Merge branch 'main' into fix-review-form

3 years ago · cf4137ce1b
parent 330afac392 06e4687cec
commit cf4137ce1b
69 changed files with 400 additions and 328 deletions
--- a/contrib/upgrade.sh
+++ b/contrib/upgrade.sh
@ -24,7 +24,8 @@

 function giteacmd {
  if [[ $sudocmd = "su" ]]; then
-    "$sudocmd" - "$giteauser" -c "$giteabin" --config "$giteaconf" --work-path "$giteahome" "$@"
+    # `-c` only accept one string as argument.
+    "$sudocmd" - "$giteauser" -c "$(printf "%q " "$giteabin" "--config" "$giteaconf" "--work-path" "$giteahome" "$@")"
  else
    "$sudocmd" --user "$giteauser" "$giteabin" --config "$giteaconf" --work-path "$giteahome" "$@"
  fi
--- a/models/action.go
+++ b/models/action.go
@ -508,7 +508,7 @@ func notifyWatchers(ctx context.Context, actions ...*Action) error {
 					permPR[i] = false
 					continue
 				}
-				perm, err := getUserRepoPermission(ctx, repo, user)
+				perm, err := GetUserRepoPermission(ctx, repo, user)
 				if err != nil {
 					permCode[i] = false
 					permIssue[i] = false
--- a/models/branches.go
+++ b/models/branches.go
@ -337,43 +337,43 @@ type WhitelistOptions struct {
 // If ID is 0, it creates a new record. Otherwise, updates existing record.
 // This function also performs check if whitelist user and team's IDs have been changed
 // to avoid unnecessary whitelist delete and regenerate.
-func UpdateProtectBranch(repo *repo_model.Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {
-	if err = repo.GetOwner(db.DefaultContext); err != nil {
+func UpdateProtectBranch(ctx context.Context, repo *repo_model.Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {
+	if err = repo.GetOwner(ctx); err != nil {
 		return fmt.Errorf("GetOwner: %v", err)
 	}

-	whitelist, err := updateUserWhitelist(repo, protectBranch.WhitelistUserIDs, opts.UserIDs)
+	whitelist, err := updateUserWhitelist(ctx, repo, protectBranch.WhitelistUserIDs, opts.UserIDs)
 	if err != nil {
 		return err
 	}
 	protectBranch.WhitelistUserIDs = whitelist

-	whitelist, err = updateUserWhitelist(repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)
+	whitelist, err = updateUserWhitelist(ctx, repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)
 	if err != nil {
 		return err
 	}
 	protectBranch.MergeWhitelistUserIDs = whitelist

-	whitelist, err = updateApprovalWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
+	whitelist, err = updateApprovalWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
 	if err != nil {
 		return err
 	}
 	protectBranch.ApprovalsWhitelistUserIDs = whitelist

 	// if the repo is in an organization
-	whitelist, err = updateTeamWhitelist(repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)
+	whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)
 	if err != nil {
 		return err
 	}
 	protectBranch.WhitelistTeamIDs = whitelist

-	whitelist, err = updateTeamWhitelist(repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)
+	whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)
 	if err != nil {
 		return err
 	}
 	protectBranch.MergeWhitelistTeamIDs = whitelist

-	whitelist, err = updateTeamWhitelist(repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)
+	whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)
 	if err != nil {
 		return err
 	}
@ -381,13 +381,13 @@ func UpdateProtectBranch(repo *repo_model.Repository, protectBranch *ProtectedBr

 	// Make sure protectBranch.ID is not 0 for whitelists
 	if protectBranch.ID == 0 {
-		if _, err = db.GetEngine(db.DefaultContext).Insert(protectBranch); err != nil {
+		if _, err = db.GetEngine(ctx).Insert(protectBranch); err != nil {
 			return fmt.Errorf("Insert: %v", err)
 		}
 		return nil
 	}

-	if _, err = db.GetEngine(db.DefaultContext).ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {
+	if _, err = db.GetEngine(ctx).ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {
 		return fmt.Errorf("Update: %v", err)
 	}

@ -416,7 +416,7 @@ func IsProtectedBranch(repoID int64, branchName string) (bool, error) {

 // updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with
 // the users from newWhitelist which have explicit read or write access to the repo.
-func updateApprovalWhitelist(repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
+func updateApprovalWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
 	hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
 	if !hasUsersChanged {
 		return currentWhitelist, nil
@ -424,7 +424,7 @@ func updateApprovalWhitelist(repo *repo_model.Repository, currentWhitelist, newW

 	whitelist = make([]int64, 0, len(newWhitelist))
 	for _, userID := range newWhitelist {
-		if reader, err := IsRepoReader(repo, userID); err != nil {
+		if reader, err := IsRepoReader(ctx, repo, userID); err != nil {
 			return nil, err
 		} else if !reader {
 			continue
@ -437,7 +437,7 @@ func updateApprovalWhitelist(repo *repo_model.Repository, currentWhitelist, newW

 // updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with
 // the users from newWhitelist which have write access to the repo.
-func updateUserWhitelist(repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
+func updateUserWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
 	hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
 	if !hasUsersChanged {
 		return currentWhitelist, nil
@ -445,11 +445,11 @@ func updateUserWhitelist(repo *repo_model.Repository, currentWhitelist, newWhite

 	whitelist = make([]int64, 0, len(newWhitelist))
 	for _, userID := range newWhitelist {
-		user, err := user_model.GetUserByID(userID)
+		user, err := user_model.GetUserByIDCtx(ctx, userID)
 		if err != nil {
 			return nil, fmt.Errorf("GetUserByID [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)
 		}
-		perm, err := GetUserRepoPermission(repo, user)
+		perm, err := GetUserRepoPermission(ctx, repo, user)
 		if err != nil {
 			return nil, fmt.Errorf("GetUserRepoPermission [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)
 		}
@ -466,13 +466,13 @@ func updateUserWhitelist(repo *repo_model.Repository, currentWhitelist, newWhite

 // updateTeamWhitelist checks whether the team whitelist changed and returns a whitelist with
 // the teams from newWhitelist which have write access to the repo.
-func updateTeamWhitelist(repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
+func updateTeamWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
 	hasTeamsChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
 	if !hasTeamsChanged {
 		return currentWhitelist, nil
 	}

-	teams, err := organization.GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, perm.AccessModeRead)
+	teams, err := organization.GetTeamsWithAccessToRepo(ctx, repo.OwnerID, repo.ID, perm.AccessModeRead)
 	if err != nil {
 		return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %v", repo.OwnerID, repo.ID, err)
 	}
--- a/models/branches_test.go
+++ b/models/branches_test.go
@ -7,6 +7,7 @@ package models
 import (
 	"testing"

+	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"

@ -99,11 +100,14 @@ func TestRenameBranch(t *testing.T) {
 	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1}).(*repo_model.Repository)
 	_isDefault := false

-	err := UpdateProtectBranch(repo1, &ProtectedBranch{
+	ctx, committer, err := db.TxContext()
+	defer committer.Close()
+	assert.NoError(t, err)
+	assert.NoError(t, UpdateProtectBranch(ctx, repo1, &ProtectedBranch{
 		RepoID:     repo1.ID,
 		BranchName: "master",
-	}, WhitelistOptions{})
-	assert.NoError(t, err)
+	}, WhitelistOptions{}))
+	assert.NoError(t, committer.Commit())

 	assert.NoError(t, RenameBranch(repo1, "master", "main", func(isDefault bool) error {
 		_isDefault = isDefault
--- a/models/commit_status.go
+++ b/models/commit_status.go
@ -232,12 +232,13 @@ type CommitStatusIndex struct {

 // GetLatestCommitStatus returns all statuses with a unique context for a given commit.
 func GetLatestCommitStatus(repoID int64, sha string, listOptions db.ListOptions) ([]*CommitStatus, int64, error) {
-	return getLatestCommitStatus(db.GetEngine(db.DefaultContext), repoID, sha, listOptions)
+	return GetLatestCommitStatusCtx(db.DefaultContext, repoID, sha, listOptions)
 }

-func getLatestCommitStatus(e db.Engine, repoID int64, sha string, listOptions db.ListOptions) ([]*CommitStatus, int64, error) {
+// GetLatestCommitStatusCtx returns all statuses with a unique context for a given commit.
+func GetLatestCommitStatusCtx(ctx context.Context, repoID int64, sha string, listOptions db.ListOptions) ([]*CommitStatus, int64, error) {
 	ids := make([]int64, 0, 10)
-	sess := e.Table(&CommitStatus{}).
+	sess := db.GetEngine(ctx).Table(&CommitStatus{}).
 		Where("repo_id = ?", repoID).And("sha = ?", sha).
 		Select("max( id ) as id").
 		GroupBy("context_hash").OrderBy("max( id ) desc")
@ -252,7 +253,7 @@ func getLatestCommitStatus(e db.Engine, repoID int64, sha string, listOptions db
 	if len(ids) == 0 {
 		return statuses, count, nil
 	}
-	return statuses, count, e.In("id", ids).Find(&statuses)
+	return statuses, count, db.GetEngine(ctx).In("id", ids).Find(&statuses)
 }

 // FindRepoRecentCommitStatusContexts returns repository's recent commit status contexts
--- a/models/issue.go
+++ b/models/issue.go
@ -162,13 +162,9 @@ func (issue *Issue) GetPullRequest() (pr *PullRequest, err error) {
 }

