.locale.Tr "general.token_permissions.access_write"}}</label>
-									</div>
-								</div>
-							</div>
-						</div>
-					</div>
+			<!-- Cross-Repository Access -->
+			<div class="field">
+				<div class="ui checkbox">
+					<input type="checkbox" name="allow_cross_repo_access" {{if .AllowCrossRepoAccess}}checked{{end}}>
+					<label><strong>{{ctx.Locale.Tr "general.token_permissions.cross_repo"}}</strong></label>
+				</div>
+				<p class="help">{{ctx.Locale.Tr "general.token_permissions.cross_repo_desc"}}</p>
+			</div>
 
-					<h4 class="ui dividing header">{{.locale.Tr "actions.general.token_permissions.cross_repo"}}</h4>
-					<div class="field">
-						<div class="ui checkbox">
-							<input type="checkbox" name="allow_cross_repo_access" {{if .AllowCrossRepoAccess}}checked{{end}}>
-							<label>{{.locale.Tr "actions.general.token_permissions.cross_repo_desc"}}</label>
-						</div>
-					</div>
+			<div class="divider"></div>
+
+			<!-- Maximum Permissions Table -->
+			<h5 class="ui header">
+				{{ctx.Locale.Tr "general.token_permissions.maximum"}}
+				<span class="ui red text">*</span>
+			</h5>
+			<p class="help">{{ctx.Locale.Tr "general.token_permissions.maximum.description"}}</p>
+
+			<table class="ui celled table">
+				<thead>
+					<tr>
+						<th style="width: 40%">{{ctx.Locale.Tr "units.unit"}}</th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_none"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "general.token_permissions.access_none"}}">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_read"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "general.token_permissions.access_read"}}">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_write"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "general.token_permissions.access_write"}}">?</span></th>
+					</tr>
+				</thead>
+				<tbody>
+					<!-- Code -->
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.contents"}}</strong>
+							<p class="text small grey">Access source code, files, commits and branches.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_contents" value="none" {{if not ($.MaxTokenPermissions.HasRead "contents")}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_contents" value="read" {{if and ($.MaxTokenPermissions.HasRead "contents") (not ($.MaxTokenPermissions.HasWrite "contents"))}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_contents" value="write" {{if $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+					</tr>
+					<!-- Issues -->
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.issues"}}</strong>
+							<p class="text small grey">Organize bug reports, tasks and milestones.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_issues" value="none" {{if not ($.MaxTokenPermissions.HasRead "issues")}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_issues" value="read" {{if and ($.MaxTokenPermissions.HasRead "issues") (not ($.MaxTokenPermissions.HasWrite "issues"))}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_issues" value="write" {{if $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+					</tr>
+					<!-- Pull Requests -->
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</strong>
+							<p class="text small grey">Enable pull requests and code reviews.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_pull_requests" value="none" {{if not ($.MaxTokenPermissions.HasRead "pull_requests")}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_pull_requests" value="read" {{if and ($.MaxTokenPermissions.HasRead "pull_requests") (not ($.MaxTokenPermissions.HasWrite "pull_requests"))}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_pull_requests" value="write" {{if $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+					</tr>
+					<!-- Wiki -->
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</strong>
+							<p class="text small grey">Write and share documentation with collaborators.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_wiki" value="none" {{if not ($.MaxTokenPermissions.HasRead "wiki")}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_wiki" value="read" {{if and ($.MaxTokenPermissions.HasRead "wiki") (not ($.MaxTokenPermissions.HasWrite "wiki"))}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_wiki" value="write" {{if $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+					</tr>
+					<!-- Packages -->
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.packages"}}</strong>
+							<p class="text small grey">Manage repository packages.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_packages" value="none" {{if not ($.MaxTokenPermissions.HasRead "packages")}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_packages" value="read" {{if and ($.MaxTokenPermissions.HasRead "packages") (not ($.MaxTokenPermissions.HasWrite "packages"))}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_packages" value="write" {{if $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+					</tr>
+					<!-- Actions -->
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.actions_scope"}}</strong>
+							<p class="text small grey">Manage actions.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_actions" value="none" {{if not ($.MaxTokenPermissions.HasRead "actions")}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_actions" value="read" {{if and ($.MaxTokenPermissions.HasRead "actions") (not ($.MaxTokenPermissions.HasWrite "actions"))}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_actions" value="write" {{if $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+					</tr>
+				</tbody>
+			</table>
 
-					<div class="field">
-						<button class="ui green button">{{.locale.Tr "save"}}</button>
-					</div>
-				</form>
-			</div>
-		</div>
 			<div class="divider"></div>
-			<h5 class="ui header">{{ctx.Locale.Tr "general.token_permissions.maximum"}}</h5>
-			<p class="tw-text-secondary">{{ctx.Locale.Tr "general.token_permissions.maximum.description"}}</p>
-			<div class="ui grid">
-				<!-- Actions -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "actions.actions"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_read" {{if $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_write" {{if $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-				<!-- Contents -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_read" {{if $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_write" {{if $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-				<!-- Issues -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_read" {{if $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_write" {{if $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-				<!-- Packages -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_read" {{if $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_write" {{if $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-				<!-- Pull Requests -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_read" {{if $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_write" {{if $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-				<!-- Wiki -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_read" {{if $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_write" {{if $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-			</div>
 
+			<div class="field">
+				<button class="ui primary button">{{ctx.Locale.Tr "repo.settings.update_settings"}}</button>
+			</div>
+		</form>
 	</div>
 </div>
 {{template "org/settings/layout_footer" .}}
diff --git a/templates/org/settings/navbar.tmpl b/templates/org/settings/navbar.tmpl
index 58475de7e7a31..4c06b2cb1baf3 100644
--- a/templates/org/settings/navbar.tmpl
+++ b/templates/org/settings/navbar.tmpl
@@ -26,9 +26,12 @@
 		</a>
 		{{end}}
 		{{if .EnableActions}}
-		<details class="item toggleable-item" {{if or .PageIsSharedSettingsRunners .PageIsSharedSettingsSecrets .PageIsSharedSettingsVariables}}open{{end}}>
+		<details class="item toggleable-item" {{if or .PageIsOrgSettingsActionsGeneral .PageIsSharedSettingsRunners .PageIsSharedSettingsSecrets .PageIsSharedSettingsVariables}}open{{end}}>
 			<summary>{{ctx.Locale.Tr "actions.actions"}}</summary>
 			<div class="menu">
+				<a class="{{if .PageIsOrgSettingsActionsGeneral}}active {{end}}item" href="{{.OrgLink}}/settings/actions">
+					{{ctx.Locale.Tr "settings.general"}}
+				</a>
 				<a class="{{if .PageIsSharedSettingsRunners}}active {{end}}item" href="{{.OrgLink}}/settings/actions/runners">
 					{{ctx.Locale.Tr "actions.runners"}}
 				</a>
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index 4b801936a7acc..a4fd482d1a2af 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -1,298 +1,213 @@
+{{template "repo/settings/layout_head" .}}
 <div class="repo-setting-content">
 	<h4 class="ui top attached header">
-		{{ctx.Locale.Tr "actions.general.enable_actions"}}
+		{{ctx.Locale.Tr "actions.actions"}} - {{ctx.Locale.Tr "settings.general"}}
 	</h4>
 	<div class="ui attached segment">
-		<form class="ui form" action="{{.Link}}/actions_unit" method="post">
+		<form class="ui form" action="{{.RepoLink}}/settings/actions/token-permissions" method="post">
 			{{.CsrfTokenHtml}}
-			{{$isActionsEnabled := .Repository.UnitEnabled ctx ctx.Consts.RepoUnitTypeActions}}
-			{{$isActionsGlobalDisabled := ctx.Consts.RepoUnitTypeActions.UnitGlobalDisabled}}
-			<div class="inline field">
-				<label>{{ctx.Locale.Tr "actions.actions"}}</label>
-				<div class="ui checkbox{{if $isActionsGlobalDisabled}} disabled{{end}}"{{if $isActionsGlobalDisabled}} data-tooltip-content="{{ctx.Locale.Tr "repo.unit_disabled"}}"{{end}}>
-					<input name="enable_actions" type="checkbox" {{if $isActionsGlobalDisabled}}disabled{{end}} {{if $isActionsEnabled}}checked{{end}}>
-					<label>{{ctx.Locale.Tr "repo.settings.actions_desc"}}</label>
-				</div>
-			</div>
-			{{if not $isActionsGlobalDisabled}}
-			<div class="divider"></div>
-				<div class="field">
-				<button class="ui primary button">{{ctx.Locale.Tr "repo.settings.update_settings"}}</button>
-			</div>
-			{{end}}
-		</form>
-	</div>
 
-{{if and .EnableActions (.Permission.CanRead ctx.Consts.RepoUnitTypeActions)}}
-	{{if .Repository.IsPrivate}}
-	<h4 class="ui top attached header">
-		{{ctx.Locale.Tr "actions.general.collaborative_owners_management"}}
-	</h4>
-	{{if len .CollaborativeOwners}}
-	<div class="ui attached segment">
-		<div class="flex-list">
-			{{range .CollaborativeOwners}}
-			<div class="flex-item tw-items-center">
-				<div class="flex-item-leading">
-					<a href="{{.HomeLink}}">{{ctx.AvatarUtils.Avatar . 32}}</a>
-				</div>
-				<div class="flex-item-main">
-					<div class="flex-item-title">
-						{{template "shared/user/name" .}}
-					</div>
-				</div>
-				<div class="flex-item-trailing">
-					<button class="ui red tiny button inline link-action"
-						data-url="{{$.Link}}/collaborative_owner/delete?id={{.ID}}"
-						data-modal-confirm-header="{{ctx.Locale.Tr "actions.general.remove_collaborative_owner"}}"
-						data-modal-confirm-content="{{ctx.Locale.Tr "actions.general.remove_collaborative_owner_desc"}}"
-					>{{ctx.Locale.Tr "remove"}}</button>
-				</div>
-			</div>
-			{{end}}
-		</div>
-	</div>
-	{{end}}
-	<div class="ui bottom attached segment">
-		<form class="ui form form-fetch-action" action="{{.Link}}/collaborative_owner/add" method="post">
-			{{.CsrfTokenHtml}}
-			<div id="search-user-box" class="ui search input tw-align-middle" data-include-orgs="true">
-				<input class="prompt" name="collaborative_owner" placeholder="{{ctx.Locale.Tr "search.user_kind"}}" autocomplete="off" autofocus required>
-			</div>
-			<button class="ui primary button">{{ctx.Locale.Tr "actions.general.add_collaborative_owner"}}</button>
-		</form>
-		<br>
-		{{ctx.Locale.Tr "actions.general.collaborative_owners_management_help"}}
-	</div>
-	{{end}}
-
-	{{/* Token Permissions Section */}}
-	<h4 class="ui top attached header">
-		{{ctx.Locale.Tr "actions.general.token_permissions"}}
-	</h4>
-	<div class="ui attached segment">
-		<p class="tw-text-secondary">{{ctx.Locale.Tr "actions.general.token_permissions.description"}}</p>
-		<form class="ui form" action="{{.Link}}/token_permissions" method="post">
-			{{.CsrfTokenHtml}}
-			<div class="grouped fields">
-				<label>{{ctx.Locale.Tr "actions.general.token_permissions.mode"}}</label>
-				<div class="field">
-					<div class="ui radio checkbox">
-						<input type="radio" name="token_permission_mode" value="permissive" {{if eq .TokenPermissionMode .TokenPermissionModePermissive}}checked{{end}}>
-						<label>
-							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.permissive"}}</strong>
-							<p class="tw-text-secondary tw-m-0">{{ctx.Locale.Tr "actions.general.token_permissions.permissive.description"}}</p>
-						</label>
-					</div>
-				</div>
-				<div class="field">
-					<div class="ui radio checkbox">
-						<input type="radio" name="token_permission_mode" value="restricted" {{if eq .TokenPermissionMode .TokenPermissionModeRestricted}}checked{{end}}>
-						<label>
-							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.restricted"}}</strong>
-							<p class="tw-text-secondary tw-m-0">{{ctx.Locale.Tr "actions.general.token_permissions.restricted.description"}}</p>
-						</label>
+			<!-- Permission Mode Selection -->
+			<div class="field">
+				<label>{{ctx.Locale.Tr "general.token_permissions.mode"}}</label>
+				<div class="grouped fields">
+					<div class="field">
+						<div class="ui radio checkbox">
+							<input type="radio" name="token_permission_mode" value="{{.TokenPermissionModePermissive}}" {{if eq .TokenPermissionMode .TokenPermissionModePermissive}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.permissive"}}</label>
+							<p class="help">{{ctx.Locale.Tr "general.token_permissions.permissive.description"}}</p>
+						</div>
 					</div>
-				</div>
-				<div class="field">
-					<div class="ui radio checkbox">
-						<input type="radio" name="token_permission_mode" value="custom" {{if eq .TokenPermissionMode .TokenPermissionModeCustom}}checked{{end}}>
-						<label>
-							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.custom"}}</strong>
-							<p class="tw-text-secondary tw-m-0">{{ctx.Locale.Tr "actions.general.token_permissions.custom.description"}}</p>
-						</label>
+					<div class="field">
+						<div class="ui radio checkbox">
+							<input type="radio" name="token_permission_mode" value="{{.TokenPermissionModeRestricted}}" {{if eq .TokenPermissionMode .TokenPermissionModeRestricted}}checked{{end}}>
+							<label>{{ctx.Locale.Tr "general.token_permissions.restricted"}}</label>
+							<p class="help">{{ctx.Locale.Tr "general.token_permissions.restricted.description"}}</p>
+						</div>
 					</div>
 				</div>
 			</div>
 
-			<div id="custom-permissions" class="ui segment" style="display: none;">
-				<h5 class="ui header">{{ctx.Locale.Tr "actions.general.token_permissions.individual"}}</h5>
-				<div class="ui grid">
-					<!-- Actions -->
-					<div class="eight wide column">
-						<div class="field">
-							<label>{{ctx.Locale.Tr "actions.actions"}}</label>
-							<div class="ui checkbox">
-								<input type="checkbox" name="actions_read" {{if $.DefaultTokenPermissions.HasRead "actions"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-							</div>
-							<div class="ui checkbox">
-								<input type="checkbox" name="actions_write" {{if $.DefaultTokenPermissions.HasWrite "actions"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+			<p class="text muted">{{ctx.Locale.Tr "general.token_permissions.fork_pr_note"}}</p>
+
+			<div class="divider"></div>
+
+			<!-- Maximum Permissions Table -->
+			<h5 class="ui header">
+				{{ctx.Locale.Tr "general.token_permissions.maximum"}}
+				<span class="ui red text">*</span>
+			</h5>
+			<p class="help">{{ctx.Locale.Tr "general.token_permissions.maximum.description"}}</p>
+
+			<table class="ui celled table">
+				<thead>
+					<tr>
+						<th style="width: 40%">{{ctx.Locale.Tr "units.unit"}}</th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_none"}} <span class="ui basic circular label" data-tooltip="No access to this resource">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_read"}} <span class="ui basic circular label" data-tooltip="Read-only access">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_write"}} <span class="ui basic circular label" data-tooltip="Read and write access">?</span></th>
+					</tr>
+				</thead>
+				<tbody>
+					<!-- Code -->
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.contents"}}</strong>
+							<p class="text small grey">Access source code, files, commits and branches.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_contents" value="none" {{if not ($.MaxTokenPermissions.HasRead "contents")}}checked{{end}}>
+								<label></label>
 							</div>
-						</div>
-					</div>
-					<!-- Contents -->
-					<div class="eight wide column">
-						<div class="field">
-							<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
-							<div class="ui checkbox">
-								<input type="checkbox" name="contents_read" {{if $.DefaultTokenPermissions.HasRead "contents"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_contents" value="read" {{if and ($.MaxTokenPermissions.HasRead "contents") (not ($.MaxTokenPermissions.HasWrite "contents"))}}checked{{end}}>
+								<label></label>
 							</div>
-							<div class="ui checkbox">
-								<input type="checkbox" name="contents_write" {{if $.DefaultTokenPermissions.HasWrite "contents"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_contents" value="write" {{if $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
+								<label></label>
 							</div>
-						</div>
-					</div>
+						</td>
+					</tr>
 					<!-- Issues -->
-					<div class="eight wide column">
-						<div class="field">
-							<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
-							<div class="ui checkbox">
-								<input type="checkbox" name="issues_read" {{if $.DefaultTokenPermissions.HasRead "issues"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.issues"}}</strong>
+							<p class="text small grey">Organize bug reports, tasks and milestones.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_issues" value="none" {{if not ($.MaxTokenPermissions.HasRead "issues")}}checked{{end}}>
+								<label></label>
 							</div>
-							<div class="ui checkbox">
-								<input type="checkbox" name="issues_write" {{if $.DefaultTokenPermissions.HasWrite "issues"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_issues" value="read" {{if and ($.MaxTokenPermissions.HasRead "issues") (not ($.MaxTokenPermissions.HasWrite "issues"))}}checked{{end}}>
+								<label></label>
 							</div>
-						</div>
-					</div>
-					<!-- Packages -->
-					<div class="eight wide column">
-						<div class="field">
-							<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
-							<div class="ui checkbox">
-								<input type="checkbox" name="packages_read" {{if $.DefaultTokenPermissions.HasRead "packages"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_issues" value="write" {{if $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
+								<label></label>
 							</div>
-							<div class="ui checkbox">
-								<input type="checkbox" name="packages_write" {{if $.DefaultTokenPermissions.HasWrite "packages"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-							</div>
-						</div>
-					</div>
+						</td>
+					</tr>
 					<!-- Pull Requests -->
-					<div class="eight wide column">
-						<div class="field">
-							<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
-							<div class="ui checkbox">
-								<input type="checkbox" name="pull_requests_read" {{if $.DefaultTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</strong>
+							<p class="text small grey">Enable pull requests and code reviews.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_pull_requests" value="none" {{if not ($.MaxTokenPermissions.HasRead "pull_requests")}}checked{{end}}>
+								<label></label>
 							</div>
-							<div class="ui checkbox">
-								<input type="checkbox" name="pull_requests_write" {{if $.DefaultTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_pull_requests" value="read" {{if and ($.MaxTokenPermissions.HasRead "pull_requests") (not ($.MaxTokenPermissions.HasWrite "pull_requests"))}}checked{{end}}>
+								<label></label>
 							</div>
-						</div>
-					</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_pull_requests" value="write" {{if $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+					</tr>
 					<!-- Wiki -->
-					<div class="eight wide column">
-						<div class="field">
-							<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
-							<div class="ui checkbox">
-								<input type="checkbox" name="wiki_read" {{if $.DefaultTokenPermissions.HasRead "wiki"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</strong>
+							<p class="text small grey">Write and share documentation with collaborators.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_wiki" value="none" {{if not ($.MaxTokenPermissions.HasRead "wiki")}}checked{{end}}>
+								<label></label>
 							</div>
-							<div class="ui checkbox">
-								<input type="checkbox" name="wiki_write" {{if $.DefaultTokenPermissions.HasWrite "wiki"}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_wiki" value="read" {{if and ($.MaxTokenPermissions.HasRead "wiki") (not ($.MaxTokenPermissions.HasWrite "wiki"))}}checked{{end}}>
+								<label></label>
 							</div>
-						</div>
-					</div>
-				</div>
-			</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_wiki" value="write" {{if $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+					</tr>
+					<!-- Packages -->
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.packages"}}</strong>
+							<p class="text small grey">Manage repository packages.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_packages" value="none" {{if not ($.MaxTokenPermissions.HasRead "packages")}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_packages" value="read" {{if and ($.MaxTokenPermissions.HasRead "packages") (not ($.MaxTokenPermissions.HasWrite "packages"))}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_packages" value="write" {{if $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+					</tr>
+					<!-- Actions -->
+					<tr>
+						<td>
+							<strong>{{ctx.Locale.Tr "general.token_permissions.actions_scope"}}</strong>
+							<p class="text small grey">Manage actions.</p>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_actions" value="none" {{if not ($.MaxTokenPermissions.HasRead "actions")}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_actions" value="read" {{if and ($.MaxTokenPermissions.HasRead "actions") (not ($.MaxTokenPermissions.HasWrite "actions"))}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+						<td style="text-align: center">
+							<div class="ui radio checkbox">
+								<input type="radio" name="max_actions" value="write" {{if $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
+								<label></label>
+							</div>
+						</td>
+					</tr>
+				</tbody>
+			</table>
 
 			<div class="divider"></div>
-			<h5 class="ui header">{{ctx.Locale.Tr "general.token_permissions.maximum"}}</h5>
-			<p class="tw-text-secondary">{{ctx.Locale.Tr "general.token_permissions.maximum.description"}}</p>
-			<div class="ui grid">
-				<!-- Actions -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "actions.actions"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_read" {{if $.MaxTokenPermissions.HasRead "actions"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_actions_write" {{if $.MaxTokenPermissions.HasWrite "actions"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-				<!-- Contents -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "general.token_permissions.contents"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_read" {{if $.MaxTokenPermissions.HasRead "contents"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_contents_write" {{if $.MaxTokenPermissions.HasWrite "contents"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-				<!-- Issues -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "general.token_permissions.issues"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_read" {{if $.MaxTokenPermissions.HasRead "issues"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_issues_write" {{if $.MaxTokenPermissions.HasWrite "issues"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-				<!-- Packages -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "general.token_permissions.packages"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_read" {{if $.MaxTokenPermissions.HasRead "packages"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_packages_write" {{if $.MaxTokenPermissions.HasWrite "packages"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-				<!-- Pull Requests -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_read" {{if $.MaxTokenPermissions.HasRead "pull_requests"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_pull_requests_write" {{if $.MaxTokenPermissions.HasWrite "pull_requests"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-				<!-- Wiki -->
-				<div class="eight wide column">
-					<div class="field">
-						<label>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</label>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_read" {{if $.MaxTokenPermissions.HasRead "wiki"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_read"}}</label>
-						</div>
-						<div class="ui checkbox">
-							<input type="checkbox" name="max_wiki_write" {{if $.MaxTokenPermissions.HasWrite "wiki"}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.access_write"}}</label>
-						</div>
-					</div>
-				</div>
-			</div>
 
-			<div class="ui info message">
-				<p>{{ctx.Locale.Tr "actions.general.token_permissions.fork_pr_note"}}</p>
-			</div>
-			<div class="divider"></div>
 			<div class="field">
 				<button class="ui primary button">{{ctx.Locale.Tr "repo.settings.update_settings"}}</button>
 			</div>
 		</form>
 	</div>
-{{end}}
 </div>
+{{template "repo/settings/layout_footer" .}}

From 058fc0708d7847ec58ef0d1ff1891d1c7c7b8486 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 04:37:30 +0100
Subject: [PATCH 15/30] fix conflixt

---
 options/locale/locale_en-US.ini | 1 +
 1 file changed, 1 insertion(+)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 1ea69b6f9c44f..79df47ee808ed 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3937,6 +3937,7 @@ general.collaborative_owner_not_exist = The collaborative owner does not exist.
 general.remove_collaborative_owner = Remove Collaborative Owner
 general.remove_collaborative_owner_desc = Removing a collaborative owner will prevent the repositories of the owner from accessing the actions in this repository. Continue?
 
+
 general.token_permissions = Workflow Permissions
 general.token_permissions.description = Configure the default permissions granted to the GITHUB_TOKEN when running workflows in this repository.
 general.token_permissions.mode = Permission Mode

From 64c2147cfe033634c05c40a3a6605d6ac8c449bc Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 05:06:23 +0100
Subject: [PATCH 16/30] Adapt to JSON format

---
 options/locale/locale_en-US.ini              | 3981 ------------------
 options/locale/locale_en-US.json             |   27 +-
 templates/org/settings/actions_general.tmpl  |   27 +-
 templates/repo/settings/actions_general.tmpl |   35 +-
 4 files changed, 58 insertions(+), 4012 deletions(-)
 delete mode 100644 options/locale/locale_en-US.ini