 // LoadLabels loads labels
-func (issue *Issue) LoadLabels() error {
-	return issue.loadLabels(db.GetEngine(db.DefaultContext))
-}
-
-func (issue *Issue) loadLabels(e db.Engine) (err error) {
+func (issue *Issue) LoadLabels(ctx context.Context) (err error) {
 	if issue.Labels == nil {
-		issue.Labels, err = getLabelsByIssueID(e, issue.ID)
+		issue.Labels, err = getLabelsByIssueID(db.GetEngine(ctx), issue.ID)
 		if err != nil {
 			return fmt.Errorf("getLabelsByIssueID [%d]: %v", issue.ID, err)
 		}
@ -313,7 +309,7 @@ func (issue *Issue) loadAttributes(ctx context.Context) (err error) {
 		return
 	}

-	if err = issue.loadLabels(e); err != nil {
+	if err = issue.LoadLabels(ctx); err != nil {
 		return
 	}

@ -493,7 +489,7 @@ func ClearIssueLabels(issue *Issue, doer *user_model.User) (err error) {
 		return err
 	}

-	perm, err := getUserRepoPermission(ctx, issue.Repo, doer)
+	perm, err := GetUserRepoPermission(ctx, issue.Repo, doer)
 	if err != nil {
 		return err
 	}
@ -539,7 +535,7 @@ func ReplaceIssueLabels(issue *Issue, labels []*Label, doer *user_model.User) (e
 		return err
 	}

-	if err = issue.loadLabels(db.GetEngine(ctx)); err != nil {
+	if err = issue.LoadLabels(ctx); err != nil {
 		return err
 	}

@ -587,7 +583,7 @@ func ReplaceIssueLabels(issue *Issue, labels []*Label, doer *user_model.User) (e
 	}

 	issue.Labels = nil
-	if err = issue.loadLabels(db.GetEngine(ctx)); err != nil {
+	if err = issue.LoadLabels(ctx); err != nil {
 		return err
 	}

@ -2341,9 +2337,9 @@ func ResolveIssueMentionsByVisibility(ctx context.Context, issue *Issue, doer *u
 			continue
 		}
 		// Normal users must have read access to the referencing issue
-		perm, err := getUserRepoPermission(ctx, issue.Repo, user)
+		perm, err := GetUserRepoPermission(ctx, issue.Repo, user)
 		if err != nil {
-			return nil, fmt.Errorf("getUserRepoPermission [%d]: %v", user.ID, err)
+			return nil, fmt.Errorf("GetUserRepoPermission [%d]: %v", user.ID, err)
 		}
 		if !perm.CanReadIssuesOrPulls(issue.IsPull) {
 			continue
--- a/models/issue_label.go
+++ b/models/issue_label.go
@ -613,7 +613,6 @@ func NewIssueLabel(issue *Issue, label *Label, doer *user_model.User) (err error
 		return err
 	}
 	defer committer.Close()
-	sess := db.GetEngine(ctx)

 	if err = issue.LoadRepo(ctx); err != nil {
 		return err
@ -629,7 +628,7 @@ func NewIssueLabel(issue *Issue, label *Label, doer *user_model.User) (err error
 	}

 	issue.Labels = nil
-	if err = issue.loadLabels(sess); err != nil {
+	if err = issue.LoadLabels(ctx); err != nil {
 		return err
 	}

@ -670,7 +669,7 @@ func NewIssueLabels(issue *Issue, labels []*Label, doer *user_model.User) (err e
 	}

 	issue.Labels = nil
-	if err = issue.loadLabels(db.GetEngine(ctx)); err != nil {
+	if err = issue.LoadLabels(ctx); err != nil {
 		return err
 	}

@ -707,23 +706,13 @@ func deleteIssueLabel(ctx context.Context, issue *Issue, label *Label, doer *use
 }

 // DeleteIssueLabel deletes issue-label relation.
-func DeleteIssueLabel(issue *Issue, label *Label, doer *user_model.User) (err error) {
-	ctx, committer, err := db.TxContext()
-	if err != nil {
-		return err
-	}
-	defer committer.Close()
-
-	if err = deleteIssueLabel(ctx, issue, label, doer); err != nil {
+func DeleteIssueLabel(ctx context.Context, issue *Issue, label *Label, doer *user_model.User) error {
+	if err := deleteIssueLabel(ctx, issue, label, doer); err != nil {
 		return err
 	}

 	issue.Labels = nil
-	if err = issue.loadLabels(db.GetEngine(ctx)); err != nil {
-		return err
-	}
-
-	return committer.Commit()
+	return issue.LoadLabels(ctx)
 }

 func deleteLabelsByRepoID(sess db.Engine, repoID int64) error {
--- a/models/issue_label_test.go
+++ b/models/issue_label_test.go
@ -369,7 +369,12 @@ func TestDeleteIssueLabel(t *testing.T) {
 			}
 		}

-		assert.NoError(t, DeleteIssueLabel(issue, label, doer))
+		ctx, committer, err := db.TxContext()
+		defer committer.Close()
+		assert.NoError(t, err)
+		assert.NoError(t, DeleteIssueLabel(ctx, issue, label, doer))
+		assert.NoError(t, committer.Commit())
+
 		unittest.AssertNotExistsBean(t, &IssueLabel{IssueID: issueID, LabelID: labelID})
 		unittest.AssertExistsAndLoadBean(t, &Comment{
 			Type:     CommentTypeLabel,
--- a/models/issue_xref.go
+++ b/models/issue_xref.go
@ -215,7 +215,7 @@ func (issue *Issue) verifyReferencedIssue(stdCtx context.Context, ctx *crossRefe

 	// Check doer permissions; set action to None if the doer can't change the destination
 	if refIssue.RepoID != ctx.OrigIssue.RepoID || ref.Action != references.XRefActionNone {
-		perm, err := getUserRepoPermission(stdCtx, refIssue.Repo, ctx.Doer)
+		perm, err := GetUserRepoPermission(stdCtx, refIssue.Repo, ctx.Doer)
 		if err != nil {
 			return nil, references.XRefActionNone, err
 		}
--- a/models/lfs_lock.go
+++ b/models/lfs_lock.go
@ -5,6 +5,7 @@
 package models

 import (
+	"context"
 	"fmt"
 	"path"
 	"strings"
@ -42,15 +43,20 @@ func cleanPath(p string) string {

 // CreateLFSLock creates a new lock.
 func CreateLFSLock(repo *repo_model.Repository, lock *LFSLock) (*LFSLock, error) {
-	err := CheckLFSAccessForRepo(lock.OwnerID, repo, perm.AccessModeWrite)
+	dbCtx, committer, err := db.TxContext()
 	if err != nil {
 		return nil, err
 	}
+	defer committer.Close()
+
+	if err := CheckLFSAccessForRepo(dbCtx, lock.OwnerID, repo, perm.AccessModeWrite); err != nil {
+		return nil, err
+	}

 	lock.Path = cleanPath(lock.Path)
 	lock.RepoID = repo.ID

-	l, err := GetLFSLock(repo, lock.Path)
+	l, err := GetLFSLock(dbCtx, repo, lock.Path)
 	if err == nil {
 		return l, ErrLFSLockAlreadyExist{lock.RepoID, lock.Path}
 	}
@ -58,15 +64,18 @@ func CreateLFSLock(repo *repo_model.Repository, lock *LFSLock) (*LFSLock, error)
 		return nil, err
 	}

-	err = db.Insert(db.DefaultContext, lock)
-	return lock, err
+	if err := db.Insert(dbCtx, lock); err != nil {
+		return nil, err
+	}
+
+	return lock, committer.Commit()
 }

 // GetLFSLock returns release by given path.
-func GetLFSLock(repo *repo_model.Repository, path string) (*LFSLock, error) {
+func GetLFSLock(ctx context.Context, repo *repo_model.Repository, path string) (*LFSLock, error) {
 	path = cleanPath(path)
 	rel := &LFSLock{RepoID: repo.ID}
-	has, err := db.GetEngine(db.DefaultContext).Where("lower(path) = ?", strings.ToLower(path)).Get(rel)
+	has, err := db.GetEngine(ctx).Where("lower(path) = ?", strings.ToLower(path)).Get(rel)
 	if err != nil {
 		return nil, err
 	}
@ -77,9 +86,9 @@ func GetLFSLock(repo *repo_model.Repository, path string) (*LFSLock, error) {
 }

 // GetLFSLockByID returns release by given id.
-func GetLFSLockByID(id int64) (*LFSLock, error) {
+func GetLFSLockByID(ctx context.Context, id int64) (*LFSLock, error) {
 	lock := new(LFSLock)
-	has, err := db.GetEngine(db.DefaultContext).ID(id).Get(lock)
+	has, err := db.GetEngine(ctx).ID(id).Get(lock)
 	if err != nil {
 		return nil, err
 	} else if !has {
@ -127,34 +136,42 @@ func CountLFSLockByRepoID(repoID int64) (int64, error) {

 // DeleteLFSLockByID deletes a lock by given ID.
 func DeleteLFSLockByID(id int64, repo *repo_model.Repository, u *user_model.User, force bool) (*LFSLock, error) {
-	lock, err := GetLFSLockByID(id)
+	dbCtx, committer, err := db.TxContext()
 	if err != nil {
 		return nil, err
 	}
+	defer committer.Close()

-	err = CheckLFSAccessForRepo(u.ID, repo, perm.AccessModeWrite)
+	lock, err := GetLFSLockByID(dbCtx, id)
 	if err != nil {
 		return nil, err
 	}

+	if err := CheckLFSAccessForRepo(dbCtx, u.ID, repo, perm.AccessModeWrite); err != nil {
+		return nil, err
+	}
+
 	if !force && u.ID != lock.OwnerID {
 		return nil, fmt.Errorf("user doesn't own lock and force flag is not set")
 	}