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
deleted file mode 100644
index 1ea69b6f9c44f..0000000000000
--- a/options/locale/locale_en-US.ini
+++ /dev/null
@@ -1,3981 +0,0 @@
-home = Home
-dashboard = Dashboard
-explore = Explore
-help = Help
-logo = Logo
-sign_in = Sign In
-sign_in_with_provider = Sign in with %s
-sign_in_or = or
-sign_out = Sign Out
-sign_up = Register
-link_account = Link Account
-register = Register
-version = Version
-powered_by = Powered by %s
-page = Page
-template = Template
-language = Language
-notifications = Notifications
-active_stopwatch = Active Time Tracker
-tracked_time_summary = Summary of tracked time based on filters of issue list
-create_new = Create…
-user_profile_and_more = Profile and Settings…
-signed_in_as = Signed in as
-enable_javascript = This website requires JavaScript.
-toc = Table of Contents
-licenses = Licenses
-return_to_gitea = Return to Gitea
-more_items = More items
-
-username = Username
-email = Email Address
-password = Password
-access_token = Access Token
-re_type = Confirm Password
-captcha = CAPTCHA
-twofa = Two-Factor Authentication
-twofa_scratch = Two-Factor Scratch Code
-passcode = Passcode
-
-webauthn_insert_key = Insert your security key
-webauthn_sign_in = Press the button on your security key. If your security key has no button, re-insert it.
-webauthn_press_button = Please press the button on your security key…
-webauthn_use_twofa = Use a two-factor code from your phone
-webauthn_error = Could not read your security key.
-webauthn_unsupported_browser = Your browser does not currently support WebAuthn.
-webauthn_error_unknown = An unknown error occurred. Please retry.
-webauthn_error_insecure = WebAuthn only supports secure connections. For testing over HTTP, you can use the origin "localhost" or "127.0.0.1".
-webauthn_error_unable_to_process = The server could not process your request.
-webauthn_error_duplicated = The security key is not permitted for this request. Please make sure that the key is not already registered.
-webauthn_error_empty = You must set a name for this key.
-webauthn_error_timeout = Timeout reached before your key could be read. Please reload this page and retry.
-webauthn_reload = Reload
-
-repository = Repository
-organization = Organization
-mirror = Mirror
-issue_milestone = Milestone
-new_repo = New Repository
-new_migrate = New Migration
-new_mirror = New Mirror
-new_fork = New Repository Fork
-new_org = New Organization
-new_project = New Project
-new_project_column = New Column
-manage_org = Manage Organizations
-admin_panel = Site Administration
-account_settings = Account Settings
-settings = Settings
-your_profile = Profile
-your_starred = Starred
-your_settings = Settings
-
-all = All
-sources = Sources
-mirrors = Mirrors
-collaborative = Collaborative
-forks = Forks
-
-activities = Activities
-pull_requests = Pull Requests
-issues = Issues
-milestones = Milestones
-
-ok = OK
-cancel = Cancel
-retry = Retry
-rerun = Re-run
-rerun_all = Re-run all jobs
-save = Save
-add = Add
-add_all = Add All
-remove = Remove
-remove_all = Remove All
-remove_label_str = Remove item "%s"
-edit = Edit
-view = View
-test = Test
-
-enabled = Enabled
-disabled = Disabled
-locked = Locked
-
-copy = Copy
-copy_url = Copy URL
-copy_hash = Copy hash
-copy_content = Copy content
-copy_branch = Copy branch name
-copy_path = Copy path
-copy_success = Copied!
-copy_error = Copy failed
-copy_type_unsupported = This file type cannot be copied
-copy_filename = Copy filename
-
-write = Write
-preview = Preview
-loading = Loading…
-files = Files
-
-error = Error
-error404 = The page you are trying to reach either <strong>does not exist</strong> or <strong>you are not authorized</strong> to view it.
-error503 = The server could not complete your request. Please try again later.
-go_back = Go Back
-invalid_data = Invalid data: %v
-nothing_has_been_changed = Nothing has been changed.
-
-never = Never
-unknown = Unknown
-
-rss_feed = RSS Feed
-
-pin = Pin
-unpin = Unpin
-
-artifacts = Artifacts
-expired = Expired
-confirm_delete_artifact = Are you sure you want to delete the artifact '%s'?
-
-archived = Archived
-
-concept_system_global = Global
-concept_user_individual = Individual
-concept_code_repository = Repository
-concept_user_organization = Organization
-
-show_timestamps = Show timestamps
-show_log_seconds = Show seconds
-show_full_screen = Show full screen
-download_logs = Download logs
-
-confirm_delete_selected = Confirm to delete all selected items?
-
-name = Name
-value = Value
-readme = Readme
-
-filter = Filter
-filter.clear = Clear Filter
-filter.is_archived = Archived
-filter.not_archived = Not Archived
-filter.is_fork = Forked
-filter.not_fork = Not Forked
-filter.is_mirror = Mirrored
-filter.not_mirror = Not Mirrored
-filter.is_template = Template
-filter.not_template = Not Template
-filter.public = Public
-filter.private = Private
-
-no_results_found = No results found.
-internal_error_skipped = Internal error occurred but is skipped: %s
-
-[search]
-search = Search…
-type_tooltip = Search type
-fuzzy = Fuzzy
-fuzzy_tooltip = Include results that closely match the search term
-words = Words
-words_tooltip = Include only results that match the search term words
-regexp = Regexp
-regexp_tooltip = Include only results that match the regexp search term
-exact = Exact
-exact_tooltip = Include only results that match the exact search term
-repo_kind = Search repos…
-user_kind = Search users…
-org_kind = Search orgs…
-team_kind = Search teams…
-code_kind = Search code…
-code_search_unavailable = Code search is currently not available. Please contact the site administrator.
-code_search_by_git_grep = Current code search results are provided by "git grep". There might be better results if site administrator enables Repository Indexer.
-package_kind = Search packages…
-project_kind = Search projects…
-branch_kind = Search branches…
-tag_kind = Search tags…
-tag_tooltip = Search for matching tags. Use '%' to match any sequence of numbers.
-commit_kind = Search commits…
-runner_kind = Search runners…
-no_results = No matching results found.
-issue_kind = Search issues…
-pull_kind = Search pull requests…
-keyword_search_unavailable = Searching by keyword is currently not available. Please contact the site administrator.
-
-[aria]
-navbar = Navigation Bar
-footer = Footer
-footer.software = About Software
-footer.links = Links
-
-[heatmap]
-number_of_contributions_in_the_last_12_months = %s contributions in the last 12 months
-no_contributions = No contributions
-less = Less
-more = More
-
-[editor]
-buttons.heading.tooltip = Add heading
-buttons.bold.tooltip = Add bold text
-buttons.italic.tooltip = Add italic text
-buttons.strikethrough.tooltip = Add strikethrough text
-buttons.quote.tooltip = Quote text
-buttons.code.tooltip = Add code
-buttons.link.tooltip = Add a link
-buttons.list.unordered.tooltip = Add a bullet list
-buttons.list.ordered.tooltip = Add a numbered list
-buttons.list.task.tooltip = Add a list of tasks
-buttons.table.add.tooltip = Add a table
-buttons.table.add.insert = Add
-buttons.table.rows = Rows
-buttons.table.cols = Columns
-buttons.mention.tooltip = Mention a user or team
-buttons.ref.tooltip = Reference an issue or pull request
-buttons.switch_to_legacy.tooltip = Use the legacy editor instead
-buttons.enable_monospace_font = Enable monospace font
-buttons.disable_monospace_font = Disable monospace font
-
-[filter]
-string.asc = A–Z
-string.desc = Z–A
-
-[error]
-occurred = An error occurred
-report_message = If you believe that this is a Gitea bug, please search for issues on <a href="%s" target="_blank">GitHub</a> or open a new issue if necessary.
-not_found = The target couldn't be found.
-network_error = Network error
-
-[startpage]
-app_desc = A painless, self-hosted Git service
-install = Easy to install
-install_desc = Simply <a target="_blank" rel="noopener noreferrer" href="%[1]s">run the binary</a> for your platform, ship it with <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>, or get it <a target="_blank" rel="noopener noreferrer" href="%[3]s">packaged</a>.
-platform = Cross-platform
-platform_desc = Gitea runs anywhere <a target="_blank" rel="noopener noreferrer" href="%s">Go</a> can compile for: Windows, macOS, Linux, ARM, etc. Choose the one you love!
-lightweight = Lightweight
-lightweight_desc = Gitea has low minimal requirements and can run on an inexpensive Raspberry Pi. Save your machine energy!
-license = Open Source
-license_desc = Go get <a target="_blank" rel="noopener noreferrer" href="%[1]s">%[2]s</a>! Join us by <a target="_blank" rel="noopener noreferrer" href="%[3]s">contributing</a> to make this project even better. Don't be shy to be a contributor!
-
-[install]
-install = Installation
-installing_desc = Installing now, please wait…
-title = Initial Configuration
-docker_helper = If you run Gitea inside Docker, please read the <a target="_blank" rel="noopener noreferrer" href="%s">documentation</a> before changing any settings.
-require_db_desc = Gitea requires MySQL, PostgreSQL, MSSQL, SQLite3 or TiDB (MySQL protocol).
-db_title = Database Settings
-db_type = Database Type
-host = Host
-user = Username
-password = Password
-db_name = Database Name
-db_schema = Schema
-db_schema_helper = Leave blank for database default ("public").
-ssl_mode = SSL
-path = Path
-sqlite_helper = File path for the SQLite3 database.<br>Enter an absolute path if you run Gitea as a service.
-reinstall_error = You are trying to install into an existing Gitea database
-reinstall_confirm_message = Re-installing with an existing Gitea database can cause multiple problems. In most cases, you should use your existing "app.ini" to run Gitea. If you know what you are doing, confirm the following:
-reinstall_confirm_check_1 = The data encrypted by the SECRET_KEY in app.ini may be lost: users may not be able to log in with 2FA/OTP and mirrors may not function correctly. By checking this box, you confirm that the current app.ini file contains the correct SECRET_KEY.
-reinstall_confirm_check_2 = The repositories and settings may need to be resynchronized. By checking this box, you confirm that you will resynchronize the hooks for the repositories and authorized_keys file manually. You confirm that you will ensure that repository and mirror settings are correct.
-reinstall_confirm_check_3 = You confirm that you are absolutely sure that this Gitea is running with the correct app.ini location and that you are sure that you have to re-install. You confirm that you acknowledge the above risks.
-err_empty_db_path = The SQLite3 database path cannot be empty.
-no_admin_and_disable_registration = You cannot disable user self-registration without creating an administrator account.
-err_empty_admin_password = The administrator password cannot be empty.
-err_empty_admin_email = The administrator email address cannot be empty.
-err_admin_name_is_reserved = Administrator username is invalid. Username is reserved.
-err_admin_name_pattern_not_allowed = Administrator username is invalid. The username matches a reserved pattern.
-err_admin_name_is_invalid = Administrator username is invalid
-
-general_title = General Settings
-app_name = Site Title
-app_name_helper = You can enter your company name here.
-repo_path = Repository Root Path
-repo_path_helper = Remote Git repositories will be saved to this directory.
-lfs_path = Git LFS Root Path
-lfs_path_helper = Files tracked by Git LFS will be stored in this directory. Leave empty to disable.
-run_user = Run As Username
-run_user_helper = The operating system username that Gitea runs as. Note that this user must have access to the repository root path.
-domain = Server Domain
-domain_helper = Domain or host address for the server.
-ssh_port = SSH Server Port
-ssh_port_helper = Port number your SSH server listens on. Leave empty to disable.
-http_port = Gitea HTTP Listen Port
-http_port_helper = Port number the Gitea web server will listen on.
-app_url = Gitea Base URL
-app_url_helper = Base address for HTTP(S) clone URLs and email notifications.
-log_root_path = Log Path
-log_root_path_helper = Log files will be written to this directory.
-
-optional_title = Optional Settings
-email_title = Email Settings
-smtp_addr = SMTP Host
-smtp_port = SMTP Port
-smtp_from = Send Email As
-smtp_from_invalid = The "Send Email As" address is invalid
-smtp_from_helper = Email address Gitea will use. Enter a plain email address or use the "Name" <email@example.com> format.
-mailer_user = SMTP Username
-mailer_password = SMTP Password
-register_confirm = Require Email Confirmation to Register
-mail_notify = Enable Email Notifications
-server_service_title = Server and Third-Party Service Settings
-offline_mode = Enable Local Mode
-offline_mode_popup = Disable third-party content delivery networks and serve all resources locally.
-disable_gravatar = Disable Gravatar
-disable_gravatar_popup = Disable Gravatar and third-party avatar sources. A default avatar will be used unless a user locally uploads an avatar.
-federated_avatar_lookup = Enable Federated Avatars
-federated_avatar_lookup_popup = Enable federated avatar lookup using Libravatar.
-disable_registration = Disable Self-Registration
-disable_registration_popup = Disable user self-registration. Only administrators will be able to create new user accounts.
-allow_only_external_registration_popup = Allow Registration Only Through External Services
-openid_signin = Enable OpenID Sign-In
-openid_signin_popup = Enable user sign-in via OpenID.
-openid_signup = Enable OpenID Self-Registration
-openid_signup_popup = Enable OpenID-based user self-registration.
-enable_captcha = Enable registration CAPTCHA
-enable_captcha_popup = Require a CAPTCHA for user self-registration.
-require_sign_in_view = Require Sign-In to View Pages
-require_sign_in_view_popup = Limit page access to signed-in users. Visitors will only see the sign-in and registration pages.
-admin_setting_desc = Creating an administrator account is optional. The first registered user will automatically become an administrator.
-admin_title = Administrator Account Settings
-admin_name = Administrator Username
-admin_password = Password
-confirm_password = Confirm Password
-admin_email = Email Address
-install_btn_confirm = Install Gitea
-test_git_failed = Could not test 'git' command: %v
-sqlite3_not_available = This Gitea version does not support SQLite3. Please download the official binary version from %s (not the 'gobuild' version).
-invalid_db_setting = The database settings are invalid: %v
-invalid_db_table = The database table "%s" is invalid: %v
-invalid_repo_path = The repository root path is invalid: %v
-invalid_app_data_path = The app data path is invalid: %v
-run_user_not_match = The 'run as' username is not the current username: %s -> %s
-internal_token_failed = Failed to generate internal token: %v
-secret_key_failed = Failed to generate secret key: %v
-save_config_failed = Failed to save configuration: %v
-invalid_admin_setting = Administrator account setting is invalid: %v
-invalid_log_root_path = The log path is invalid: %v
-default_keep_email_private = Hide Email Addresses by Default
-default_keep_email_private_popup = Hide email addresses of new user accounts by default.
-default_allow_create_organization = Allow Creation of Organizations by Default
-default_allow_create_organization_popup = Allow new user accounts to create organizations by default.
-default_enable_timetracking = Enable Time Tracking by Default
-default_enable_timetracking_popup = Enable time tracking for new repositories by default.
-no_reply_address = Hidden Email Domain
-no_reply_address_helper = Domain name for users with a hidden email address. For example, the username 'joe' will be logged in Git as 'joe@noreply.example.org' if the hidden email domain is set to 'noreply.example.org'.
-password_algorithm = Password Hash Algorithm
-invalid_password_algorithm = Invalid password hash algorithm
-password_algorithm_helper = Set the password hashing algorithm. Algorithms have differing requirements and strengths. The argon2 algorithm is rather secure but uses a lot of memory and may be inappropriate for small systems.
-enable_update_checker = Enable Update Checker
-enable_update_checker_helper = Checks for new version releases periodically by connecting to gitea.io.
-env_config_keys = Environment Configuration
-env_config_keys_prompt = The following environment variables will also be applied to your configuration file:
-config_write_file_prompt = These configuration options will be written into: %s
-
-[home]
-nav_menu = Navigation Menu
-uname_holder = Username or Email Address
-password_holder = Password
-switch_dashboard_context = Switch Dashboard Context
-my_repos = Repositories
-show_more_repos = Show more repositories…
-collaborative_repos = Collaborative Repositories
-my_orgs = My Organizations
-my_mirrors = My Mirrors
-view_home = View %s
-filter = Other Filters
-filter_by_team_repositories = Filter by team repositories
-feed_of = Feed of "%s"
-
-show_archived = Archived
-show_both_archived_unarchived = Showing both archived and unarchived
-show_only_archived = Showing only archived
-show_only_unarchived = Showing only unarchived
-
-show_private = Private
-show_both_private_public = Showing both public and private
-show_only_private = Showing only private
-show_only_public = Showing only public
-
-issues.in_your_repos = In your repositories
-
-guide_title = No Activity
-guide_desc = You are currently not following any repositories or users, so there is no content to display. You can explore repositories or users of interest from the links below.
-explore_repos = Explore repositories
-explore_users = Explore users
-empty_org = There are no organizations yet.
-empty_repo = There are no repositories yet.
-
-[explore]
-repos = Repositories
-users = Users
-organizations = Organizations
-go_to = Go to
-code = Code
-code_last_indexed_at = Last indexed %s
-relevant_repositories_tooltip = Repositories that are forks or that have no topic, no icon, and no description are hidden.
-relevant_repositories = Only relevant repositories are being shown, <a href="%s">show unfiltered results</a>.
-
-[auth]
-create_new_account = Register Account
-already_have_account = Already have an account?
-sign_in_now = Sign in now!
-disable_register_prompt = Registration is disabled. Please contact your site administrator.
-disable_register_mail = Email confirmation for registration is disabled.
-manual_activation_only = Contact your site administrator to complete activation.
-remember_me = Remember This Device
-remember_me.compromised = The login token is not valid anymore which may indicate a compromised account. Please check your account for unusual activities.
-forgot_password_title= Forgot Password
-forgot_password = Forgot password?
-need_account = Need an account?
-sign_up_tip = You are registering the first account in the system, which has administrator privileges. Please carefully remember your username and password. If you forget the username or password, please refer to the Gitea documentation to recover the account.
-sign_up_now = Register now.
-sign_up_successful = Account was successfully created. Welcome!
-confirmation_mail_sent_prompt_ex = A new confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the registration process. If your registration email address is incorrect, you can sign in again and change it.
-must_change_password = Update your password
-allow_password_change = Require user to change password (recommended)
-reset_password_mail_sent_prompt = A confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the account recovery process.
-active_your_account = Activate Your Account
-account_activated = Account has been activated
-prohibit_login = Sign-In Prohibited
-prohibit_login_desc = Your account is prohibited from signing in. Please contact your site administrator.
-resent_limit_prompt = You have already requested an activation email recently. Please wait 3 minutes and try again.
-has_unconfirmed_mail = Hi %s, you have an unconfirmed email address (<b>%s</b>). If you haven't received a confirmation email or need to resend a new one, please click on the button below.
-change_unconfirmed_mail_address = If your registration email address is incorrect, you can change it here and resend a new confirmation email.
-resend_mail = Click here to resend your activation email
-email_not_associate = The email address is not associated with any account.
-send_reset_mail = Send Account Recovery Email
-reset_password = Account Recovery
-invalid_code = Your confirmation code is invalid or has expired.
-invalid_code_forgot_password = Your confirmation code is invalid or has expired. Click <a href="%s">here</a> to start a new session.
-invalid_password = Your password does not match the password that was used to create the account.
-reset_password_helper = Recover Account
-reset_password_wrong_user = You are signed in as %s, but the account recovery link is meant for %s
-password_too_short = Password length cannot be less than %d characters.
-non_local_account = Non-local users cannot update their password through the Gitea web interface.
-verify = Verify
-scratch_code = Scratch code
-use_scratch_code = Use a scratch code
-twofa_scratch_used = You have used your scratch code. You have been redirected to the two-factor settings page so you may remove your device enrollment or generate a new scratch code.
-twofa_passcode_incorrect = Your passcode is incorrect. If you misplaced your device, use your scratch code to sign in.
-twofa_scratch_token_incorrect = Your scratch code is incorrect.
-twofa_required = You must set up two-factor authentication to get access to repositories, or try to log in again.
-login_userpass = Sign In
-login_openid = OpenID
-oauth_signup_tab = Register New Account
-oauth_signup_title = Complete New Account
-oauth_signup_submit = Complete Account
-oauth_signin_tab = Link to Existing Account
-oauth_signin_title = Sign In to Authorize Linked Account
-oauth_signin_submit = Link Account
-oauth.signin.error.general = There was an error processing the authorization request: %s. If this error persists, please contact the site administrator.
-oauth.signin.error.access_denied = The authorization request was denied.
-oauth.signin.error.temporarily_unavailable = Authorization failed because the authentication server is temporarily unavailable. Please try again later.
-oauth_callback_unable_auto_reg = Auto Registration is enabled, but OAuth2 Provider %[1]s returned missing fields: %[2]s, unable to create an account automatically. Please create or link to an account, or contact the site administrator.
-openid_connect_submit = Connect
-openid_connect_title = Connect to an existing account
-openid_connect_desc = The chosen OpenID URI is unknown. Associate it with a new account here.
-openid_register_title = Create new account
-openid_register_desc = The chosen OpenID URI is unknown. Associate it with a new account here.
-openid_signin_desc = Enter your OpenID URI. For example: alice.openid.example.org or https://openid.example.org/alice.
-disable_forgot_password_mail = Account recovery is disabled because no email address is set up. Please contact your site administrator.
-disable_forgot_password_mail_admin = Account recovery is only available when an email address is set up.
-email_domain_blacklisted = You cannot register with your email address.
-authorize_application = Authorize Application
-authorize_redirect_notice = You will be redirected to %s if you authorize this application.
-authorize_application_created_by = This application was created by %s.
-authorize_application_description = If you grant access, it will be able to access and write to all your account information, including private repos and organizations.
-authorize_application_with_scopes = With scopes: %s
-authorize_title = Authorize "%s" to access your account?
-authorization_failed = Authorization failed
-authorization_failed_desc = The authorization failed because we detected an invalid request. Please contact the maintainer of the app you tried to authorize.
-sspi_auth_failed = SSPI authentication failed
-password_pwned = The password you chose is on a <a target="_blank" rel="noopener noreferrer" href="%s">list of stolen passwords</a> previously exposed in public data breaches. Please try again with a different password and consider changing this password elsewhere too.
-password_pwned_err = Could not complete request to HaveIBeenPwned
-last_admin = You cannot remove the last admin. There must be at least one admin.
-signin_passkey = Sign in with a passkey
-back_to_sign_in = Back to Sign In
-
-[mail]
-view_it_on = View it on %s
-reply = or reply to this email directly
-link_not_working_do_paste = Not working? Try copying and pasting it to your browser.
-hi_user_x = Hi <b>%s</b>,
-
-activate_account = Please activate your account
-activate_account.title = %s, please activate your account
-activate_account.text_1 = Hi <b>%[1]s</b>, thanks for registering at %[2]s!
-activate_account.text_2 = Please click the following link to activate your account within <b>%s</b>:
-
-activate_email = Verify your email address
-activate_email.title = %s, please verify your email address
-activate_email.text = Please click the following link to verify your email address within <b>%s</b>:
-
-register_notify = Welcome to %s
-register_notify.title = %[1]s, welcome to %[2]s
-register_notify.text_1 = This is your registration confirmation email for %s!
-register_notify.text_2 = You can now log in via username: %s.
-register_notify.text_3 = If this account has been created for you, please <a href="%s">set your password</a> first.
-
-reset_password = Recover your account
-reset_password.title = %s, you have requested to recover your account
-reset_password.text = Please click the following link to recover your account within <b>%s</b>:
-
-register_success = Registration successful
-
-issue_assigned.pull = @%[1]s assigned you to pull request %[2]s in repository %[3]s.
-issue_assigned.issue = @%[1]s assigned you to issue %[2]s in repository %[3]s.
-
-issue.x_mentioned_you = <b>@%s</b> mentioned you:
-issue.action.force_push = <b>%[1]s</b> force-pushed the <b>%[2]s</b> from %[3]s to %[4]s.
-issue.action.push_1 = <b>@%[1]s</b> pushed %[3]d commit to %[2]s
-issue.action.push_n = <b>@%[1]s</b> pushed %[3]d commits to %[2]s
-issue.action.close = <b>@%[1]s</b> closed #%[2]d.
-issue.action.reopen = <b>@%[1]s</b> reopened #%[2]d.
-issue.action.merge = <b>@%[1]s</b> merged #%[2]d into %[3]s.
-issue.action.approve = <b>@%[1]s</b> approved this pull request.
-issue.action.reject = <b>@%[1]s</b> requested changes on this pull request.
-issue.action.review = <b>@%[1]s</b> commented on this pull request.
-issue.action.review_dismissed = <b>@%[1]s</b> dismissed last review from %[2]s for this pull request.
-issue.action.ready_for_review = <b>@%[1]s</b> marked this pull request ready for review.
-issue.action.new = <b>@%[1]s</b> created #%[2]d.
-issue.in_tree_path = In %s:
-
-release.new.subject = %s in %s released
-release.new.text = <b>@%[1]s</b> released %[2]s in %[3]s
-release.title = Title: %s
-release.note = Note:
-release.downloads = Downloads:
-release.download.zip = Source Code (ZIP)
-release.download.targz = Source Code (TAR.GZ)
-
-repo.transfer.subject_to = %s would like to transfer "%s" to %s
-repo.transfer.subject_to_you = %s would like to transfer "%s" to you
-repo.transfer.to_you = you
-repo.transfer.body = To accept or reject it, visit %s or just ignore it.
-
-repo.collaborator.added.subject = %s added you to %s
-repo.collaborator.added.text = You have been added as a collaborator of repository:
-
-repo.actions.run.failed = Run failed
-repo.actions.run.succeeded = Run succeeded
-repo.actions.run.cancelled = Run cancelled
-repo.actions.jobs.all_succeeded = All jobs have succeeded
-repo.actions.jobs.all_failed = All jobs have failed
-repo.actions.jobs.some_not_successful = Some jobs were not successful
-repo.actions.jobs.all_cancelled = All jobs have been cancelled
-
-team_invite.subject = %[1]s has invited you to join the %[2]s organization
-team_invite.text_1 = %[1]s has invited you to join team %[2]s in organization %[3]s.
-team_invite.text_2 = Please click the following link to join the team:
-team_invite.text_3 = Note: This invitation was intended for %[1]s. If you were not expecting this invitation, you can ignore this email.
-
-[modal]
-yes = Yes
-no = No
-confirm = Confirm
-cancel = Cancel
-modify = Update
-
-[form]
-UserName = Username
-RepoName = Repository name
-Email = Email address
-Password = Password
-Retype = Confirm Password
-SSHTitle = SSH key name
-HttpsUrl = HTTPS URL
-PayloadUrl = Payload URL
-TeamName = Team name
-AuthName = Authorization name
-AdminEmail = Admin email
-
-NewBranchName = New branch name
-CommitSummary = Commit summary
-CommitMessage = Commit message
-CommitChoice = Commit choice
-TreeName = File path
-Content = Content
-
-SSPISeparatorReplacement = Separator
-SSPIDefaultLanguage = Default Language
-
-require_error = ` cannot be empty.`
-alpha_dash_error = ` should contain only alphanumeric, dash ('-') and underscore ('_') characters.`
-alpha_dash_dot_error = ` should contain only alphanumeric, dash ('-'), underscore ('_') and dot ('.') characters.`
-git_ref_name_error = ` must be a well-formed Git reference name.`
-size_error = ` must be size %s.`
-min_size_error = ` must contain at least %s characters.`
-max_size_error = ` must contain at most %s characters.`
-email_error = ` is not a valid email address.`
-url_error = `"%s" is not a valid URL.`
-include_error = ` must contain substring "%s".`
-glob_pattern_error = ` glob pattern is invalid: %s.`
-regex_pattern_error = ` regex pattern is invalid: %s.`
-username_error = ` can only contain alphanumeric characters ('0-9','a-z','A-Z'), dash ('-'), underscore ('_') and dot ('.'). It cannot begin or end with non-alphanumeric characters, and consecutive non-alphanumeric characters are also forbidden.`
-invalid_group_team_map_error = ` mapping is invalid: %s`
-unknown_error = Unknown error:
-captcha_incorrect = The CAPTCHA code is incorrect.
-password_not_match = The passwords do not match.
-lang_select_error = Select a language from the list.
-
-username_been_taken = The username is already taken.
-username_change_not_local_user = Non-local users are not allowed to change their username.
-change_username_disabled = Changing username is disabled.
-change_full_name_disabled = Changing full name is disabled.
-username_has_not_been_changed = Username has not been changed
-repo_name_been_taken = The repository name is already used.
-repository_force_private = Force Private is enabled: private repositories cannot be made public.
-repository_files_already_exist = Files already exist for this repository. Contact the system administrator.
-repository_files_already_exist.adopt = Files already exist for this repository and can only be adopted.
-repository_files_already_exist.delete = Files already exist for this repository. You must delete them.
-repository_files_already_exist.adopt_or_delete = Files already exist for this repository. Either adopt them or delete them.
-visit_rate_limit = Remote visit addressed rate limitation.
-2fa_auth_required = Remote visit required two-factor authentication.
-org_name_been_taken = The organization name is already taken.
-team_name_been_taken = The team name is already taken.
-team_no_units_error = Allow access to at least one repository section.
-email_been_used = The email address is already used.
-email_invalid = The email address is invalid.
-email_domain_is_not_allowed = The domain of user email address <b>%s</b> conflicts with EMAIL_DOMAIN_ALLOWLIST or EMAIL_DOMAIN_BLOCKLIST. Please ensure your operation is expected.
-openid_been_used = The OpenID address "%s" is already used.
-username_password_incorrect = Username or password is incorrect.
-password_complexity = Password does not pass complexity requirements:
-password_lowercase_one = At least one lowercase character
-password_uppercase_one = At least one uppercase character
-password_digit_one = At least one digit
-password_special_one = At least one special character (punctuation, brackets, quotes, etc.)
-enterred_invalid_repo_name = The repository name you entered is incorrect.
-enterred_invalid_org_name = The organization name you entered is incorrect.
-enterred_invalid_owner_name = The new owner name is not valid.
-enterred_invalid_password = The password you entered is incorrect.
-unset_password = The login user has not set the password.
-unsupported_login_type = The login type is not supported to delete account.
-user_not_exist = The user does not exist.
-team_not_exist = The team does not exist.
-last_org_owner = You cannot remove the last user from the 'owners' team. There must be at least one owner for an organization.
-cannot_add_org_to_team = An organization cannot be added as a team member.
-duplicate_invite_to_team = The user was already invited as a team member.
-organization_leave_success = You have successfully left the organization %s.
-
-invalid_ssh_key = Cannot verify your SSH key: %s
-invalid_gpg_key = Cannot verify your GPG key: %s
-invalid_ssh_principal = Invalid principal: %s
-must_use_public_key = The key you provided is a private key. Please do not upload your private key anywhere. Use your public key instead.
-unable_verify_ssh_key = "Cannot verify the SSH key. Double-check it for mistakes."
-auth_failed = Authentication failed: %v
-
-still_own_repo = "Your account owns one or more repositories. Delete or transfer them first."
-still_has_org = "Your account is a member of one or more organizations. Leave them first."
-still_own_packages = "Your account owns one or more packages. Delete them first."
-org_still_own_repo = "This organization still owns one or more repositories. Delete or transfer them first."
-org_still_own_packages = "This organization still owns one or more packages. Delete them first."
-
-target_branch_not_exist = Target branch does not exist.
-target_ref_not_exist = Target ref does not exist %s
-
-admin_cannot_delete_self = You cannot delete yourself when you are an admin. Please remove your admin privileges first.
-
-[user]
-change_avatar = Change your avatar…
-joined_on = Joined on %s
-repositories = Repositories
-activity = Public Activity
-followers = Followers
-show_more = Show More
-starred = Starred Repositories
-watched = Watched Repositories
-code = Code
-projects = Projects
-overview = Overview
-following = Following
-follow = Follow
-unfollow = Unfollow
-user_bio = Biography
-disabled_public_activity = This user has disabled the public visibility of the activity.
-email_visibility.limited = Your email address is visible to all authenticated users
-email_visibility.private = Your email address is only visible to you and administrators
-show_on_map = Show this place on a map
-settings = User Settings
-
-form.name_reserved = The username "%s" is reserved.
-form.name_pattern_not_allowed = The pattern "%s" is not allowed in a username.
-form.name_chars_not_allowed = Username "%s" contains invalid characters.
-
-block.block = Block
-block.block.user = Block user
-block.block.org = Block user from organization
-block.block.failure = Failed to block user: %s
-block.unblock = Unblock
-block.unblock.failure = Failed to unblock user: %s
-block.blocked = You have blocked this user.
-block.title = Block a user
-block.info = Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
-block.info_1 = Blocking a user prevents the following actions on your account and your repositories:
-block.info_2 = following your account
-block.info_3 = send you notifications by @mentioning your username
-block.info_4 = inviting you as a collaborator to their repositories
-block.info_5 = starring, forking or watching on repositories
-block.info_6 = opening and commenting on issues or pull requests
-block.info_7 = reacting to your comments in issues or pull requests
-block.user_to_block = User to block
-block.note = Note
-block.note.title = Optional note:
-block.note.info = The note is not visible to the blocked user.
-block.note.edit = Edit note
-block.list = Blocked users
-block.list.none = You have not blocked any users.
-
-[settings]
-profile = Profile
-account = Account
-appearance = Appearance
-password = Password
-security = Security
-avatar = Avatar
-ssh_gpg_keys = SSH / GPG Keys
-social = Social Accounts
-applications = Applications
-orgs = Manage Organizations
-repos = Repositories
-delete = Delete Account
-twofa = Two-Factor Authentication (TOTP)
-account_link = Linked Accounts
-organization = Organizations
-uid = UID
-webauthn = Two-Factor Authentication (Security Keys)
-
-public_profile = Public Profile
-biography_placeholder = Tell us a little bit about yourself! (You can use Markdown)
-location_placeholder = Share your approximate location with others
-profile_desc = Control how your profile is shown to other users. Your primary email address will be used for notifications, password recovery and web-based Git operations.
-password_username_disabled = You are not allowed to change your username. Please contact your site administrator for more details.
-password_full_name_disabled = You are not allowed to change your full name. Please contact your site administrator for more details.
-full_name = Full Name
-website = Website
-location = Location
-update_theme = Update Theme
-update_profile = Update Profile
-update_language = Update Language
-update_language_not_found = Language "%s" is not available.
-update_language_success = Language has been updated.
-update_profile_success = Your profile has been updated.
-change_username = Your username has been changed.
-change_username_prompt = Note: Changing your username also changes your account URL.
-change_username_redirect_prompt = The old username will redirect until someone claims it.
-continue = Continue
-cancel = Cancel
-language = Language
-ui = Theme
-hidden_comment_types = Hidden comment types
-hidden_comment_types_description = Comment types checked here will not be shown on issue pages. Checking "Label", for example, removes all "{user} added/removed {label}" comments.
-hidden_comment_types.ref_tooltip = Comments where this issue was referenced from another issue/commit/…
-hidden_comment_types.issue_ref_tooltip = Comments where the user changes the branch/tag associated with the issue
-comment_type_group_reference = Reference
-comment_type_group_label = Label
-comment_type_group_milestone = Milestone
-comment_type_group_assignee = Assignee
-comment_type_group_title = Title
-comment_type_group_branch = Branch
-comment_type_group_time_tracking = Time Tracking
-comment_type_group_deadline = Deadline
-comment_type_group_dependency = Dependency
-comment_type_group_lock = Lock Status
-comment_type_group_review_request = Review request
-comment_type_group_pull_request_push = Added commits
-comment_type_group_project = Project
-comment_type_group_issue_ref = Issue reference
-saved_successfully = Your settings were saved successfully.
-privacy = Privacy
-keep_activity_private = Hide Activity from profile page
-keep_activity_private_popup = Makes the activity visible only for you and the admins
-
-lookup_avatar_by_mail = Look Up Avatar by Email Address
-federated_avatar_lookup = Federated Avatar Lookup
-enable_custom_avatar = Use Custom Avatar
-choose_new_avatar = Choose new avatar
-update_avatar = Update Avatar
-delete_current_avatar = Delete Current Avatar
-uploaded_avatar_not_a_image = The uploaded file is not an image.
-uploaded_avatar_is_too_big = The uploaded file size (%d KiB) exceeds the maximum size (%d KiB).
-update_avatar_success = Your avatar has been updated.
-update_user_avatar_success = The user's avatar has been updated.
-cropper_prompt = You can edit the image before saving. The edited image will be saved as PNG.
-
-change_password = Update Password
-old_password = Current Password
-new_password = New Password
-retype_new_password = Confirm New Password
-password_incorrect = The current password is incorrect.
-change_password_success = Your password has been updated. Sign in using your new password from now on.
-password_change_disabled = Non-local users cannot update their password through the Gitea web interface.
-
-emails = Email Addresses
-manage_emails = Manage Email Addresses
-manage_themes = Select default theme
-manage_openid = Manage OpenID Addresses
-email_desc = Your primary email address will be used for notifications, password recovery and, provided that it is not hidden, web-based Git operations.
-theme_desc = This will be your default theme across the site.
-theme_colorblindness_help = Color blindness Theme Support
-theme_colorblindness_prompt = Gitea only has a few themes with basic color blindness support, which only have a few colors defined. The work is still in progress. More improvements could be made by defining more colors in the theme CSS files.
-primary = Primary
-activated = Activated
-requires_activation = Requires activation
-primary_email = Make Primary
-activate_email = Send Activation
-activations_pending = Activations Pending
-can_not_add_email_activations_pending = There is a pending activation. Try again in a few minutes if you want to add a new email address.
-delete_email = Remove
-email_deletion = Remove Email Address
-email_deletion_desc = This email address and related information will be removed from your account. Git commits by this email address will remain unchanged. Continue?
-email_deletion_success = The email address has been removed.
-theme_update_success = Your theme was updated.
-theme_update_error = The selected theme does not exist.
-openid_deletion = Remove OpenID Address
-openid_deletion_desc = Removing this OpenID address from your account will prevent you from signing in with it. Continue?
-openid_deletion_success = The OpenID address has been removed.
-add_new_email = Add New Email Address
-add_new_openid = Add New OpenID URI
-add_email = Add Email Address
-add_openid = Add OpenID URI
-add_email_confirmation_sent = A confirmation email has been sent to "%s". Please check your inbox within the next %s to confirm your email address.
-add_email_success = The new email address has been added.
-email_preference_set_success = Email preference has been set successfully.
-add_openid_success = The new OpenID address has been added.
-keep_email_private = Hide Email Address
-keep_email_private_popup = This will hide your email address from your profile, as well as when you make a pull request or edit a file using the web interface. Pushed commits will not be modified. Use %s in commits to associate them with your account.
-openid_desc = OpenID lets you delegate authentication to an external provider.
-
-manage_ssh_keys = Manage SSH Keys
-manage_ssh_principals = Manage SSH Certificate Principals
-manage_gpg_keys = Manage GPG Keys
-add_key = Add Key
-ssh_desc = These public SSH keys are associated with your account. The corresponding private keys allow full access to your repositories.
-principal_desc = These SSH certificate principals are associated with your account and allow full access to your repositories.
-gpg_desc = These public GPG keys are associated with your account. Keep your private keys safe as they allow commits to be verified.
-ssh_helper = <strong>Need help?</strong> Have a look at GitHub's guide to <a href="%s">create your own SSH keys</a> or solve <a href="%s">common problems</a> you may encounter using SSH.
-gpg_helper = <strong>Need help?</strong> Have a look at GitHub's guide <a href="%s">about GPG</a>.
-add_new_key = Add SSH Key
-add_new_gpg_key = Add GPG Key
-key_content_ssh_placeholder = Begins with 'ssh-ed25519', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'sk-ecdsa-sha2-nistp256@openssh.com', or 'sk-ssh-ed25519@openssh.com'
-key_content_gpg_placeholder = Begins with '-----BEGIN PGP PUBLIC KEY BLOCK-----'
-add_new_principal = Add Principal
-ssh_key_been_used = This SSH key has already been added to the server.
-ssh_key_name_used = An SSH key with same name already exists on your account.
-ssh_principal_been_used = This principal has already been added to the server.
-gpg_key_id_used = A public GPG key with same ID already exists.
-gpg_no_key_email_found = This GPG key does not match any activated email address associated with your account. It may still be added if you sign the provided token.
-gpg_key_matched_identities = Matched Identities:
-gpg_key_matched_identities_long=The embedded identities in this key match the following activated email addresses for this user. Commits matching these email addresses can be verified with this key.
-gpg_key_verified=Verified Key
-gpg_key_verified_long=Key has been verified with a token and can be used to verify commits matching any activated email addresses for this user in addition to any matched identities for this key.
-gpg_key_verify=Verify
-gpg_invalid_token_signature = The provided GPG key, signature and token do not match, or the token is out-of-date.
-gpg_token_required = You must provide a signature for the below token
-gpg_token = Token
-gpg_token_help = You can generate a signature using:
-gpg_token_signature = Armored GPG signature
-key_signature_gpg_placeholder = Begins with '-----BEGIN PGP SIGNATURE-----'
-verify_gpg_key_success = GPG key "%s" has been verified.
-ssh_key_verified=Verified Key
-ssh_key_verified_long=Key has been verified with a token and can be used to verify commits matching any activated email addresses for this user.
-ssh_key_verify=Verify
-ssh_invalid_token_signature = The provided SSH key, signature or token do not match, or the token is out-of-date.
-ssh_token_required = You must provide a signature for the below token
-ssh_token = Token
-ssh_token_help = You can generate a signature using:
-ssh_token_signature = Armored SSH signature
-key_signature_ssh_placeholder = Begins with '-----BEGIN SSH SIGNATURE-----'
-verify_ssh_key_success = SSH key "%s" has been verified.
-subkeys = Subkeys
-key_id = Key ID
-key_name = Key Name
-key_content = Content
-principal_content = Content
-add_key_success = The SSH key "%s" has been added.
-add_gpg_key_success = The GPG key "%s" has been added.
-add_principal_success = The SSH certificate principal "%s" has been added.
-delete_key = Remove
-ssh_key_deletion = Remove SSH Key
-gpg_key_deletion = Remove GPG Key
-ssh_principal_deletion = Remove SSH Certificate Principal
-ssh_key_deletion_desc = Removing an SSH key revokes its access to your account. Continue?
-gpg_key_deletion_desc = Removing a GPG key un-verifies commits signed by it. Continue?
-ssh_principal_deletion_desc = Removing an SSH Certificate Principal revokes its access to your account. Continue?
-ssh_key_deletion_success = The SSH key has been removed.
-gpg_key_deletion_success = The GPG key has been removed.
-ssh_principal_deletion_success = The principal has been removed.
-added_on = Added on %s
-valid_until_date = Valid until %s
-valid_forever = Valid forever
-last_used = Last used on
-no_activity = No recent activity
-can_read_info = Read
-can_write_info = Write
-key_state_desc = This key has been used in the last 7 days
-token_state_desc = This token has been used in the last 7 days
-principal_state_desc = This principal has been used in the last 7 days
-show_openid = Show on profile
-hide_openid = Hide from profile
-ssh_disabled = SSH Disabled
-ssh_signonly = SSH is currently disabled so these keys are only used for commit signature verification.
-ssh_externally_managed = This SSH key is externally managed for this user
-manage_social = Manage Associated Social Accounts
-social_desc = These social accounts can be used to sign in to your account. Make sure you recognize all of them.
-unbind = Unlink
-unbind_success = The social account has been removed successfully.
-
-manage_access_token = Manage Access Tokens
-generate_new_token = Generate New Token
-tokens_desc = These tokens grant access to your account using the Gitea API.
-token_name = Token Name
-generate_token = Generate Token
-generate_token_success = Your new token has been generated. Copy it now as it will not be shown again.
-generate_token_name_duplicate = <strong>%s</strong> has been used as an application name already. Please use a new one.
-delete_token = Delete
-access_token_deletion = Delete Access Token
-access_token_deletion_cancel_action = Cancel
-access_token_deletion_confirm_action = Delete
-access_token_deletion_desc = Deleting a token will revoke access to your account for applications using it. This cannot be undone. Continue?
-delete_token_success = The token has been deleted. Applications using it no longer have access to your account.
-repo_and_org_access = Repository and Organization Access
-permissions_public_only = Public only
-permissions_access_all = All (public, private, and limited)
-permission_not_set = Not set
-permission_no_access = No Access
-permission_read = Read
-permission_write = Read and Write
-permission_anonymous_read = Anonymous Read
-permission_everyone_read = Everyone Read
-permission_everyone_write = Everyone Write
-access_token_desc = Selected token permissions limit authorization only to the corresponding <a %s>API</a> routes. Read the <a %s>documentation</a> for more information.
-at_least_one_permission = You must select at least one permission to create a token
-permissions_list = Permissions:
-
-manage_oauth2_applications = Manage OAuth2 Applications
-edit_oauth2_application = Edit OAuth2 Application
-oauth2_applications_desc = OAuth2 applications enables your third-party application to securely authenticate users at this Gitea instance.
-remove_oauth2_application = Remove OAuth2 Application
-remove_oauth2_application_desc = Removing an OAuth2 application will revoke access to all signed access tokens. Continue?
-remove_oauth2_application_success = The application has been deleted.
-create_oauth2_application = Create a new OAuth2 Application
-create_oauth2_application_button = Create Application
-create_oauth2_application_success = You have successfully created a new OAuth2 application.
-update_oauth2_application_success = You have successfully updated the OAuth2 application.
-oauth2_application_name = Application Name
-oauth2_confidential_client = Confidential Client. Select for apps that keep the secret confidential, such as web apps. Do not select for native apps, including desktop and mobile apps.
-oauth2_skip_secondary_authorization = Skip authorization for public clients after granting access once. <strong>May pose a security risk.</strong>
-oauth2_redirect_uris = Redirect URIs. Please use a new line for every URI.
-save_application = Save
-oauth2_client_id = Client ID
-oauth2_client_secret = Client Secret
-oauth2_regenerate_secret = Regenerate Secret
-oauth2_regenerate_secret_hint = Lost your secret?
-oauth2_client_secret_hint = The secret will not be shown again after you leave or refresh this page. Please ensure that you have saved it.
-oauth2_application_edit = Edit
-oauth2_application_create_description = OAuth2 applications gives your third-party application access to user accounts on this instance.
-oauth2_application_remove_description = Removing an OAuth2 application will prevent it from accessing authorized user accounts on this instance. Continue?
-oauth2_application_locked = Gitea pre-registers some OAuth2 applications on startup if enabled in config. To prevent unexpected behavior, these can neither be edited nor removed. Please refer to the OAuth2 documentation for more information.
-
-authorized_oauth2_applications = Authorized OAuth2 Applications
-authorized_oauth2_applications_description = You have granted access to your personal Gitea account to these third-party applications. Please revoke access for applications you no longer need.
-revoke_key = Revoke
-revoke_oauth2_grant = Revoke Access
-revoke_oauth2_grant_description = Revoking access for this third-party application will prevent this application from accessing your data. Are you sure?
-revoke_oauth2_grant_success = Access revoked successfully.
-
-twofa_desc = To protect your account against password theft, you can use a smartphone or another device for receiving time-based one-time passwords ("TOTP").
-twofa_recovery_tip = If you lose your device, you will be able to use a single-use recovery key to regain access to your account.
-twofa_is_enrolled = Your account is currently <strong>enrolled</strong> in two-factor authentication.
-twofa_not_enrolled = Your account is not currently enrolled in two-factor authentication.
-twofa_disable = Disable Two-Factor Authentication
-twofa_scratch_token_regenerate = Regenerate Single-Use Recovery Key
-twofa_scratch_token_regenerated = Your single-use recovery key is now %s. Store it in a safe place, as it will not be shown again.
-twofa_enroll = Enroll in Two-Factor Authentication
-twofa_disable_note = You can disable two-factor authentication if needed.
-twofa_disable_desc = Disabling two-factor authentication will make your account less secure. Continue?
-regenerate_scratch_token_desc = If you misplaced your recovery key or have already used it to sign in, you can reset it here.
-twofa_disabled = Two-factor authentication has been disabled.
-scan_this_image = Scan this image with your authentication application:
-or_enter_secret = Or enter the secret: %s
-then_enter_passcode = And enter the passcode shown in the application:
-passcode_invalid = The passcode is incorrect. Try again.
-twofa_enrolled = Your account has been successfully enrolled. Store your single-use recovery key (%s) in a safe place, as it will not be shown again.
-twofa_failed_get_secret = Failed to get secret.
-
-webauthn_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a> standard.
-webauthn_register_key = Add Security Key
-webauthn_nickname = Nickname
-webauthn_delete_key = Remove Security Key
-webauthn_delete_key_desc = If you remove a security key, you can no longer sign in with it. Continue?
-webauthn_key_loss_warning = If you lose your security keys, you will lose access to your account.
-webauthn_alternative_tip = You may want to configure an additional authentication method.
-
-manage_account_links = Manage Linked Accounts
-manage_account_links_desc = These external accounts are linked to your Gitea account.
-account_links_not_available = No external accounts are currently linked to your Gitea account.
-link_account = Link Account
-remove_account_link = Remove Linked Account
-remove_account_link_desc = Removing a linked account will revoke its access to your Gitea account. Continue?
-remove_account_link_success = The linked account has been removed.
-
-hooks.desc = Add webhooks which will be triggered for <strong>all repositories</strong> that you own.
-
-orgs_none = You are not a member of any organizations.
-repos_none = You do not own any repositories.
-
-delete_account = Delete Your Account
-delete_prompt = This operation will permanently delete your user account. It <strong>CANNOT</strong> be undone.
-delete_with_all_comments = Your account is younger than %s. To avoid ghost comments, all issue/PR comments will be deleted with it.
-confirm_delete_account = Confirm Deletion
-delete_account_title = Delete User Account
-delete_account_desc = Are you sure you want to permanently delete this user account?
-
-email_notifications.enable = Enable Email Notifications
-email_notifications.onmention = Only Email on Mention
-email_notifications.disable = Disable Email Notifications
-email_notifications.submit = Set Email Preference
-email_notifications.andyourown = And Your Own Notifications
-email_notifications.actions.desc = Notifications for workflow runs on repositories set up with <a target="_blank" href="%s">Gitea Actions</a>.
-email_notifications.actions.failure_only = Only notify for failed workflow runs
-
-visibility = User visibility
-visibility.public = Public
-visibility.public_tooltip = Visible to everyone
-visibility.limited = Limited
-visibility.limited_tooltip = Visible only to authenticated users
-visibility.private = Private
-visibility.private_tooltip = Visible only to members of organizations you have joined
-
-[repo]
-new_repo_helper = A repository contains all project files, including revision history. Already hosting one elsewhere? <a href="%s">Migrate repository.</a>
-owner = Owner
-owner_helper = Some organizations may not show up in the dropdown due to a maximum repository count limit.
-repo_name = Repository Name
-repo_name_profile_public_hint= .profile is a special repository that you can use to add README.md to your public organization profile, visible to anyone. Make sure it's public and initialize it with a README in the profile directory to get started.
-repo_name_profile_private_hint = .profile-private is a special repository that you can use to add a README.md to your organization member profile, visible only to organization members. Make sure it's private and initialize it with a README in the profile directory to get started.
-repo_name_helper = Good repository names use short, memorable and unique keywords. A repository named ".profile" or ".profile-private" could be used to add a README.md for the user/organization profile.
-repo_size = Repository Size
-template = Template
-template_select = Select a template.
-template_helper = Make repository a template
-template_description = Template repositories let users generate new repositories with the same directory structure, files, and optional settings.
-visibility = Visibility
-visibility_description = Only the owner or the organization members if they have rights, will be able to see it.
-visibility_helper = Make repository private
-visibility_helper_forced = Your site administrator forces new repositories to be private.
-visibility_fork_helper = (Changing this will affect all forks.)
-clone_helper = Need help cloning? Visit <a target="_blank" rel="noopener noreferrer" href="%s">Help</a>.
-fork_repo = Fork Repository
-fork_from = Fork From
-already_forked = You've already forked %s
-fork_to_different_account = Fork to a different account
-fork_visibility_helper = The visibility of a forked repository cannot be changed.
-fork_branch = Branch to be cloned to the fork
-all_branches = All branches
-view_all_branches = View all branches
-view_all_tags = View all tags
-fork_no_valid_owners = This repository cannot be forked because there are no valid owners.
-fork.blocked_user = Cannot fork the repository because you are blocked by the repository owner.
-use_template = Use this template
-open_with_editor = Open with %s
-download_zip = Download ZIP
-download_tar = Download TAR.GZ
-download_bundle = Download BUNDLE
-generate_repo = Generate Repository
-generate_from = Generate From
-repo_desc = Description
-repo_desc_helper = Enter short description (optional)
-repo_no_desc = No description provided
-repo_lang = Languages
-repo_gitignore_helper = Select .gitignore templates.
-repo_gitignore_helper_desc = Choose which files not to track from a list of templates for common languages. Typical artifacts generated by each language's build tools are included on .gitignore by default.
-issue_labels = Issue Labels
-issue_labels_helper = Select an issue label set.
-license = License
-license_helper = Select a license file.
-license_helper_desc = A license governs what others can and can't do with your code. Not sure which one is right for your project? See <a target="_blank" rel="noopener noreferrer" href="%s">Choose a license.</a>
-multiple_licenses = Multiple Licenses
-object_format = Object Format
-object_format_helper = Object format of the repository. Cannot be changed later. SHA1 is most compatible.
-readme = README
-readme_helper = Select a README file template.
-readme_helper_desc = This is the place where you can write a complete description for your project.
-auto_init = Initialize Repository (Adds .gitignore, License and README)
-trust_model_helper = Select trust model for signature verification. Possible options are:
-trust_model_helper_collaborator = Collaborator: Trust signatures by collaborators
-trust_model_helper_committer = Committer: Trust signatures that match committers
-trust_model_helper_collaborator_committer = Collaborator+Committer: Trust signatures by collaborators which match the committer
-trust_model_helper_default = Default: Use the default trust model for this installation
-create_repo = Create Repository
-default_branch = Default Branch
-default_branch_label = default
-default_branch_helper = The default branch is the base branch for pull requests and code commits.
-mirror_prune = Prune
-mirror_prune_desc = Remove obsolete remote-tracking references
-mirror_interval = Mirror Interval (valid time units are 'h', 'm', 's'). 0 to disable periodic sync. (Minimum interval: %s)
-mirror_interval_invalid = The mirror interval is not valid.
-mirror_sync = synced
-mirror_sync_on_commit = Sync when commits are pushed
-mirror_address = Clone From URL
-mirror_address_desc = Put any required credentials in the Authorization section.
-mirror_address_url_invalid = The provided URL is invalid. Make sure all components of the URL are escaped correctly.
-mirror_address_protocol_invalid = The provided URL is invalid. Only http(s):// or git:// locations can be used for mirroring.
-mirror_lfs = Large File Storage (LFS)
-mirror_lfs_desc = Activate mirroring of LFS data.
-mirror_lfs_endpoint = LFS Endpoint
-mirror_lfs_endpoint_desc = Sync will attempt to use the clone URL to <a target="_blank" rel="noopener noreferrer" href="%s">determine the LFS server</a>. You can also specify a custom endpoint if the repository LFS data is stored somewhere else.
-mirror_last_synced = Last Synchronized
-mirror_password_placeholder = (Unchanged)
-mirror_password_blank_placeholder = (Unset)
-mirror_password_help = Change the username to erase a stored password.
-watchers = Watchers
-stargazers = Stargazers
-stars_remove_warning = This will remove all stars from this repository.
-forks = Forks
-stars = Stars
-reactions_more = and %d more
-unit_disabled = The site administrator has disabled this repository section.
-language_other = Other
-adopt_search = Enter username to search for unadopted repositories… (leave blank to find all)
-adopt_preexisting_label = Adopt Files
-adopt_preexisting = Adopt pre-existing files
-adopt_preexisting_content = Create repository from %s
-adopt_preexisting_success = Adopted files and created repository from %s
-delete_preexisting_label = Delete
-delete_preexisting = Delete pre-existing files
-delete_preexisting_content = Delete files in %s
-delete_preexisting_success = Deleted unadopted files in %s
-blame_prior = View blame prior to this change
-blame.ignore_revs = Ignoring revisions in <a href="%s">.git-blame-ignore-revs</a>. Click <a href="%s">here to bypass</a> and see the normal blame view.
-blame.ignore_revs.failed = Failed to ignore revisions in <a href="%s">.git-blame-ignore-revs</a>.
-user_search_tooltip = Shows a maximum of 30 users
-
-tree_path_not_found = Path %[1]s doesn't exist in %[2]s
-
-transfer.accept = Accept Transfer
-transfer.accept_desc = Transfer to "%s"
-transfer.reject = Reject Transfer
-transfer.reject_desc = Cancel transfer to "%s"
-transfer.no_permission_to_accept = You do not have permission to accept this transfer.
-transfer.no_permission_to_reject = You do not have permission to reject this transfer.
-
-desc.private = Private
-desc.public = Public
-desc.public_access = Public Access
-desc.template = Template
-desc.internal = Internal
-desc.archived = Archived
-desc.sha256 = SHA256
-
-template.items = Template Items
-template.git_content = Git Content (Default Branch)
-template.git_hooks = Git Hooks
-template.git_hooks_tooltip = You are currently unable to modify or remove Git Hooks once added. Select this only if you trust the template repository.
-template.webhooks = Webhooks
-template.topics = Topics
-template.avatar = Avatar
-template.issue_labels = Issue Labels
-template.one_item = Must select at least one template item
-template.invalid = Must select a template repository
-
-archive.title = This repo is archived. You can view files and clone it. You cannot open issues or pull requests or push a commit.
-archive.title_date = This repository has been archived on %s. You can view files and clone it. You cannot open issues or pull requests or push a commit.
-archive.issue.nocomment = This repo is archived. You cannot comment on issues.
-archive.pull.nocomment = This repo is archived. You cannot comment on pull requests.
-
-form.reach_limit_of_creation_1 = The owner has already reached the limit of %d repository.
-form.reach_limit_of_creation_n = The owner has already reached the limit of %d repositories.
-form.name_reserved = The repository name "%s" is reserved.
-form.name_pattern_not_allowed = The pattern "%s" is not allowed in a repository name.
-
-need_auth = Authorization
-migrate_options = Migration Options
-migrate_service = Migration Service
-migrate_options_mirror_helper = This repository will be a mirror
-migrate_options_lfs = Migrate LFS files
-migrate_options_lfs_endpoint.label = LFS Endpoint
-migrate_options_lfs_endpoint.description = Migration will attempt to use your Git remote to <a target="_blank" rel="noopener noreferrer" href="%s">determine the LFS server</a>. You can also specify a custom endpoint if the repository LFS data is stored somewhere else.
-migrate_options_lfs_endpoint.description.local = A local server path is supported too.
-migrate_options_lfs_endpoint.placeholder = If left blank, the endpoint will be derived from the clone URL.
-migrate_items = Migration Items
-migrate_items_wiki = Wiki
-migrate_items_milestones = Milestones
-migrate_items_labels = Labels
-migrate_items_issues = Issues
-migrate_items_pullrequests = Pull Requests
-migrate_items_merge_requests = Merge Requests
-migrate_items_releases = Releases
-migrate_repo = Migrate Repository
-migrate.clone_address = Migrate / Clone From URL
-migrate.clone_address_desc = The HTTP(S) or Git 'clone' URL of an existing repository
-migrate.github_token_desc = You can put one or more tokens here, separated by commas, to make migrating faster by circumventing the GitHub API rate limit. WARNING: Abusing this feature may violate the service provider's policy and may lead to getting your account(s) blocked.
-migrate.clone_local_path = or a local server path
-migrate.permission_denied = You are not allowed to import local repositories.
-migrate.permission_denied_blocked = You cannot import from disallowed hosts. Please ask the admin to check ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS settings.
-migrate.invalid_local_path = "The local path is invalid. It doesn't exist or is not a directory."
-migrate.invalid_lfs_endpoint = The LFS endpoint is not valid.
-migrate.failed = Migration failed: %v
-migrate.migrate_items_options = Access Token is required to migrate additional items
-migrated_from = Migrated from <a href="%[1]s">%[2]s</a>
-migrated_from_fake = Migrated From %[1]s
-migrate.migrate = Migrate From %s
-migrate.migrating = Migrating from <b>%s</b>…
-migrate.migrating_failed = Migrating from <b>%s</b> failed.
-migrate.migrating_failed.error = Failed to migrate: %s
-migrate.migrating_failed_no_addr = Migration failed.
-migrate.github.description = Migrate data from github.com or other GitHub instances.
-migrate.git.description = Migrate a repository only from any Git service.
-migrate.gitlab.description = Migrate data from gitlab.com or other GitLab instances.
-migrate.gitea.description = Migrate data from gitea.com or other Gitea instances.
-migrate.gogs.description = Migrate data from notabug.org or other Gogs instances.
-migrate.onedev.description = Migrate data from code.onedev.io or other OneDev instances.
-migrate.codebase.description = Migrate data from codebasehq.com.
-migrate.gitbucket.description = Migrate data from GitBucket instances.
-migrate.codecommit.description = Migrate data from AWS CodeCommit.
-migrate.codecommit.aws_access_key_id = AWS Access Key ID
-migrate.codecommit.aws_secret_access_key = AWS Secret Access Key
-migrate.codecommit.https_git_credentials_username = HTTPS Git Credentials Username
-migrate.codecommit.https_git_credentials_password = HTTPS Git Credentials Password
-migrate.migrating_git = Migrating Git Data
-migrate.migrating_topics = Migrating Topics
-migrate.migrating_milestones = Migrating Milestones
-migrate.migrating_labels = Migrating Labels
-migrate.migrating_releases = Migrating Releases
-migrate.migrating_issues = Migrating Issues
-migrate.migrating_pulls = Migrating Pull Requests
-migrate.cancel_migrating_title = Cancel Migration
-migrate.cancel_migrating_confirm = Do you want to cancel this migration?
-migration_status = Migration status
-
-mirror_from = mirror of
-forked_from = forked from
-generated_from = generated from
-fork_from_self = You cannot fork a repository you own.
-fork_guest_user = Sign in to fork this repository.
-watch_guest_user = Sign in to watch this repository.
-star_guest_user = Sign in to star this repository.
-unwatch = Unwatch
-watch = Watch
-unstar = Unstar
-star = Star
-fork = Fork
-action.blocked_user = Cannot perform action because you are blocked by the repository owner.
-download_archive = Download Repository
-more_operations = More Operations
-
-quick_guide = Quick Guide
-clone_this_repo = Clone this repository
-cite_this_repo = Cite this repository
-create_new_repo_command = Creating a new repository on the command line
-push_exist_repo = Pushing an existing repository from the command line
-empty_message = This repository does not have any content.
-broken_message = The Git data underlying this repository cannot be read. Contact the administrator of this instance or delete this repository.
-no_branch = This repository doesn't have any branches.
-
-code = Code
-code.desc = Access source code, files, commits and branches.
-branch = Branch
-tree = Tree
-clear_ref = `Clear current reference`
-filter_branch_and_tag = Filter branch or tag
-find_tag = Find tag
-branches = Branches
-tags = Tags
-issues = Issues
-pulls = Pull Requests
-projects = Projects
-packages = Packages
-actions = Actions
-labels = Labels
-org_labels_desc = Organization-level labels that can be used with <strong>all repositories</strong> under this organization
-org_labels_desc_manage = manage
-
-milestone = Milestone
-milestones = Milestones
-commits = Commits
-commit = Commit
-release = Release
-releases = Releases
-tag = Tag
-git_tag = Git Tag
-released_this = released this
-tagged_this = tagged this
-file.title = %s at %s
-file_raw = Raw
-file_history = History
-file_view_source = View Source
-file_view_rendered = View Rendered
-file_view_raw = View Raw
-file_permalink = Permalink
-file_too_large = The file is too large to be shown.
-file_is_empty = The file is empty.
-code_preview_line_from_to = Lines %[1]d to %[2]d in %[3]s
-code_preview_line_in = Line %[1]d in %[2]s
-invisible_runes_header = `This file contains invisible Unicode characters`
-invisible_runes_description = `This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.`
-ambiguous_runes_header = `This file contains ambiguous Unicode characters`
-ambiguous_runes_description = `This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.`
-invisible_runes_line = `This line has invisible unicode characters`
-ambiguous_runes_line = `This line has ambiguous unicode characters`
-ambiguous_character = `%[1]c [U+%04[1]X] can be confused with %[2]c [U+%04[2]X]`
-
-escape_control_characters = Escape
-unescape_control_characters = Unescape
-file_copy_permalink = Copy Permalink
-view_git_blame = View Git Blame
-video_not_supported_in_browser = Your browser does not support the HTML5 'video' tag.
-audio_not_supported_in_browser = Your browser does not support the HTML5 'audio' tag.
-symbolic_link = Symbolic link
-executable_file = Executable File
-vendored = Vendored
-generated = Generated
-commit_graph = Commit Graph
-commit_graph.select = Select branches
-commit_graph.hide_pr_refs = Hide Pull Requests
-commit_graph.monochrome = Mono
-commit_graph.color = Color
-commit.contained_in = This commit is contained in:
-commit.contained_in_default_branch = This commit is part of the default branch
-commit.load_referencing_branches_and_tags = Load branches and tags referencing this commit
-commit.merged_in_pr = This commit was merged in pull request %s.
-blame = Blame
-download_file = Download file
-normal_view = Normal View
-line = line
-lines = lines
-from_comment = (comment)
-
-editor.add_file = Add File
-editor.new_file = New File
-editor.upload_file = Upload File
-editor.edit_file = Edit File
-editor.preview_changes = Preview Changes
-editor.cannot_edit_lfs_files = LFS files cannot be edited in the web interface.
-editor.cannot_edit_too_large_file = The file is too large to be edited.
-editor.cannot_edit_non_text_files = Binary files cannot be edited in the web interface.
-editor.file_not_editable_hint = But you can still rename or move it.
-editor.edit_this_file = Edit File
-editor.this_file_locked = File is locked
-editor.must_be_on_a_branch = You must be on a branch to make or propose changes to this file.
-editor.fork_before_edit = You must fork this repository to make or propose changes to this file.
-editor.delete_this_file = Delete File
-editor.delete_this_directory = Delete Directory
-editor.must_have_write_access = You must have write access to make or propose changes to this file.
-editor.file_delete_success = File "%s" has been deleted.
-editor.directory_delete_success = Directory "%s" has been deleted.
-editor.delete_directory = Delete directory '%s'
-editor.name_your_file = Name your file…
-editor.filename_help = Add a directory by typing its name followed by a slash ('/'). Remove a directory by typing backspace at the beginning of the input field.
-editor.or = or
-editor.cancel_lower = Cancel
-editor.commit_signed_changes = Commit Signed Changes
-editor.commit_changes = Commit Changes
-editor.add_tmpl = Add '{filename}'
-editor.add = Add %s
-editor.update = Update %s
-editor.delete = Delete %s
-editor.patch = Apply Patch
-editor.patching = Patching:
-editor.fail_to_apply_patch = Unable to apply patch
-editor.new_patch = New Patch
-editor.commit_message_desc = Add an optional extended description…
-editor.signoff_desc = Add a Signed-off-by trailer by the committer at the end of the commit log message.
-editor.commit_directly_to_this_branch = Commit directly to the <strong class="branch-name">%s</strong> branch.
-editor.create_new_branch = Create a <strong>new branch</strong> for this commit and start a pull request.
-editor.create_new_branch_np = Create a <strong>new branch</strong> for this commit.
-editor.propose_file_change = Propose file change
-editor.new_branch_name = Name the new branch for this commit
-editor.new_branch_name_desc = New branch name…
-editor.cancel = Cancel
-editor.filename_cannot_be_empty = The filename cannot be empty.
-editor.filename_is_invalid = The filename is invalid: "%s".
-editor.commit_email = Commit email address
-editor.invalid_commit_email = The email address for the commit is invalid.
-editor.branch_does_not_exist = Branch "%s" does not exist in this repository.
-editor.branch_already_exists = Branch "%s" already exists in this repository.
-editor.directory_is_a_file = Directory name "%s" is already used as a filename in this repository.
-editor.file_is_a_symlink = `"%s" is a symbolic link. Symbolic links cannot be edited in the web editor.`
-editor.filename_is_a_directory = Filename "%s" is already used as a directory name in this repository.
-editor.file_modifying_no_longer_exists = The file being modified, "%s", no longer exists in this repository.
-editor.file_changed_while_editing = The file contents have changed since you started editing. <a target="_blank" rel="noopener noreferrer" href="%s">Click here</a> to see them or <strong>Commit Changes again</strong> to overwrite them.
-editor.file_already_exists = A file named "%s" already exists in this repository.
-editor.commit_id_not_matching = The Commit ID does not match the ID when you began editing. Commit into a patch branch and then merge.
-editor.push_out_of_date = The push appears to be out of date.
-editor.commit_empty_file_header = Commit an empty file
-editor.commit_empty_file_text = The file you're about to commit is empty. Proceed?
-editor.no_changes_to_show = There are no changes to show.
-editor.push_rejected_no_message = The change was rejected by the server without a message. Please check Git Hooks.
-editor.push_rejected = The change was rejected by the server. Please check Git Hooks.
-editor.push_rejected_summary = Full Rejection Message:
-editor.add_subdir = Add a directory…
-editor.unable_to_upload_files = Failed to upload files to "%s" with error: %v
-editor.upload_file_is_locked = File "%s" is locked by %s.
-editor.upload_files_to_dir = Upload files to "%s"
-editor.cannot_commit_to_protected_branch = Cannot commit to protected branch "%s".
-editor.no_commit_to_branch = Unable to commit directly to branch because:
-editor.user_no_push_to_branch = User cannot push to branch
-editor.require_signed_commit = Branch requires a signed commit
-editor.cherry_pick = Cherry-pick %s onto:
-editor.revert = Revert %s onto:
-editor.failed_to_commit = Failed to commit changes.
-editor.failed_to_commit_summary = Error Message:
-
-editor.fork_create = Fork Repository to Propose Changes
-editor.fork_create_description = You cannot edit this repository directly. Instead you can create a fork, make edits and create a pull request.
-editor.fork_edit_description = You cannot edit this repository directly. The changes will be written to your fork <b>%s</b>, so you can create a pull request.
-editor.fork_not_editable = You have forked this repository but your fork is not editable.
-editor.fork_failed_to_push_branch = Failed to push branch %s to your repository.
-editor.fork_branch_exists = Branch "%s" already exists in your fork. Please choose a new branch name.
-
-commits.desc = Browse source code change history.
-commits.commits = Commits
-commits.no_commits = No commits in common. "%s" and "%s" have entirely different histories.
-commits.nothing_to_compare = These branches are equal.
-commits.search.tooltip = You can prefix keywords with "author:", "committer:", "after:", or "before:", e.g. "revert author:Alice before:2019-01-13".
-commits.search_branch = This Branch
-commits.search_all = All Branches
-commits.author = Author
-commits.message = Message
-commits.date = Date
-commits.older = Older
-commits.newer = Newer
-commits.signed_by = Signed by
-commits.signed_by_untrusted_user = Signed by untrusted user
-commits.signed_by_untrusted_user_unmatched = Signed by untrusted user who does not match committer
-commits.gpg_key_id = GPG Key ID
-commits.ssh_key_fingerprint = SSH Key Fingerprint
-commits.view_path=View at this point in history
-commits.view_file_diff = View changes to this file in this commit
-
-commit.operations = Operations
-commit.revert = Revert
-commit.revert-header = Revert: %s
-commit.revert-content = Select branch to revert onto:
-commit.cherry-pick = Cherry-pick
-commit.cherry-pick-header = Cherry-pick: %s
-commit.cherry-pick-content = Select branch to cherry-pick onto:
-
-commitstatus.error = Error
-commitstatus.failure = Failure
-commitstatus.pending = Pending
-commitstatus.success = Success
-
-ext_issues = Access to External Issues
-ext_issues.desc = Link to an external issue tracker.
-
-projects.desc = Manage issues and pulls in projects.
-projects.description = Description (optional)
-projects.description_placeholder = Description
-projects.create = Create Project
-projects.title = Title
-projects.new = New Project
-projects.new_subheader = Coordinate, track, and update your work in one place, so projects stay transparent and on schedule.
-projects.create_success = The project "%s" has been created.
-projects.deletion = Delete Project
-projects.deletion_desc = Deleting a project removes it from all related issues. Continue?
-projects.deletion_success = The project has been deleted.
-projects.edit = Edit Project
-projects.edit_subheader = Projects organize issues and track progress.
-projects.modify = Edit Project
-projects.edit_success = Project "%s" has been updated.
-projects.type.none = "None"
-projects.type.basic_kanban = "Basic Kanban"
-projects.type.bug_triage = "Bug Triage"
-projects.template.desc = "Template"
-projects.template.desc_helper = "Select a project template to get started"
-projects.column.edit = "Edit Column"
-projects.column.edit_title = "Name"
-projects.column.new_title = "Name"
-projects.column.new_submit = "Create Column"
-projects.column.new = "New Column"
-projects.column.set_default = "Set Default"
-projects.column.set_default_desc = "Set this column as default for uncategorized issues and pulls"
-projects.column.default_column_hint = "New issues added to this project will be added to this column"
-projects.column.delete = "Delete Column"
-projects.column.deletion_desc = "Deleting a project column moves all related issues to the default column. Continue?"
-projects.column.color = "Color"
-projects.open = Open
-projects.close = Close
-projects.column.assigned_to = Assigned to
-projects.card_type.desc = "Card Previews"
-projects.card_type.images_and_text = "Images and Text"
-projects.card_type.text_only = "Text Only"
-
-issues.desc = Organize bug reports, tasks and milestones.
-issues.filter_assignees = Filter Assignee
-issues.filter_milestones = Filter Milestone
-issues.filter_projects = Filter Project
-issues.filter_labels = Filter Label
-issues.filter_reviewers = Filter Reviewer
-issues.filter_no_results = No results
-issues.filter_no_results_placeholder = Try adjusting your search filters.
-issues.new = New Issue
-issues.new.title_empty = Title cannot be empty
-issues.new.labels = Labels
-issues.new.no_label = No Label
-issues.new.clear_labels = Clear labels
-issues.new.projects = Projects
-issues.new.clear_projects = Clear projects
-issues.new.no_projects = No project
-issues.new.open_projects = Open Projects
-issues.new.closed_projects = Closed Projects
-issues.new.no_items = No items
-issues.new.milestone = Milestone
-issues.new.no_milestone = No Milestone
-issues.new.clear_milestone = Clear milestone
-issues.new.assignees = Assignees
-issues.new.clear_assignees = Clear assignees
-issues.new.no_assignees = No Assignees
-issues.new.no_reviewers = No Reviewers
-issues.new.blocked_user = Cannot create issue because you are blocked by the repository owner.
-issues.edit.already_changed = Unable to save changes to the issue. It appears the content has already been changed by another user. Please refresh the page and try editing again to avoid overwriting their changes.
-issues.edit.blocked_user = Cannot edit content because you are blocked by the poster or repository owner.
-issues.choose.get_started = Get Started
-issues.choose.open_external_link = Open
-issues.choose.blank = Default
-issues.choose.blank_about = Create an issue from default template.
-issues.choose.ignore_invalid_templates = Invalid templates have been ignored
-issues.choose.invalid_templates = %v invalid template(s) found
-issues.choose.invalid_config = The issue config contains errors:
-issues.no_ref = No Branch/Tag Specified
-issues.create = Create Issue
-issues.new_label = New Label
-issues.new_label_placeholder = Label name
-issues.new_label_desc_placeholder = Description
-issues.create_label = Create Label
-issues.label_templates.title = Load a predefined set of labels
-issues.label_templates.info = No labels exist yet. Create a label with 'New Label' or use a predefined label set:
-issues.label_templates.helper = Select a label set
-issues.label_templates.use = Use Label Set
-issues.label_templates.fail_to_load_file = Failed to load label template file "%s": %v
-issues.add_label = added the %s label %s
-issues.add_labels = added the %s labels %s
-issues.remove_label = removed the %s label %s
-issues.remove_labels = removed the %s labels %s
-issues.add_remove_labels = added %s and removed %s labels %s
-issues.add_milestone_at = `added this to the <b>%s</b> milestone %s`
-issues.add_project_at = `added this to the <b>%s</b> project %s`
-issues.move_to_column_of_project = `moved this to %s in %s on %s`
-issues.change_milestone_at = `modified the milestone from <b>%s</b> to <b>%s</b> %s`
-issues.change_project_at = `modified the project from <b>%s</b> to <b>%s</b> %s`
-issues.remove_milestone_at = `removed this from the <b>%s</b> milestone %s`
-issues.remove_project_at = `removed this from the <b>%s</b> project %s`
-issues.deleted_milestone = `(deleted)`
-issues.deleted_project = `(deleted)`
-issues.self_assign_at = `self-assigned this %s`
-issues.add_assignee_at = `was assigned by <b>%s</b> %s`
-issues.remove_assignee_at = `was unassigned by <b>%s</b> %s`
-issues.remove_self_assignment = `removed their assignment %s`
-issues.change_title_at = `changed title from <b><strike>%s</strike></b> to <b>%s</b> %s`
-issues.change_ref_at = `changed reference from <b><strike>%s</strike></b> to <b>%s</b> %s`
-issues.remove_ref_at = `removed reference <b>%s</b> %s`
-issues.add_ref_at = `added reference <b>%s</b> %s`
-issues.delete_branch_at = `deleted branch <b>%s</b> %s`
-issues.filter_label = Label
-issues.filter_label_exclude = `Use <code>alt</code> + <code>click/enter</code> to exclude labels`
-issues.filter_label_no_select = All labels
-issues.filter_label_select_no_label = No label
-issues.filter_milestone = Milestone
-issues.filter_milestone_all = All milestones
-issues.filter_milestone_none = No milestones
-issues.filter_milestone_open = Open milestones
-issues.filter_milestone_closed = Closed milestones
-issues.filter_project = Project
-issues.filter_project_all = All projects
-issues.filter_project_none = No project
-issues.filter_assignee = Assignee
-issues.filter_assignee_no_assignee = Assigned to nobody
-issues.filter_assignee_any_assignee = Assigned to anybody
-issues.filter_poster = Author
-issues.filter_user_placeholder = Search users
-issues.filter_user_no_select = All users
-issues.filter_type = Type
-issues.filter_type.all_issues = All issues
-issues.filter_type.all_pull_requests = All pull requests
-issues.filter_type.assigned_to_you = Assigned to you
-issues.filter_type.created_by_you = Created by you
-issues.filter_type.mentioning_you = Mentioning you
-issues.filter_type.review_requested = Review requested
-issues.filter_type.reviewed_by_you = Reviewed by you
-issues.filter_sort = Sort
-issues.filter_sort.latest = Newest
-issues.filter_sort.oldest = Oldest
-issues.filter_sort.recentupdate = Most recently updated
-issues.filter_sort.leastupdate = Least recently updated
-issues.filter_sort.mostcomment = Most commented
-issues.filter_sort.leastcomment = Least commented
-issues.filter_sort.nearduedate = Nearest due date
-issues.filter_sort.farduedate = Farthest due date
-issues.filter_sort.moststars = Most stars
-issues.filter_sort.feweststars = Fewest stars
-issues.filter_sort.mostforks = Most forks
-issues.filter_sort.fewestforks = Fewest forks
-issues.action_open = Open
-issues.action_close = Close
-issues.action_label = Label
-issues.action_milestone = Milestone
-issues.action_milestone_no_select = No milestone
-issues.action_assignee = Assignee
-issues.action_assignee_no_select = No assignee
-issues.action_check = Check/Uncheck
-issues.action_check_all = Check/Uncheck all items
-issues.opened_by = opened %[1]s by <a href="%[2]s">%[3]s</a>
-pulls.merged_by = by <a href="%[2]s">%[3]s</a> was merged %[1]s
-pulls.merged_by_fake = by %[2]s was merged %[1]s
-issues.closed_by = by <a href="%[2]s">%[3]s</a> was closed %[1]s
-issues.opened_by_fake = opened %[1]s by %[2]s
-issues.closed_by_fake = by %[2]s was closed %[1]s
-issues.previous = Previous
-issues.next = Next
-issues.open_title = Open
-issues.closed_title = Closed
-issues.draft_title = Draft
-issues.num_comments_1 = %d comment
-issues.num_comments = %d comments
-issues.commented_at = `commented <a href="#%s">%s</a>`
-issues.delete_comment_confirm = Are you sure you want to delete this comment?
-issues.context.copy_link = Copy Link
-issues.context.quote_reply = Quote Reply
-issues.context.reference_issue = Reference in New Issue
-issues.context.edit = Edit
-issues.context.delete = Delete
-issues.no_content = No description provided.
-issues.close = Close Issue
-issues.comment_pull_merged_at = merged commit %[1]s into %[2]s %[3]s
-issues.comment_manually_pull_merged_at = manually merged commit %[1]s into %[2]s %[3]s
-issues.close_comment_issue = Close with Comment
-issues.reopen_issue = Reopen
-issues.reopen_comment_issue = Reopen with Comment
-issues.create_comment = Comment
-issues.comment.blocked_user = Cannot create or edit comment because you are blocked by the poster or repository owner.
-issues.closed_at = `closed this issue <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.reopened_at = `reopened this issue <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.commit_ref_at = `referenced this issue from a commit <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_issue_from = `<a href="%[3]s">referenced this issue %[4]s</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_pull_from = `<a href="%[3]s">referenced this pull request %[4]s</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_closing_from = `<a href="%[3]s">referenced a pull request %[4]s that will close this issue</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_reopening_from = `<a href="%[3]s">referenced a pull request %[4]s that will reopen this issue</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_closed_from = `<a href="%[3]s">closed this issue %[4]s</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_reopened_from = `<a href="%[3]s">reopened this issue %[4]s</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_from = `from %[1]s`
-issues.author = Author
-issues.author_helper = This user is the author.
-issues.role.owner = Owner
-issues.role.owner_helper = This user is the owner of this repository.
-issues.role.member = Member
-issues.role.member_helper = This user is a member of the organization owning this repository.
-issues.role.collaborator = Collaborator
-issues.role.collaborator_helper = This user has been invited to collaborate on the repository.
-issues.role.first_time_contributor = First-time contributor
-issues.role.first_time_contributor_helper = This is the first contribution of this user to the repository.
-issues.role.contributor = Contributor
-issues.role.contributor_helper = This user has previously committed to the repository.
-issues.re_request_review=Re-request review
-issues.is_stale = There have been changes to this PR since this review
-issues.remove_request_review=Remove review request
-issues.remove_request_review_block=Can't remove review request
-issues.dismiss_review = Dismiss Review
-issues.dismiss_review_warning = Are you sure you want to dismiss this review?
-issues.sign_in_require_desc = <a href="%s">Sign in</a> to join this conversation.
-issues.edit = Edit
-issues.cancel = Cancel
-issues.save = Save
-issues.label_title = Name
-issues.label_description = Description
-issues.label_color = Color
-issues.label_color_invalid = Invalid color
-issues.label_exclusive = Exclusive
-issues.label_archive = Archive Label
-issues.label_archived_filter = Show archived labels
-issues.label_archive_tooltip = Archived labels are excluded by default from the suggestions when searching by label.
-issues.label_exclusive_desc = Name the label <code>scope/item</code> to make it mutually exclusive with other <code>scope/</code> labels.
-issues.label_exclusive_warning = Any conflicting scoped labels will be removed when editing the labels of an issue or pull request.
-issues.label_exclusive_order = Sort Order
-issues.label_exclusive_order_tooltip = Exclusive labels in the same scope will be sorted according to this numeric order.
-issues.label_count = %d labels
-issues.label_open_issues = %d open issues/pull requests
-issues.label_edit = Edit
-issues.label_delete = Delete
-issues.label_modify = Edit Label
-issues.label_deletion = Delete Label
-issues.label_deletion_desc = Deleting a label removes it from all issues. Continue?
-issues.label_deletion_success = The label has been deleted.
-issues.label.filter_sort.alphabetically = Alphabetically
-issues.label.filter_sort.reverse_alphabetically = Reverse alphabetically
-issues.label.filter_sort.by_size = Smallest size
-issues.label.filter_sort.reverse_by_size = Largest size
-issues.num_participants = %d Participants
-issues.attachment.open_tab = `Click to see "%s" in a new tab`
-issues.attachment.download = `Click to download "%s"`
-issues.subscribe = Subscribe
-issues.unsubscribe = Unsubscribe
-issues.unpin = Unpin
-issues.max_pinned = "You can't pin more issues"
-issues.pin_comment = "pinned this %s"
-issues.unpin_comment = "unpinned this %s"
-issues.lock = Lock conversation
-issues.unlock = Unlock conversation
-issues.lock_duplicate = An issue cannot be locked twice.
-issues.unlock_error = Cannot unlock an issue that is not locked.
-issues.lock_with_reason = "locked as <strong>%s</strong> and limited conversation to collaborators %s"
-issues.lock_no_reason = "locked and limited conversation to collaborators %s"