-	_, err = db.GetEngine(db.DefaultContext).ID(id).Delete(new(LFSLock))
-	return lock, err
+	if _, err := db.GetEngine(dbCtx).ID(id).Delete(new(LFSLock)); err != nil {
+		return nil, err
+	}
+
+	return lock, committer.Commit()
 }

 // CheckLFSAccessForRepo check needed access mode base on action
-func CheckLFSAccessForRepo(ownerID int64, repo *repo_model.Repository, mode perm.AccessMode) error {
+func CheckLFSAccessForRepo(ctx context.Context, ownerID int64, repo *repo_model.Repository, mode perm.AccessMode) error {
 	if ownerID == 0 {
 		return ErrLFSUnauthorizedAction{repo.ID, "undefined", mode}
 	}
-	u, err := user_model.GetUserByID(ownerID)
+	u, err := user_model.GetUserByIDCtx(ctx, ownerID)
 	if err != nil {
 		return err
 	}
-	perm, err := GetUserRepoPermission(repo, u)
+	perm, err := GetUserRepoPermission(ctx, repo, u)
 	if err != nil {
 		return err
 	}
--- a/models/organization/org.go
+++ b/models/organization/org.go
@ -683,7 +683,7 @@ func (org *Organization) getUserTeamIDs(ctx context.Context, userID int64) ([]in

 // TeamsWithAccessToRepo returns all teams that have given access level to the repository.
 func (org *Organization) TeamsWithAccessToRepo(repoID int64, mode perm.AccessMode) ([]*Team, error) {
-	return GetTeamsWithAccessToRepo(org.ID, repoID, mode)
+	return GetTeamsWithAccessToRepo(db.DefaultContext, org.ID, repoID, mode)
 }

 // GetUserTeamIDs returns of all team IDs of the organization that user is member of.
--- a/models/organization/team_repo.go
+++ b/models/organization/team_repo.go
@ -75,9 +75,9 @@ func RemoveTeamRepo(ctx context.Context, teamID, repoID int64) error {
 }

 // GetTeamsWithAccessToRepo returns all teams in an organization that have given access level to the repository.
-func GetTeamsWithAccessToRepo(orgID, repoID int64, mode perm.AccessMode) ([]*Team, error) {
+func GetTeamsWithAccessToRepo(ctx context.Context, orgID, repoID int64, mode perm.AccessMode) ([]*Team, error) {
 	teams := make([]*Team, 0, 5)
-	return teams, db.GetEngine(db.DefaultContext).Where("team.authorize >= ?", mode).
+	return teams, db.GetEngine(ctx).Where("team.authorize >= ?", mode).
 		Join("INNER", "team_repo", "team_repo.team_id = team.id").
 		And("team_repo.org_id = ?", orgID).
 		And("team_repo.repo_id = ?", repoID).
--- a/models/pull.go
+++ b/models/pull.go
@ -130,7 +130,8 @@ func (pr *PullRequest) LoadAttributes() error {
 	return pr.loadAttributes(db.GetEngine(db.DefaultContext))
 }

-func (pr *PullRequest) loadHeadRepo(ctx context.Context) (err error) {
+// LoadHeadRepoCtx loads the head repository
+func (pr *PullRequest) LoadHeadRepoCtx(ctx context.Context) (err error) {
 	if !pr.isHeadRepoLoaded && pr.HeadRepo == nil && pr.HeadRepoID > 0 {
 		if pr.HeadRepoID == pr.BaseRepoID {
 			if pr.BaseRepo != nil {
@ -153,15 +154,16 @@ func (pr *PullRequest) loadHeadRepo(ctx context.Context) (err error) {

 // LoadHeadRepo loads the head repository
 func (pr *PullRequest) LoadHeadRepo() error {
-	return pr.loadHeadRepo(db.DefaultContext)
+	return pr.LoadHeadRepoCtx(db.DefaultContext)
 }

 // LoadBaseRepo loads the target repository
 func (pr *PullRequest) LoadBaseRepo() error {
-	return pr.loadBaseRepo(db.DefaultContext)
+	return pr.LoadBaseRepoCtx(db.DefaultContext)
 }

-func (pr *PullRequest) loadBaseRepo(ctx context.Context) (err error) {
+// LoadBaseRepoCtx loads the target repository
+func (pr *PullRequest) LoadBaseRepoCtx(ctx context.Context) (err error) {
 	if pr.BaseRepo != nil {
 		return nil
 	}
@ -185,15 +187,16 @@ func (pr *PullRequest) loadBaseRepo(ctx context.Context) (err error) {

 // LoadIssue loads issue information from database
 func (pr *PullRequest) LoadIssue() (err error) {
-	return pr.loadIssue(db.GetEngine(db.DefaultContext))
+	return pr.LoadIssueCtx(db.DefaultContext)
 }

-func (pr *PullRequest) loadIssue(e db.Engine) (err error) {
+// LoadIssueCtx loads issue information from database
+func (pr *PullRequest) LoadIssueCtx(ctx context.Context) (err error) {
 	if pr.Issue != nil {
 		return nil
 	}

-	pr.Issue, err = getIssueByID(e, pr.IssueID)
+	pr.Issue, err = getIssueByID(db.GetEngine(ctx), pr.IssueID)
 	if err == nil {
 		pr.Issue.PullRequest = pr
 	}
@ -202,10 +205,11 @@ func (pr *PullRequest) loadIssue(e db.Engine) (err error) {

 // LoadProtectedBranch loads the protected branch of the base branch
 func (pr *PullRequest) LoadProtectedBranch() (err error) {
-	return pr.loadProtectedBranch(db.DefaultContext)
+	return pr.LoadProtectedBranchCtx(db.DefaultContext)
 }

-func (pr *PullRequest) loadProtectedBranch(ctx context.Context) (err error) {
+// LoadProtectedBranchCtx loads the protected branch of the base branch
+func (pr *PullRequest) LoadProtectedBranchCtx(ctx context.Context) (err error) {
 	if pr.ProtectedBranch == nil {
 		if pr.BaseRepo == nil {
 			if pr.BaseRepoID == 0 {
@ -392,7 +396,7 @@ func (pr *PullRequest) SetMerged() (bool, error) {
 	}

 	pr.Issue = nil
-	if err := pr.loadIssue(sess); err != nil {
+	if err := pr.LoadIssueCtx(ctx); err != nil {
 		return false, err
 	}

@ -510,6 +514,11 @@ func GetLatestPullRequestByHeadInfo(repoID int64, branch string) (*PullRequest,

 // GetPullRequestByIndex returns a pull request by the given index
 func GetPullRequestByIndex(repoID, index int64) (*PullRequest, error) {
+	return GetPullRequestByIndexCtx(db.DefaultContext, repoID, index)
+}
+
+// GetPullRequestByIndexCtx returns a pull request by the given index
+func GetPullRequestByIndexCtx(ctx context.Context, repoID, index int64) (*PullRequest, error) {
 	if index < 1 {
 		return nil, ErrPullRequestNotExist{}
 	}
@ -518,17 +527,17 @@ func GetPullRequestByIndex(repoID, index int64) (*PullRequest, error) {
 		Index:      index,
 	}

-	has, err := db.GetEngine(db.DefaultContext).Get(pr)
+	has, err := db.GetEngine(ctx).Get(pr)
 	if err != nil {
 		return nil, err
 	} else if !has {
 		return nil, ErrPullRequestNotExist{0, 0, 0, repoID, "", ""}
 	}

-	if err = pr.LoadAttributes(); err != nil {
+	if err = pr.loadAttributes(db.GetEngine(ctx)); err != nil {
 		return nil, err
 	}
-	if err = pr.LoadIssue(); err != nil {
+	if err = pr.LoadIssueCtx(ctx); err != nil {
 		return nil, err
 	}

@ -547,8 +556,8 @@ func getPullRequestByID(e db.Engine, id int64) (*PullRequest, error) {
 }

 // GetPullRequestByID returns a pull request by given ID.
-func GetPullRequestByID(id int64) (*PullRequest, error) {
-	return getPullRequestByID(db.GetEngine(db.DefaultContext), id)
+func GetPullRequestByID(ctx context.Context, id int64) (*PullRequest, error) {
+	return getPullRequestByID(db.GetEngine(ctx), id)
 }

 // GetPullRequestByIssueIDWithNoAttributes returns pull request with no attributes loaded by given issue ID.
--- a/models/pull_list.go
+++ b/models/pull_list.go
@ -5,6 +5,7 @@
 package models

 import (
+	"context"
 	"fmt"

 	"code.gitea.io/gitea/models/db"
@ -158,13 +159,14 @@ func (prs PullRequestList) LoadAttributes() error {
 	return prs.loadAttributes(db.GetEngine(db.DefaultContext))
 }