-issues.unlock_comment = "unlocked this conversation %s"
-issues.lock_confirm = Lock
-issues.unlock_confirm = Unlock
-issues.lock.notice_1 = - Other users cannot add new comments to this issue.
-issues.lock.notice_2 = - You and other collaborators with access to this repository can still leave comments that others can see.
-issues.lock.notice_3 = - You can always unlock this issue again in the future.
-issues.unlock.notice_1 = - Everyone would be able to comment on this issue once more.
-issues.unlock.notice_2 = - You can always lock this issue again in the future.
-issues.lock.reason = Reason for locking
-issues.lock.title = Lock conversation on this issue.
-issues.unlock.title = Unlock conversation on this issue.
-issues.comment_on_locked = You cannot comment on a locked issue.
-issues.delete = Delete
-issues.delete.title = Delete this issue?
-issues.delete.text = Do you really want to delete this issue? (This will permanently remove all content. Consider closing it instead, if you intend to keep it archived)
-
-issues.tracker = Time Tracker
-issues.timetracker_timer_start = Start timer
-issues.timetracker_timer_stop = Stop timer
-issues.timetracker_timer_discard = Discard timer
-issues.timetracker_timer_manually_add = Add Time
-
-issues.time_estimate_set = Set estimated time
-issues.time_estimate_display = Estimate: %s
-issues.change_time_estimate_at = changed time estimate to <b>%[1]s</b> %[2]s
-issues.remove_time_estimate_at = removed time estimate %s
-issues.time_estimate_invalid = Time estimate format is invalid
-issues.start_tracking_history = started working %s
-issues.tracker_auto_close = Timer will be stopped automatically when this issue gets closed
-issues.stopwatch_already_stopped = The timer for this issue is already stopped
-issues.stopwatch_already_created = The timer for this issue already exists
-issues.tracking_already_started = `You have already started time tracking on <a href="%s">another issue</a>!`
-issues.stop_tracking = Stop Timer
-issues.stop_tracking_history = worked for <b>%[1]s</b> %[2]s
-issues.cancel_tracking = Discard
-issues.cancel_tracking_history = `canceled time tracking %s`
-issues.del_time = Delete this time log
-issues.add_time_history = added spent time <b>%[1]s</b> %[2]s
-issues.del_time_history= `deleted spent time %s`
-issues.add_time_manually = Manually Add Time
-issues.add_time_hours = Hours
-issues.add_time_minutes = Minutes
-issues.add_time_sum_to_small = No time was entered.
-issues.time_spent_total = Total Time Spent
-issues.time_spent_from_all_authors = `Total Time Spent: %s`
-
-issues.due_date = Due Date
-issues.invalid_due_date_format = "Due date format must be 'yyyy-mm-dd'."
-issues.error_modifying_due_date = "Failed to modify the due date."
-issues.error_removing_due_date = "Failed to remove the due date."
-issues.push_commit_1 = "added %d commit %s"
-issues.push_commits_n = "added %d commits %s"
-issues.force_push_codes = `force-pushed %[1]s from <a class="ui sha" href="%[3]s"><code>%[2]s</code></a> to <a class="ui sha" href="%[5]s"><code>%[4]s</code></a> %[6]s`
-issues.force_push_compare = Compare
-issues.due_date_form = "yyyy-mm-dd"
-issues.due_date_form_add = "Add due date"
-issues.due_date_form_edit = "Edit"
-issues.due_date_form_remove = "Remove"
-issues.due_date_not_writer = "You need write access to this repository to update the due date of an issue."
-issues.due_date_not_set = "No due date set."
-issues.due_date_added = "added the due date %s %s"
-issues.due_date_modified = "modified the due date from %[2]s to %[1]s %[3]s"
-issues.due_date_remove = "removed the due date %s %s"
-issues.due_date_overdue = "Overdue"
-issues.due_date_invalid = "The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'."
-issues.dependency.title = Dependencies
-issues.dependency.issue_no_dependencies = No dependencies set.
-issues.dependency.pr_no_dependencies = No dependencies set.
-issues.dependency.no_permission_1 = "You do not have permission to read %d dependency"
-issues.dependency.no_permission_n = "You do not have permission to read %d dependencies"
-issues.dependency.no_permission.can_remove = "You do not have permission to read this dependency but can remove this dependency"
-issues.dependency.add = Add dependency…
-issues.dependency.cancel = Cancel
-issues.dependency.remove = Remove
-issues.dependency.remove_info = Remove this dependency
-issues.dependency.added_dependency = `added a new dependency %s`
-issues.dependency.removed_dependency = `removed a dependency %s`
-issues.dependency.pr_closing_blockedby = Closing this pull request is blocked by the following issues
-issues.dependency.issue_closing_blockedby = Closing this issue is blocked by the following issues
-issues.dependency.issue_close_blocks = This issue blocks closing of the following issues
-issues.dependency.pr_close_blocks = This pull request blocks closing of the following issues
-issues.dependency.issue_close_blocked = You need to close all issues that are blocking this issue before you can close it.
-issues.dependency.issue_batch_close_blocked = "Cannot batch close issues that you choose, because issue #%d still has open dependencies"
-issues.dependency.pr_close_blocked = You need to close all issues that are blocking this pull request before you can merge it.
-issues.dependency.blocks_short = Blocks
-issues.dependency.blocked_by_short = Depends on
-issues.dependency.remove_header = Remove Dependency
-issues.dependency.issue_remove_text = This will remove the dependency from this issue. Continue?
-issues.dependency.pr_remove_text = This will remove the dependency from this pull request. Continue?
-issues.dependency.setting = Enable Dependencies For Issues and Pull Requests
-issues.dependency.add_error_same_issue = You cannot make an issue depend on itself.
-issues.dependency.add_error_dep_issue_not_exist = Dependent issue does not exist.
-issues.dependency.add_error_dep_not_exist = Dependency does not exist.
-issues.dependency.add_error_dep_exists = Dependency already exists.
-issues.dependency.add_error_cannot_create_circular = You cannot create a dependency with two issues that block each other.
-issues.dependency.add_error_dep_not_same_repo = Both issues must be in the same repository.
-issues.review.self.approval = You cannot approve your own pull request.
-issues.review.self.rejection = You cannot request changes on your own pull request.
-issues.review.approve = "approved these changes %s"
-issues.review.comment = "reviewed %s"
-issues.review.dismissed = "dismissed %s's review %s"
-issues.review.dismissed_label = Dismissed
-issues.review.left_comment = left a comment
-issues.review.content.empty = You need to leave a comment indicating the requested change(s).
-issues.review.reject = "requested changes %s"
-issues.review.wait = "was requested for review %s"
-issues.review.add_review_request = "requested review from %s %s"
-issues.review.remove_review_request = "removed review request for %s %s"
-issues.review.remove_review_request_self = "declined to review %s"
-issues.review.pending = Pending
-issues.review.pending.tooltip = This comment is not currently visible to other users. To submit your pending comments, select "%s" -> "%s/%s/%s" at the top of the page.
-issues.review.review = Review
-issues.review.reviewers = Reviewers
-issues.review.outdated = Outdated
-issues.review.outdated_description = Content has changed since this comment was made
-issues.review.option.show_outdated_comments = Show outdated comments
-issues.review.option.hide_outdated_comments = Hide outdated comments
-issues.review.show_outdated = Show outdated
-issues.review.hide_outdated = Hide outdated
-issues.review.show_resolved = Show resolved
-issues.review.hide_resolved = Hide resolved
-issues.review.resolve_conversation = Resolve conversation
-issues.review.un_resolve_conversation = Unresolve conversation
-issues.review.resolved_by = marked this conversation as resolved
-issues.review.commented = Comment
-issues.review.official = Approved
-issues.review.requested = Review pending
-issues.review.rejected = Changes requested
-issues.review.stale = Updated since approval
-issues.review.unofficial = Uncounted approval
-issues.assignee.error = Not all assignees were added, due to an unexpected error.
-issues.reference_issue.body = Body
-issues.content_history.deleted = deleted
-issues.content_history.edited = edited
-issues.content_history.created = created
-issues.content_history.delete_from_history = Delete from history
-issues.content_history.delete_from_history_confirm = Delete from history?
-issues.content_history.options = Options
-issues.reference_link = Reference: %s
-
-compare.compare_base = base
-compare.compare_head = compare
-
-pulls.desc = Enable pull requests and code reviews.
-pulls.new = New Pull Request
-pulls.new.blocked_user = Cannot create pull request because you are blocked by the repository owner.
-pulls.new.must_collaborator = You must be a collaborator to create pull request.
-pulls.new.already_existed = A pull request between these branches already exists
-pulls.edit.already_changed = Unable to save changes to the pull request. It appears the content has already been changed by another user. Please refresh the page and try editing again to avoid overwriting their changes.
-pulls.view = View Pull Request
-pulls.compare_changes = New Pull Request
-pulls.allow_edits_from_maintainers = Allow edits from maintainers
-pulls.allow_edits_from_maintainers_desc = Users with write access to the base branch can also push to this branch
-pulls.allow_edits_from_maintainers_err = Updating failed
-pulls.compare_changes_desc = Select the branch to merge into and the branch to pull from.
-pulls.has_viewed_file = Viewed
-pulls.has_changed_since_last_review = Changed since your last review
-pulls.viewed_files_label = %[1]d / %[2]d files viewed
-pulls.expand_files = Expand all files
-pulls.collapse_files = Collapse all files
-pulls.compare_base = merge into
-pulls.compare_compare = pull from
-pulls.switch_comparison_type = Switch comparison type
-pulls.switch_head_and_base = Switch head and base
-pulls.filter_branch = Filter branch
-pulls.show_all_commits = Show all commits
-pulls.show_changes_since_your_last_review = Show changes since your last review
-pulls.showing_only_single_commit = Showing only changes of commit %[1]s
-pulls.showing_specified_commit_range = Showing only changes between %[1]s..%[2]s
-pulls.select_commit_hold_shift_for_range = Select commit. Hold Shift and click to select a range.
-pulls.review_only_possible_for_full_diff = Review is only possible when viewing the full diff
-pulls.filter_changes_by_commit = Filter by commit
-pulls.nothing_to_compare = These branches are equal. There is no need to create a pull request.
-pulls.nothing_to_compare_have_tag = The selected branches/tags are equal.
-pulls.nothing_to_compare_and_allow_empty_pr = These branches are equal. This PR will be empty.
-pulls.has_pull_request = `A pull request between these branches already exists: <a href="%[1]s">%[2]s#%[3]d</a>`
-pulls.create = Create Pull Request
-pulls.title_desc = wants to merge %[1]d commits from <code>%[2]s</code> into <code id="branch_target">%[3]s</code>
-pulls.merged_title_desc = merged %[1]d commits from <code>%[2]s</code> into <code>%[3]s</code> %[4]s
-pulls.change_target_branch_at = `changed target branch from <b>%s</b> to <b>%s</b> %s`
-pulls.tab_conversation = Conversation
-pulls.tab_commits = Commits
-pulls.tab_files = Files Changed
-pulls.reopen_to_merge = Please reopen this pull request to perform a merge.
-pulls.cant_reopen_deleted_branch = This pull request cannot be reopened because the branch was deleted.
-pulls.merged = Merged
-pulls.merged_success = Pull request successfully merged and closed
-pulls.closed = Pull request closed
-pulls.manually_merged = Manually merged
-pulls.merged_info_text = The branch %s can now be deleted.
-pulls.is_closed = The pull request has been closed.
-pulls.title_wip_desc = `<a href="#">Start the title with <strong>%s</strong></a> to prevent the pull request from being merged accidentally.`
-pulls.cannot_merge_work_in_progress = This pull request is marked as a work in progress.
-pulls.still_in_progress = Still in progress?
-pulls.add_prefix = Add <strong>%s</strong> prefix
-pulls.remove_prefix = Remove <strong>%s</strong> prefix
-pulls.data_broken = This pull request is broken due to missing fork information.
-pulls.files_conflicted = This pull request has changes conflicting with the target branch.
-pulls.is_checking = Checking for merge conflicts…
-pulls.is_ancestor = "This branch is already included in the target branch. There is nothing to merge."
-pulls.is_empty = "The changes on this branch are already on the target branch. This will be an empty commit."
-pulls.required_status_check_failed = Some required checks were not successful.
-pulls.required_status_check_missing = Some required checks are missing.
-pulls.required_status_check_administrator = As an administrator, you may still merge this pull request.
-pulls.blocked_by_approvals = "This pull request doesn't have enough required approvals yet. %d of %d official approvals granted."
-pulls.blocked_by_approvals_whitelisted = "This pull request doesn't have enough required approvals yet. %d of %d approvals granted from users or teams on the allowlist."
-pulls.blocked_by_rejection = "This pull request has changes requested by an official reviewer."
-pulls.blocked_by_official_review_requests = "This pull request has official review requests."
-pulls.blocked_by_outdated_branch = "This pull request is blocked because it's outdated."
-pulls.blocked_by_changed_protected_files_1= "This pull request is blocked because it changes a protected file:"
-pulls.blocked_by_changed_protected_files_n= "This pull request is blocked because it changes protected files:"
-pulls.can_auto_merge_desc = This pull request can be merged automatically.
-pulls.cannot_auto_merge_desc = This pull request cannot be merged automatically due to conflicts.
-pulls.cannot_auto_merge_helper = Merge manually to resolve the conflicts.
-pulls.num_conflicting_files_1 = "%d conflicting file"
-pulls.num_conflicting_files_n = "%d conflicting files"
-pulls.approve_count_1 = "%d approval"
-pulls.approve_count_n = "%d approvals"
-pulls.reject_count_1 = "%d change request"
-pulls.reject_count_n = "%d change requests"
-pulls.waiting_count_1 = "%d waiting review"
-pulls.waiting_count_n = "%d waiting reviews"
-pulls.wrong_commit_id = "commit ID must be a commit ID on the target branch"
-
-pulls.no_merge_desc = This pull request cannot be merged because all repository merge options are disabled.
-pulls.no_merge_helper = Enable merge options in the repository settings or merge the pull request manually.
-pulls.no_merge_wip = This pull request cannot be merged because it is marked as being a work in progress.
-pulls.no_merge_not_ready = This pull request is not ready to be merged. Check review status and status checks.
-pulls.no_merge_access = You are not authorized to merge this pull request.
-pulls.merge_pull_request = Create merge commit
-pulls.rebase_merge_pull_request = Rebase, then fast-forward
-pulls.rebase_merge_commit_pull_request = Rebase, then create merge commit
-pulls.squash_merge_pull_request = Create squash commit
-pulls.fast_forward_only_merge_pull_request = Fast-forward only
-pulls.merge_manually = Manually merged
-pulls.merge_commit_id = The merge commit ID
-pulls.require_signed_wont_sign = The branch requires signed commits but this merge will not be signed
-
-pulls.invalid_merge_option = You cannot use this merge option for this pull request.
-pulls.merge_conflict = Merge Failed: There was a conflict while merging. Hint: Try a different strategy.
-pulls.merge_conflict_summary = Error Message
-pulls.rebase_conflict = Merge Failed: There was a conflict while rebasing commit: %[1]s. Hint: Try a different strategy.
-pulls.rebase_conflict_summary = Error Message
-pulls.unrelated_histories = Merge Failed: The merge head and base do not share a common history. Hint: Try a different strategy.
-pulls.merge_out_of_date = Merge Failed: While generating the merge, the base was updated. Hint: Try again.
-pulls.head_out_of_date = Merge Failed: While generating the merge, the head was updated. Hint: Try again.
-pulls.has_merged = Failed: The pull request has been merged. You cannot merge again or change the target branch.
-pulls.push_rejected = Push Failed: The push was rejected. Review the Git Hooks for this repository.
-pulls.push_rejected_summary = Full Rejection Message
-pulls.push_rejected_no_message = Push Failed: The push was rejected but there was no remote message. Review the Git Hooks for this repository.
-pulls.open_unmerged_pull_exists = `You cannot perform a reopen operation because there is a pending pull request (#%d) with identical properties.`
-pulls.status_checking = Some checks are pending
-pulls.status_checks_success = All checks were successful
-pulls.status_checks_warning = Some checks reported warnings
-pulls.status_checks_failure = Some checks failed
-pulls.status_checks_error = Some checks reported errors
-pulls.status_checks_requested = Required
-pulls.status_checks_details = Details
-pulls.status_checks_hide_all = Hide all checks
-pulls.status_checks_show_all = Show all checks
-pulls.status_checks_approve_all = Approve all workflows
-pulls.status_checks_need_approvals = %d workflow awaiting approval
-pulls.status_checks_need_approvals_helper = The workflow will only run after approval from the repository maintainer.
-pulls.update_branch = Update branch by merge
-pulls.update_branch_rebase = Update branch by rebase
-pulls.update_branch_success = Branch update was successful
-pulls.update_not_allowed = You are not allowed to update branch
-pulls.outdated_with_base_branch = This branch is out-of-date with the base branch
-pulls.close = Close Pull Request
-pulls.closed_at = `closed this pull request <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-pulls.reopened_at = `reopened this pull request <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-pulls.cmd_instruction_hint = View command line instructions
-pulls.cmd_instruction_checkout_title = Checkout
-pulls.cmd_instruction_checkout_desc = From your project repository, check out a new branch and test the changes.
-pulls.cmd_instruction_merge_title = Merge
-pulls.cmd_instruction_merge_desc = Merge the changes and update on Gitea.
-pulls.cmd_instruction_merge_warning = Warning: This operation cannot merge pull request because "autodetect manual merge" is not enabled.
-pulls.clear_merge_message = Clear merge message
-pulls.clear_merge_message_hint = Clearing the merge message will only remove the commit message content and keep generated git trailers such as "Co-Authored-By…".
-
-pulls.auto_merge_button_when_succeed = (When checks succeed)
-pulls.auto_merge_when_succeed = Auto merge when all checks succeed
-pulls.auto_merge_newly_scheduled = The pull request was scheduled to merge when all checks succeed.
-pulls.auto_merge_has_pending_schedule = %[1]s scheduled this pull request to auto merge when all checks succeed %[2]s.
-
-pulls.auto_merge_cancel_schedule = Cancel auto merge
-pulls.auto_merge_not_scheduled = This pull request is not scheduled to auto merge.
-pulls.auto_merge_canceled_schedule = The auto merge was canceled for this pull request.
-
-pulls.auto_merge_newly_scheduled_comment = `scheduled this pull request to auto merge when all checks succeed %[1]s`
-pulls.auto_merge_canceled_schedule_comment = `canceled auto merging this pull request when all checks succeed %[1]s`
-
-pulls.delete.title = Delete this pull request?
-pulls.delete.text = Do you really want to delete this pull request? (This will permanently remove all content. Consider closing it instead, if you intend to keep it archived)
-
-pulls.recently_pushed_new_branches = You pushed on branch <strong>%[1]s</strong> %[2]s
-pulls.upstream_diverging_prompt_behind_1 = This branch is %[1]d commit behind %[2]s
-pulls.upstream_diverging_prompt_behind_n = This branch is %[1]d commits behind %[2]s
-pulls.upstream_diverging_prompt_base_newer = The base branch %s has new changes
-pulls.upstream_diverging_merge = Sync fork
-pulls.upstream_diverging_merge_confirm = Would you like to merge "%[1]s" onto "%[2]s"?
-
-pull.deleted_branch = (deleted):%s
-pull.agit_documentation = Review documentation about AGit
-
-comments.edit.already_changed = Unable to save changes to the comment. It appears the content has already been changed by another user. Please refresh the page and try editing again to avoid overwriting their changes
-
-milestones.new = New Milestone
-milestones.closed = Closed %s
-milestones.update_ago = Updated %s
-milestones.no_due_date = No due date
-milestones.open = Open
-milestones.close = Close
-milestones.new_subheader = Milestones can help you organize issues and track their progress.
-milestones.completeness = <strong>%d%%</strong> Completed
-milestones.create = Create Milestone
-milestones.title = Title
-milestones.desc = Description
-milestones.due_date = Due Date (optional)
-milestones.clear = Clear
-milestones.invalid_due_date_format = "Due date format must be 'yyyy-mm-dd'."
-milestones.create_success = The milestone "%s" has been created.
-milestones.edit = Edit Milestone
-milestones.edit_subheader = Milestones organize issues and track progress.
-milestones.cancel = Cancel
-milestones.modify = Update Milestone
-milestones.edit_success = Milestone "%s" has been updated.
-milestones.deletion = Delete Milestone
-milestones.deletion_desc = Deleting a milestone removes it from all related issues. Continue?
-milestones.deletion_success = The milestone has been deleted.
-milestones.filter_sort.name = Name
-milestones.filter_sort.earliest_due_data = Earliest due date
-milestones.filter_sort.latest_due_date = Latest due date
-milestones.filter_sort.least_complete = Least complete
-milestones.filter_sort.most_complete = Most complete
-milestones.filter_sort.most_issues = Most issues
-milestones.filter_sort.least_issues = Least issues
-
-signing.will_sign = This commit will be signed with key "%s".
-signing.wont_sign.error = There was an error while checking if the commit could be signed.
-signing.wont_sign.nokey = There is no key available to sign this commit.
-signing.wont_sign.never = Commits are never signed.
-signing.wont_sign.always = Commits are always signed.
-signing.wont_sign.pubkey = The commit will not be signed because you do not have a public key associated with your account.
-signing.wont_sign.twofa = You must have two-factor authentication enabled to have commits signed.
-signing.wont_sign.parentsigned = The commit will not be signed as the parent commit is not signed.
-signing.wont_sign.basesigned = The merge will not be signed as the base commit is not signed.
-signing.wont_sign.headsigned = The merge will not be signed as the head commit is not signed.
-signing.wont_sign.commitssigned = The merge will not be signed as all the associated commits are not signed.
-signing.wont_sign.approved = The merge will not be signed as the PR is not approved.
-signing.wont_sign.not_signed_in = You are not signed in.
-
-ext_wiki = Access to External Wiki
-ext_wiki.desc = Link to an external wiki.
-
-wiki = Wiki
-wiki.welcome = Welcome to the Wiki.
-wiki.welcome_desc = The wiki lets you write and share documentation with collaborators.
-wiki.desc = Write and share documentation with collaborators.
-wiki.create_first_page = Create the First Page
-wiki.page = Page
-wiki.filter_page = Filter page
-wiki.new_page = Page
-wiki.page_title = Page title
-wiki.page_content = Page content
-wiki.default_commit_message = Write a note about this page update (optional).
-wiki.save_page = Save Page
-wiki.last_commit_info = %s edited this page %s
-wiki.edit_page_button = Edit
-wiki.new_page_button = New Page
-wiki.file_revision = Page Revision
-wiki.wiki_page_revisions = Wiki Page Revisions
-wiki.back_to_wiki = Back to wiki page
-wiki.delete_page_button = Delete Page
-wiki.delete_page_notice_1 = Deleting the wiki page "%s" cannot be undone. Continue?
-wiki.page_already_exists = A wiki page with the same name already exists.
-wiki.reserved_page = The wiki page name "%s" is reserved.
-wiki.pages = Pages
-wiki.last_updated = Last updated %s
-wiki.page_name_desc = Enter a name for this Wiki page. Some special names are: 'Home', '_Sidebar' and '_Footer'.
-wiki.original_git_entry_tooltip = View original Git file instead of using friendly link.
-
-activity = Activity
-activity.navbar.pulse = Pulse
-activity.navbar.code_frequency = Code Frequency
-activity.navbar.contributors = Contributors
-activity.navbar.recent_commits = Recent Commits
-activity.period.filter_label = Period:
-activity.period.daily = 1 day
-activity.period.halfweekly = 3 days
-activity.period.weekly = 1 week
-activity.period.monthly = 1 month
-activity.period.quarterly = 3 months
-activity.period.semiyearly = 6 months
-activity.period.yearly = 1 year
-activity.overview = Overview
-activity.active_prs_count_1 = <strong>%d</strong> Active Pull Request
-activity.active_prs_count_n = <strong>%d</strong> Active Pull Requests
-activity.merged_prs_count_1 = Merged Pull Request
-activity.merged_prs_count_n = Merged Pull Requests
-activity.opened_prs_count_1 = Proposed Pull Request
-activity.opened_prs_count_n = Proposed Pull Requests
-activity.title.user_1 = %d user
-activity.title.user_n = %d users
-activity.title.prs_1 = %d Pull request
-activity.title.prs_n = %d Pull requests
-activity.title.prs_merged_by = %s merged by %s
-activity.title.prs_opened_by = %s proposed by %s
-activity.merged_prs_label = Merged
-activity.opened_prs_label = Proposed
-activity.active_issues_count_1 = <strong>%d</strong> Active Issue
-activity.active_issues_count_n = <strong>%d</strong> Active Issues
-activity.closed_issues_count_1 = Closed Issue
-activity.closed_issues_count_n = Closed Issues
-activity.title.issues_1 = %d Issue
-activity.title.issues_n = %d Issues
-activity.title.issues_closed_from = %s closed from %s
-activity.title.issues_created_by = %s created by %s
-activity.closed_issue_label = Closed
-activity.new_issues_count_1 = New Issue
-activity.new_issues_count_n = New Issues
-activity.new_issue_label = Opened
-activity.title.unresolved_conv_1 = %d Unresolved Conversation
-activity.title.unresolved_conv_n = %d Unresolved Conversations
-activity.unresolved_conv_desc = These recently changed issues and pull requests have not been resolved yet.
-activity.unresolved_conv_label = Open
-activity.title.releases_1 = %d Release
-activity.title.releases_n = %d Releases
-activity.title.releases_published_by = %s published by %s
-activity.published_release_label = Published
-activity.no_git_activity = There has been no commit activity in this period.
-activity.git_stats_exclude_merges = Excluding merges,
-activity.git_stats_author_1 = %d author
-activity.git_stats_author_n = %d authors
-activity.git_stats_pushed_1 = has pushed
-activity.git_stats_pushed_n = have pushed
-activity.git_stats_commit_1 = %d commit
-activity.git_stats_commit_n = %d commits
-activity.git_stats_push_to_branch = to %s and
-activity.git_stats_push_to_all_branches = to all branches.
-activity.git_stats_on_default_branch = On %s,
-activity.git_stats_file_1 = %d file
-activity.git_stats_file_n = %d files
-activity.git_stats_files_changed_1 = has changed
-activity.git_stats_files_changed_n = have changed
-activity.git_stats_additions = and there have been
-activity.git_stats_addition_1 = %d addition
-activity.git_stats_addition_n = %d additions
-activity.git_stats_and_deletions = and
-activity.git_stats_deletion_1 = %d deletion
-activity.git_stats_deletion_n = %d deletions
-
-contributors.contribution_type.filter_label = Contribution type:
-contributors.contribution_type.commits = Commits
-contributors.contribution_type.additions = Additions
-contributors.contribution_type.deletions = Deletions
-
-settings = Settings
-settings.desc = Settings is where you can manage the settings for the repository.
-settings.options = Repository
-settings.public_access = Public Access
-settings.public_access_desc = Configure public visitor's access permissions to override the defaults of this repository.
-settings.public_access.docs.not_set = Not Set: no extra public access permission. The visitor's permission follows the repository's visibility and member permissions.
-settings.public_access.docs.anonymous_read = Anonymous Read: users who are not logged in can access the unit with read permission.
-settings.public_access.docs.everyone_read = Everyone Read: all logged-in users can access the unit with read permission. Read permission of issue/pull-request units also means users can create new issues/pull requests.
-settings.public_access.docs.everyone_write = Everyone Write: all logged-in users have write permission to the unit. Only Wiki unit supports this permission.
-settings.collaboration = Collaborators
-settings.collaboration.admin = Administrator
-settings.collaboration.write = Write
-settings.collaboration.read = Read
-settings.collaboration.owner = Owner
-settings.collaboration.undefined = Undefined
-settings.collaboration.per_unit = Unit Permissions
-settings.hooks = Webhooks
-settings.githooks = Git Hooks
-settings.basic_settings = Basic Settings
-settings.mirror_settings = Mirror Settings
-settings.mirror_settings.docs = Set up your repository to automatically synchronize commits, tags and branches with another repository.
-settings.mirror_settings.docs.disabled_pull_mirror.instructions = Set up your project to automatically push commits, tags and branches to another repository. Pull mirrors have been disabled by your site administrator.
-settings.mirror_settings.docs.disabled_push_mirror.instructions = Set up your project to automatically pull commits, tags and branches from another repository.
-settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning = Right now, this can only be done in the "New Migration" menu. For more information, please consult:
-settings.mirror_settings.docs.disabled_push_mirror.info = Push mirrors have been disabled by your site administrator.
-settings.mirror_settings.docs.no_new_mirrors = Your repository is mirroring changes to or from another repository. Please keep in mind that you currently can't create any new mirrors.
-settings.mirror_settings.docs.can_still_use = Although you can't modify existing mirrors or create new ones, you may still use your existing mirror.
-settings.mirror_settings.docs.pull_mirror_instructions = To set up a pull mirror, please consult:
-settings.mirror_settings.docs.more_information_if_disabled = You can find out more about push and pull mirrors here:
-settings.mirror_settings.docs.doc_link_title = How do I mirror repositories?
-settings.mirror_settings.docs.doc_link_pull_section = the "Pulling from a remote repository" section of the documentation.
-settings.mirror_settings.docs.pulling_remote_title = Pulling from a remote repository
-settings.mirror_settings.mirrored_repository = Mirrored repository
-settings.mirror_settings.pushed_repository = Pushed repository
-settings.mirror_settings.direction = Direction
-settings.mirror_settings.direction.pull = Pull
-settings.mirror_settings.direction.push = Push
-settings.mirror_settings.last_update = Last update
-settings.mirror_settings.push_mirror.none = No push mirrors configured
-settings.mirror_settings.push_mirror.remote_url = Git Remote Repository URL
-settings.mirror_settings.push_mirror.add = Add Push Mirror
-settings.mirror_settings.push_mirror.edit_sync_time = Edit mirror sync interval
-
-settings.sync_mirror = Synchronize Now
-settings.pull_mirror_sync_in_progress = Pulling changes from the remote %s at the moment.
-settings.push_mirror_sync_in_progress = Pushing changes to the remote %s at the moment.
-settings.site = Website
-settings.update_settings = Update Settings
-settings.update_mirror_settings = Update Mirror Settings
-settings.branches.switch_default_branch = Switch Default Branch
-settings.branches.update_default_branch = Update Default Branch
-settings.branches.add_new_rule = Add New Rule
-settings.advanced_settings = Advanced Settings
-settings.wiki_desc = Enable Repository Wiki
-settings.use_internal_wiki = Use Built-In Wiki
-settings.default_wiki_branch_name = Default Wiki Branch Name
-settings.failed_to_change_default_wiki_branch = Failed to change the default wiki branch.
-settings.use_external_wiki = Use External Wiki
-settings.external_wiki_url = External Wiki URL
-settings.external_wiki_url_error = The external wiki URL is not a valid URL.
-settings.external_wiki_url_desc = Visitors are redirected to the external wiki URL when clicking the wiki tab.
-settings.issues_desc = Enable Repository Issue Tracker
-settings.use_internal_issue_tracker = Use Built-In Issue Tracker
-settings.use_external_issue_tracker = Use External Issue Tracker
-settings.external_tracker_url = External Issue Tracker URL
-settings.external_tracker_url_error = The external issue tracker URL is not a valid URL.
-settings.external_tracker_url_desc = Visitors are redirected to the external issue tracker URL when clicking on the issues tab.
-settings.tracker_url_format = External Issue Tracker URL Format
-settings.tracker_url_format_error = The external issue tracker URL format is not a valid URL.
-settings.tracker_issue_style = External Issue Tracker Number Format
-settings.tracker_issue_style.numeric = Numeric
-settings.tracker_issue_style.alphanumeric = Alphanumeric
-settings.tracker_issue_style.regexp = Regular Expression
-settings.tracker_issue_style.regexp_pattern = Regular Expression Pattern
-settings.tracker_issue_style.regexp_pattern_desc = The first captured group will be used in place of <code>{index}</code>.
-settings.tracker_url_format_desc = Use the placeholders <code>{user}</code>, <code>{repo}</code> and <code>{index}</code> for the username, repository name and issue index.
-settings.enable_timetracker = Enable Time Tracking
-settings.allow_only_contributors_to_track_time = Let Only Contributors Track Time
-settings.pulls_desc = Enable Repository Pull Requests
-settings.pulls.ignore_whitespace = Ignore Whitespace for Conflicts
-settings.pulls.enable_autodetect_manual_merge = Enable autodetect manual merge (Note: In some special cases, misjudgments can occur)
-settings.pulls.allow_rebase_update = Enable updating pull request branch by rebase
-settings.pulls.default_delete_branch_after_merge = Delete pull request branch after merge by default
-settings.pulls.default_allow_edits_from_maintainers = Allow edits from maintainers by default
-settings.releases_desc = Enable Repository Releases
-settings.packages_desc = Enable Repository Packages Registry
-settings.projects_desc = Enable Projects
-settings.projects_mode_desc = Projects Mode (which kinds of projects to show)
-settings.projects_mode_repo = Repo projects only
-settings.projects_mode_owner = Only user or org projects
-settings.projects_mode_all = All projects
-settings.actions_desc = Enable Repository Actions
-settings.admin_settings = Administrator Settings
-settings.admin_enable_health_check = Enable Repository Health Checks (git fsck)
-settings.admin_code_indexer = Code Indexer
-settings.admin_stats_indexer = Code Statistics Indexer
-settings.admin_indexer_commit_sha = Last Indexed SHA
-settings.admin_indexer_unindexed = Unindexed
-settings.reindex_button = Add to Reindex Queue
-settings.reindex_requested=Reindex Requested
-settings.admin_enable_close_issues_via_commit_in_any_branch = Close an issue via a commit made in a non-default branch
-settings.danger_zone = Danger Zone
-settings.new_owner_has_same_repo = The new owner already has a repository with same name. Please choose another name.
-settings.convert = Convert to Regular Repository
-settings.convert_desc = You can convert this mirror into a regular repository. This cannot be undone.
-settings.convert_notices_1 = This operation will convert the mirror into a regular repository and cannot be undone.
-settings.convert_confirm = Convert Repository
-settings.convert_succeed = The mirror has been converted into a regular repository.
-settings.convert_fork = Convert to Regular Repository
-settings.convert_fork_desc = You can convert this fork into a regular repository. This cannot be undone.
-settings.convert_fork_notices_1 = This operation will convert the fork into a regular repository and cannot be undone.
-settings.convert_fork_confirm = Convert Repository
-settings.convert_fork_succeed = The fork has been converted into a regular repository.
-settings.transfer = Transfer Ownership
-settings.transfer.rejected = Repository transfer was rejected.
-settings.transfer.success = Repository transfer was successful.
-settings.transfer.blocked_user = Cannot transfer repository because you are blocked by the new owner.
-settings.transfer_abort = Cancel transfer
-settings.transfer_abort_invalid = You cannot cancel a non existent repository transfer.
-settings.transfer_abort_success = The repository transfer to %s was successfully canceled.
-settings.transfer_desc = Transfer this repository to a user or to an organization for which you have administrator rights.
-settings.transfer_form_title = Enter the repository name as confirmation:
-settings.transfer_in_progress = There is currently an ongoing transfer. Please cancel it if you would like to transfer this repository to another user.
-settings.transfer_notices_1 = - You will lose access to the repository if you transfer it to an individual user.
-settings.transfer_notices_2 = - You will keep access to the repository if you transfer it to an organization that you (co-)own.
-settings.transfer_notices_3 = - If the repository is private and is transferred to an individual user, this action makes sure that the user does have at least read permission (and changes permissions if necessary).
-settings.transfer_notices_4 = - If the repository belongs to an organization, and you transfer it to another organization or individual, you will lose the links between the repository's issues and the organization's project board.
-settings.transfer_owner = New Owner
-settings.transfer_perform = Perform Transfer
-settings.transfer_started = This repository has been marked for transfer and awaits confirmation from "%s"
-settings.transfer_succeed = The repository has been transferred.
-settings.signing_settings = Signing Verification Settings
-settings.trust_model = Signature Trust Model
-settings.trust_model.default = Default Trust Model
-settings.trust_model.default.desc= Use the default repository trust model for this installation.
-settings.trust_model.collaborator = Collaborator
-settings.trust_model.collaborator.long = Collaborator: Trust signatures by collaborators
-settings.trust_model.collaborator.desc = Valid signatures by collaborators of this repository will be marked "trusted", whether they match the committer or not. Otherwise, valid signatures will be marked "untrusted" if the signature matches the committer and "unmatched" if not.
-settings.trust_model.committer = Committer
-settings.trust_model.committer.long = Committer: Trust signatures that match committers. This matches GitHub's behavior and will force commits signed by Gitea to have Gitea as the committer.
-settings.trust_model.committer.desc = Valid signatures will only be marked "trusted" if they match the committer, otherwise they will be marked "unmatched". This forces Gitea to be the committer on signed commits, with the actual committer marked as Co-authored-by: and Co-committed-by: trailer in the commit. The default Gitea key must match a user in the database.
-settings.trust_model.collaboratorcommitter = Collaborator+Committer
-settings.trust_model.collaboratorcommitter.long = Collaborator+Committer: Trust signatures by collaborators which match the committer
-settings.trust_model.collaboratorcommitter.desc = Valid signatures by collaborators of this repository will be marked "trusted" if they match the committer. Otherwise, valid signatures will be marked "untrusted" if the signature matches the committer and "unmatched" otherwise. This will force Gitea to be marked as the committer on signed commits, with the actual committer marked as Co-Authored-By: and Co-Committed-By: trailer in the commit. The default Gitea key must match a user in the database.
-settings.wiki_delete = Delete Wiki Data
-settings.wiki_delete_desc = Deleting repository wiki data is permanent and cannot be undone.
-settings.wiki_delete_notices_1 = - This will permanently delete and disable the repository wiki for %s.
-settings.confirm_wiki_delete = Delete Wiki Data
-settings.wiki_deletion_success = The repository wiki data has been deleted.
-settings.delete = Delete This Repository
-settings.delete_desc = Deleting a repository is permanent and cannot be undone.
-settings.delete_notices_1 = - This operation <strong>CANNOT</strong> be undone.
-settings.delete_notices_2 = - This operation will permanently delete the <strong>%s</strong> repository, including code, issues, comments, wiki data and collaborator settings.
-settings.delete_notices_fork_1 = - Forks of this repository will become independent after deletion.
-settings.deletion_success = The repository has been deleted.
-settings.update_settings_success = The repository settings have been updated.
-settings.update_settings_no_unit = The repository should allow at least some sort of interaction.
-settings.confirm_delete = Delete Repository
-settings.add_collaborator = Add Collaborator
-settings.add_collaborator_success = The collaborator has been added.
-settings.add_collaborator_inactive_user = Cannot add an inactive user as a collaborator.
-settings.add_collaborator_owner = Cannot add an owner as a collaborator.
-settings.add_collaborator_duplicate = The collaborator is already added to this repository.
-settings.add_collaborator.blocked_user = The collaborator is blocked by the repository owner or vice versa.
-settings.delete_collaborator = Remove
-settings.collaborator_deletion = Remove Collaborator
-settings.collaborator_deletion_desc = Removing a collaborator will revoke their access to this repository. Continue?
-settings.remove_collaborator_success = The collaborator has been removed.
-settings.org_not_allowed_to_be_collaborator = Organizations cannot be added as a collaborator.
-settings.change_team_access_not_allowed = Changing team access for repository has been restricted to organization owner
-settings.team_not_in_organization = The team is not in the same organization as the repository
-settings.teams = Teams
-settings.add_team = Add Team
-settings.add_team_duplicate = Team already has the repository
-settings.add_team_success = The team now has access to the repository.
-settings.change_team_permission_tip = Team's permission is set on the team settings page and can't be changed per repository
-settings.delete_team_tip = This team has access to all repositories and can't be removed
-settings.remove_team_success = The team's access to the repository has been removed.
-settings.add_webhook = Add Webhook
-settings.add_webhook.invalid_channel_name = Webhook channel name cannot be empty and cannot contain only a # character.
-settings.hooks_desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Read more in the <a target="_blank" rel="noopener noreferrer" href="%s">webhooks guide</a>.
-settings.webhook_deletion = Remove Webhook
-settings.webhook_deletion_desc = Removing a webhook deletes its settings and delivery history. Continue?
-settings.webhook_deletion_success = The webhook has been removed.
-settings.webhook.test_delivery = Test Push Event
-settings.webhook.test_delivery_desc = Test this webhook with a fake push event.
-settings.webhook.test_delivery_desc_disabled = To test this webhook with a fake event, activate it.
-settings.webhook.request = Request
-settings.webhook.response = Response
-settings.webhook.headers = Headers
-settings.webhook.payload = Content
-settings.webhook.body = Body
-settings.webhook.replay.description = Replay this webhook.
-settings.webhook.replay.description_disabled = To replay this webhook, activate it.
-settings.webhook.delivery.success = An event has been added to the delivery queue. It may take few seconds before it shows up in the delivery history.
-settings.githooks_desc = "Git Hooks are powered by Git itself. You can edit hook files below to set up custom operations."
-settings.githook_edit_desc = If the hook is inactive, sample content will be presented. Leaving content to an empty value will disable this hook.
-settings.githook_name = Hook Name
-settings.githook_content = Hook Content
-settings.update_githook = Update Hook
-settings.add_webhook_desc = Gitea will send <code>POST</code> requests with a specified content type to the target URL. Read more in the <a target="_blank" rel="noopener noreferrer" href="%s">webhooks guide</a>.
-settings.payload_url = Target URL
-settings.http_method = HTTP Method
-settings.content_type = POST Content Type
-settings.secret = Secret
-settings.webhook_secret_desc = If the webhook server supports using secret, you can follow the webhook's manual and fill in a secret here.
-settings.slack_username = Username
-settings.slack_icon_url = Icon URL
-settings.slack_color = Color
-settings.discord_username = Username
-settings.discord_icon_url = Icon URL
-settings.event_desc = Trigger On:
-settings.event_push_only = Push Events
-settings.event_send_everything = All Events
-settings.event_choose = Custom Events…
-settings.event_header_repository = Repository Events
-settings.event_create = Create
-settings.event_create_desc = Branch or tag created.
-settings.event_delete = Delete
-settings.event_delete_desc = Branch or tag deleted.
-settings.event_fork = Fork
-settings.event_fork_desc = Repository forked.
-settings.event_wiki = Wiki
-settings.event_wiki_desc = Wiki page created, renamed, edited or deleted.
-settings.event_statuses = Statuses
-settings.event_statuses_desc = Commit Status updated from the API.
-settings.event_release = Release
-settings.event_release_desc = Release published, updated or deleted in a repository.
-settings.event_push = Push
-settings.event_force_push = Force Push
-settings.event_push_desc = Git push to a repository.
-settings.event_repository = Repository
-settings.event_repository_desc = Repository created or deleted.
-settings.event_header_issue = Issue Events
-settings.event_issues = Issues
-settings.event_issues_desc = Issue opened, closed, reopened, edited or deleted.
-settings.event_issue_assign = Issue Assigned
-settings.event_issue_assign_desc = Issue assigned or unassigned.
-settings.event_issue_label = Issue Labeled
-settings.event_issue_label_desc = Issue labels updated or cleared.
-settings.event_issue_milestone = Issue Milestoned
-settings.event_issue_milestone_desc = Issue milestoned or demilestoned.
-settings.event_issue_comment = Issue Comment
-settings.event_issue_comment_desc = Issue comment created, edited, or deleted.
-settings.event_header_pull_request = Pull Request Events
-settings.event_pull_request = Pull Request
-settings.event_pull_request_desc = Pull request opened, closed, reopened, edited or deleted.
-settings.event_pull_request_assign = Pull Request Assigned
-settings.event_pull_request_assign_desc = Pull request assigned or unassigned.
-settings.event_pull_request_label = Pull Request Labeled
-settings.event_pull_request_label_desc = Pull request labels updated or cleared.
-settings.event_pull_request_milestone = Pull Request Milestoned
-settings.event_pull_request_milestone_desc = Pull request milestoned or demilestoned.
-settings.event_pull_request_comment = Pull Request Comment
-settings.event_pull_request_comment_desc = Pull request comment created, edited, or deleted.
-settings.event_pull_request_review = Pull Request Reviewed
-settings.event_pull_request_review_desc = Pull request approved, rejected, or review comment.
-settings.event_pull_request_sync = Pull Request Synchronized
-settings.event_pull_request_sync_desc = Pull request synchronized.
-settings.event_pull_request_review_request = Pull Request Review Requested
-settings.event_pull_request_review_request_desc = Pull request review requested or review request removed.
-settings.event_pull_request_approvals = Pull Request Approvals
-settings.event_pull_request_merge = Pull Request Merge
-settings.event_header_workflow = Workflow Events
-settings.event_workflow_run = Workflow Run
-settings.event_workflow_run_desc = Gitea Actions Workflow run queued, waiting, in progress, or completed.
-settings.event_workflow_job = Workflow Jobs
-settings.event_workflow_job_desc = Gitea Actions Workflow job queued, waiting, in progress, or completed.
-settings.event_package = Package
-settings.event_package_desc = Package created or deleted in a repository.
-settings.branch_filter = Branch filter
-settings.branch_filter_desc_1 = Branch (and ref name) allowlist for push, branch creation and branch deletion events, specified as glob pattern. If empty or <code>*</code>, events for all branches and tags are reported.
-settings.branch_filter_desc_2 = Use <code>refs/heads/</code> or <code>refs/tags/</code> prefix to match full ref names.
-settings.branch_filter_desc_doc = See <a href="%[1]s">%[2]s</a> documentation for syntax.
-settings.authorization_header = Authorization Header
-settings.authorization_header_desc = Will be included as authorization header for requests when present. Examples: %s.
-settings.active = Active
-settings.active_helper = Information about triggered events will be sent to this webhook URL.
-settings.add_hook_success = The webhook has been added.
-settings.update_webhook = Update Webhook
-settings.update_hook_success = The webhook has been updated.
-settings.delete_webhook = Remove Webhook
-settings.recent_deliveries = Recent Deliveries
-settings.hook_type = Hook Type
-settings.slack_token = Token
-settings.slack_domain = Domain
-settings.slack_channel = Channel
-settings.add_web_hook_desc = Integrate <a target="_blank" rel="noreferrer" href="%s">%s</a> into your repository.
-settings.web_hook_name_gitea = Gitea
-settings.web_hook_name_gogs = Gogs
-settings.web_hook_name_slack = Slack
-settings.web_hook_name_discord = Discord
-settings.web_hook_name_dingtalk = DingTalk
-settings.web_hook_name_telegram = Telegram
-settings.web_hook_name_matrix = Matrix
-settings.web_hook_name_msteams = Microsoft Teams
-settings.web_hook_name_feishu_or_larksuite = Feishu / Lark Suite
-settings.web_hook_name_feishu = Feishu
-settings.web_hook_name_larksuite = Lark Suite
-settings.web_hook_name_wechatwork = WeCom (Wechat Work)
-settings.web_hook_name_packagist = Packagist
-settings.packagist_username = Packagist username
-settings.packagist_api_token = API token
-settings.packagist_package_url = Packagist package URL
-settings.deploy_keys = Deploy Keys
-settings.add_deploy_key = Add Deploy Key
-settings.deploy_key_desc = Deploy keys have read-only pull access to the repository.
-settings.is_writable = Enable Write Access
-settings.is_writable_info = Allow this deploy key to <strong>push</strong> to the repository.
-settings.no_deploy_keys = There are no deploy keys yet.
-settings.title = Title
-settings.deploy_key_content = Content
-settings.key_been_used = A deploy key with identical content is already in use.
-settings.key_name_used = A deploy key with the same name already exists.
-settings.add_key_success = The deploy key "%s" has been added.
-settings.deploy_key_deletion = Remove Deploy Key
-settings.deploy_key_deletion_desc = Removing a deploy key will revoke its access to this repository. Continue?
-settings.deploy_key_deletion_success = The deploy key has been removed.
-settings.branches = Branches
-settings.protected_branch = Branch Protection
-settings.protected_branch.save_rule = Save Rule
-settings.protected_branch.delete_rule = Delete Rule
-settings.protected_branch_can_push = Allow push?
-settings.protected_branch_can_push_yes = You can push
-settings.protected_branch_can_push_no = You cannot push
-settings.branch_protection = Branch Protection Rules for Branch '<b>%s</b>'
-settings.protect_this_branch = Enable Branch Protection
-settings.protect_this_branch_desc = Prevents deletion and restricts Git pushing and merging to the branch.
-settings.protect_disable_push = Disable Push
-settings.protect_disable_push_desc = No pushing will be allowed to this branch.
-settings.protect_disable_force_push = Disable Force Push
-settings.protect_disable_force_push_desc = No force pushing will be allowed to this branch.
-settings.protect_enable_push = Enable Push
-settings.protect_enable_push_desc = Anyone with write access will be allowed to push to this branch (but not force push).
-settings.protect_enable_force_push_all = Enable Force Push
-settings.protect_enable_force_push_all_desc = Anyone with push access will be allowed to force push to this branch.
-settings.protect_enable_force_push_allowlist = Allowlist Restricted Force Push
-settings.protect_enable_force_push_allowlist_desc = Only allowlisted users or teams with push access will be allowed to force push to this branch.
-settings.protect_enable_merge = Enable Merge
-settings.protect_enable_merge_desc = Anyone with write access will be allowed to merge the pull requests into this branch.
-settings.protect_whitelist_committers = Allowlist Restricted Push
-settings.protect_whitelist_committers_desc = Only allowlisted users or teams will be allowed to push to this branch (but not force push).
-settings.protect_whitelist_deploy_keys = Allowlist deploy keys with write access to push.
-settings.protect_whitelist_users = Allowlisted users for pushing:
-settings.protect_whitelist_teams = Allowlisted teams for pushing:
-settings.protect_force_push_allowlist_users = Allowlisted users for force pushing:
-settings.protect_force_push_allowlist_teams = Allowlisted teams for force pushing:
-settings.protect_force_push_allowlist_deploy_keys = Allowlist deploy keys with push access to force push.
-settings.protect_merge_whitelist_committers = Enable Merge Allowlist
-settings.protect_merge_whitelist_committers_desc = Allow only allowlisted users or teams to merge pull requests into this branch.
-settings.protect_merge_whitelist_users = Allowlisted users for merging:
-settings.protect_merge_whitelist_teams = Allowlisted teams for merging:
-settings.protect_check_status_contexts = Enable Status Check
-settings.protect_status_check_patterns = Status check patterns:
-settings.protect_status_check_patterns_desc = Enter patterns to specify which status checks must pass before branches can be merged into a branch that matches this rule. Each line specifies a pattern. Patterns cannot be empty.
-settings.protect_check_status_contexts_desc = Require status checks to pass before merging. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. If no contexts are matched, the last commit must be successful regardless of context.
-settings.protect_check_status_contexts_list = Status checks found in the last week for this repository
-settings.protect_status_check_matched = Matched
-settings.protect_invalid_status_check_pattern = Invalid status check pattern: "%s".
-settings.protect_no_valid_status_check_patterns = No valid status check patterns.
-settings.protect_required_approvals = Required approvals:
-settings.protect_required_approvals_desc = Allow only to merge pull request with enough required approvals. Required approvals are either from users or teams who are on the allowlist or anyone with write access.
-settings.protect_approvals_whitelist_enabled = Restrict approvals to allowlisted users or teams
-settings.protect_approvals_whitelist_enabled_desc = Only reviews from allowlisted users or teams will count to the required approvals. Without approval allowlist, reviews from anyone with write access count to the required approvals.
-settings.protect_approvals_whitelist_users = Allowlisted reviewers:
-settings.protect_approvals_whitelist_teams = Allowlisted teams for reviews:
-settings.dismiss_stale_approvals = Dismiss stale approvals
-settings.dismiss_stale_approvals_desc = When new commits that change the content of the pull request are pushed to the branch, old approvals will be dismissed.
-settings.ignore_stale_approvals = Ignore stale approvals
-settings.ignore_stale_approvals_desc = Do not count approvals that were made on older commits (stale reviews) towards how many approvals the PR has. Irrelevant if stale reviews are already dismissed.
-settings.require_signed_commits = Require Signed Commits
-settings.require_signed_commits_desc = Reject pushes to this branch if they are unsigned or unverifiable.
-settings.protect_branch_name_pattern = Protected Branch Name Pattern
-settings.protect_branch_name_pattern_desc = "Protected branch name patterns. See <a href="%s">the documentation</a> for pattern syntax. Examples: main, release/**"
-settings.protect_patterns = Patterns
-settings.protect_protected_file_patterns = "Protected file patterns (separated using semicolon ';'):"
-settings.protect_protected_file_patterns_desc = "Protected files are not allowed to be changed directly even if user has rights to add, edit, or delete files in this branch. Multiple patterns can be separated using semicolon (';'). See <a href='%[1]s'>%[2]s</a> documentation for pattern syntax. Examples: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>."
-settings.protect_unprotected_file_patterns = "Unprotected file patterns (separated using semicolon ';'):"
-settings.protect_unprotected_file_patterns_desc = "Unprotected files that are allowed to be changed directly if user has write access, bypassing push restriction. Multiple patterns can be separated using semicolon (';'). See <a href='%[1]s'>%[2]s</a> documentation for pattern syntax. Examples: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>."
-settings.add_protected_branch = Enable protection
-settings.delete_protected_branch = Disable protection
-settings.update_protect_branch_success = Branch protection for rule "%s" has been updated.
-settings.remove_protected_branch_success = Branch protection for rule "%s" has been removed.
-settings.remove_protected_branch_failed = Removing branch protection rule "%s" failed.
-settings.protected_branch_deletion = Delete Branch Protection
-settings.protected_branch_deletion_desc = Disabling branch protection allows users with write permission to push to the branch. Continue?
-settings.block_rejected_reviews = Block merge on rejected reviews
-settings.block_rejected_reviews_desc = Merging will not be possible when changes are requested by official reviewers, even if there are enough approvals.
-settings.block_on_official_review_requests = Block merge on official review requests
-settings.block_on_official_review_requests_desc = Merging will not be possible when it has official review requests, even if there are enough approvals.
-settings.block_outdated_branch = Block merge if pull request is outdated
-settings.block_outdated_branch_desc = Merging will not be possible when head branch is behind base branch.
-settings.block_admin_merge_override = Administrators must follow branch protection rules
-settings.block_admin_merge_override_desc = Administrators must follow branch protection rules and cannot circumvent it.
-settings.default_branch_desc = Select a default repository branch for pull requests and code commits:
-settings.merge_style_desc = Merge Styles
-settings.default_merge_style_desc = Default Merge Style
-settings.choose_branch = Choose a branch…
-settings.no_protected_branch = There are no protected branches.
-settings.edit_protected_branch = Edit
-settings.protected_branch_required_rule_name = Required rule name
-settings.protected_branch_duplicate_rule_name = Duplicate rule name
-settings.protected_branch_required_approvals_min = Required approvals cannot be negative.
-settings.tags = Tags
-settings.tags.protection = Tag Protection
-settings.tags.protection.pattern = Tag Pattern
-settings.tags.protection.allowed = Allowed
-settings.tags.protection.allowed.users = Allowed users
-settings.tags.protection.allowed.teams = Allowed teams
-settings.tags.protection.allowed.noone = No One
-settings.tags.protection.create = Protect Tag
-settings.tags.protection.none = There are no protected tags.
-settings.tags.protection.pattern.description = You can use a single name or a glob pattern or regular expression to match multiple tags. Read more in the <a target="_blank" rel="noopener" href="%s">protected tags guide</a>.
-settings.bot_token = Bot Token
-settings.chat_id = Chat ID
-settings.thread_id = Thread ID
-settings.matrix.homeserver_url = Homeserver URL
-settings.matrix.room_id = Room ID
-settings.matrix.message_type = Message Type
-settings.visibility.private.button = Make Private
-settings.visibility.private.text = Changing the visibility to private will make the repo visible only to allowed members and may remove the relationship between it and existing forks, watchers, and stars.
-settings.visibility.private.bullet_title = <strong>Changing the visibility to private will:</strong>
-settings.visibility.private.bullet_one = Make the repo visible only to allowed members.
-settings.visibility.private.bullet_two = May remove the relationship between it and <strong>forks</strong>, <strong>watchers</strong>, and <strong>stars</strong>.
-settings.visibility.public.button = Make Public
-settings.visibility.public.text = Changing the visibility to public will make the repo visible to anyone.
-settings.visibility.public.bullet_title= <strong>Changing the visibility to public will:</strong>
-settings.visibility.public.bullet_one = Make the repo visible to anyone.
-settings.visibility.success = Repository visibility changed.
-settings.visibility.error = An error occurred while trying to change the repo visibility.
-settings.visibility.fork_error = Can't change the visibility of a forked repo.
-settings.archive.button = Archive Repo
-settings.archive.header = Archive This Repo
-settings.archive.text = Archiving the repo will make it entirely read-only. It will be hidden from the dashboard. Nobody (not even you!) will be able to make new commits, or open any issues or pull requests.
-settings.archive.success = The repo was successfully archived.
-settings.archive.error = An error occurred while trying to archive the repo. See the log for more details.
-settings.archive.error_ismirror = You cannot archive a mirrored repo.
-settings.archive.branchsettings_unavailable = Branch settings are not available if the repo is archived.
-settings.archive.tagsettings_unavailable = Tag settings are not available if the repo is archived.
-settings.archive.mirrors_unavailable = Mirrors are not available if the repo is archived.
-settings.unarchive.button = Unarchive repo
-settings.unarchive.header = Unarchive this repo
-settings.unarchive.text = Unarchiving the repo will restore its ability to receive commits and pushes, as well as new issues and pull requests.
-settings.unarchive.success = The repo was successfully unarchived.
-settings.unarchive.error = An error occurred while trying to unarchive the repo. See the log for more details.
-settings.update_avatar_success = The repository avatar has been updated.
-settings.lfs=LFS
-settings.lfs_filelist=LFS files stored in this repository
-settings.lfs_no_lfs_files=No LFS files stored in this repository
-settings.lfs_findcommits=Find commits
-settings.lfs_lfs_file_no_commits=No Commits found for this LFS file
-settings.lfs_noattribute=This path does not have the lockable attribute in the default branch
-settings.lfs_delete=Delete LFS file with OID %s
-settings.lfs_delete_warning=Deleting an LFS file may cause 'object does not exist' errors on checkout. Are you sure?
-settings.lfs_findpointerfiles=Find pointer files
-settings.lfs_locks=Locks
-settings.lfs_invalid_locking_path=Invalid path: %s
-settings.lfs_invalid_lock_directory=Cannot lock directory: %s
-settings.lfs_lock_already_exists=Lock already exists: %s
-settings.lfs_lock=Lock
-settings.lfs_lock_path=Filepath to lock…
-settings.lfs_locks_no_locks=No Locks
-settings.lfs_lock_file_no_exist=Locked file does not exist in default branch
-settings.lfs_force_unlock=Force Unlock
-settings.lfs_pointers.found=Found %d blob pointer(s) — %d associated, %d unassociated (%d missing from store)
-settings.lfs_pointers.sha=Blob SHA
-settings.lfs_pointers.oid=OID
-settings.lfs_pointers.inRepo=In Repo
-settings.lfs_pointers.exists=Exists in store
-settings.lfs_pointers.accessible=Accessible to User
-settings.lfs_pointers.associateAccessible=Associate accessible %d OIDs
-settings.rename_branch_failed_exist=Cannot rename branch because target branch %s exists.
-settings.rename_branch_failed_not_exist=Cannot rename branch %s because it does not exist.
-settings.rename_branch_success =Branch %s was successfully renamed to %s.
-settings.rename_branch_from=old branch name
-settings.rename_branch_to=new branch name
-settings.rename_branch=Rename branch
-
-diff.browse_source = Browse Source
-diff.parent = parent
-diff.commit = commit
-diff.git-notes = Notes
-diff.data_not_available = Diff Content Not Available
-diff.options_button = Diff Options
-diff.download_patch = Download Patch File
-diff.download_diff = Download Diff File
-diff.show_split_view = Split View
-diff.show_unified_view = Unified View
-diff.whitespace_button = Whitespace
-diff.whitespace_show_everything = Show all changes
-diff.whitespace_ignore_all_whitespace = Ignore whitespace when comparing lines
-diff.whitespace_ignore_amount_changes = Ignore changes in amount of whitespace
-diff.whitespace_ignore_at_eol = Ignore changes in whitespace at EOL
-diff.stats_desc = <strong> %d changed files</strong> with <strong>%d additions</strong> and <strong>%d deletions</strong>
-diff.stats_desc_file = %d changes: %d additions and %d deletions
-diff.bin = BIN
-diff.bin_not_shown = Binary file not shown.
-diff.view_file = View File
-diff.file_before = Before
-diff.file_after = After
-diff.file_image_width = Width
-diff.file_image_height = Height
-diff.file_byte_size = Size
-diff.file_suppressed = File diff suppressed because it is too large
-diff.file_suppressed_line_too_long = File diff suppressed because one or more lines are too long
-diff.too_many_files = Some files were not shown because too many files have changed in this diff
-diff.show_more = Show More
-diff.load = Load Diff
-diff.generated = generated
-diff.vendored = vendored
-diff.comment.add_line_comment = Add line comment
-diff.comment.placeholder = Leave a comment
-diff.comment.add_single_comment = Add single comment
-diff.comment.add_review_comment = Add comment
-diff.comment.start_review = Start review
-diff.comment.reply = Reply
-diff.review = Review
-diff.review.header = Submit review
-diff.review.placeholder = Review comment
-diff.review.comment = Comment
-diff.review.approve = Approve
-diff.review.self_reject = Pull request authors can't request changes on their own pull request
-diff.review.reject = Request changes
-diff.review.self_approve = Pull request authors can't approve their own pull request
-diff.committed_by = committed by
-diff.protected = Protected
-diff.image.side_by_side = Side by Side
-diff.image.swipe = Swipe
-diff.image.overlay = Overlay
-diff.has_escaped = This line has hidden Unicode characters
-diff.show_file_tree = Show file tree
-diff.hide_file_tree = Hide file tree
-diff.submodule_added = Submodule %[1]s added at %[2]s
-diff.submodule_deleted = Submodule %[1]s deleted from %[2]s
-diff.submodule_updated = Submodule %[1]s updated: %[2]s
-
-releases.desc = Track project versions and downloads.
-release.releases = Releases
-release.detail = Release details
-release.tags = Tags
-release.new_release = New Release
-release.draft = Draft
-release.prerelease = Pre-Release
-release.stable = Stable
-release.latest = Latest
-release.compare = Compare
-release.edit = edit
-release.ahead.commits = <strong>%d</strong> commits
-release.ahead.target = to %s since this release
-tag.ahead.target = to %s since this tag
-release.source_code = Source Code
-release.new_subheader = Releases organize project versions.
-release.edit_subheader = Releases organize project versions.
-release.tag_name = Tag name
-release.target = Target
-release.tag_helper = Choose an existing tag or create a new tag.
-release.tag_helper_new = New tag. This tag will be created from the target.
-release.tag_helper_existing = Existing tag.
-release.title = Release title
-release.title_empty = Title cannot be empty.
-release.message = Describe this release
-release.prerelease_desc = Mark as Pre-Release
-release.prerelease_helper = Mark this release unsuitable for production use.
-release.cancel = Cancel
-release.publish = Publish Release
-release.save_draft = Save Draft
-release.edit_release = Update Release
-release.delete_release = Delete Release
-release.delete_tag = Delete Tag
-release.deletion = Delete Release
-release.deletion_desc = Deleting a release only removes it from Gitea. It will not affect the Git tag, the contents of your repository or its history. Continue?
-release.deletion_success = The release has been deleted.
-release.deletion_tag_desc = Will delete this tag from repository. Repository contents and history remain unchanged. Continue?
-release.deletion_tag_success = The tag has been deleted.
-release.tag_name_already_exist = A release with this tag name already exists.
-release.tag_name_invalid = The tag name is not valid.
-release.tag_name_protected = The tag name is protected.
-release.tag_already_exist = This tag name already exists.
-release.downloads = Downloads
-release.download_count = Downloads: %s
-release.add_tag_msg = Use the title and content of release as tag message.
-release.add_tag = Create Tag Only
-release.releases_for = Releases for %s
-release.tags_for = Tags for %s
-release.notes = Release notes
-release.generate_notes = Generate release notes
-release.generate_notes_desc = Automatically add merged pull requests and a changelog link for this release.
-release.previous_tag = Previous tag
-release.generate_notes_tag_not_found = Tag "%s" does not exist in this repository.
-release.generate_notes_target_not_found = The release target "%s" cannot be found.
-release.generate_notes_missing_tag = Enter a tag name to generate release notes.
-
-branch.name = Branch Name
-branch.already_exists = A branch named "%s" already exists.
-branch.delete_head = Delete
-branch.delete = Delete Branch "%s"
-branch.delete_html = Delete Branch
-branch.delete_desc = Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
-branch.deletion_success = Branch "%s" has been deleted.
-branch.deletion_failed = Failed to delete branch "%s".
-branch.delete_branch_has_new_commits = Branch "%s" cannot be deleted because new commits have been added after merging.
-branch.create_branch = Create branch %s
-branch.create_from = from "%s"
-branch.create_success = Branch "%s" has been created.
-branch.branch_already_exists = Branch "%s" already exists in this repository.
-branch.branch_name_conflict = Branch name "%s" conflicts with the already existing branch "%s".
-branch.tag_collision = Branch "%s" cannot be created as a tag with same name already exists in the repository.
-branch.deleted_by = Deleted by %s
-branch.restore_success = Branch "%s" has been restored.
-branch.restore_failed = Failed to restore branch "%s".
-branch.protected_deletion_failed = Branch "%s" is protected. It cannot be deleted.
-branch.default_deletion_failed = Branch "%s" is the default branch. It cannot be deleted.
-branch.default_branch_not_exist = Default branch "%s" does not exist.
-branch.restore = Restore Branch "%s"
-branch.download = Download Branch "%s"
-branch.rename = Rename Branch "%s"
-branch.included_desc = This branch is part of the default branch
-branch.included = Included
-branch.create_new_branch = Create branch from branch:
-branch.confirm_create_branch = Create branch
-branch.warning_rename_default_branch = You are renaming the default branch.
-branch.rename_branch_to = Rename "%s" to:
-branch.confirm_rename_branch = Rename branch
-branch.create_branch_operation = Create branch
-branch.new_branch = Create new branch
-branch.new_branch_from = Create new branch from "%s"
-branch.renamed = Branch %s was renamed to %s.
-branch.rename_default_or_protected_branch_error = Only admins can rename default or protected branches.
-branch.rename_protected_branch_failed = This branch is protected by glob-based protection rules.
-branch.commits_divergence_from = Commit divergence: %[1]d behind and %[2]d ahead of %[3]s
-branch.commits_no_divergence = The same as branch %[1]s
-
-tag.create_tag = Create tag %s
-tag.create_tag_operation = Create tag
-tag.confirm_create_tag = Create tag
-tag.create_tag_from = Create new tag from "%s"
-
-tag.create_success = Tag "%s" has been created.
-
-topic.manage_topics = Manage Topics
-topic.done = Done
-topic.count_prompt = You cannot select more than 25 topics
-topic.format_prompt = Topics must start with a letter or number, can include dashes ('-') and dots ('.'), can be up to 35 characters long. Letters must be lowercase.
-
-find_file.follow_symlink= Follow this symlink to where it is pointing at
-find_file.go_to_file = Go to file
-find_file.no_matching = No matching file found
-
-error.csv.too_large = Can't render this file because it is too large.
-error.csv.unexpected = Can't render this file because it contains an unexpected character in line %d and column %d.
-error.csv.invalid_field_count = Can't render this file because it has a wrong number of fields in line %d.
-error.broken_git_hook = Git hooks of this repository seem to be broken. Please follow the <a target="_blank" rel="noreferrer" href="%s">documentation</a> to fix them, then push some commits to refresh the status.
-
-[graphs]
-component_loading = Loading %s…
-component_loading_failed = Could not load %s
-component_loading_info = This might take a bit…
-component_failed_to_load = An unexpected error happened.
-code_frequency.what = code frequency
-contributors.what = contributions
-recent_commits.what = recent commits
-
-[org]
-org_name_holder = Organization Name
-org_full_name_holder = Organization Full Name
-org_name_helper = Organization names should be short and memorable.
-create_org = Create Organization
-repo_updated = Updated
-members = Members
-teams = Teams
-code = Code
-lower_members = members
-lower_repositories = repositories
-create_new_team = New Team
-create_team = Create Team
-org_desc = Description
-team_name = Team Name
-team_desc = Description
-team_name_helper = Team names should be short and memorable.
-team_desc_helper = Describe the purpose or role of the team.
-team_access_desc = Repository access
-team_permission_desc = Permission
-team_unit_desc = Allow Access to Repository Sections
-team_unit_disabled = (Disabled)
-
-form.name_been_taken = The organization name "%s" has already been taken.
-form.name_reserved = The organization name "%s" is reserved.
-form.name_pattern_not_allowed = The pattern "%s" is not allowed in an organization name.
-form.create_org_not_allowed = You are not allowed to create an organization.
-
-settings = Settings
-settings.options = Organization
-settings.full_name = Full Name
-settings.email = Contact Email Address
-settings.website = Website
-settings.location = Location
-settings.permission = Permissions
-settings.repoadminchangeteam = Repository admin can add and remove access for teams
-settings.visibility = Visibility
-settings.change_visibility = Change Visibility
-settings.change_visibility_notices_1 = If the organization is converted to private, the repository stars will be removed and cannot be restored.
-settings.change_visibility_notices_2 = Non-members will lose access to the organization’s repositories if visibility is changed to private.
-settings.change_visibility_success = The visibility of organization %s has been successfully changed.
-settings.visibility_desc = Change who can view the organization and its repositories.
-settings.visibility.public = Public
-settings.visibility.limited = Limited (Visible to authenticated users only)
-settings.visibility.limited_shortname = Limited
-settings.visibility.private = Private (Visible only to organization members)
-settings.visibility.private_shortname = Private
-
-settings.update_settings = Update Settings
-settings.update_setting_success = Organization settings have been updated.
-
-settings.rename = Rename Organization
-settings.rename_desc = Changing the organization name will also change your organization's URL and free the old name.
-settings.rename_success = Organization %[1]s has been renamed to %[2]s successfully.
-settings.rename_no_change = Organization name is not changed.
-settings.rename_new_org_name = New Organization Name
-settings.rename_failed = Renaming organization failed because of an internal error
-settings.rename_notices_1 = This operation <strong>CANNOT</strong> be undone.
-settings.rename_notices_2 = The old name will redirect until it is claimed.
-
-settings.update_avatar_success = The organization's avatar has been updated.
-settings.delete = Delete Organization
-settings.delete_account = Delete This Organization
-settings.delete_prompt = The organization will be permanently removed. This <strong>CANNOT</strong> be undone!
-settings.name_confirm = Enter the organization name as confirmation:
-settings.delete_notices_1 = This operation <strong>CANNOT</strong> be undone.
-settings.delete_notices_2 = This operation will permanently delete all the <strong>repositories</strong> of <strong>%s</strong>, including code, issues, comments, wiki data and collaborator settings.
-settings.delete_notices_3 = This operation will permanently delete all the <strong>packages</strong> of <strong>%s</strong>.
-settings.delete_notices_4 = This operation will permanently delete all the <strong>projects</strong> of <strong>%s</strong>.
-settings.confirm_delete_account = Confirm Deletion
-settings.delete_failed = Deleting organization failed due to an internal error
-settings.delete_successful = Organization <b>%s</b> has been deleted successfully.
-settings.hooks_desc = Add webhooks which will be triggered for <strong>all repositories</strong> under this organization.
-
-settings.labels_desc = Add labels which can be used on issues for <strong>all repositories</strong> under this organization.
-
-members.membership_visibility = Membership Visibility:
-members.public = Visible
-members.public_helper = make hidden
-members.private = Hidden
-members.private_helper = make visible
-members.member_role = Member Role:
-members.owner = Owner
-members.member = Member
-members.remove = Remove
-members.remove.detail = Remove %[1]s from %[2]s?
-members.leave = Leave
-members.leave.detail = Leave %s?
-members.invite_desc = Add a new member to %s:
-members.invite_now = Invite Now
-
-teams.join = Join
-teams.leave = Leave
-teams.leave.detail = Leave %s?
-teams.can_create_org_repo = Create repositories
-teams.can_create_org_repo_helper = Members can create new repositories in organization. Creator will get administrator access to the new repository.
-teams.none_access = No Access
-teams.none_access_helper = Members cannot view or do any other action on this unit. It has no effect for public repositories.
-teams.general_access = General Access
-teams.general_access_helper = Members permissions will be decided by below permission table.
-teams.read_access = Read
-teams.read_access_helper = Members can view and clone team repositories.
-teams.write_access = Write
-teams.write_access_helper = Members can read and push to team repositories.
-teams.admin_access = Administrator Access
-teams.admin_access_helper = Members can pull and push to team repositories and add collaborators to them.
-teams.no_desc = This team has no description
-teams.settings = Settings
-teams.owners_permission_desc = Owners have full access to <strong>all repositories</strong> and have <strong>administrator access</strong> to the organization.
-teams.members = Team Members
-teams.update_settings = Update Settings
-teams.delete_team = Delete Team
-teams.add_team_member = Add Team Member
-teams.invite_team_member = Invite to %s
-teams.invite_team_member.list = Pending Invitations
-teams.delete_team_title = Delete Team
-teams.delete_team_desc = Deleting a team revokes repository access from its members. Continue?
-teams.delete_team_success = The team has been deleted.
-teams.read_permission_desc = This team grants <strong>Read</strong> access: members can view and clone team repositories.
-teams.write_permission_desc = This team grants <strong>Write</strong> access: members can read from and push to team repositories.
-teams.admin_permission_desc = This team grants <strong>Admin</strong> access: members can read from, push to and add collaborators to team repositories.
-teams.create_repo_permission_desc = Additionally, this team grants <strong>Create repository</strong> permission: members can create new repositories in organization.
-teams.repositories = Team Repositories
-teams.remove_all_repos_title = Remove all team repositories
-teams.remove_all_repos_desc = This will remove all repositories from the team.
-teams.add_all_repos_title = Add all repositories
-teams.add_all_repos_desc = This will add all the organization's repositories to the team.
-teams.add_nonexistent_repo = "The repository you're trying to add doesn't exist. Please create it first."
-teams.add_duplicate_users = User is already a team member.
-teams.repos.none = No repositories could be accessed by this team.
-teams.members.none = No members on this team.
-teams.members.blocked_user = Cannot add the user because it is blocked by the organization.
-teams.specific_repositories = Specific repositories
-teams.specific_repositories_helper = Members will only have access to repositories explicitly added to the team. Selecting this <strong>will not</strong> automatically remove repositories already added with <i>All repositories</i>.
-teams.all_repositories = All repositories
-teams.all_repositories_helper = Team has access to all repositories. Selecting this will <strong>add all existing</strong> repositories to the team.
-teams.all_repositories_read_permission_desc = This team grants <strong>Read</strong> access to <strong>all repositories</strong>: members can view and clone repositories.
-teams.all_repositories_write_permission_desc = This team grants <strong>Write</strong> access to <strong>all repositories</strong>: members can read from and push to repositories.
-teams.all_repositories_admin_permission_desc = This team grants <strong>Admin</strong> access to <strong>all repositories</strong>: members can read from, push to and add collaborators to repositories.
-teams.invite.title = You have been invited to join team <strong>%s</strong> in organization <strong>%s</strong>.
-teams.invite.by = Invited by %s
-teams.invite.description = Please click the button below to join the team.
-
-view_as_role = View as: %s
-view_as_public_hint = You are viewing the README as a public user.
-view_as_member_hint = You are viewing the README as a member of this organization.
-
-worktime = Worktime
-worktime.date_range_start = Start date
-worktime.date_range_end = End date
-worktime.query = Query
-worktime.time = Time
-worktime.by_repositories = By repositories
-worktime.by_milestones = By milestones
-worktime.by_members = By members
-
-[admin]
-maintenance = Maintenance
-dashboard = Dashboard
-self_check = Self Check
-identity_access = Identity & Access
-users = User Accounts
-organizations = Organizations
-assets = Code Assets
-repositories = Repositories
-hooks = Webhooks
-integrations = Integrations
-authentication = Authentication Sources
-emails = User Email Addresses
-config = Configuration
-config_summary = Summary
-config_settings = Settings
-notices = System Notices
-monitor = Monitoring
-first_page = First
-last_page = Last
-total = Total: %d
-settings = Admin Settings
-
-dashboard.new_version_hint = Gitea %s is now available, you are running %s. Check <a target="_blank" rel="noreferrer" href="%s">the blog</a> for more details.
-dashboard.statistic = Summary
-dashboard.maintenance_operations = Maintenance Operations
-dashboard.system_status = System Status
-dashboard.operation_name = Operation Name
-dashboard.operation_switch = Switch
-dashboard.operation_run = Run
-dashboard.clean_unbind_oauth = Clean unbound OAuth connections
-dashboard.clean_unbind_oauth_success = All unbound OAuth connections have been deleted.
-dashboard.task.started=Started Task: %[1]s
-dashboard.task.process=Task: %[1]s
-dashboard.task.cancelled=Task: %[1]s canceled: %[3]s
-dashboard.task.error=Error in Task: %[1]s: %[3]s
-dashboard.task.finished=Task: %[1]s started by %[2]s has finished
-dashboard.task.unknown=Unknown task: %[1]s
-dashboard.cron.started=Started Cron: %[1]s
-dashboard.cron.process=Cron: %[1]s
-dashboard.cron.cancelled=Cron: %[1]s canceled: %[3]s
-dashboard.cron.error=Error in Cron: %s: %[3]s
-dashboard.cron.finished=Cron: %[1]s has finished
-dashboard.delete_inactive_accounts = Delete all unactivated accounts
-dashboard.delete_inactive_accounts.started = Task to delete all unactivated accounts started
-dashboard.delete_repo_archives = "Delete all repositories' archives (ZIP, TAR.GZ, etc..)"
-dashboard.delete_repo_archives.started = Task to delete all repository archives started
-dashboard.delete_missing_repos = Delete all repositories missing their Git files
-dashboard.delete_missing_repos.started = Task to delete all repositories missing their Git files started
-dashboard.delete_generated_repository_avatars = Delete generated repository avatars
-dashboard.sync_repo_branches = Sync missed branches from git data to databases
-dashboard.sync_repo_tags = Sync tags from git data to database
-dashboard.update_mirrors = Update Mirrors
-dashboard.repo_health_check = Health check all repositories
-dashboard.check_repo_stats = Check all repository statistics
-dashboard.archive_cleanup = Delete old repository archives
-dashboard.deleted_branches_cleanup = Clean up deleted branches
-dashboard.update_migration_poster_id = Update migration poster IDs
-dashboard.git_gc_repos = Garbage-collect all repositories
-dashboard.resync_all_sshkeys = Update the '.ssh/authorized_keys' file with Gitea SSH keys
-dashboard.resync_all_sshprincipals = Update the '.ssh/authorized_principals' file with Gitea SSH principals
-dashboard.resync_all_hooks = Resynchronize git hooks of all repositories (pre-receive, update, post-receive, proc-receive, ...)
-dashboard.reinit_missing_repos = Reinitialize all missing Git repositories for which records exist
-dashboard.sync_external_users = Synchronize external user data
-dashboard.cleanup_hook_task_table = Clean up hook_task table
-dashboard.cleanup_packages = Clean up expired packages
-dashboard.cleanup_actions = Clean up expired actions' resources
-dashboard.server_uptime = Server Uptime
-dashboard.current_goroutine = Current Goroutines
-dashboard.current_memory_usage = Current Memory Usage
-dashboard.total_memory_allocated = Total Memory Allocated
-dashboard.memory_obtained = Memory Obtained
-dashboard.pointer_lookup_times = Pointer Lookup Times
-dashboard.memory_allocate_times = Memory Allocations
-dashboard.memory_free_times = Memory Frees
-dashboard.current_heap_usage = Current Heap Usage
-dashboard.heap_memory_obtained = Heap Memory Obtained
-dashboard.heap_memory_idle = Heap Memory Idle
-dashboard.heap_memory_in_use = Heap Memory In Use
-dashboard.heap_memory_released = Heap Memory Released
-dashboard.heap_objects = Heap Objects
-dashboard.bootstrap_stack_usage = Bootstrap Stack Usage
-dashboard.stack_memory_obtained = Stack Memory Obtained
-dashboard.mspan_structures_usage = MSpan Structures Usage
-dashboard.mspan_structures_obtained = MSpan Structures Obtained
-dashboard.mcache_structures_usage = MCache Structures Usage
-dashboard.mcache_structures_obtained = MCache Structures Obtained
-dashboard.profiling_bucket_hash_table_obtained = Profiling Bucket Hash Table Obtained
-dashboard.gc_metadata_obtained = GC Metadata Obtained
-dashboard.other_system_allocation_obtained = Other System Allocation Obtained
-dashboard.next_gc_recycle = Next GC Recycle
-dashboard.last_gc_time = Since Last GC Time
-dashboard.total_gc_time = Total GC Pause
-dashboard.total_gc_pause = Total GC Pause
-dashboard.last_gc_pause = Last GC Pause
-dashboard.gc_times = GC Times
-dashboard.delete_old_actions = Delete all old activities from database
-dashboard.delete_old_actions.started = Deletion of all old activities from database started
-dashboard.update_checker = Update checker
-dashboard.delete_old_system_notices = Delete all old system notices from database
-dashboard.gc_lfs = Garbage-collect LFS meta objects
-dashboard.stop_zombie_tasks = Stop actions zombie tasks
-dashboard.stop_endless_tasks = Stop actions endless tasks
-dashboard.cancel_abandoned_jobs = Cancel actions abandoned jobs
-dashboard.start_schedule_tasks = Start actions schedule tasks
-dashboard.sync_branch.started = Branches Sync started
-dashboard.sync_tag.started = Tags Sync started
-dashboard.rebuild_issue_indexer = Rebuild issue indexer
-dashboard.sync_repo_licenses = Sync repo licenses
-
-users.user_manage_panel = User Account Management
-users.new_account = Create User Account
-users.name = Username
-users.full_name = Full Name
-users.activated = Activated
-users.admin = Admin
-users.restricted = Restricted
-users.reserved = Reserved
-users.bot = Bot
-users.remote = Remote
-users.2fa = 2FA
-users.repos = Repos
-users.created = Created
-users.last_login = Last Sign-In
-users.never_login = Never Signed In
-users.send_register_notify = Send User Registration Notification
-users.new_success = The user account "%s" has been created.
-users.edit = Edit
-users.auth_source = Authentication Source
-users.local = Local
-users.auth_login_name = Authentication Sign-In Name
-users.password_helper = Leave the password empty to keep it unchanged.
-users.update_profile_success = The user account has been updated.
-users.edit_account = Edit User Account
-users.max_repo_creation = Maximum Number of Repositories
-users.max_repo_creation_desc = (Enter -1 to use the global default limit.)
-users.is_activated = User Account Is Activated
-users.prohibit_login = Disable Sign-In
-users.is_admin = Is Administrator
-users.is_restricted = Is Restricted
-users.allow_git_hook = May Create Git Hooks
-users.allow_git_hook_tooltip = Git Hooks are executed as the OS user running Gitea and will have the same level of host access. As a result, users with this special Git Hook privilege can access and modify all Gitea repositories as well as the database used by Gitea. Consequently they are also able to gain Gitea administrator privileges.
-users.allow_import_local = May Import Local Repositories
-users.allow_create_organization = May Create Organizations
-users.update_profile = Update User Account
-users.delete_account = Delete User Account
-users.cannot_delete_self = "You cannot delete yourself"
-users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first.
-users.still_has_org = This user is a member of an organization. Remove the user from any organizations first.
-users.purge = Purge User
-users.purge_help = Forcibly delete user and any repositories, organizations, and packages owned by the user. All comments will be deleted too.
-users.still_own_packages = This user still owns one or more packages. Delete these packages first.
-users.deletion_success = The user account has been deleted.
-users.reset_2fa = Reset 2FA
-users.list_status_filter.menu_text = Filter
-users.list_status_filter.reset = Reset
-users.list_status_filter.is_active = Active
-users.list_status_filter.not_active = Inactive
-users.list_status_filter.is_admin = Admin
-users.list_status_filter.not_admin = Not Admin
-users.list_status_filter.is_restricted = Restricted
-users.list_status_filter.not_restricted = Not Restricted
-users.list_status_filter.is_prohibit_login = Prohibit Login
-users.list_status_filter.not_prohibit_login = Allow Login
-users.list_status_filter.is_2fa_enabled = 2FA Enabled
-users.list_status_filter.not_2fa_enabled = 2FA Disabled
-users.details = User Details
-
-emails.email_manage_panel = User Email Management
-emails.primary = Primary
-emails.activated = Activated
-emails.filter_sort.email = Email address
-emails.filter_sort.email_reverse = Email address (reverse)
-emails.filter_sort.name = Username
-emails.filter_sort.name_reverse = Username (reverse)
-emails.updated = Email address updated
-emails.not_updated = Failed to update the requested email address: %v
-emails.duplicate_active = This email address is already active for a different user.
-emails.change_email_header = Update Email Properties
-emails.change_email_text = Are you sure you want to update this email address?
-emails.delete = Delete Email
-emails.delete_desc = Are you sure you want to delete this email address?
-emails.deletion_success = The email address has been deleted.
-emails.delete_primary_email_error = You cannot delete the primary email address.
-
-orgs.org_manage_panel = Organization Management
-orgs.name = Name
-orgs.teams = Teams
-orgs.members = Members
-orgs.new_orga = New Organization
-
-repos.repo_manage_panel = Repository Management