-func (prs PullRequestList) invalidateCodeComments(e db.Engine, doer *user_model.User, repo *git.Repository, branch string) error {
+// InvalidateCodeComments will lookup the prs for code comments which got invalidated by change
+func (prs PullRequestList) InvalidateCodeComments(ctx context.Context, doer *user_model.User, repo *git.Repository, branch string) error {
 	if len(prs) == 0 {
 		return nil
 	}
 	issueIDs := prs.getIssueIDs()
 	var codeComments []*Comment
-	if err := e.
+	if err := db.GetEngine(ctx).
 		Where("type = ? and invalidated = ?", CommentTypeCode, false).
 		In("issue_id", issueIDs).
 		Find(&codeComments); err != nil {
@ -177,8 +179,3 @@ func (prs PullRequestList) invalidateCodeComments(e db.Engine, doer *user_model.
 	}
 	return nil
 }
-
-// InvalidateCodeComments will lookup the prs for code comments which got invalidated by change
-func (prs PullRequestList) InvalidateCodeComments(doer *user_model.User, repo *git.Repository, branch string) error {
-	return prs.invalidateCodeComments(db.GetEngine(db.DefaultContext), doer, repo, branch)
-}
--- a/models/pull_test.go
+++ b/models/pull_test.go
@ -159,12 +159,12 @@ func TestGetPullRequestByIndex(t *testing.T) {

 func TestGetPullRequestByID(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	pr, err := GetPullRequestByID(1)
+	pr, err := GetPullRequestByID(db.DefaultContext, 1)
 	assert.NoError(t, err)
 	assert.Equal(t, int64(1), pr.ID)
 	assert.Equal(t, int64(2), pr.IssueID)

-	_, err = GetPullRequestByID(9223372036854775807)
+	_, err = GetPullRequestByID(db.DefaultContext, 9223372036854775807)
 	assert.Error(t, err)
 	assert.True(t, IsErrPullRequestNotExist(err))
 }
--- a/models/repo.go
+++ b/models/repo.go
@ -57,9 +57,9 @@ func checkRepoUnitUser(ctx context.Context, repo *repo_model.Repository, user *u
 	if user.IsAdmin {
 		return true
 	}
-	perm, err := getUserRepoPermission(ctx, repo, user)
+	perm, err := GetUserRepoPermission(ctx, repo, user)
 	if err != nil {
-		log.Error("getUserRepoPermission(): %v", err)
+		log.Error("GetUserRepoPermission(): %v", err)
 		return false
 	}

@ -198,7 +198,7 @@ func GetReviewerTeams(repo *repo_model.Repository) ([]*organization.Team, error)
 		return nil, nil
 	}

-	teams, err := organization.GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, perm.AccessModeRead)
+	teams, err := organization.GetTeamsWithAccessToRepo(db.DefaultContext, repo.OwnerID, repo.ID, perm.AccessModeRead)
 	if err != nil {
 		return nil, err
 	}
--- a/models/repo_permission.go
+++ b/models/repo_permission.go
@ -145,11 +145,7 @@ func (p *Permission) ColorFormat(s fmt.State) {
 }

 // GetUserRepoPermission returns the user permissions to the repository
-func GetUserRepoPermission(repo *repo_model.Repository, user *user_model.User) (Permission, error) {
-	return getUserRepoPermission(db.DefaultContext, repo, user)
-}
-
-func getUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (perm Permission, err error) {
+func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (perm Permission, err error) {
 	if log.IsTrace() {
 		defer func() {
 			if user == nil {
@ -347,7 +343,7 @@ func AccessLevelUnit(user *user_model.User, repo *repo_model.Repository, unitTyp
 }

 func accessLevelUnit(ctx context.Context, user *user_model.User, repo *repo_model.Repository, unitType unit.Type) (perm_model.AccessMode, error) {
-	perm, err := getUserRepoPermission(ctx, repo, user)
+	perm, err := GetUserRepoPermission(ctx, repo, user)
 	if err != nil {
 		return perm_model.AccessModeNone, err
 	}
@ -375,7 +371,7 @@ func canBeAssigned(ctx context.Context, user *user_model.User, repo *repo_model.
 	if user.IsOrganization() {
 		return false, fmt.Errorf("Organization can't be added as assignee [user_id: %d, repo_id: %d]", user.ID, repo.ID)
 	}
-	perm, err := getUserRepoPermission(ctx, repo, user)
+	perm, err := GetUserRepoPermission(ctx, repo, user)
 	if err != nil {
 		return false, err
 	}
@ -391,7 +387,7 @@ func hasAccess(ctx context.Context, userID int64, repo *repo_model.Repository) (
 			return false, err
 		}
 	}
-	perm, err := getUserRepoPermission(ctx, repo, user)
+	perm, err := GetUserRepoPermission(ctx, repo, user)
 	if err != nil {
 		return false, err
 	}
@ -414,9 +410,9 @@ func GetRepoWriters(repo *repo_model.Repository) (_ []*user_model.User, err erro
 }

 // IsRepoReader returns true if user has explicit read access or higher to the repository.
-func IsRepoReader(repo *repo_model.Repository, userID int64) (bool, error) {
+func IsRepoReader(ctx context.Context, repo *repo_model.Repository, userID int64) (bool, error) {
 	if repo.OwnerID == userID {
 		return true, nil
 	}
-	return db.GetEngine(db.DefaultContext).Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, perm_model.AccessModeRead).Get(&Access{})
+	return db.GetEngine(ctx).Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, perm_model.AccessModeRead).Get(&Access{})
 }
--- a/models/repo_permission_test.go
+++ b/models/repo_permission_test.go
@ -27,7 +27,7 @@ func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

 	// plain user
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err := GetUserRepoPermission(repo, user)
+	perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -36,7 +36,7 @@ func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

 	// change to collaborator
 	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = GetUserRepoPermission(repo, user)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -45,7 +45,7 @@ func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

 	// collaborator
 	collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, collaborator)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, collaborator)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -54,7 +54,7 @@ func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

 	// owner
 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, owner)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -63,7 +63,7 @@ func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {

 	// admin
 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, admin)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -80,7 +80,7 @@ func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

 	// plain user
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
-	perm, err := GetUserRepoPermission(repo, user)
+	perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.False(t, perm.CanRead(unit.Type))
@ -89,7 +89,7 @@ func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

 	// change to collaborator to default write access
 	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = GetUserRepoPermission(repo, user)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -97,7 +97,7 @@ func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
 	}

 	assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
-	perm, err = GetUserRepoPermission(repo, user)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -106,7 +106,7 @@ func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

 	// owner
 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, owner)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -115,7 +115,7 @@ func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {

 	// admin
 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, admin)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -132,7 +132,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {

 	// plain user
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	perm, err := GetUserRepoPermission(repo, user)
+	perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -141,7 +141,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {

 	// change to collaborator to default write access
 	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = GetUserRepoPermission(repo, user)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -149,7 +149,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {
 	}

 	assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
-	perm, err = GetUserRepoPermission(repo, user)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -158,7 +158,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {

 	// org member team owner
 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, owner)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -167,7 +167,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {

 	// org member team tester
 	member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, member)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, member)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -177,7 +177,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {

 	// admin
 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, admin)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -194,7 +194,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

 	// plain user
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	perm, err := GetUserRepoPermission(repo, user)
+	perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.False(t, perm.CanRead(unit.Type))
@ -203,7 +203,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

 	// change to collaborator to default write access
 	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = GetUserRepoPermission(repo, user)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -211,7 +211,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
 	}

 	assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
-	perm, err = GetUserRepoPermission(repo, user)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -220,7 +220,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

 	// org member team owner
 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, owner)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -231,7 +231,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
 	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}).(*organization.Team)
 	err = organization.UpdateTeamUnits(team, nil)
 	assert.NoError(t, err)
-	perm, err = GetUserRepoPermission(repo, owner)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
@ -240,7 +240,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

 	// org member team tester
 	tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, tester)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, tester)
 	assert.NoError(t, err)
 	assert.True(t, perm.CanWrite(unit.TypeIssues))
 	assert.False(t, perm.CanWrite(unit.TypeCode))
@ -248,7 +248,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

 	// org member team reviewer
 	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, reviewer)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, reviewer)
 	assert.NoError(t, err)
 	assert.False(t, perm.CanRead(unit.TypeIssues))
 	assert.False(t, perm.CanWrite(unit.TypeCode))
@ -256,7 +256,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {

 	// admin
 	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = GetUserRepoPermission(repo, admin)
+	perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
 	assert.NoError(t, err)
 	for _, unit := range repo.Units {
 		assert.True(t, perm.CanRead(unit.Type))
--- a/models/review.go
+++ b/models/review.go
@ -238,7 +238,7 @@ func isOfficialReviewer(ctx context.Context, issue *Issue, reviewers ...*user_mo
 	if err != nil {
 		return false, err
 	}
-	if err = pr.loadProtectedBranch(ctx); err != nil {
+	if err = pr.LoadProtectedBranchCtx(ctx); err != nil {
 		return false, err
 	}
 	if pr.ProtectedBranch == nil {
@ -265,7 +265,7 @@ func isOfficialReviewerTeam(ctx context.Context, issue *Issue, team *organizatio
 	if err != nil {
 		return false, err
 	}
-	if err = pr.loadProtectedBranch(ctx); err != nil {
+	if err = pr.LoadProtectedBranchCtx(ctx); err != nil {
 		return false, err
 	}
 	if pr.ProtectedBranch == nil {
@ -891,7 +891,7 @@ func CanMarkConversation(issue *Issue, doer *user_model.User) (permResult bool,
 			return false, err
 		}

-		p, err := GetUserRepoPermission(issue.Repo, doer)
+		p, err := GetUserRepoPermission(db.DefaultContext, issue.Repo, doer)
 		if err != nil {
 			return false, err
 		}
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@ -285,7 +285,7 @@ func RetrieveTemplateRepo(ctx *Context, repo *repo_model.Repository) {
 		return
 	}

-	perm, err := models.GetUserRepoPermission(templateRepo, ctx.Doer)
+	perm, err := models.GetUserRepoPermission(ctx, templateRepo, ctx.Doer)
 	if err != nil {
 		ctx.ServerError("GetUserRepoPermission", err)
 		return
@ -351,7 +351,7 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
 		return
 	}

-	ctx.Repo.Permission, err = models.GetUserRepoPermission(repo, ctx.Doer)
+	ctx.Repo.Permission, err = models.GetUserRepoPermission(ctx, repo, ctx.Doer)
 	if err != nil {
 		ctx.ServerError("GetUserRepoPermission", err)
 		return
--- a/modules/convert/convert.go
+++ b/modules/convert/convert.go
@ -14,6 +14,7 @@ import (
 	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
@ -74,7 +75,7 @@ func ToBranch(repo *repo_model.Repository, b *git.Branch, c *git.Commit, bp *mod
 	}

 	if user != nil {
-		permission, err := models.GetUserRepoPermission(repo, user)
+		permission, err := models.GetUserRepoPermission(db.DefaultContext, repo, user)
 		if err != nil {
 			return nil, err
 		}
--- a/modules/convert/issue.go
+++ b/modules/convert/issue.go
@ -24,7 +24,7 @@ import (
 // Required - Poster, Labels,
 // Optional - Milestone, Assignee, PullRequest
 func ToAPIIssue(issue *models.Issue) *api.Issue {
-	if err := issue.LoadLabels(); err != nil {
+	if err := issue.LoadLabels(db.DefaultContext); err != nil {
 		return &api.Issue{}
 	}
 	if err := issue.LoadPoster(); err != nil {
--- a/modules/convert/pull.go
+++ b/modules/convert/pull.go
@ -33,17 +33,17 @@ func ToAPIPullRequest(ctx context.Context, pr *models.PullRequest, doer *user_mo
 	}

 	apiIssue := ToAPIIssue(pr.Issue)
-	if err := pr.LoadBaseRepo(); err != nil {
+	if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		log.Error("GetRepositoryById[%d]: %v", pr.ID, err)
 		return nil
 	}

-	if err := pr.LoadHeadRepo(); err != nil {
+	if err := pr.LoadHeadRepoCtx(ctx); err != nil {
 		log.Error("GetRepositoryById[%d]: %v", pr.ID, err)
 		return nil
 	}

-	p, err := models.GetUserRepoPermission(pr.BaseRepo, doer)
+	p, err := models.GetUserRepoPermission(ctx, pr.BaseRepo, doer)
 	if err != nil {
 		log.Error("GetUserRepoPermission[%d]: %v", pr.BaseRepoID, err)
 		p.AccessMode = perm.AccessModeNone
@ -130,7 +130,7 @@ func ToAPIPullRequest(ctx context.Context, pr *models.PullRequest, doer *user_mo
 	}

 	if pr.HeadRepo != nil && pr.Flow == models.PullRequestFlowGithub {
-		p, err := models.GetUserRepoPermission(pr.HeadRepo, doer)
+		p, err := models.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
 		if err != nil {
 			log.Error("GetUserRepoPermission[%d]: %v", pr.HeadRepoID, err)
 			p.AccessMode = perm.AccessModeNone
--- a/modules/git/repo_attribute.go
+++ b/modules/git/repo_attribute.go
@ -124,12 +124,10 @@ type CheckAttributeReader struct {
 	env         []string
 	ctx         context.Context
 	cancel      context.CancelFunc
-	running     chan struct{}
 }

 // Init initializes the cmd
 func (c *CheckAttributeReader) Init(ctx context.Context) error {
-	c.running = make(chan struct{})
 	cmdArgs := []string{"check-attr", "--stdin", "-z"}

 	if len(c.IndexFile) > 0 && CheckGitVersionAtLeast("1.7.8") == nil {
@ -194,14 +192,6 @@ func (c *CheckAttributeReader) Run() error {
 		Stdin:  c.stdinReader,
 		Stdout: c.stdOut,
 		Stderr: stdErr,
-		PipelineFunc: func(_ context.Context, _ context.CancelFunc) error {
-			select {
-			case <-c.running:
-			default:
-				close(c.running)
-			}
-			return nil
-		},
 	})
 	if err != nil && //                      If there is an error we need to return but:
 		c.ctx.Err() != err && //             1. Ignore the context error if the context is cancelled or exceeds the deadline (RunWithContext could return c.ctx.Err() which is Canceled or DeadlineExceeded)
@ -222,7 +212,7 @@ func (c *CheckAttributeReader) CheckPath(path string) (rs map[string]string, err
 	select {
 	case <-c.ctx.Done():
 		return nil, c.ctx.Err()
-	case <-c.running:
+	default:
 	}

 	if _, err = c.stdinWriter.Write([]byte(path + "\x00")); err != nil {
@ -249,11 +239,6 @@ func (c *CheckAttributeReader) CheckPath(path string) (rs map[string]string, err
 func (c *CheckAttributeReader) Close() error {
 	c.cancel()
 	err := c.stdinWriter.Close()
-	select {
-	case <-c.running:
-	default:
-		close(c.running)
-	}
 	return err
 }

--- a/modules/indexer/code/indexer.go
+++ b/modules/indexer/code/indexer.go
@ -133,7 +133,7 @@ func Init() {
 		finished()
 	})

-	waitChannel := make(chan time.Duration)
+	waitChannel := make(chan time.Duration, 1)

 	// Create the Queue
 	switch setting.Indexer.RepoType {
--- a/modules/indexer/issues/indexer.go
+++ b/modules/indexer/issues/indexer.go
@ -104,7 +104,7 @@ var (
 func InitIssueIndexer(syncReindex bool) {
 	ctx, _, finished := process.GetManager().AddTypedContext(context.Background(), "Service: IssueIndexer", process.SystemProcessType, false)

-	waitChannel := make(chan time.Duration)
+	waitChannel := make(chan time.Duration, 1)

 	// Create the Queue
 	switch setting.Indexer.IssueType {
--- a/modules/notification/mail/mail.go
+++ b/modules/notification/mail/mail.go
@ -169,7 +169,7 @@ func (m *mailNotifier) NotifyPullRequestPushCommits(doer *user_model.User, pr *m
 		log.Error("comment.Issue.LoadPullRequest: %v", err)
 		return
 	}
-	if err = comment.Issue.PullRequest.LoadBaseRepo(); err != nil {
+	if err = comment.Issue.PullRequest.LoadBaseRepoCtx(ctx); err != nil {
 		log.Error("comment.Issue.PullRequest.LoadBaseRepo: %v", err)
 		return
 	}
--- a/modules/queue/workerpool.go
+++ b/modules/queue/workerpool.go
@ -22,6 +22,10 @@ import (
 // they use to detect if there is a block and will grow and shrink in
 // response to demand as per configuration.
 type WorkerPool struct {
+	// This field requires to be the first one in the struct.
+	// This is to allow 64 bit atomic operations on 32-bit machines.
+	// See: https://pkg.go.dev/sync/atomic#pkg-note-BUG & Gitea issue 19518
+	numInQueue         int64
 	lock               sync.Mutex
 	baseCtx            context.Context
 	baseCtxCancel      context.CancelFunc
@ -38,7 +42,6 @@ type WorkerPool struct {
 	blockTimeout       time.Duration
 	boostTimeout       time.Duration
 	boostWorkers       int
-	numInQueue         int64
 }

 var (
--- a/modules/test/context_tests.go
+++ b/modules/test/context_tests.go
@ -60,7 +60,7 @@ func LoadRepo(t *testing.T, ctx *context.Context, repoID int64) {
 	ctx.Repo.Owner, err = user_model.GetUserByID(ctx.Repo.Repository.OwnerID)
 	assert.NoError(t, err)
 	ctx.Repo.RepoLink = ctx.Repo.Repository.Link()
-	ctx.Repo.Permission, err = models.GetUserRepoPermission(ctx.Repo.Repository, ctx.Doer)
+	ctx.Repo.Permission, err = models.GetUserRepoPermission(ctx, ctx.Repo.Repository, ctx.Doer)
 	assert.NoError(t, err)
 }

--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@ -1040,6 +1040,7 @@ line_unicode=`Esta linha possui caracteres unicode ocultos`
 escape_control_characters=Escapar
 unescape_control_characters=Desescapar
 file_copy_permalink=Copiar Link Permanente
+view_git_blame=Ver Git Blame
 video_not_supported_in_browser=Seu navegador não suporta a tag 'video' do HTML5.
 audio_not_supported_in_browser=Seu navegador não suporta a tag 'audio' do HTML5.
 stored_lfs=Armazenado com Git LFS
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@ -183,7 +183,7 @@ func repoAssignment() func(ctx *context.APIContext) {
 		repo.Owner = owner
 		ctx.Repo.Repository = repo

-		ctx.Repo.Permission, err = models.GetUserRepoPermission(repo, ctx.Doer)
+		ctx.Repo.Permission, err = models.GetUserRepoPermission(ctx, repo, ctx.Doer)
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
 			return
--- a/routers/api/v1/repo/branch.go
+++ b/routers/api/v1/repo/branch.go
@ -498,7 +498,7 @@ func CreateBranchProtection(ctx *context.APIContext) {
 		BlockOnOutdatedBranch:         form.BlockOnOutdatedBranch,
 	}

-	err = models.UpdateProtectBranch(ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
+	err = models.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
 		UserIDs:          whitelistUsers,
 		TeamIDs:          whitelistTeams,
 		MergeUserIDs:     mergeWhitelistUsers,
@ -733,7 +733,7 @@ func EditBranchProtection(ctx *context.APIContext) {
 		}
 	}

-	err = models.UpdateProtectBranch(ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
+	err = models.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
 		UserIDs:          whitelistUsers,
 		TeamIDs:          whitelistTeams,
 		MergeUserIDs:     mergeWhitelistUsers,
--- a/routers/api/v1/repo/issue_comment.go
+++ b/routers/api/v1/repo/issue_comment.go
@ -6,6 +6,7 @@
 package repo

 import (
+	stdCtx "context"
 	"errors"
 	"net/http"