-repos.unadopted = Unadopted Repositories
-repos.unadopted.no_more = No more unadopted repositories found
-repos.owner = Owner
-repos.name = Name
-repos.private = Private
-repos.issues = Issues
-repos.size = Size
-repos.lfs_size = LFS Size
-
-packages.package_manage_panel = Package Management
-packages.total_size = Total Size: %s
-packages.unreferenced_size = Unreferenced Size: %s
-packages.cleanup = Clean up expired data
-packages.cleanup.success = Cleaned up expired data successfully
-packages.owner = Owner
-packages.creator = Creator
-packages.name = Name
-packages.version = Version
-packages.type = Type
-packages.repository = Repository
-packages.size = Size
-packages.published = Published
-
-defaulthooks = Default Webhooks
-defaulthooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Webhooks defined here are defaults and will be copied into all new repositories. Read more in the <a target="_blank" rel="noopener" href="%s">webhooks guide</a>.
-defaulthooks.add_webhook = Add Default Webhook
-defaulthooks.update_webhook = Update Default Webhook
-
-systemhooks = System Webhooks
-systemhooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Webhooks defined here will act on all repositories on the system, so please consider any performance implications this may have. Read more in the <a target="_blank" rel="noopener" href="%s">webhooks guide</a>.
-systemhooks.add_webhook = Add System Webhook
-systemhooks.update_webhook = Update System Webhook
-
-auths.auth_manage_panel = Authentication Source Management
-auths.new = Add Authentication Source
-auths.name = Name
-auths.type = Type
-auths.enabled = Enabled
-auths.syncenabled = Enable User Synchronization
-auths.updated = Updated
-auths.auth_type = Authentication Type
-auths.auth_name = Authentication Name
-auths.security_protocol = Security Protocol
-auths.domain = Domain
-auths.host = Host
-auths.port = Port
-auths.bind_dn = Bind DN
-auths.bind_password = Bind Password
-auths.user_base = User Search Base
-auths.user_dn = User DN
-auths.attribute_username = Username Attribute
-auths.attribute_username_placeholder = Leave empty to use the username entered in Gitea.
-auths.attribute_name = First Name Attribute
-auths.attribute_surname = Surname Attribute
-auths.attribute_mail = Email Attribute
-auths.attribute_ssh_public_key = Public SSH Key Attribute
-auths.attribute_avatar = Avatar Attribute
-auths.attributes_in_bind = Fetch Attributes in Bind DN Context
-auths.allow_deactivate_all = Allow an empty search result to deactivate all users
-auths.use_paged_search = Use Paged Search
-auths.search_page_size = Page Size
-auths.filter = User Filter
-auths.admin_filter = Admin Filter
-auths.restricted_filter = Restricted Filter
-auths.restricted_filter_helper = Leave empty to not set any users as restricted. Use an asterisk ('*') to set all users that do not match Admin Filter as restricted.
-auths.verify_group_membership = Verify group membership in LDAP (leave the filter empty to skip)
-auths.group_search_base = Group Search Base DN
-auths.group_attribute_list_users = Group Attribute Containing List Of Users
-auths.user_attribute_in_group = User Attribute Listed In Group
-auths.map_group_to_team = Map LDAP groups to Organization teams (leave the field empty to skip)
-auths.map_group_to_team_removal = Remove users from synchronized teams if user does not belong to corresponding LDAP group
-auths.enable_ldap_groups = Enable LDAP groups
-auths.ms_ad_sa = MS AD Search Attributes
-auths.smtp_auth = SMTP Authentication Type
-auths.smtphost = SMTP Host
-auths.smtpport = SMTP Port
-auths.allowed_domains = Allowed Domains
-auths.allowed_domains_helper = Leave empty to allow all domains. Separate multiple domains with a comma (',').
-auths.skip_tls_verify = Skip TLS Verify
-auths.force_smtps = Force SMTPS
-auths.force_smtps_helper = SMTPS is always used on port 465. Set this to force SMTPS on other ports. (Otherwise STARTTLS will be used on other ports if it is supported by the host.)
-auths.helo_hostname = HELO Hostname
-auths.helo_hostname_helper = Hostname sent with HELO. Leave blank to send current hostname.
-auths.disable_helo = Disable HELO
-auths.pam_service_name = PAM Service Name
-auths.pam_email_domain = PAM Email Domain (optional)
-auths.oauth2_provider = OAuth2 Provider
-auths.oauth2_icon_url = Icon URL
-auths.oauth2_clientID = Client ID (Key)
-auths.oauth2_clientSecret = Client Secret
-auths.openIdConnectAutoDiscoveryURL = OpenID Connect Auto Discovery URL
-auths.oauth2_use_custom_url = Use Custom URLs Instead of Default URLs
-auths.oauth2_tokenURL = Token URL
-auths.oauth2_authURL = Authorize URL
-auths.oauth2_profileURL = Profile URL
-auths.oauth2_emailURL = Email URL
-auths.skip_local_two_fa = Skip local 2FA
-auths.skip_local_two_fa_helper = Leaving unset means local users with 2FA set will still have to pass 2FA to log on
-auths.oauth2_tenant = Tenant
-auths.oauth2_scopes = Additional Scopes
-auths.oauth2_required_claim_name = Required Claim Name
-auths.oauth2_required_claim_name_helper = Set this name to restrict login from this source to users with a claim with this name
-auths.oauth2_required_claim_value = Required Claim Value
-auths.oauth2_required_claim_value_helper = Set this value to restrict login from this source to users with a claim with this name and value
-auths.oauth2_group_claim_name = Claim name providing group names for this source. (Optional)
-auths.oauth2_full_name_claim_name = Full Name Claim Name. (Optional — if set, the user's full name will always be synchronized with this claim)
-auths.oauth2_ssh_public_key_claim_name = SSH Public Key Claim Name
-auths.oauth2_admin_group = Group Claim value for administrator users. (Optional — requires claim name above)
-auths.oauth2_restricted_group = Group Claim value for restricted users. (Optional — requires claim name above)
-auths.oauth2_map_group_to_team = Map claimed groups to Organization teams. (Optional — requires claim name above)
-auths.oauth2_map_group_to_team_removal = Remove users from synchronized teams if user does not belong to corresponding group.
-auths.enable_auto_register = Enable Auto Registration
-auths.sspi_auto_create_users = Automatically create users
-auths.sspi_auto_create_users_helper = Allow SSPI auth method to automatically create new accounts for users that log in for the first time
-auths.sspi_auto_activate_users = Automatically activate users
-auths.sspi_auto_activate_users_helper = Allow SSPI auth method to automatically activate new users
-auths.sspi_strip_domain_names = Remove domain names from usernames
-auths.sspi_strip_domain_names_helper = If checked, domain names will be removed from logon names (e.g. "DOMAIN\user" and "user@example.org" both will become just "user").
-auths.sspi_separator_replacement = Separator to use instead of \, / and @
-auths.sspi_separator_replacement_helper = The character to use to replace the separators of down-level logon names (e.g. the \ in "DOMAIN\user") and user principal names (e.g. the @ in "user@example.org").
-auths.sspi_default_language = Default user language
-auths.sspi_default_language_helper = Default language for users automatically created by SSPI auth method. Leave empty if you prefer the language to be automatically detected.
-auths.tips = Tips
-auths.tips.oauth2.general = OAuth2 Authentication
-auths.tips.oauth2.general.tip = When registering a new OAuth2 authentication, the callback/redirect URL should be:
-auths.tip.oauth2_provider = OAuth2 Provider
-auths.tip.bitbucket = Register a new OAuth consumer on %s and add the permission 'Account' - 'Read'
-auths.tip.nextcloud = Register a new OAuth consumer on your instance by selecting "Settings -> Security -> OAuth 2.0 client" in the menu
-auths.tip.dropbox = Create a new application at %s
-auths.tip.facebook = Register a new application at %s and add the product "Facebook Login"
-auths.tip.github = Register a new OAuth application on %s
-auths.tip.gitlab_new = Register a new application on %s
-auths.tip.google_plus = Obtain OAuth2 client credentials from the Google API console at %s
-auths.tip.openid_connect = Use the OpenID Connect Discovery URL "https://{server}/.well-known/openid-configuration" to specify the endpoints
-auths.tip.twitter = Go to %s, create an application and ensure that the “Allow this application to be used to Sign in with Twitter” option is enabled
-auths.tip.discord = Register a new application on %s
-auths.tip.gitea = Register a new OAuth2 application. Guide can be found at %s
-auths.tip.yandex = Create a new application at %s. Select following permissions from the "Yandex.Passport API" section: "Access to email address", "Access to user avatar" and "Access to username, first name and surname, gender"
-auths.tip.mastodon = Input a custom instance URL for the mastodon instance you want to authenticate with (or use the default one)
-auths.edit = Edit Authentication Source
-auths.activated = This Authentication Source is Activated
-auths.new_success = The authentication "%s" has been added.
-auths.update_success = The authentication source has been updated.
-auths.update = Update Authentication Source
-auths.delete = Delete Authentication Source
-auths.delete_auth_title = Delete Authentication Source
-auths.delete_auth_desc = Deleting an authentication source prevents users from using it to sign in. Continue?
-auths.still_in_used = The authentication source is still in use. Convert or delete any users using this authentication source first.
-auths.deletion_success = The authentication source has been deleted.
-auths.login_source_exist = The authentication source "%s" already exists.
-auths.login_source_of_type_exist = An authentication source of this type already exists.
-auths.unable_to_initialize_openid = Unable to initialize OpenID Connect Provider: %s
-auths.invalid_openIdConnectAutoDiscoveryURL = Invalid Auto Discovery URL (this must be a valid URL starting with http:// or https://)
-
-config.server_config = Server Configuration
-config.app_name = Site Title
-config.app_ver = Gitea Version
-config.app_url = Gitea Base URL
-config.custom_conf = Configuration File Path
-config.custom_file_root_path = "Custom File Root Path"
-config.domain = Server Domain
-config.offline_mode = Local Mode
-config.disable_router_log = Disable Router Log
-config.run_user = Run As Username
-config.run_mode = Run Mode
-config.git_version = Git Version
-config.app_data_path = App Data Path
-config.repo_root_path = Repository Root Path
-config.lfs_root_path = LFS Root Path
-config.log_file_root_path = Log Path
-config.script_type = Script Type
-config.reverse_auth_user = Reverse Authentication User
-
-config.ssh_config = SSH Configuration
-config.ssh_enabled = Enabled
-config.ssh_start_builtin_server = Use Built-In Server
-config.ssh_domain = SSH Server Domain
-config.ssh_port = Port
-config.ssh_listen_port = Listen Port
-config.ssh_root_path = Root Path
-config.ssh_minimum_key_size_check = Minimum Key Size Check
-config.ssh_minimum_key_sizes = Minimum Key Sizes
-
-config.lfs_config = LFS Configuration
-config.lfs_enabled = Enabled
-config.lfs_content_path = LFS Content Path
-config.lfs_http_auth_expiry = LFS HTTP Auth Expiry
-
-config.db_config = Database Configuration
-config.db_type = Type
-config.db_host = Host
-config.db_name = Name
-config.db_user = Username
-config.db_schema = Schema
-config.db_ssl_mode = SSL
-config.db_path = Path
-
-config.service_config = Service Configuration
-config.register_email_confirm = Require Email Confirmation to Register
-config.disable_register = Disable Self-Registration
-config.allow_only_internal_registration = Allow Registration Only Through Gitea itself
-config.allow_only_external_registration = Allow Registration Only Through External Services
-config.enable_openid_signup = Enable OpenID Self-Registration
-config.enable_openid_signin = Enable OpenID Sign-In
-config.show_registration_button = Show Register Button
-config.require_sign_in_view = Require Sign-In to View Pages
-config.mail_notify = Enable Email Notifications
-config.enable_captcha = Enable CAPTCHA
-config.active_code_lives = Active Code Lives
-config.reset_password_code_lives = Recover Account Code Expiry Time
-config.default_keep_email_private = Hide Email Addresses by Default
-config.default_allow_create_organization = Allow Creation of Organizations by Default
-config.enable_timetracking = Enable Time Tracking
-config.default_enable_timetracking = Enable Time Tracking by Default
-config.default_allow_only_contributors_to_track_time = Let Only Contributors Track Time
-config.no_reply_address = Hidden Email Domain
-config.default_visibility_organization = Default visibility for new Organizations
-config.default_enable_dependencies = Enable Issue Dependencies by Default
-
-config.webhook_config = Webhook Configuration
-config.queue_length = Queue Length
-config.deliver_timeout = Deliver Timeout
-config.skip_tls_verify = Skip TLS Verification
-
-config.mailer_config = Mailer Configuration
-config.mailer_enabled = Enabled
-config.mailer_enable_helo = Enable HELO
-config.mailer_name = Name
-config.mailer_protocol = Protocol
-config.mailer_smtp_addr = SMTP Addr
-config.mailer_smtp_port = SMTP Port
-config.mailer_user = User
-config.mailer_use_sendmail = Use Sendmail
-config.mailer_sendmail_path = Sendmail Path
-config.mailer_sendmail_args = Extra Arguments to Sendmail
-config.mailer_sendmail_timeout = Sendmail Timeout
-config.mailer_use_dummy = Dummy
-config.test_email_placeholder = Email Address (e.g. test@example.com)
-config.send_test_mail = Send Testing Email
-config.send_test_mail_submit = Send
-config.test_mail_failed = Failed to send a testing email to "%s": %v
-config.test_mail_sent = A testing email has been sent to "%s".
-
-config.oauth_config = OAuth Configuration
-config.oauth_enabled = Enabled
-
-config.cache_config = Cache Configuration
-config.cache_adapter = Cache Adapter
-config.cache_interval = Cache Interval
-config.cache_conn = Cache Connection
-config.cache_item_ttl = Cache Item TTL
-config.cache_test = Test Cache
-config.cache_test_failed = Failed to probe the cache: %v.
-config.cache_test_slow = Cache test successful, but response is slow: %s.
-config.cache_test_succeeded = Cache test successful, got a response in %s.
-
-config.session_config = Session Configuration
-config.session_provider = Session Provider
-config.provider_config = Provider Config
-config.cookie_name = Cookie Name
-config.gc_interval_time = GC Interval Time
-config.session_life_time = Session Life Time
-config.https_only = HTTPS Only
-config.cookie_life_time = Cookie Life Time
-
-config.picture_config = Picture and Avatar Configuration
-config.picture_service = Picture Service
-config.disable_gravatar = Disable Gravatar
-config.enable_federated_avatar = Enable Federated Avatars
-config.open_with_editor_app_help = The "Open with" editors for the clone menu. If left empty, the default will be used. Expand to see the default.
-config.git_guide_remote_name = Repository remote name for git commands in the guide
-
-config.git_config = Git Configuration
-config.git_disable_diff_highlight = Disable Diff Syntax Highlight
-config.git_max_diff_lines = Max Diff Lines (for a single file)
-config.git_max_diff_line_characters = Max Diff Characters (for a single line)
-config.git_max_diff_files = Max Diff Files (to be shown)
-config.git_gc_args = GC Arguments
-config.git_migrate_timeout = Migration Timeout
-config.git_mirror_timeout = Mirror Update Timeout
-config.git_clone_timeout = Clone Operation Timeout
-config.git_pull_timeout = Pull Operation Timeout
-config.git_gc_timeout = GC Operation Timeout
-
-config.log_config = Log Configuration
-config.logger_name_fmt = Logger: %s
-config.disabled_logger = Disabled
-config.access_log_mode = Access Log Mode
-config.access_log_template = Access Log Template
-config.xorm_log_sql = Log SQL
-
-config.set_setting_failed = Set setting %s failed
-
-monitor.stats = Stats
-
-monitor.cron = Cron Tasks
-monitor.name = Name
-monitor.schedule = Schedule
-monitor.next = Next Time
-monitor.previous = Previous Time
-monitor.execute_times = Executions
-monitor.process = Running Processes
-monitor.stacktrace = Stacktrace
-monitor.trace = Trace
-monitor.performance_logs = Performance Logs
-monitor.processes_count = %d Processes
-monitor.download_diagnosis_report = Download diagnosis report
-monitor.desc = Description
-monitor.start = Start Time
-monitor.execute_time = Execution Time
-monitor.last_execution_result = Result
-monitor.process.cancel = Cancel process
-monitor.process.cancel_desc = Canceling a process may cause data loss
-monitor.process.children = Children
-
-monitor.queues = Queues
-monitor.queue = Queue: %s
-monitor.queue.name = Name
-monitor.queue.type = Type
-monitor.queue.exemplar = Exemplar Type
-monitor.queue.numberworkers = Number of Workers
-monitor.queue.activeworkers = Active Workers
-monitor.queue.maxnumberworkers = Max Number of Workers
-monitor.queue.numberinqueue = Number in Queue
-monitor.queue.review_add = Review / Add Workers
-monitor.queue.settings.title = Pool Settings
-monitor.queue.settings.desc = Pools dynamically grow in response to their worker queue blocking.
-monitor.queue.settings.maxnumberworkers = Max number of workers
-monitor.queue.settings.maxnumberworkers.placeholder = Currently %[1]d
-monitor.queue.settings.maxnumberworkers.error = Max number of workers must be a number
-monitor.queue.settings.submit = Update Settings
-monitor.queue.settings.changed = Settings Updated
-monitor.queue.settings.remove_all_items = Remove all
-monitor.queue.settings.remove_all_items_done = All items in the queue have been removed.
-
-notices.system_notice_list = System Notices
-notices.view_detail_header = View Notice Details
-notices.operations = Operations
-notices.select_all = Select All
-notices.deselect_all = Deselect All
-notices.inverse_selection = Inverse Selection
-notices.delete_selected = Delete Selected
-notices.delete_all = Delete All Notices
-notices.type = Type
-notices.type_1 = Repository
-notices.type_2 = Task
-notices.desc = Description
-notices.op = Op.
-notices.delete_success = The system notices have been deleted.
-
-self_check.no_problem_found = No problem found yet.
-self_check.startup_warnings = Startup warnings:
-self_check.database_collation_mismatch = Expect database to use collation: %s
-self_check.database_collation_case_insensitive = Database is using collation %s, which is a case-insensitive collation. Although Gitea could work with it, there might be some rare cases which don't work as expected.
-self_check.database_inconsistent_collation_columns = Database is using collation %s, but these columns are using mismatched collations. This might cause some unexpected problems.
-self_check.database_fix_mysql = For MySQL/MariaDB users, you could use the "gitea doctor convert" command to fix the collation problems, or you could also fix the problem manually with "ALTER ... COLLATE ..." SQL queries.
-self_check.database_fix_mssql = For MSSQL users, you could only fix the problem manually with "ALTER ... COLLATE ..." SQL queries at the moment.
-self_check.location_origin_mismatch = Current URL (%[1]s) doesn't match the URL seen by Gitea (%[2]s). If you are using a reverse proxy, please make sure the "Host" and "X-Forwarded-Proto" headers are set correctly.
-
-[action]
-create_repo = created repository <a href="%s">%s</a>
-rename_repo = renamed repository from <code>%[1]s</code> to <a href="%[2]s">%[3]s</a>
-commit_repo = pushed to <a href="%[2]s">%[3]s</a> at <a href="%[1]s">%[4]s</a>
-create_issue = `opened issue <a href="%[1]s">%[3]s#%[2]s</a>`
-close_issue = `closed issue <a href="%[1]s">%[3]s#%[2]s</a>`
-reopen_issue = `reopened issue <a href="%[1]s">%[3]s#%[2]s</a>`
-create_pull_request = `created pull request <a href="%[1]s">%[3]s#%[2]s</a>`
-close_pull_request = `closed pull request <a href="%[1]s">%[3]s#%[2]s</a>`
-reopen_pull_request = `reopened pull request <a href="%[1]s">%[3]s#%[2]s</a>`
-comment_issue = `commented on issue <a href="%[1]s">%[3]s#%[2]s</a>`
-comment_pull = `commented on pull request <a href="%[1]s">%[3]s#%[2]s</a>`
-merge_pull_request = `merged pull request <a href="%[1]s">%[3]s#%[2]s</a>`
-auto_merge_pull_request = `automatically merged pull request <a href="%[1]s">%[3]s#%[2]s</a>`
-transfer_repo = transferred repository <code>%s</code> to <a href="%s">%s</a>
-push_tag = pushed tag <a href="%[2]s">%[3]s</a> to <a href="%[1]s">%[4]s</a>
-delete_tag = deleted tag %[2]s from <a href="%[1]s">%[3]s</a>
-delete_branch = deleted branch %[2]s from <a href="%[1]s">%[3]s</a>
-compare_branch = Compare
-compare_commits = Compare %d commits
-compare_commits_general = Compare commits
-mirror_sync_push = synced commits to <a href="%[2]s">%[3]s</a> at <a href="%[1]s">%[4]s</a> from mirror
-mirror_sync_create = synced new reference <a href="%[2]s">%[3]s</a> to <a href="%[1]s">%[4]s</a> from mirror
-mirror_sync_delete = synced and deleted reference <code>%[2]s</code> at <a href="%[1]s">%[3]s</a> from mirror
-approve_pull_request = `approved <a href="%[1]s">%[3]s#%[2]s</a>`
-reject_pull_request = `suggested changes for <a href="%[1]s">%[3]s#%[2]s</a>`
-publish_release = `released <a href="%[2]s">%[4]s</a> at <a href="%[1]s">%[3]s</a>`
-review_dismissed = `dismissed review from <b>%[4]s</b> for <a href="%[1]s">%[3]s#%[2]s</a>`
-review_dismissed_reason = Reason:
-create_branch = created branch <a href="%[2]s">%[3]s</a> in <a href="%[1]s">%[4]s</a>
-starred_repo = starred <a href="%[1]s">%[2]s</a>
-watched_repo = started watching <a href="%[1]s">%[2]s</a>
-
-[tool]
-now = now
-future = future
-1s = 1 second
-1m = 1 minute
-1h = 1 hour
-1d = 1 day
-1w = 1 week
-1mon = 1 month
-1y = 1 year
-seconds = %d seconds
-minutes = %d minutes
-hours = %d hours
-days = %d days
-weeks = %d weeks
-months = %d months
-years = %d years
-raw_seconds = seconds
-raw_minutes = minutes
-
-[dropzone]
-default_message = Drop files or click here to upload.
-invalid_input_type = You cannot upload files of this type.
-file_too_big = File size ({{filesize}} MB) exceeds the maximum size of ({{maxFilesize}} MB).
-remove_file = Remove file
-
-[notification]
-notifications = Notifications
-unread = Unread
-read = Read
-no_unread = No unread notifications.
-no_read = No read notifications.
-pin = Pin notification
-mark_as_read = Mark as read
-mark_as_unread = Mark as unread
-mark_all_as_read = Mark all as read
-subscriptions = Subscriptions
-watching = Watching
-no_subscriptions = No subscriptions
-
-[gpg]
-default_key=Signed with default key
-error.extract_sign = Failed to extract signature
-error.generate_hash = Failed to generate hash of commit
-error.no_committer_account = No account linked to committer's email address
-error.no_gpg_keys_found = "No known key found for this signature in database"
-error.not_signed_commit = "Not a signed commit"
-error.failed_retrieval_gpg_keys = "Failed to retrieve any key attached to the committer's account"
-error.probable_bad_signature = "WARNING! Although there is a key with this ID in the database, it does not verify this commit! This commit is SUSPICIOUS."
-error.probable_bad_default_signature = "WARNING! Although the default key has this ID, it does not verify this commit! This commit is SUSPICIOUS."
-
-[units]
-unit = Unit
-error.no_unit_allowed_repo = You are not allowed to access any section of this repository.
-error.unit_not_allowed = You are not allowed to access this repository section.
-
-[packages]
-title = Packages
-desc = Manage repository packages.
-empty = There are no packages yet.
-no_metadata = No metadata.
-empty.documentation = For more information on the package registry, see <a target="_blank" rel="noopener noreferrer" href="%s">the documentation</a>.
-empty.repo = Did you upload a package, but it's not shown here? Go to <a href="%[1]s">package settings</a> and link it to this repo.
-registry.documentation = For more information on the %s registry, see <a target="_blank" rel="noopener noreferrer" href="%s">the documentation</a>.
-filter.type = Type
-filter.type.all = All
-filter.no_result = Your filter produced no results.
-filter.container.tagged = Tagged
-filter.container.untagged = Untagged
-published_by = Published %[1]s by <a href="%[2]s">%[3]s</a>
-published_by_in = Published %[1]s by <a href="%[2]s">%[3]s</a> in <a href="%[4]s"><strong>%[5]s</strong></a>
-installation = Installation
-about = About this package
-requirements = Requirements
-dependencies = Dependencies
-keywords = Keywords
-details = Details
-details.author = Author
-details.project_site = Project Site
-details.repository_site = Repository Site
-details.documentation_site = Documentation Site
-details.license = License
-assets = Assets
-versions = Versions
-versions.view_all = View all
-dependency.id = ID
-dependency.version = Version
-search_in_external_registry = Search in %s
-alpine.registry = Set up this registry by adding the URL in your <code>/etc/apk/repositories</code> file:
-alpine.registry.key = Download the registry public RSA key into the <code>/etc/apk/keys/</code> folder to verify the index signature:
-alpine.registry.info = Choose $branch and $repository from the list below.
-alpine.install = To install the package, run the following command:
-alpine.repository = Repository Info
-alpine.repository.branches = Branches
-alpine.repository.repositories = Repositories
-alpine.repository.architectures = Architectures
-arch.registry = Add server with related repository and architecture to <code>/etc/pacman.conf</code>:
-arch.install = Sync package with pacman:
-arch.repository = Repository Info
-arch.repository.repositories = Repositories
-arch.repository.architectures = Architectures
-cargo.registry = Set up this registry in the Cargo configuration file (for example <code>~/.cargo/config.toml</code>):
-cargo.install = To install the package using Cargo, run the following command:
-chef.registry = Set up this registry in your <code>~/.chef/config.rb</code> file:
-chef.install = To install the package, run the following command:
-composer.registry = Set up this registry in your <code>~/.composer/config.json</code> file:
-composer.install = To install the package using Composer, run the following command:
-composer.dependencies = Dependencies
-composer.dependencies.development = Development Dependencies
-conan.details.repository = Repository
-conan.registry = Set up this registry from the command line:
-conan.install = To install the package using Conan, run the following command:
-conda.registry = Set up this registry as a Conda repository in your <code>.condarc</code> file:
-conda.install = To install the package using Conda, run the following command:
-container.details.type = Image Type
-container.details.platform = Platform
-container.pull = Pull the image from the command line:
-container.images = Images
-container.digest = Digest
-container.multi_arch = OS / Arch
-container.layers = Image Layers
-container.labels = Labels
-container.labels.key = Key
-container.labels.value = Value
-cran.registry = Set up this registry in your <code>Rprofile.site</code> file:
-cran.install = To install the package, run the following command:
-debian.registry = Set up this registry from the command line:
-debian.registry.info = Choose $distribution and $component from the list below.
-debian.install = To install the package, run the following command:
-debian.repository = Repository Info
-debian.repository.distributions = Distributions
-debian.repository.components = Components
-debian.repository.architectures = Architectures
-generic.download = Download package from the command line:
-go.install = Install the package from the command line:
-helm.registry = Set up this registry from the command line:
-helm.install = To install the package, run the following command:
-maven.registry = Set up this registry in your project <code>pom.xml</code> file:
-maven.install = To use the package, include the following in the <code>dependencies</code> block in the <code>pom.xml</code> file:
-maven.install2 = Run via command line:
-maven.download = To download the dependency, run via command line:
-nuget.registry = Set up this registry from the command line:
-nuget.install = To install the package using NuGet, run the following command:
-nuget.dependency.framework = Target Framework
-npm.registry = Set up this registry in your project <code>.npmrc</code> file:
-npm.install = To install the package using npm, run the following command:
-npm.install2 = or add it to the package.json file:
-npm.dependencies = Dependencies
-npm.dependencies.development = Development Dependencies
-npm.dependencies.bundle = Bundled Dependencies
-npm.dependencies.peer = Peer Dependencies
-npm.dependencies.optional = Optional Dependencies
-npm.details.tag = Tag
-pub.install = To install the package using Dart, run the following command:
-pypi.requires = Requires Python
-pypi.install = To install the package using pip, run the following command:
-rpm.registry = Set up this registry from the command line:
-rpm.distros.redhat = on RedHat based distributions
-rpm.distros.suse = on SUSE based distributions
-rpm.install = To install the package, run the following command:
-rpm.repository = Repository Info
-rpm.repository.architectures = Architectures
-rpm.repository.multiple_groups = This package is available in multiple groups.
-rubygems.install = To install the package using gem, run the following command:
-rubygems.install2 = or add it to the Gemfile:
-rubygems.dependencies.runtime = Runtime Dependencies
-rubygems.dependencies.development = Development Dependencies
-rubygems.required.ruby = Requires Ruby version
-rubygems.required.rubygems = Requires RubyGem version
-swift.registry = Set up this registry from the command line:
-swift.install = Add the package in your <code>Package.swift</code> file:
-swift.install2 = and run the following command:
-vagrant.install = To add a Vagrant box, run the following command:
-settings.link = Link this package to a repository
-settings.link.description = If you link a package with a repository, the package will appear in the repository's package list. Only repositories under the same owner can be linked. Leaving the field empty will remove the link.
-settings.link.select = Select Repository
-settings.link.button = Update Repository Link
-settings.link.success = Repository link was successfully updated.
-settings.link.error = Failed to update repository link.
-settings.link.repo_not_found = Repository %s not found.
-settings.unlink.error = Failed to remove repository link.
-settings.unlink.success = Repository link was successfully removed.
-settings.delete = Delete package
-settings.delete.description = Deleting a package is permanent and cannot be undone.
-settings.delete.notice = You are about to delete %s (%s). This operation is irreversible, are you sure?
-settings.delete.success = The package has been deleted.
-settings.delete.error = Failed to delete the package.
-owner.settings.cargo.title = Cargo Registry Index
-owner.settings.cargo.initialize = Initialize Index
-owner.settings.cargo.initialize.description = A special index Git repository is needed to use the Cargo registry. Using this option will (re-)create the repository and configure it automatically.
-owner.settings.cargo.initialize.error = Failed to initialize Cargo index: %v
-owner.settings.cargo.initialize.success = The Cargo index was successfully created.
-owner.settings.cargo.rebuild = Rebuild Index
-owner.settings.cargo.rebuild.description = Rebuilding can be useful if the index is not synchronized with the stored Cargo packages.
-owner.settings.cargo.rebuild.error = Failed to rebuild Cargo index: %v
-owner.settings.cargo.rebuild.success = The Cargo index was successfully rebuilt.
-owner.settings.cleanuprules.title = Manage Cleanup Rules
-owner.settings.cleanuprules.add = Add Cleanup Rule
-owner.settings.cleanuprules.edit = Edit Cleanup Rule
-owner.settings.cleanuprules.none = No cleanup rules available. Please consult the documentation.
-owner.settings.cleanuprules.preview = Cleanup Rule Preview
-owner.settings.cleanuprules.preview.overview = %d packages are scheduled to be removed.
-owner.settings.cleanuprules.preview.none = Cleanup rule does not match any packages.
-owner.settings.cleanuprules.enabled = Enabled
-owner.settings.cleanuprules.pattern_full_match = Apply pattern to full package name
-owner.settings.cleanuprules.keep.title = Versions that match these rules are kept, even if they match a removal rule below.
-owner.settings.cleanuprules.keep.count = Keep the most recent
-owner.settings.cleanuprules.keep.count.1 = 1 version per package
-owner.settings.cleanuprules.keep.count.n = %d versions per package
-owner.settings.cleanuprules.keep.pattern = Keep versions matching
-owner.settings.cleanuprules.keep.pattern.container = The <code>latest</code> version is always kept for Container packages.
-owner.settings.cleanuprules.remove.title = Versions that match these rules are removed, unless a rule above says to keep them.
-owner.settings.cleanuprules.remove.days = Remove versions older than
-owner.settings.cleanuprules.remove.pattern = Remove versions matching
-owner.settings.cleanuprules.success.update = Cleanup rule has been updated.
-owner.settings.cleanuprules.success.delete = Cleanup rule has been deleted.
-owner.settings.chef.title = Chef Registry
-owner.settings.chef.keypair = Generate key pair
-owner.settings.chef.keypair.description = A key pair is necessary to authenticate to the Chef registry. If you have generated a key pair before, generating a new key pair will discard the old key pair.
-
-[secrets]
-secrets = Secrets
-description = Secrets will be passed to certain actions and cannot be read otherwise.
-none = There are no secrets yet.
-
-; These keys are also for "edit secret", the keys are kept as-is to avoid unnecessary re-translation
-creation.description = Description
-creation.name_placeholder = case-insensitive, alphanumeric characters or underscores only, cannot start with GITEA_ or GITHUB_
-creation.value_placeholder = Input any content. Whitespace at the start and end will be omitted.
-creation.description_placeholder = Enter short description (optional).
-
-save_success = The secret "%s" has been saved.
-save_failed = Failed to save secret.
-
-add_secret = Add secret
-edit_secret = Edit secret
-deletion = Remove secret
-deletion.description = Removing a secret is permanent and cannot be undone. Continue?
-deletion.success = The secret has been removed.
-deletion.failed = Failed to remove secret.
-management = Secrets Management
-
-[actions]
-actions = Actions
-
-unit.desc = Manage actions
-
-status.unknown = "Unknown"
-status.waiting = "Waiting"
-status.running = "Running"
-status.success = "Success"
-status.failure = "Failure"
-status.cancelled = "Canceled"
-status.skipped = "Skipped"
-status.blocked = "Blocked"
-
-runners = Runners
-runners.runner_manage_panel = Runners Management
-runners.new = Create new Runner
-runners.new_notice = How to start a runner
-runners.status = Status
-runners.id = ID
-runners.name = Name
-runners.owner_type = Type
-runners.description = Description
-runners.labels = Labels
-runners.last_online = Last Online Time
-runners.runner_title = Runner
-runners.task_list = Recent tasks on this runner
-runners.task_list.no_tasks = There is no task yet.
-runners.task_list.run = Run
-runners.task_list.status = Status
-runners.task_list.repository = Repository
-runners.task_list.commit = Commit
-runners.task_list.done_at = Done At
-runners.edit_runner = Edit Runner
-runners.update_runner = Update Changes
-runners.update_runner_success = Runner updated successfully
-runners.update_runner_failed = Failed to update runner
-runners.delete_runner = Delete this runner
-runners.delete_runner_success = Runner deleted successfully
-runners.delete_runner_failed = Failed to delete runner
-runners.delete_runner_header = Confirm to delete this runner
-runners.delete_runner_notice = If a task is running on this runner, it will be terminated and marked as failed. It may break building workflow.
-runners.none = No runners available
-runners.status.unspecified = Unknown
-runners.status.idle = Idle
-runners.status.active = Active
-runners.status.offline = Offline
-runners.version = Version
-runners.reset_registration_token = Reset registration token
-runners.reset_registration_token_confirm = Would you like to invalidate the current token and generate a new one?
-runners.reset_registration_token_success = Runner registration token reset successfully
-
-runs.all_workflows = All Workflows
-runs.commit = Commit
-runs.scheduled = Scheduled
-runs.pushed_by = pushed by
-runs.invalid_workflow_helper = Workflow config file is invalid. Please check your config file: %s
-runs.no_matching_online_runner_helper = No matching online runner with label: %s
-runs.no_job_without_needs = The workflow must contain at least one job without dependencies.
-runs.no_job = The workflow must contain at least one job
-runs.actor = Actor
-runs.status = Status
-runs.actors_no_select = All actors
-runs.status_no_select = All status
-runs.no_results = No results matched.
-runs.no_workflows = There are no workflows yet.
-runs.no_workflows.quick_start = Don't know how to start with Gitea Actions? See <a target="_blank" rel="noopener noreferrer" href="%s">the quick start guide</a>.
-runs.no_workflows.documentation = For more information on Gitea Actions, see <a target="_blank" rel="noopener noreferrer" href="%s">the documentation</a>.
-runs.no_runs = The workflow has no runs yet.
-runs.empty_commit_message = (empty commit message)
-runs.expire_log_message = Logs have been purged because they were too old.
-runs.delete = Delete workflow run
-runs.cancel = Cancel workflow run
-runs.delete.description = Are you sure you want to permanently delete this workflow run? This action cannot be undone.
-runs.not_done = This workflow run is not done.
-runs.view_workflow_file = View workflow file
-
-workflow.disable = Disable Workflow
-workflow.disable_success = Workflow '%s' disabled successfully.
-workflow.enable = Enable Workflow
-workflow.enable_success = Workflow '%s' enabled successfully.
-workflow.disabled = Workflow is disabled.
-workflow.run = Run Workflow
-workflow.not_found = Workflow '%s' not found.
-workflow.run_success = Workflow '%s' run successfully.
-workflow.from_ref = Use workflow from
-workflow.has_workflow_dispatch = This workflow has a workflow_dispatch event trigger.
-workflow.has_no_workflow_dispatch = Workflow '%s' has no workflow_dispatch event trigger.
-
-need_approval_desc = Need approval to run workflows for fork pull request.
-approve_all_success = All workflow runs are approved successfully.
-
-variables = Variables
-variables.management = Variables Management
-variables.creation = Add Variable
-variables.none = There are no variables yet.
-variables.deletion = Remove variable
-variables.deletion.description = Removing a variable is permanent and cannot be undone. Continue?
-variables.description = Variables will be passed to certain actions and cannot be read otherwise.
-variables.id_not_exist = Variable with ID %d does not exist.
-variables.edit = Edit Variable
-variables.deletion.failed = Failed to remove variable.
-variables.deletion.success = The variable has been removed.
-variables.creation.failed = Failed to add variable.
-variables.creation.success = The variable "%s" has been added.
-variables.update.failed = Failed to edit variable.
-variables.update.success = The variable has been edited.
-
-logs.always_auto_scroll = Always auto scroll logs
-logs.always_expand_running = Always expand running logs
-
-general = General
-general.enable_actions = Enable Actions
-general.collaborative_owners_management = Collaborative Owners Management
-general.collaborative_owners_management_help = A collaborative owner is a user or an organization whose private repository has access to the actions and workflows of this repository.
-general.add_collaborative_owner = Add Collaborative Owner
-general.collaborative_owner_not_exist = The collaborative owner does not exist.
-general.remove_collaborative_owner = Remove Collaborative Owner
-general.remove_collaborative_owner_desc = Removing a collaborative owner will prevent the repositories of the owner from accessing the actions in this repository. Continue?
-
-general.token_permissions = Workflow Permissions
-general.token_permissions.description = Configure the default permissions granted to the GITHUB_TOKEN when running workflows in this repository.
-general.token_permissions.mode = Permission Mode
-general.token_permissions.permissive = Read and write permissions
-general.token_permissions.permissive.description = Workflows have read and write permissions in the repository for all scopes.
-general.token_permissions.restricted = Read repository contents and packages permissions
-general.token_permissions.restricted.description = Workflows have read permissions in the repository for the contents and packages scopes only.
-general.token_permissions.fork_pr_note = Note: For workflows triggered by a pull request from a forked repository, the default GITHUB_TOKEN is always read-only.
-general.token_permissions.contents = Contents
-general.token_permissions.issues = Issues
-general.token_permissions.pull_requests = Pull Requests
-general.token_permissions.packages = Packages
-general.token_permissions.actions_scope = Actions
-general.token_permissions.wiki = Wiki
-general.token_permissions.access_read = Read
-general.token_permissions.access_write = Write
-general.token_permissions.access_none = No access
-general.token_permissions.update_success = Token permissions updated successfully.
-general.token_permissions.cross_repo = Cross-Repository Access
-general.token_permissions.cross_repo_desc = Allow workflows in this organization to access other repositories within the same organization.
-general.token_permissions.custom = Custom permissions
-general.token_permissions.custom.description = Configure permissions for each scope individually.
-general.token_permissions.individual = Individual Permissions
-general.token_permissions.maximum = Maximum Permissions
-general.token_permissions.maximum.description = Configure the maximum permissions that can be requested by a workflow.
-
-[projects]
-deleted.display_name = Deleted Project
-type-1.display_name = Individual Project
-type-2.display_name = Repository Project
-type-3.display_name = Organization Project
-enter_fullscreen = Fullscreen
-exit_fullscreen = Exit Fullscreen
-
-[git.filemode]
-changed_filemode = %[1]s → %[2]s
-; Ordered by git filemode value, ascending. E.g. directory has "040000", normal file has "100644", …
-directory = Directory
-normal_file = Normal file
-executable_file = Executable file
-symbolic_link = Symbolic link
-submodule = Submodule
diff --git a/options/locale/locale_en-US.json b/options/locale/locale_en-US.json
index 307cccf8bd6bf..819542ace1ba6 100644
--- a/options/locale/locale_en-US.json
+++ b/options/locale/locale_en-US.json
@@ -3769,7 +3769,32 @@
     "general.add_collaborative_owner": "Add Collaborative Owner",
     "general.collaborative_owner_not_exist": "The collaborative owner does not exist.",
     "general.remove_collaborative_owner": "Remove Collaborative Owner",
-    "general.remove_collaborative_owner_desc": "Removing a collaborative owner will prevent the repositories of the owner from accessing the actions in this repository. Continue?"
+    "general.remove_collaborative_owner_desc": "Removing a collaborative owner will prevent the repositories of the owner from accessing the actions in this repository. Continue?",
+    "general.token_permissions": "Workflow Permissions",
+    "general.token_permissions.description": "Configure the default permissions granted to the GITHUB_TOKEN when running workflows in this repository.",
+    "general.token_permissions.mode": "Permission Mode",
+    "general.token_permissions.permissive": "Read and write permissions",
+    "general.token_permissions.permissive.description": "Workflows have read and write permissions in the repository for all scopes.",
+    "general.token_permissions.restricted": "Read repository contents and packages permissions",
+    "general.token_permissions.restricted.description": "Workflows have read permissions in the repository for the contents and packages scopes only.",
+    "general.token_permissions.fork_pr_note": "Note: For workflows triggered by a pull request from a forked repository, the default GITHUB_TOKEN is always read-only.",
+    "general.token_permissions.contents": "Contents",
+    "general.token_permissions.issues": "Issues",
+    "general.token_permissions.pull_requests": "Pull Requests",
+    "general.token_permissions.packages": "Packages",
+    "general.token_permissions.actions_scope": "Actions",
+    "general.token_permissions.wiki": "Wiki",
+    "general.token_permissions.access_read": "Read",
+    "general.token_permissions.access_write": "Write",
+    "general.token_permissions.access_none": "No access",
+    "general.token_permissions.update_success": "Token permissions updated successfully.",
+    "general.token_permissions.cross_repo": "Cross-Repository Access",
+    "general.token_permissions.cross_repo_desc": "Allow workflows in this organization to access other repositories within the same organization.",
+    "general.token_permissions.custom": "Custom permissions",
+    "general.token_permissions.custom.description": "Configure permissions for each scope individually.",
+    "general.token_permissions.individual": "Individual Permissions",
+    "general.token_permissions.maximum": "Maximum Permissions",
+    "general.token_permissions.maximum.description": "Configure the maximum permissions that can be requested by a workflow."
   },
   "projects": {
     "deleted.display_name": "Deleted Project",
diff --git a/templates/org/settings/actions_general.tmpl b/templates/org/settings/actions_general.tmpl
index ccd42d33617e9..fac5e9b40f4f5 100644
--- a/templates/org/settings/actions_general.tmpl
+++ b/templates/org/settings/actions_general.tmpl
@@ -11,34 +11,34 @@
 			<div class="field">
 				<div class="ui checkbox">
 					<input type="checkbox" name="allow_cross_repo_access" {{if .AllowCrossRepoAccess}}checked{{end}}>
-					<label><strong>{{ctx.Locale.Tr "general.token_permissions.cross_repo"}}</strong></label>
+					<label><strong>{{ctx.Locale.Tr "actions.general.token_permissions.cross_repo"}}</strong></label>
 				</div>
-				<p class="help">{{ctx.Locale.Tr "general.token_permissions.cross_repo_desc"}}</p>
+				<p class="help">{{ctx.Locale.Tr "actions.general.token_permissions.cross_repo_desc"}}</p>
 			</div>
 