@ -183,7 +184,7 @@ func ListIssueCommentsAndTimeline(ctx *context.APIContext) {

 	var apiComments []*api.TimelineComment
 	for _, comment := range comments {
-		if comment.Type != models.CommentTypeCode && isXRefCommentAccessible(ctx.Doer, comment, issue.RepoID) {
+		if comment.Type != models.CommentTypeCode && isXRefCommentAccessible(ctx, ctx.Doer, comment, issue.RepoID) {
 			comment.Issue = issue
 			apiComments = append(apiComments, convert.ToTimelineComment(comment, ctx.Doer))
 		}
@ -193,16 +194,16 @@ func ListIssueCommentsAndTimeline(ctx *context.APIContext) {
 	ctx.JSON(http.StatusOK, &apiComments)
 }

-func isXRefCommentAccessible(user *user_model.User, c *models.Comment, issueRepoID int64) bool {
+func isXRefCommentAccessible(ctx stdCtx.Context, user *user_model.User, c *models.Comment, issueRepoID int64) bool {
 	// Remove comments that the user has no permissions to see
 	if models.CommentTypeIsRef(c.Type) && c.RefRepoID != issueRepoID && c.RefRepoID != 0 {
 		var err error
 		// Set RefRepo for description in template
-		c.RefRepo, err = repo_model.GetRepositoryByID(c.RefRepoID)
+		c.RefRepo, err = repo_model.GetRepositoryByIDCtx(ctx, c.RefRepoID)
 		if err != nil {
 			return false
 		}
-		perm, err := models.GetUserRepoPermission(c.RefRepo, user)
+		perm, err := models.GetUserRepoPermission(ctx, c.RefRepo, user)
 		if err != nil {
 			return false
 		}
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@ -111,11 +111,11 @@ func ListPullRequests(ctx *context.APIContext) {
 			ctx.Error(http.StatusInternalServerError, "LoadAttributes", err)
 			return
 		}
-		if err = prs[i].LoadBaseRepo(); err != nil {
+		if err = prs[i].LoadBaseRepoCtx(ctx); err != nil {
 			ctx.Error(http.StatusInternalServerError, "LoadBaseRepo", err)
 			return
 		}
-		if err = prs[i].LoadHeadRepo(); err != nil {
+		if err = prs[i].LoadHeadRepoCtx(ctx); err != nil {
 			ctx.Error(http.StatusInternalServerError, "LoadHeadRepo", err)
 			return
 		}
@ -167,11 +167,11 @@ func GetPullRequest(ctx *context.APIContext) {
 		return
 	}

-	if err = pr.LoadBaseRepo(); err != nil {
+	if err = pr.LoadBaseRepoCtx(ctx); err != nil {
 		ctx.Error(http.StatusInternalServerError, "LoadBaseRepo", err)
 		return
 	}
-	if err = pr.LoadHeadRepo(); err != nil {
+	if err = pr.LoadHeadRepoCtx(ctx); err != nil {
 		ctx.Error(http.StatusInternalServerError, "LoadHeadRepo", err)
 		return
 	}
@ -724,7 +724,7 @@ func MergePullRequest(ctx *context.APIContext) {
 		return
 	}

-	if err := pr.LoadHeadRepo(); err != nil {
+	if err := pr.LoadHeadRepoCtx(ctx); err != nil {
 		ctx.Error(http.StatusInternalServerError, "LoadHeadRepo", err)
 		return
 	}
@ -943,7 +943,7 @@ func parseCompareInfo(ctx *context.APIContext, form api.CreatePullRequestOption)
 	}

 	// user should have permission to read baseRepo's codes and pulls, NOT headRepo's
-	permBase, err := models.GetUserRepoPermission(baseRepo, ctx.Doer)
+	permBase, err := models.GetUserRepoPermission(ctx, baseRepo, ctx.Doer)
 	if err != nil {
 		headGitRepo.Close()
 		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
@ -962,7 +962,7 @@ func parseCompareInfo(ctx *context.APIContext, form api.CreatePullRequestOption)
 	}

 	// user should have permission to read headrepo's codes
-	permHead, err := models.GetUserRepoPermission(headRepo, ctx.Doer)
+	permHead, err := models.GetUserRepoPermission(ctx, headRepo, ctx.Doer)
 	if err != nil {
 		headGitRepo.Close()
 		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
@ -1063,18 +1063,18 @@ func UpdatePullRequest(ctx *context.APIContext) {
 		return
 	}

-	if err = pr.LoadBaseRepo(); err != nil {
+	if err = pr.LoadBaseRepoCtx(ctx); err != nil {
 		ctx.Error(http.StatusInternalServerError, "LoadBaseRepo", err)
 		return
 	}
-	if err = pr.LoadHeadRepo(); err != nil {
+	if err = pr.LoadHeadRepoCtx(ctx); err != nil {
 		ctx.Error(http.StatusInternalServerError, "LoadHeadRepo", err)
 		return
 	}

 	rebase := ctx.FormString("style") == "rebase"

-	allowedUpdateByMerge, allowedUpdateByRebase, err := pull_service.IsUserAllowedToUpdate(pr, ctx.Doer)
+	allowedUpdateByMerge, allowedUpdateByRebase, err := pull_service.IsUserAllowedToUpdate(ctx, pr, ctx.Doer)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "IsUserAllowedToMerge", err)
 		return
@ -1151,7 +1151,7 @@ func GetPullRequestCommits(ctx *context.APIContext) {
 		return
 	}

-	if err := pr.LoadBaseRepo(); err != nil {
+	if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		ctx.InternalServerError(err)
 		return
 	}
--- a/routers/api/v1/repo/pull_review.go
+++ b/routers/api/v1/repo/pull_review.go
@ -664,7 +664,7 @@ func apiReviewRequest(ctx *context.APIContext, opts api.PullReviewRequestOptions

 	reviewers := make([]*user_model.User, 0, len(opts.Reviewers))

-	permDoer, err := models.GetUserRepoPermission(pr.Issue.Repo, ctx.Doer)
+	permDoer, err := models.GetUserRepoPermission(ctx, pr.Issue.Repo, ctx.Doer)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
 		return
@ -687,7 +687,7 @@ func apiReviewRequest(ctx *context.APIContext, opts api.PullReviewRequestOptions
 			return
 		}

-		err = issue_service.IsValidReviewRequest(reviewer, ctx.Doer, isAdd, pr.Issue, &permDoer)
+		err = issue_service.IsValidReviewRequest(ctx, reviewer, ctx.Doer, isAdd, pr.Issue, &permDoer)
 		if err != nil {
 			if models.IsErrNotValidReviewRequest(err) {
 				ctx.Error(http.StatusUnprocessableEntity, "NotValidReviewRequest", err)
@ -736,7 +736,7 @@ func apiReviewRequest(ctx *context.APIContext, opts api.PullReviewRequestOptions
 				return
 			}

-			err = issue_service.IsValidTeamReviewRequest(teamReviewer, ctx.Doer, isAdd, pr.Issue)
+			err = issue_service.IsValidTeamReviewRequest(ctx, teamReviewer, ctx.Doer, isAdd, pr.Issue)
 			if err != nil {
 				if models.IsErrNotValidReviewRequest(err) {
 					ctx.Error(http.StatusUnprocessableEntity, "NotValidReviewRequest", err)
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@ -555,7 +555,7 @@ func GetByID(ctx *context.APIContext) {
 		return
 	}

-	perm, err := models.GetUserRepoPermission(repo, ctx.Doer)
+	perm, err := models.GetUserRepoPermission(ctx, repo, ctx.Doer)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "AccessLevel", err)
 		return
--- a/routers/private/hook_pre_receive.go
+++ b/routers/private/hook_pre_receive.go
@ -290,7 +290,7 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullN
 		// 6b. Merge (from UI or API)

 		// Get the PR, user and permissions for the user in the repository
-		pr, err := models.GetPullRequestByID(ctx.opts.PullRequestID)
+		pr, err := models.GetPullRequestByID(ctx, ctx.opts.PullRequestID)
 		if err != nil {
 			log.Error("Unable to get PullRequest %d Error: %v", ctx.opts.PullRequestID, err)
 			ctx.JSON(http.StatusInternalServerError, private.Response{
@ -468,7 +468,7 @@ func (ctx *preReceiveContext) loadPusherAndPermission() bool {
 	}
 	ctx.user = user

-	userPerm, err := models.GetUserRepoPermission(ctx.Repo.Repository, user)
+	userPerm, err := models.GetUserRepoPermission(ctx, ctx.Repo.Repository, user)
 	if err != nil {
 		log.Error("Unable to get Repo permission of repo %s/%s of User %s", ctx.Repo.Repository.OwnerName, ctx.Repo.Repository.Name, user.Name, err)
 		ctx.JSON(http.StatusInternalServerError, private.Response{
--- a/routers/private/serv.go
+++ b/routers/private/serv.go
@ -320,7 +320,7 @@ func ServCommand(ctx *context.PrivateContext) {
 				mode = perm.AccessModeRead
 			}