 			<div class="divider"></div>
 
 			<!-- Maximum Permissions Table -->
 			<h5 class="ui header">
-				{{ctx.Locale.Tr "general.token_permissions.maximum"}}
+				{{ctx.Locale.Tr "actions.general.token_permissions.maximum"}}
 				<span class="ui red text">*</span>
 			</h5>
-			<p class="help">{{ctx.Locale.Tr "general.token_permissions.maximum.description"}}</p>
+			<p class="help">{{ctx.Locale.Tr "actions.general.token_permissions.maximum.description"}}</p>
 
 			<table class="ui celled table">
 				<thead>
 					<tr>
 						<th style="width: 40%">{{ctx.Locale.Tr "units.unit"}}</th>
-						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_none"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "general.token_permissions.access_none"}}">?</span></th>
-						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_read"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "general.token_permissions.access_read"}}">?</span></th>
-						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_write"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "general.token_permissions.access_write"}}">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_none"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "actions.general.token_permissions.access_none"}}">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_read"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "actions.general.token_permissions.access_read"}}">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_write"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "actions.general.token_permissions.access_write"}}">?</span></th>
 					</tr>
 				</thead>
 				<tbody>
 					<!-- Code -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.contents"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.contents"}}</strong>
 							<p class="text small grey">Access source code, files, commits and branches.</p>
 						</td>
 						<td style="text-align: center">
@@ -63,7 +63,7 @@
 					<!-- Issues -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.issues"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.issues"}}</strong>
 							<p class="text small grey">Organize bug reports, tasks and milestones.</p>
 						</td>
 						<td style="text-align: center">
@@ -88,7 +88,7 @@
 					<!-- Pull Requests -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.pull_requests"}}</strong>
 							<p class="text small grey">Enable pull requests and code reviews.</p>
 						</td>
 						<td style="text-align: center">
@@ -113,7 +113,7 @@
 					<!-- Wiki -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.wiki"}}</strong>
 							<p class="text small grey">Write and share documentation with collaborators.</p>
 						</td>
 						<td style="text-align: center">
@@ -138,7 +138,7 @@
 					<!-- Packages -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.packages"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.packages"}}</strong>
 							<p class="text small grey">Manage repository packages.</p>
 						</td>
 						<td style="text-align: center">
@@ -163,7 +163,7 @@
 					<!-- Actions -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.actions_scope"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.actions_scope"}}</strong>
 							<p class="text small grey">Manage actions.</p>
 						</td>
 						<td style="text-align: center">
@@ -197,3 +197,4 @@
 	</div>
 </div>
 {{template "org/settings/layout_footer" .}}
+
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index a4fd482d1a2af..f86aa7c38e8a5 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -9,50 +9,50 @@
 
 			<!-- Permission Mode Selection -->
 			<div class="field">
-				<label>{{ctx.Locale.Tr "general.token_permissions.mode"}}</label>
+				<label>{{ctx.Locale.Tr "actions.general.token_permissions.mode"}}</label>
 				<div class="grouped fields">
 					<div class="field">
 						<div class="ui radio checkbox">
 							<input type="radio" name="token_permission_mode" value="{{.TokenPermissionModePermissive}}" {{if eq .TokenPermissionMode .TokenPermissionModePermissive}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.permissive"}}</label>
-							<p class="help">{{ctx.Locale.Tr "general.token_permissions.permissive.description"}}</p>
+							<label>{{ctx.Locale.Tr "actions.general.token_permissions.permissive"}}</label>
+							<p class="help">{{ctx.Locale.Tr "actions.general.token_permissions.permissive.description"}}</p>
 						</div>
 					</div>
 					<div class="field">
 						<div class="ui radio checkbox">
 							<input type="radio" name="token_permission_mode" value="{{.TokenPermissionModeRestricted}}" {{if eq .TokenPermissionMode .TokenPermissionModeRestricted}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "general.token_permissions.restricted"}}</label>
-							<p class="help">{{ctx.Locale.Tr "general.token_permissions.restricted.description"}}</p>
+							<label>{{ctx.Locale.Tr "actions.general.token_permissions.restricted"}}</label>
+							<p class="help">{{ctx.Locale.Tr "actions.general.token_permissions.restricted.description"}}</p>
 						</div>
 					</div>
 				</div>
 			</div>
 
-			<p class="text muted">{{ctx.Locale.Tr "general.token_permissions.fork_pr_note"}}</p>
+			<p class="text muted">{{ctx.Locale.Tr "actions.general.token_permissions.fork_pr_note"}}</p>
 
 			<div class="divider"></div>
 
 			<!-- Maximum Permissions Table -->
 			<h5 class="ui header">
-				{{ctx.Locale.Tr "general.token_permissions.maximum"}}
+				{{ctx.Locale.Tr "actions.general.token_permissions.maximum"}}
 				<span class="ui red text">*</span>
 			</h5>
-			<p class="help">{{ctx.Locale.Tr "general.token_permissions.maximum.description"}}</p>
+			<p class="help">{{ctx.Locale.Tr "actions.general.token_permissions.maximum.description"}}</p>
 
 			<table class="ui celled table">
 				<thead>
 					<tr>
 						<th style="width: 40%">{{ctx.Locale.Tr "units.unit"}}</th>
-						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_none"}} <span class="ui basic circular label" data-tooltip="No access to this resource">?</span></th>
-						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_read"}} <span class="ui basic circular label" data-tooltip="Read-only access">?</span></th>
-						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "general.token_permissions.access_write"}} <span class="ui basic circular label" data-tooltip="Read and write access">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_none"}} <span class="ui basic circular label" data-tooltip="No access to this resource">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_read"}} <span class="ui basic circular label" data-tooltip="Read-only access">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_write"}} <span class="ui basic circular label" data-tooltip="Read and write access">?</span></th>
 					</tr>
 				</thead>
 				<tbody>
 					<!-- Code -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.contents"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.contents"}}</strong>
 							<p class="text small grey">Access source code, files, commits and branches.</p>
 						</td>
 						<td style="text-align: center">
@@ -77,7 +77,7 @@
 					<!-- Issues -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.issues"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.issues"}}</strong>
 							<p class="text small grey">Organize bug reports, tasks and milestones.</p>
 						</td>
 						<td style="text-align: center">
@@ -102,7 +102,7 @@
 					<!-- Pull Requests -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.pull_requests"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.pull_requests"}}</strong>
 							<p class="text small grey">Enable pull requests and code reviews.</p>
 						</td>
 						<td style="text-align: center">
@@ -127,7 +127,7 @@
 					<!-- Wiki -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.wiki"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.wiki"}}</strong>
 							<p class="text small grey">Write and share documentation with collaborators.</p>
 						</td>
 						<td style="text-align: center">
@@ -152,7 +152,7 @@
 					<!-- Packages -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.packages"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.packages"}}</strong>
 							<p class="text small grey">Manage repository packages.</p>
 						</td>
 						<td style="text-align: center">
@@ -177,7 +177,7 @@
 					<!-- Actions -->
 					<tr>
 						<td>
-							<strong>{{ctx.Locale.Tr "general.token_permissions.actions_scope"}}</strong>
+							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.actions_scope"}}</strong>
 							<p class="text small grey">Manage actions.</p>
 						</td>
 						<td style="text-align: center">
@@ -211,3 +211,4 @@
 	</div>
 </div>
 {{template "repo/settings/layout_footer" .}}
+

From eca961e677d0e1725ff7a19541e6d04e6cae28f9 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 05:15:13 +0100
Subject: [PATCH 17/30] Minor fixes

---
 routers/web/org/setting/actions.go           |  2 +-
 templates/repo/settings/actions_general.tmpl | 75 +++++++++++++++++++-
 2 files changed, 73 insertions(+), 4 deletions(-)

diff --git a/routers/web/org/setting/actions.go b/routers/web/org/setting/actions.go
index e06a06b39047c..4675df7919212 100644
--- a/routers/web/org/setting/actions.go
+++ b/routers/web/org/setting/actions.go
@@ -1,4 +1,4 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package setting
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index f86aa7c38e8a5..f6a2c0c9c2ecd 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -4,7 +4,7 @@
 		{{ctx.Locale.Tr "actions.actions"}} - {{ctx.Locale.Tr "settings.general"}}
 	</h4>
 	<div class="ui attached segment">
-		<form class="ui form" action="{{.RepoLink}}/settings/actions/token-permissions" method="post">
+		<form class="ui form" action="{{.RepoLink}}/settings/actions/general/token_permissions" method="post">
 			{{.CsrfTokenHtml}}
 
 			<!-- Permission Mode Selection -->
@@ -199,7 +199,7 @@
 							</div>
 						</td>
 					</tr>
-				</tbody>
+			</tbody>
 			</table>
 