-			perm, err := models.GetUserRepoPermission(repo, user)
+			perm, err := models.GetUserRepoPermission(ctx, repo, user)
 			if err != nil {
 				log.Error("Unable to get permissions for %-v with key %d in %-v Error: %v", user, key.ID, repo, err)
 				ctx.JSON(http.StatusInternalServerError, private.ErrServCommand{
--- a/routers/web/repo/attachment.go
+++ b/routers/web/repo/attachment.go
@ -106,7 +106,7 @@ func GetAttachment(ctx *context.Context) {
 			return
 		}
 	} else { // If we have the repository we check access
-		perm, err := models.GetUserRepoPermission(repository, ctx.Doer)
+		perm, err := models.GetUserRepoPermission(ctx, repository, ctx.Doer)
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error())
 			return
--- a/routers/web/repo/branch.go
+++ b/routers/web/repo/branch.go
@ -279,7 +279,7 @@ func loadOneBranch(ctx *context.Context, rawBranch, defaultBranch *git.Branch, p
 		}
 		if repo, ok := repoIDToRepo[pr.BaseRepoID]; ok {
 			pr.BaseRepo = repo
-		} else if err := pr.LoadBaseRepo(); err != nil {
+		} else if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 			ctx.ServerError("pr.LoadBaseRepo", err)
 			return nil
 		} else {
--- a/routers/web/repo/compare.go
+++ b/routers/web/repo/compare.go
@ -402,7 +402,7 @@ func ParseCompareInfo(ctx *context.Context) *CompareInfo {
 	// Now we need to assert that the ctx.Doer has permission to read
 	// the baseRepo's code and pulls
 	// (NOT headRepo's)
-	permBase, err := models.GetUserRepoPermission(baseRepo, ctx.Doer)
+	permBase, err := models.GetUserRepoPermission(ctx, baseRepo, ctx.Doer)
 	if err != nil {
 		ctx.ServerError("GetUserRepoPermission", err)
 		return nil
@ -421,7 +421,7 @@ func ParseCompareInfo(ctx *context.Context) *CompareInfo {
 	// If we're not merging from the same repo:
 	if !isSameRepo {
 		// Assert ctx.Doer has permission to read headRepo's codes
-		permHead, err := models.GetUserRepoPermission(ci.HeadRepo, ctx.Doer)
+		permHead, err := models.GetUserRepoPermission(ctx, ci.HeadRepo, ctx.Doer)
 		if err != nil {
 			ctx.ServerError("GetUserRepoPermission", err)
 			return nil
--- a/routers/web/repo/http.go
+++ b/routers/web/repo/http.go
@ -181,7 +181,7 @@ func httpBase(ctx *context.Context) (h *serviceHandler) {
 		}

 		if repoExist {
-			p, err := models.GetUserRepoPermission(repo, ctx.Doer)
+			p, err := models.GetUserRepoPermission(ctx, repo, ctx.Doer)
 			if err != nil {
 				ctx.ServerError("GetUserRepoPermission", err)
 				return
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@ -7,6 +7,7 @@ package repo

 import (
 	"bytes"
+	stdCtx "context"
 	"errors"
 	"fmt"
 	"io"
@ -269,14 +270,15 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption uti
 		}
 	}

-	commitStatus, err := pull_service.GetIssuesLastCommitStatus(ctx, issues)
+	commitStatuses, lastStatus, err := pull_service.GetIssuesAllCommitStatus(ctx, issues)
 	if err != nil {
-		ctx.ServerError("GetIssuesLastCommitStatus", err)
+		ctx.ServerError("GetIssuesAllCommitStatus", err)
 		return
 	}

 	ctx.Data["Issues"] = issues
-	ctx.Data["CommitStatus"] = commitStatus
+	ctx.Data["CommitLastStatus"] = lastStatus
+	ctx.Data["CommitStatuses"] = commitStatuses

 	// Get assignees.
 	ctx.Data["Assignees"], err = models.GetRepoAssignees(repo)
@ -1051,8 +1053,8 @@ func NewIssuePost(ctx *context.Context) {
 }

 // roleDescriptor returns the Role Descriptor for a comment in/with the given repo, poster and issue
-func roleDescriptor(repo *repo_model.Repository, poster *user_model.User, issue *models.Issue) (models.RoleDescriptor, error) {
-	perm, err := models.GetUserRepoPermission(repo, poster)
+func roleDescriptor(ctx stdCtx.Context, repo *repo_model.Repository, poster *user_model.User, issue *models.Issue) (models.RoleDescriptor, error) {
+	perm, err := models.GetUserRepoPermission(ctx, repo, poster)
 	if err != nil {
 		return models.RoleDescriptorNone, err
 	}
@ -1349,7 +1351,7 @@ func ViewIssue(ctx *context.Context) {
 	// check if dependencies can be created across repositories
 	ctx.Data["AllowCrossRepositoryDependencies"] = setting.Service.AllowCrossRepositoryDependencies

-	if issue.ShowRole, err = roleDescriptor(repo, issue.Poster, issue); err != nil {
+	if issue.ShowRole, err = roleDescriptor(ctx, repo, issue.Poster, issue); err != nil {
 		ctx.ServerError("roleDescriptor", err)
 		return
 	}
@ -1388,7 +1390,7 @@ func ViewIssue(ctx *context.Context) {
 				continue
 			}

-			comment.ShowRole, err = roleDescriptor(repo, comment.Poster, issue)
+			comment.ShowRole, err = roleDescriptor(ctx, repo, comment.Poster, issue)
 			if err != nil {
 				ctx.ServerError("roleDescriptor", err)
 				return
@ -1487,7 +1489,7 @@ func ViewIssue(ctx *context.Context) {
 							continue
 						}

-						c.ShowRole, err = roleDescriptor(repo, c.Poster, issue)
+						c.ShowRole, err = roleDescriptor(ctx, repo, c.Poster, issue)
 						if err != nil {
 							ctx.ServerError("roleDescriptor", err)
 							return
@ -1525,10 +1527,10 @@ func ViewIssue(ctx *context.Context) {
 		ctx.Data["AllowMerge"] = false

 		if ctx.IsSigned {
-			if err := pull.LoadHeadRepo(); err != nil {
+			if err := pull.LoadHeadRepoCtx(ctx); err != nil {
 				log.Error("LoadHeadRepo: %v", err)
 			} else if pull.HeadRepo != nil && pull.HeadBranch != pull.HeadRepo.DefaultBranch {
-				perm, err := models.GetUserRepoPermission(pull.HeadRepo, ctx.Doer)
+				perm, err := models.GetUserRepoPermission(ctx, pull.HeadRepo, ctx.Doer)
 				if err != nil {
 					ctx.ServerError("GetUserRepoPermission", err)
 					return
@ -1544,10 +1546,10 @@ func ViewIssue(ctx *context.Context) {
 				}
 			}

-			if err := pull.LoadBaseRepo(); err != nil {
+			if err := pull.LoadBaseRepoCtx(ctx); err != nil {
 				log.Error("LoadBaseRepo: %v", err)
 			}
-			perm, err := models.GetUserRepoPermission(pull.BaseRepo, ctx.Doer)
+			perm, err := models.GetUserRepoPermission(ctx, pull.BaseRepo, ctx.Doer)
 			if err != nil {
 				ctx.ServerError("GetUserRepoPermission", err)
 				return
@ -2037,7 +2039,7 @@ func UpdatePullReviewRequest(ctx *context.Context) {
 				return
 			}

-			err = issue_service.IsValidTeamReviewRequest(team, ctx.Doer, action == "attach", issue)
+			err = issue_service.IsValidTeamReviewRequest(ctx, team, ctx.Doer, action == "attach", issue)
 			if err != nil {
 				if models.IsErrNotValidReviewRequest(err) {
 					log.Warn(
@ -2075,7 +2077,7 @@ func UpdatePullReviewRequest(ctx *context.Context) {
 			return
 		}

-		err = issue_service.IsValidReviewRequest(reviewer, ctx.Doer, action == "attach", issue, nil)
+		err = issue_service.IsValidReviewRequest(ctx, reviewer, ctx.Doer, action == "attach", issue, nil)
 		if err != nil {
 			if models.IsErrNotValidReviewRequest(err) {
 				log.Warn(
@ -2918,7 +2920,7 @@ func filterXRefComments(ctx *context.Context, issue *models.Issue) error {
 			if err != nil {
 				return err
 			}
-			perm, err := models.GetUserRepoPermission(c.RefRepo, ctx.Doer)
+			perm, err := models.GetUserRepoPermission(ctx, c.RefRepo, ctx.Doer)
 			if err != nil {
 				return err
 			}
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@ -70,7 +70,7 @@ func getRepository(ctx *context.Context, repoID int64) *repo_model.Repository {
 		return nil
 	}

-	perm, err := models.GetUserRepoPermission(repo, ctx.Doer)
+	perm, err := models.GetUserRepoPermission(ctx, repo, ctx.Doer)
 	if err != nil {
 		ctx.ServerError("GetUserRepoPermission", err)
 		return nil
@ -283,7 +283,7 @@ func checkPullInfo(ctx *context.Context) *models.Issue {
 		return nil
 	}

-	if err = issue.PullRequest.LoadHeadRepo(); err != nil {
+	if err = issue.PullRequest.LoadHeadRepoCtx(ctx); err != nil {
 		ctx.ServerError("LoadHeadRepo", err)
 		return nil
 	}
@ -397,12 +397,12 @@ func PrepareViewPullInfo(ctx *context.Context, issue *models.Issue) *git.Compare
 	repo := ctx.Repo.Repository
 	pull := issue.PullRequest

-	if err := pull.LoadHeadRepo(); err != nil {
+	if err := pull.LoadHeadRepoCtx(ctx); err != nil {
 		ctx.ServerError("LoadHeadRepo", err)
 		return nil
 	}