 			<div class="divider"></div>
@@ -209,6 +209,75 @@
 			</div>
 		</form>
 	</div>
+
+	<!-- Enable/Disable Actions Section -->
+	<h4 class="ui top attached header">
+		{{ctx.Locale.Tr "actions.general.enable_actions"}}
+	</h4>
+	<div class="ui attached segment">
+		<form class="ui form" action="{{.Link}}/actions_unit" method="post">
+			{{.CsrfTokenHtml}}
+			{{$isActionsEnabled := .Repository.UnitEnabled ctx ctx.Consts.RepoUnitTypeActions}}
+			{{$isActionsGlobalDisabled := ctx.Consts.RepoUnitTypeActions.UnitGlobalDisabled}}
+			<div class="inline field">
+				<label>{{ctx.Locale.Tr "actions.actions"}}</label>
+				<div class="ui checkbox{{if $isActionsGlobalDisabled}} disabled{{end}}"{{if $isActionsGlobalDisabled}} data-tooltip-content="{{ctx.Locale.Tr "repo.unit_disabled"}}"{{end}}>
+					<input name="enable_actions" type="checkbox" {{if $isActionsGlobalDisabled}}disabled{{end}} {{if $isActionsEnabled}}checked{{end}}>
+					<label>{{ctx.Locale.Tr "repo.settings.actions_desc"}}</label>
+				</div>
+			</div>
+			{{if not $isActionsGlobalDisabled}}
+			<div class="divider"></div>
+				<div class="field">
+				<button class="ui primary button">{{ctx.Locale.Tr "repo.settings.update_settings"}}</button>
+			</div>
+			{{end}}
+		</form>
+	</div>
+
+{{if and .EnableActions (.Permission.CanRead ctx.Consts.RepoUnitTypeActions)}}
+	{{if .Repository.IsPrivate}}
+	<!-- Collaborative Owners Section -->
+	<h4 class="ui top attached header">
+		{{ctx.Locale.Tr "actions.general.collaborative_owners_management"}}
+	</h4>
+	{{if len .CollaborativeOwners}}
+	<div class="ui attached segment">
+		<div class="flex-list">
+			{{range .CollaborativeOwners}}
+			<div class="flex-item tw-items-center">
+				<div class="flex-item-leading">
+					<a href="{{.HomeLink}}">{{ctx.AvatarUtils.Avatar . 32}}</a>
+				</div>
+				<div class="flex-item-main">
+					<div class="flex-item-title">
+						{{template "shared/user/name" .}}
+					</div>
+				</div>
+				<div class="flex-item-trailing">
+					<button class="ui red tiny button inline link-action"
+						data-url="{{$.Link}}/collaborative_owner/delete?id={{.ID}}"
+						data-modal-confirm-header="{{ctx.Locale.Tr "actions.general.remove_collaborative_owner"}}"
+						data-modal-confirm-content="{{ctx.Locale.Tr "actions.general.remove_collaborative_owner_desc"}}"
+					>{{ctx.Locale.Tr "remove"}}</button>
+				</div>
+			</div>
+			{{end}}
+		</div>
+	</div>
+	{{end}}
+	<div class="ui bottom attached segment">
+		<form class="ui form form-fetch-action" action="{{.Link}}/collaborative_owner/add" method="post">
+			{{.CsrfTokenHtml}}
+			<div id="search-user-box" class="ui search input tw-align-middle" data-include-orgs="true">
+				<input class="prompt" name="collaborative_owner" placeholder="{{ctx.Locale.Tr "search.user_kind"}}" autocomplete="off" autofocus required>
+			</div>
+			<button class="ui primary button">{{ctx.Locale.Tr "actions.general.add_collaborative_owner"}}</button>
+		</form>
+		<br>
+		{{ctx.Locale.Tr "actions.general.collaborative_owners_management_help"}}
+	</div>
+	{{end}}
+{{end}}
 </div>
 {{template "repo/settings/layout_footer" .}}
-

From a5163fa5f215108e3e156045c942ced39232f15d Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 05:16:53 +0100
Subject: [PATCH 18/30] minor nitpick

---
 models/perm/access/repo_permission.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index 453a90ad5c115..b945ff8a749b1 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -282,6 +282,9 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito
 		}
 
 		// Check Organization Cross-Repo Access Policy
+		if err := repo.LoadOwner(ctx); err != nil {
+			return perm, err
+		}
 		if repo.OwnerID == taskRepo.OwnerID && repo.Owner.IsOrganization() {
 			orgCfg, err := actions_model.GetOrgActionsConfig(ctx, repo.OwnerID)
 			if err != nil {

From 9c5b278622c5b7f9d3e78d533587c6f29e20bb8f Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 05:46:33 +0100
Subject: [PATCH 19/30] Fix all bugs I found in the code

---
 models/perm/access/repo_permission.go        |  9 ++-
 options/locale/locale_en-US.json             |  6 ++
 routers/api/packages/api.go                  | 79 ++++++++++----------
 routers/web/org/setting/actions.go           | 23 +++---
 routers/web/repo/setting/actions.go          | 23 +++---
 templates/org/settings/actions_general.tmpl  | 49 +++++++-----
 templates/repo/settings/actions_general.tmpl | 14 ++--
 tests/integration/actions_job_token_test.go  |  6 +-
 web_src/js/features/repo-settings-actions.ts | 26 +------
 9 files changed, 128 insertions(+), 107 deletions(-)

diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index b945ff8a749b1..c934a13d03854 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -272,7 +272,14 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito
 		return perm, err
 	}
 
-	actionsUnit := repo.MustGetUnit(ctx, unit.TypeActions)
+	actionsUnit, err := repo.GetUnit(ctx, unit.TypeActions)
+	if err != nil {
+		// If Actions unit doesn't exist, return empty permission
+		if repo_model.IsErrUnitTypeNotExist(err) {
+			return perm, nil
+		}
+		return perm, err
+	}
 	actionsCfg := actionsUnit.ActionsConfig()
 
 	if task.RepoID != repo.ID {
diff --git a/options/locale/locale_en-US.json b/options/locale/locale_en-US.json
index 819542ace1ba6..8f420b9581e9b 100644
--- a/options/locale/locale_en-US.json
+++ b/options/locale/locale_en-US.json
@@ -3779,11 +3779,17 @@
     "general.token_permissions.restricted.description": "Workflows have read permissions in the repository for the contents and packages scopes only.",
     "general.token_permissions.fork_pr_note": "Note: For workflows triggered by a pull request from a forked repository, the default GITHUB_TOKEN is always read-only.",
     "general.token_permissions.contents": "Contents",
+    "general.token_permissions.contents.description": "Access source code, files, commits and branches.",
     "general.token_permissions.issues": "Issues",
+    "general.token_permissions.issues.description": "Organize bug reports, tasks and milestones.",
     "general.token_permissions.pull_requests": "Pull Requests",
+    "general.token_permissions.pull_requests.description": "Enable pull requests and code reviews.",
     "general.token_permissions.packages": "Packages",
+    "general.token_permissions.packages.description": "Manage repository packages.",
     "general.token_permissions.actions_scope": "Actions",
+    "general.token_permissions.actions_scope.description": "Manage actions.",
     "general.token_permissions.wiki": "Wiki",
+    "general.token_permissions.wiki.description": "Write and share documentation with collaborators.",
     "general.token_permissions.access_read": "Read",
     "general.token_permissions.access_write": "Write",
     "general.token_permissions.access_none": "No access",
diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 32195cea99e40..1d1ae4291ea8d 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -81,51 +81,54 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
 			}
 		}
 
-		if ctx.Data["IsActionsToken"] == true {
-			if ctx.Package != nil && ctx.Package.Owner.Visibility.IsPrivate() {
-				// Actions rules:
-				// 1. If the package key matches the task repo, allow.
-				// 2. If not, check cross-repo policy.
-
-				taskID, ok := ctx.Data["ActionsTaskID"].(int64)
-				if ok {
-					task, err := actions_model.GetTaskByID(ctx, taskID)
-					if err != nil {
-						log.Error("GetTaskByID: %v", err)
-						ctx.HTTPError(http.StatusInternalServerError, "GetTaskByID", err.Error())
-						return
-					}
+		isActionsToken, _ := ctx.Data["IsActionsToken"].(bool)
+		if isActionsToken && ctx.Package != nil && ctx.Package.Owner != nil && ctx.Package.Owner.Visibility.IsPrivate() {
+			// Actions rules:
+			// 1. If the package key matches the task repo, allow.
+			// 2. If not, check cross-repo policy.
+
+			taskID, ok := ctx.Data["ActionsTaskID"].(int64)
+			if ok && taskID > 0 {
+				task, err := actions_model.GetTaskByID(ctx, taskID)
+				if err != nil {
+					log.Error("GetTaskByID: %v", err)
+					ctx.HTTPError(http.StatusInternalServerError, "GetTaskByID", err.Error())
+					return
+				}
+				if task == nil {
+					ctx.HTTPError(http.StatusInternalServerError, "GetTaskByID", "task not found")
+					return
+				}
 
-					var packageRepoID int64
-					if ctx.Package.Descriptor != nil && ctx.Package.Descriptor.Package != nil {
-						packageRepoID = ctx.Package.Descriptor.Package.RepoID
+				var packageRepoID int64
+				if ctx.Package.Descriptor != nil && ctx.Package.Descriptor.Package != nil {
+					packageRepoID = ctx.Package.Descriptor.Package.RepoID
+				}
+
+				if task.RepoID != packageRepoID {
+					// 1. Private packages MUST be linked to a repository
+					if packageRepoID == 0 {
+						ctx.HTTPError(http.StatusForbidden, "reqPackageAccess", "private package must be linked to a repository to be accessed by Actions")
+						return
 					}
 
-					if task.RepoID != packageRepoID {
-						// 1. Private packages MUST be linked to a repository
-						if packageRepoID == 0 {
-							ctx.HTTPError(http.StatusForbidden, "reqPackageAccess", "private package must be linked to a repository to be accessed by Actions")
+					// 2. Check Org Cross-Repo Access Policy
+					if ctx.Package.Owner.IsOrganization() {
+						cfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Package.Owner.ID)
+						if err != nil {
+							log.Error("GetOrgActionsConfig: %v", err)
+							ctx.HTTPError(http.StatusInternalServerError, "GetOrgActionsConfig", err.Error())
 							return
 						}
-
-						// 2. Check Org Cross-Repo Access Policy
-						if ctx.Package.Owner.IsOrganization() {
-							cfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Package.Owner.ID)
-							if err != nil {
-								log.Error("GetOrgActionsConfig: %v", err)
-								ctx.HTTPError(http.StatusInternalServerError, "GetOrgActionsConfig", err.Error())
-								return
-							}
-							if !cfg.AllowCrossRepoAccess {
-								ctx.HTTPError(http.StatusForbidden, "reqPackageAccess", "cross-repository package access is disabled")
-								return
-							}
+						if !cfg.AllowCrossRepoAccess {
+							ctx.HTTPError(http.StatusForbidden, "reqPackageAccess", "cross-repository package access is disabled")
+							return
 						}
-
-						// 3. Fallthrough to GetActionsUserRepoPermission
-						// We rely on the backend permission check below to handle other Cross-Repository restrictions
-						// (e.g., User collaborative owners, token scopes).
 					}
+
+					// 3. Fallthrough to GetActionsUserRepoPermission
+					// We rely on the backend permission check below to handle other Cross-Repository restrictions
+					// (e.g., User collaborative owners, token scopes).
 				}
 			}
 		}
diff --git a/routers/web/org/setting/actions.go b/routers/web/org/setting/actions.go
index 4675df7919212..949ceb1a2a213 100644
--- a/routers/web/org/setting/actions.go
+++ b/routers/web/org/setting/actions.go
@@ -63,23 +63,26 @@ func ActionsGeneralPost(ctx *context.Context) {
 	}
 
 	if actionsCfg.TokenPermissionMode == repo_model.ActionsTokenPermissionModeCustom {
+		// Custom mode uses radio buttons for each permission scope
 		parsePerm := func(name string) perm.AccessMode {
-			if ctx.FormBool(name + "_write") {
+			value := ctx.FormString(name)
+			switch value {
+			case "write":
 				return perm.AccessModeWrite
-			}
-			if ctx.FormBool(name + "_read") {
+			case "read":
 				return perm.AccessModeRead
+			default:
+				return perm.AccessModeNone
 			}
-			return perm.AccessModeNone
 		}
 
 		actionsCfg.DefaultTokenPermissions = &repo_model.ActionsTokenPermissions{
-			Actions:      parsePerm("actions"),
-			Contents:     parsePerm("contents"),
-			Issues:       parsePerm("issues"),
-			Packages:     parsePerm("packages"),
-			PullRequests: parsePerm("pull_requests"),
-			Wiki:         parsePerm("wiki"),
+			Actions:      parsePerm("perm_actions"),
+			Contents:     parsePerm("perm_contents"),
+			Issues:       parsePerm("perm_issues"),
+			Packages:     parsePerm("perm_packages"),
+			PullRequests: parsePerm("perm_pull_requests"),
+			Wiki:         parsePerm("perm_wiki"),
 		}
 	} else {
 		actionsCfg.DefaultTokenPermissions = nil
diff --git a/routers/web/repo/setting/actions.go b/routers/web/repo/setting/actions.go
index a4f0c9488e45a..cd3b0ae7bf796 100644
--- a/routers/web/repo/setting/actions.go
+++ b/routers/web/repo/setting/actions.go
@@ -156,23 +156,26 @@ func UpdateTokenPermissions(ctx *context.Context) {
 	}
 
 	if actionsCfg.TokenPermissionMode == repo_model.ActionsTokenPermissionModeCustom {
+		// Custom mode uses radio buttons for each permission scope
 		parsePerm := func(name string) perm.AccessMode {
-			if ctx.FormBool(name + "_write") {
+			value := ctx.FormString(name)
+			switch value {
+			case "write":
 				return perm.AccessModeWrite
-			}
-			if ctx.FormBool(name + "_read") {
+			case "read":
 				return perm.AccessModeRead
+			default:
+				return perm.AccessModeNone
 			}
-			return perm.AccessModeNone
 		}
 
 		actionsCfg.DefaultTokenPermissions = &repo_model.ActionsTokenPermissions{
-			Actions:      parsePerm("actions"),
-			Contents:     parsePerm("contents"),
-			Issues:       parsePerm("issues"),
-			Packages:     parsePerm("packages"),
-			PullRequests: parsePerm("pull_requests"),
-			Wiki:         parsePerm("wiki"),
+			Actions:      parsePerm("perm_actions"),
+			Contents:     parsePerm("perm_contents"),
+			Issues:       parsePerm("perm_issues"),
+			Packages:     parsePerm("perm_packages"),
+			PullRequests: parsePerm("perm_pull_requests"),
+			Wiki:         parsePerm("perm_wiki"),
 		}
 	} else {
 		actionsCfg.DefaultTokenPermissions = nil
diff --git a/templates/org/settings/actions_general.tmpl b/templates/org/settings/actions_general.tmpl
index fac5e9b40f4f5..374e0cf46d770 100644
--- a/templates/org/settings/actions_general.tmpl
+++ b/templates/org/settings/actions_general.tmpl
@@ -18,10 +18,32 @@
 
 			<div class="divider"></div>
 
+			<!-- Default Permission Mode -->
+			<h5 class="ui header">
+				{{ctx.Locale.Tr "actions.general.token_permissions.mode"}}
+			</h5>
+			<div class="grouped fields">
+				<div class="field">
+					<div class="ui radio checkbox">
+						<input type="radio" name="token_permission_mode" value="permissive" {{if eq .TokenPermissionMode .TokenPermissionModePermissive}}checked{{end}}>
+						<label>{{ctx.Locale.Tr "actions.general.token_permissions.permissive"}}</label>
+					</div>
+					<p class="help">{{ctx.Locale.Tr "actions.general.token_permissions.permissive.description"}}</p>
+				</div>
+				<div class="field">
+					<div class="ui radio checkbox">
+						<input type="radio" name="token_permission_mode" value="restricted" {{if eq .TokenPermissionMode .TokenPermissionModeRestricted}}checked{{end}}>
+						<label>{{ctx.Locale.Tr "actions.general.token_permissions.restricted"}}</label>
+					</div>
+					<p class="help">{{ctx.Locale.Tr "actions.general.token_permissions.restricted.description"}}</p>
+				</div>
+			</div>
+
+			<div class="divider"></div>
+
 			<!-- Maximum Permissions Table -->
 			<h5 class="ui header">
 				{{ctx.Locale.Tr "actions.general.token_permissions.maximum"}}
-				<span class="ui red text">*</span>
 			</h5>
 			<p class="help">{{ctx.Locale.Tr "actions.general.token_permissions.maximum.description"}}</p>
 
@@ -29,17 +51,16 @@
 				<thead>
 					<tr>
 						<th style="width: 40%">{{ctx.Locale.Tr "units.unit"}}</th>
-						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_none"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "actions.general.token_permissions.access_none"}}">?</span></th>
-						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_read"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "actions.general.token_permissions.access_read"}}">?</span></th>
-						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_write"}} <span class="ui basic circular label" data-tooltip="{{ctx.Locale.Tr "actions.general.token_permissions.access_write"}}">?</span></th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_none"}}</th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_read"}}</th>
+						<th style="width: 20%; text-align: center">{{ctx.Locale.Tr "actions.general.token_permissions.access_write"}}</th>
 					</tr>
 				</thead>
 				<tbody>
-					<!-- Code -->
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.contents"}}</strong>
-							<p class="text small grey">Access source code, files, commits and branches.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.contents.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -60,11 +81,10 @@
 							</div>
 						</td>
 					</tr>
-					<!-- Issues -->
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.issues"}}</strong>
-							<p class="text small grey">Organize bug reports, tasks and milestones.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.issues.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -85,11 +105,10 @@
 							</div>
 						</td>
 					</tr>
-					<!-- Pull Requests -->
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.pull_requests"}}</strong>
-							<p class="text small grey">Enable pull requests and code reviews.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.pull_requests.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -110,11 +129,10 @@
 							</div>
 						</td>
 					</tr>
-					<!-- Wiki -->
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.wiki"}}</strong>
-							<p class="text small grey">Write and share documentation with collaborators.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.wiki.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -135,11 +153,10 @@
 							</div>
 						</td>
 					</tr>
-					<!-- Packages -->
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.packages"}}</strong>
-							<p class="text small grey">Manage repository packages.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.packages.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -160,11 +177,10 @@
 							</div>
 						</td>
 					</tr>
-					<!-- Actions -->
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.actions_scope"}}</strong>
-							<p class="text small grey">Manage actions.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.actions_scope.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -197,4 +213,3 @@
 	</div>
 </div>
 {{template "org/settings/layout_footer" .}}
-
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index f6a2c0c9c2ecd..35c3840001b55 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -53,7 +53,7 @@
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.contents"}}</strong>
-							<p class="text small grey">Access source code, files, commits and branches.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.contents.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -78,7 +78,7 @@
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.issues"}}</strong>
-							<p class="text small grey">Organize bug reports, tasks and milestones.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.issues.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -103,7 +103,7 @@
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.pull_requests"}}</strong>
-							<p class="text small grey">Enable pull requests and code reviews.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.pull_requests.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -128,7 +128,7 @@
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.wiki"}}</strong>
-							<p class="text small grey">Write and share documentation with collaborators.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.wiki.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -153,7 +153,7 @@
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.packages"}}</strong>
-							<p class="text small grey">Manage repository packages.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.packages.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -178,7 +178,7 @@
 					<tr>
 						<td>
 							<strong>{{ctx.Locale.Tr "actions.general.token_permissions.actions_scope"}}</strong>
-							<p class="text small grey">Manage actions.</p>
+							<p class="text small grey">{{ctx.Locale.Tr "actions.general.token_permissions.actions_scope.description"}}</p>
 						</td>
 						<td style="text-align: center">
 							<div class="ui radio checkbox">
@@ -199,7 +199,7 @@
 							</div>
 						</td>
 					</tr>
-			</tbody>
+				</tbody>
 			</table>
 
 			<div class="divider"></div>
diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index feac4fc8d5cda..61b18c64207fc 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -128,15 +128,17 @@ func TestActionsTokenPermissionsModes(t *testing.T) {
 
 func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly bool) func(t *testing.T) {
 	return func(t *testing.T) {
-		// Update repository settings to the requested mode
+	// Update repository settings to the requested mode
 		if mode != "" {
 			repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{Name: "repo4", OwnerName: "user5"})
 			require.NoError(t, repo.LoadUnits(t.Context()))
-			actionsUnit := repo.MustGetUnit(t.Context(), unit_model.TypeActions)
+			actionsUnit, err := repo.GetUnit(t.Context(), unit_model.TypeActions)
+			require.NoError(t, err, "Actions unit should exist for repo4")
 			actionsCfg := actionsUnit.ActionsConfig()
 			actionsCfg.TokenPermissionMode = repo_model.ActionsTokenPermissionMode(mode)
 			actionsCfg.DefaultTokenPermissions = nil // Ensure no custom permissions override the mode
 			actionsCfg.MaxTokenPermissions = nil     // Ensure no max permissions interfere
+			// Update the config
 			actionsUnit.Config = actionsCfg
 			require.NoError(t, repo_model.UpdateRepoUnit(t.Context(), actionsUnit))
 		}
diff --git a/web_src/js/features/repo-settings-actions.ts b/web_src/js/features/repo-settings-actions.ts
index 3b0f93ba57cfd..44809d2781393 100644
--- a/web_src/js/features/repo-settings-actions.ts
+++ b/web_src/js/features/repo-settings-actions.ts
@@ -1,24 +1,6 @@
+// initRepoSettingsActionsPermissions is currently a no-op placeholder.
+// The permission mode radio buttons work via standard HTML form submission
+// without requiring JavaScript for toggling visibility.
 export function initRepoSettingsActionsPermissions(): void {
-  const radios = document.querySelectorAll<HTMLInputElement>(
-    'input[name="token_permission_mode"]',
-  );
-  if (!radios.length) return;
-
-  function toggleCustom(): void {
-    const customPerms = document.querySelector<HTMLElement>('#custom-permissions');
-    if (!customPerms) return;
-
-    const selected = document.querySelector<HTMLInputElement>(
-      'input[name="token_permission_mode"]:checked',
-    );
-
-    customPerms.style.display =
-      selected?.value === 'custom' ? 'block' : 'none';
-  }
-
-  for (const radio of radios) {
-    radio.addEventListener('change', toggleCustom);
-  }
-
-  toggleCustom();
+  // No-op - form submission handles permission updates
 }

From b0811fe68628b85a86ac1a02e56ca24253a048a6 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 05:52:40 +0100
Subject: [PATCH 20/30] Formatting issues

---
 tests/integration/actions_job_token_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index 61b18c64207fc..95bfe112ad085 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -128,7 +128,7 @@ func TestActionsTokenPermissionsModes(t *testing.T) {
 
 func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly bool) func(t *testing.T) {
 	return func(t *testing.T) {
-	// Update repository settings to the requested mode
+		// Update repository settings to the requested mode
 		if mode != "" {
 			repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{Name: "repo4", OwnerName: "user5"})
 			require.NoError(t, repo.LoadUnits(t.Context()))

From b2f05ff4f71f0cc32fe918515c602172be68f267 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 06:19:38 +0100
Subject: [PATCH 21/30] fix test

---
 tests/integration/actions_job_token_test.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index 95bfe112ad085..71ca5218bc2be 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -90,6 +90,14 @@ func TestActionsJobTokenAccessLFS(t *testing.T) {
 			task.RepoID = repository.ID
 			err := db.Insert(t.Context(), task)
 			require.NoError(t, err)
+
+			// Enable Actions unit for the repository
+			err = db.Insert(t.Context(), &repo_model.RepoUnit{
+				RepoID: repository.ID,
+				Type:   unit_model.TypeActions,
+				Config: &repo_model.ActionsConfig{},
+			})
+			require.NoError(t, err)
 			session := emptyTestSession(t)
 			httpContext := APITestContext{
 				Session:  session,

From 06b3db5507c752cf23f0ccb7160da5b58fa72022 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 06:51:34 +0100
Subject: [PATCH 22/30] Improve test coverage

---
 tests/integration/actions_job_token_test.go | 139 +++++++++++++++++++-
 1 file changed, 137 insertions(+), 2 deletions(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index 71ca5218bc2be..7489bed5d9068 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -10,14 +10,17 @@ import (
 	"net/url"
 	"testing"
 
+	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
 	actions_model "code.gitea.io/gitea/models/actions"
 	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/structs"
-	"code.gitea.io/gitea/modules/util"
+	org_model "code.gitea.io/gitea/models/organization"
+	user_model "code.gitea.io/gitea/models/user"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -229,3 +232,135 @@ func testActionsTokenPermissionsMode(u *url.URL, mode string, expectReadOnly boo
 		}
 	}
 }
+
+func TestActionsTokenPermissionsClamping(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		httpContext := NewAPITestContext(t, "user2", "repo-clamping", auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository)
+		t.Run("Create Repository", doAPICreateRepository(httpContext, false, func(t *testing.T, repository structs.Repository) {
+			// Enable Actions unit with Clamping Config
+			err := db.Insert(t.Context(), &repo_model.RepoUnit{
+				RepoID: repository.ID,
+				Type:   unit_model.TypeActions,
+				Config: &repo_model.ActionsConfig{
+					TokenPermissionMode: repo_model.ActionsTokenPermissionModeCustom,
+					DefaultTokenPermissions: &repo_model.ActionsTokenPermissions{
+						Contents: perm.AccessModeWrite, // Default is Write
+					},
+					MaxTokenPermissions: &repo_model.ActionsTokenPermissions{
+						Contents: perm.AccessModeRead, // Max is Read
+					},
+				},
+			})
+			require.NoError(t, err)
+
+			// Create Task and Token
+			task := &actions_model.ActionTask{
+				RepoID:            repository.ID,
+				Status:            actions_model.StatusRunning,
+				IsForkPullRequest: false,
+			}
+			require.NoError(t, task.GenerateToken())
+			require.NoError(t, db.Insert(t.Context(), task))
+
+			// Verify Token Permissions
+			session := emptyTestSession(t)
+			testCtx := APITestContext{
+				Session:  session,
+				Token:    task.Token,
+				Username: "user2",
+				Reponame: "repo-clamping",
+			}
+
+			// 1. Try to Write (Create File) - Should Fail (403) because Max is Read
+			testCtx.ExpectedCode = http.StatusForbidden
+			t.Run("Fail to Create File (Max Clamping)", doAPICreateFile(testCtx, "clamping.txt", &structs.CreateFileOptions{
+				ContentBase64: base64.StdEncoding.EncodeToString([]byte("test")),
+			}))
+
+			// 2. Try to Read (Get Repository) - Should Succeed (200)
+			testCtx.ExpectedCode = http.StatusOK
+			t.Run("Get Repository (Read Allowed)", doAPIGetRepository(testCtx, func(t *testing.T, r structs.Repository) {
+				assert.Equal(t, "repo-clamping", r.Name)
+			}))
+		}))
+	})
+}
+
+func TestActionsCrossRepoAccess(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		session := loginUser(t, "user2")
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteOrganization)
+
+		// 1. Create Organization
+		orgName := "org-cross-test"
+		req := NewRequestWithJSON(t, "POST", "/api/v1/orgs", &structs.CreateOrgOption{
+			UserName: orgName,
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		// 2. Create Two Repositories in Org
+		createRepoInOrg := func(name string) int64 {
+			req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/repos", orgName), &structs.CreateRepoOption{
+				Name:          name,
+				AutoInit:      true,
+				Private:       true, // Must be private for potential restrictions
+			}).AddTokenAuth(token)
+			resp := MakeRequest(t, req, http.StatusCreated)
+			var repo structs.Repository
+			DecodeJSON(t, resp, &repo)
+			return repo.ID
+		}
+
+		repoA_ID := createRepoInOrg("repo-A")
+		// repoB_ID is unused as we access it via API name
+		createRepoInOrg("repo-B")
+
+		// 3. Enable Actions in Repo A (Source)
+		err := db.Insert(t.Context(), &repo_model.RepoUnit{
+			RepoID: repoA_ID,
+			Type:   unit_model.TypeActions,
+			Config: &repo_model.ActionsConfig{
+				TokenPermissionMode: repo_model.ActionsTokenPermissionModePermissive,
+			},
+		})
+		require.NoError(t, err)
+
+		// 4. Create Task in Repo A
+		task := &actions_model.ActionTask{
+			RepoID:            repoA_ID,
+			Status:            actions_model.StatusRunning,
+			IsForkPullRequest: false,
+		}
+		require.NoError(t, task.GenerateToken())
+		require.NoError(t, db.Insert(t.Context(), task))
+
+		// 5. Verify Access to Repo B (Target)
+		testCtx := APITestContext{
+			Session:  emptyTestSession(t),
+			Token:    task.Token,
+			Username: orgName,
+			Reponame: "repo-B",
+		}
+
+		// Case A: Default (AllowCrossRepoAccess = false/unset) -> Should Fail (404 Not Found)
+		// API returns 404 for private repos you can't access, not 403, to avoid leaking existence.
+		testCtx.ExpectedCode = http.StatusNotFound
+		t.Run("Cross-Repo Access Denied (Default)", doAPIGetRepository(testCtx, nil))
+
+		// Case B: Enable AllowCrossRepoAccess
+		org, err := org_model.GetOrgByName(t.Context(), orgName)
+		require.NoError(t, err)
+
+		cfg := &repo_model.ActionsConfig{
+			AllowCrossRepoAccess: true,
+		}
+		err = actions_model.SetOrgActionsConfig(t.Context(), org.ID, cfg)
+		require.NoError(t, err)
+
+		// Retry -> Should Succeed (200) - Read Only
+		testCtx.ExpectedCode = http.StatusOK
+		t.Run("Cross-Repo Access Allowed", doAPIGetRepository(testCtx, func(t *testing.T, r structs.Repository) {
+			assert.Equal(t, "repo-B", r.Name)
+		}))
+	})
+}

From b0c2a958b54688673fe41098f39a6947824a13f1 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 07:02:20 +0100
Subject: [PATCH 23/30] Format

---
 tests/integration/actions_job_token_test.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index 7489bed5d9068..bdb16fd0d5dc6 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -10,17 +10,17 @@ import (
 	"net/url"
 	"testing"
 
-	"code.gitea.io/gitea/modules/structs"
-	"code.gitea.io/gitea/modules/util"
 	actions_model "code.gitea.io/gitea/models/actions"
 	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
+	org_model "code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
-	org_model "code.gitea.io/gitea/models/organization"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -301,9 +301,9 @@ func TestActionsCrossRepoAccess(t *testing.T) {
 		// 2. Create Two Repositories in Org
 		createRepoInOrg := func(name string) int64 {
 			req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/repos", orgName), &structs.CreateRepoOption{
-				Name:          name,
-				AutoInit:      true,
-				Private:       true, // Must be private for potential restrictions
+				Name:     name,
+				AutoInit: true,
+				Private:  true, // Must be private for potential restrictions
 			}).AddTokenAuth(token)
 			resp := MakeRequest(t, req, http.StatusCreated)
 			var repo structs.Repository

From 5628ab713be63ec4960203a675af7030e2cdfcec Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 07:31:41 +0100
Subject: [PATCH 24/30] lint

---
 tests/integration/actions_job_token_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index bdb16fd0d5dc6..81cbe7cf09b73 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -18,7 +18,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
+
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
 

From 38f384aca277c90f302827dd04986798cfcefc5f Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 07:38:11 +0100
Subject: [PATCH 25/30] fmt

---
 tests/integration/actions_job_token_test.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index 81cbe7cf09b73..02b05ccff5358 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -18,7 +18,6 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
-
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
 

From 6cc6fd7f688edaa2326d2f1a2369c7fe1e5a5b40 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 07:50:12 +0100
Subject: [PATCH 26/30] lint

---
 tests/integration/actions_job_token_test.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index 02b05ccff5358..705a5be89f862 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -310,13 +310,13 @@ func TestActionsCrossRepoAccess(t *testing.T) {
 			return repo.ID
 		}
 
-		repoA_ID := createRepoInOrg("repo-A")
+		repoAID := createRepoInOrg("repo-A")
 		// repoB_ID is unused as we access it via API name
 		createRepoInOrg("repo-B")
 
 		// 3. Enable Actions in Repo A (Source)
 		err := db.Insert(t.Context(), &repo_model.RepoUnit{
-			RepoID: repoA_ID,
+			RepoID: repoAID,
 			Type:   unit_model.TypeActions,
 			Config: &repo_model.ActionsConfig{
 				TokenPermissionMode: repo_model.ActionsTokenPermissionModePermissive,
@@ -326,7 +326,7 @@ func TestActionsCrossRepoAccess(t *testing.T) {
 
 		// 4. Create Task in Repo A
 		task := &actions_model.ActionTask{
-			RepoID:            repoA_ID,
+			RepoID:            repoAID,
 			Status:            actions_model.StatusRunning,
 			IsForkPullRequest: false,
 		}

From 463c670d06cd488a242c4a4e1d36ae03eb25122c Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 08:28:58 +0100
Subject: [PATCH 27/30] issue fix

---
 tests/integration/actions_job_token_test.go | 28 ++++++++++++---------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index 705a5be89f862..58980e482b87b 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -311,18 +311,22 @@ func TestActionsCrossRepoAccess(t *testing.T) {
 		}
 
 		repoAID := createRepoInOrg("repo-A")
-		// repoB_ID is unused as we access it via API name
-		createRepoInOrg("repo-B")
-
-		// 3. Enable Actions in Repo A (Source)
-		err := db.Insert(t.Context(), &repo_model.RepoUnit{
-			RepoID: repoAID,
-			Type:   unit_model.TypeActions,
-			Config: &repo_model.ActionsConfig{
-				TokenPermissionMode: repo_model.ActionsTokenPermissionModePermissive,
-			},
-		})
-		require.NoError(t, err)
+		repoBID := createRepoInOrg("repo-B")
+
+		// 3. Enable Actions in Repo A (Source) and Repo B (Target)
+		enableActions := func(repoID int64) {
+			err := db.Insert(t.Context(), &repo_model.RepoUnit{
+				RepoID: repoID,
+				Type:   unit_model.TypeActions,
+				Config: &repo_model.ActionsConfig{
+					TokenPermissionMode: repo_model.ActionsTokenPermissionModePermissive,
+				},
+			})
+			require.NoError(t, err)
+		}
+
+		enableActions(repoAID)
+		enableActions(repoBID)
 
 		// 4. Create Task in Repo A
 		task := &actions_model.ActionTask{

From d25de6fb86e3b3c126d8d6f54b96657ec540d396 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 11:13:47 +0100
Subject: [PATCH 28/30] test fix

---
 models/perm/access/repo_permission.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index c934a13d03854..38515dd0d46e9 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -292,7 +292,10 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito
 		if err := repo.LoadOwner(ctx); err != nil {
 			return perm, err
 		}
+
+		isSameOrg := false
 		if repo.OwnerID == taskRepo.OwnerID && repo.Owner.IsOrganization() {
+			isSameOrg = true
 			orgCfg, err := actions_model.GetOrgActionsConfig(ctx, repo.OwnerID)
 			if err != nil {
 				return perm, err
@@ -303,7 +306,7 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito
 			}
 		}
 
-		if !actionsCfg.IsCollaborativeOwner(taskRepo.OwnerID) || !taskRepo.IsPrivate {
+		if (!isSameOrg && !actionsCfg.IsCollaborativeOwner(taskRepo.OwnerID)) || !taskRepo.IsPrivate {
 			// The task repo can access the current repo only if the task repo is private and
 			// the owner of the task repo is a collaborative owner of the current repo.
 			// FIXME should owner's visibility also be considered here?

From 6d947234e25a6fe54112b7e49947fc5c7be68279 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 13:08:06 +0100
Subject: [PATCH 29/30] regression

---
 models/perm/access/repo_permission.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index 38515dd0d46e9..316544450c147 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -104,6 +104,7 @@ func (p *Permission) UnitAccessMode(unitType unit.Type) perm_model.AccessMode {
 }
 
 func (p *Permission) SetUnitsWithDefaultAccessMode(units []*repo_model.RepoUnit, mode perm_model.AccessMode) {
+	p.AccessMode = mode
 	p.units = units
 	p.unitsMode = make(map[unit.Type]perm_model.AccessMode)
 	for _, u := range p.units {

From 663d9b28f84a55c926ec34aa185a7687d0cce1d8 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 20 Dec 2025 14:13:52 +0100
Subject: [PATCH 30/30] empty commit

---
 models/perm/access/repo_permission.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index 316544450c147..b21f716e8ee44 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -95,7 +95,7 @@ func (p *Permission) UnitAccessMode(unitType unit.Type) perm_model.AccessMode {
 	if m, ok := p.unitsMode[unitType]; ok {
 		return util.Iif(p.AccessMode >= perm_model.AccessModeAdmin, p.AccessMode, m)
 	}
-	// if the units map does not contain the access mode, return the default access mode if the unit exists
+	// If the units map does not contain the access mode, return the default access mode if the unit exists
 	unitDefaultAccessMode := p.AccessMode
 	unitDefaultAccessMode = max(unitDefaultAccessMode, p.anonymousAccessMode[unitType])
 	unitDefaultAccessMode = max(unitDefaultAccessMode, p.everyoneAccessMode[unitType])