-	if err := pull.LoadBaseRepo(); err != nil {
+	if err := pull.LoadBaseRepoCtx(ctx); err != nil {
 		ctx.ServerError("LoadBaseRepo", err)
 		return nil
 	}
@ -499,7 +499,7 @@ func PrepareViewPullInfo(ctx *context.Context, issue *models.Issue) *git.Compare

 	if headBranchExist {
 		var err error
-		ctx.Data["UpdateAllowed"], ctx.Data["UpdateByRebaseAllowed"], err = pull_service.IsUserAllowedToUpdate(pull, ctx.Doer)
+		ctx.Data["UpdateAllowed"], ctx.Data["UpdateByRebaseAllowed"], err = pull_service.IsUserAllowedToUpdate(ctx, pull, ctx.Doer)
 		if err != nil {
 			ctx.ServerError("IsUserAllowedToUpdate", err)
 			return nil
@ -785,16 +785,16 @@ func UpdatePullRequest(ctx *context.Context) {

 	rebase := ctx.FormString("style") == "rebase"

-	if err := issue.PullRequest.LoadBaseRepo(); err != nil {
+	if err := issue.PullRequest.LoadBaseRepoCtx(ctx); err != nil {
 		ctx.ServerError("LoadBaseRepo", err)
 		return
 	}
-	if err := issue.PullRequest.LoadHeadRepo(); err != nil {
+	if err := issue.PullRequest.LoadHeadRepoCtx(ctx); err != nil {
 		ctx.ServerError("LoadHeadRepo", err)
 		return
 	}

-	allowedUpdateByMerge, allowedUpdateByRebase, err := pull_service.IsUserAllowedToUpdate(issue.PullRequest, ctx.Doer)
+	allowedUpdateByMerge, allowedUpdateByRebase, err := pull_service.IsUserAllowedToUpdate(ctx, issue.PullRequest, ctx.Doer)
 	if err != nil {
 		ctx.ServerError("IsUserAllowedToMerge", err)
 		return
@ -1202,14 +1202,14 @@ func CleanUpPullRequest(ctx *context.Context) {
 		return
 	}

-	if err := pr.LoadHeadRepo(); err != nil {
+	if err := pr.LoadHeadRepoCtx(ctx); err != nil {
 		ctx.ServerError("LoadHeadRepo", err)
 		return
 	} else if pr.HeadRepo == nil {
 		// Forked repository has already been deleted
 		ctx.NotFound("CleanUpPullRequest", nil)
 		return
-	} else if err = pr.LoadBaseRepo(); err != nil {
+	} else if err = pr.LoadBaseRepoCtx(ctx); err != nil {
 		ctx.ServerError("LoadBaseRepo", err)
 		return
 	} else if err = pr.HeadRepo.GetOwner(ctx); err != nil {
@ -1217,7 +1217,7 @@ func CleanUpPullRequest(ctx *context.Context) {
 		return
 	}

-	perm, err := models.GetUserRepoPermission(pr.HeadRepo, ctx.Doer)
+	perm, err := models.GetUserRepoPermission(ctx, pr.HeadRepo, ctx.Doer)
 	if err != nil {
 		ctx.ServerError("GetUserRepoPermission", err)
 		return
--- a/routers/web/repo/setting_protected_branch.go
+++ b/routers/web/repo/setting_protected_branch.go
@ -261,7 +261,7 @@ func SettingsProtectedBranchPost(ctx *context.Context) {
 		protectBranch.UnprotectedFilePatterns = f.UnprotectedFilePatterns
 		protectBranch.BlockOnOutdatedBranch = f.BlockOnOutdatedBranch

-		err = models.UpdateProtectBranch(ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
+		err = models.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
 			UserIDs:          whitelistUsers,
 			TeamIDs:          whitelistTeams,
 			MergeUserIDs:     mergeWhitelistUsers,
--- a/routers/web/repo/webhook.go
+++ b/routers/web/repo/webhook.go
@ -147,7 +147,6 @@ func WebhooksNew(ctx *context.Context) {
 	if hookType == "discord" {
 		ctx.Data["DiscordHook"] = map[string]interface{}{
 			"Username": "Gitea",
-			"IconURL":  setting.AppURL + "img/favicon.png",
 		}
 	}
 	ctx.Data["BaseLink"] = orCtx.LinkNew
--- a/routers/web/repo/wiki.go
+++ b/routers/web/repo/wiki.go
@ -191,6 +191,9 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
 	ctx.Data["title"] = pageName
 	ctx.Data["RequireHighlightJS"] = true

+	isSideBar := pageName == "_Sidebar"
+	isFooter := pageName == "_Footer"
+
 	// lookup filename in wiki - get filecontent, gitTree entry , real filename
 	data, entry, pageFilename, noEntry := wikiContentsByName(ctx, commit, pageName)
 	if noEntry {
@ -203,21 +206,31 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
 		return nil, nil
 	}

-	sidebarContent, _, _, _ := wikiContentsByName(ctx, commit, "_Sidebar")
+	var sidebarContent []byte
+	if !isSideBar {
+		sidebarContent, _, _, _ = wikiContentsByName(ctx, commit, "_Sidebar")
 		if ctx.Written() {
 			if wikiRepo != nil {
 				wikiRepo.Close()
 			}
 			return nil, nil
 		}
+	} else {
+		sidebarContent = data
+	}

-	footerContent, _, _, _ := wikiContentsByName(ctx, commit, "_Footer")
+	var footerContent []byte
+	if !isFooter {
+		footerContent, _, _, _ = wikiContentsByName(ctx, commit, "_Footer")
 		if ctx.Written() {
 			if wikiRepo != nil {
 				wikiRepo.Close()
 			}
 			return nil, nil
 		}
+	} else {
+		footerContent = data
+	}

 	rctx := &markup.RenderContext{
 		Ctx:       ctx,
@ -237,6 +250,7 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {

 	ctx.Data["EscapeStatus"], ctx.Data["content"] = charset.EscapeControlString(buf.String())

+	if !isSideBar {
 		buf.Reset()
 		if err := markdown.Render(rctx, bytes.NewReader(sidebarContent), &buf); err != nil {
 			if wikiRepo != nil {
@ -247,7 +261,11 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
 		}
 		ctx.Data["sidebarPresent"] = sidebarContent != nil
 		ctx.Data["sidebarEscapeStatus"], ctx.Data["sidebarContent"] = charset.EscapeControlString(buf.String())
+	} else {
+		ctx.Data["sidebarPresent"] = false
+	}

+	if !isFooter {
 		buf.Reset()
 		if err := markdown.Render(rctx, bytes.NewReader(footerContent), &buf); err != nil {
 			if wikiRepo != nil {
@ -258,6 +276,9 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
 		}
 		ctx.Data["footerPresent"] = footerContent != nil
 		ctx.Data["footerEscapeStatus"], ctx.Data["footerContent"] = charset.EscapeControlString(buf.String())
+	} else {
+		ctx.Data["footerPresent"] = false
+	}

 	// get commit count - wiki revisions
 	commitsCount, _ := wikiRepo.FileCommitsCount("master", pageFilename)
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@ -573,7 +573,7 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) {
 		}
 	}

-	commitStatus, err := pull_service.GetIssuesLastCommitStatus(ctx, issues)
+	commitStatuses, lastStatus, err := pull_service.GetIssuesAllCommitStatus(ctx, issues)
 	if err != nil {
 		ctx.ServerError("GetIssuesLastCommitStatus", err)
 		return
@ -650,7 +650,8 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) {
 		}
 		return 0
 	}
-	ctx.Data["CommitStatus"] = commitStatus
+	ctx.Data["CommitLastStatus"] = lastStatus
+	ctx.Data["CommitStatuses"] = commitStatuses
 	ctx.Data["Repos"] = showRepos
 	ctx.Data["Counts"] = issueCountByRepo
 	ctx.Data["IssueStats"] = issueStats
--- a/services/agit/agit.go
+++ b/services/agit/agit.go
@ -177,7 +177,7 @@ func ProcRecive(ctx *context.PrivateContext, opts *private.HookOptions) []privat
 		}

 		// update exist pull request
-		if err := pr.LoadBaseRepo(); err != nil {
+		if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 			log.Error("Unable to load base repository for PR[%d] Error: %v", pr.ID, err)
 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
 				"Err": fmt.Sprintf("Unable to load base repository for PR[%d] Error: %v", pr.ID, err),
--- a/services/asymkey/sign.go
+++ b/services/asymkey/sign.go
@ -271,7 +271,7 @@ Loop:

 // SignMerge determines if we should sign a PR merge commit to the base repository
 func SignMerge(ctx context.Context, pr *models.PullRequest, u *user_model.User, tmpBasePath, baseCommit, headCommit string) (bool, string, *git.Signature, error) {
-	if err := pr.LoadBaseRepo(); err != nil {
+	if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		log.Error("Unable to get Base Repo for pull request")
 		return false, "", nil, err
 	}
--- a/services/issue/assignee.go
+++ b/services/issue/assignee.go
@ -5,6 +5,8 @@
 package issue

 import (
+	"context"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/organization"
@ -78,7 +80,7 @@ func ReviewRequest(issue *models.Issue, doer, reviewer *user_model.User, isAdd b
 }

 // IsValidReviewRequest Check permission for ReviewRequest
-func IsValidReviewRequest(reviewer, doer *user_model.User, isAdd bool, issue *models.Issue, permDoer *models.Permission) error {
+func IsValidReviewRequest(ctx context.Context, reviewer, doer *user_model.User, isAdd bool, issue *models.Issue, permDoer *models.Permission) error {
 	if reviewer.IsOrganization() {
 		return models.ErrNotValidReviewRequest{
 			Reason: "Organization can't be added as reviewer",
@ -94,14 +96,14 @@ func IsValidReviewRequest(reviewer, doer *user_model.User, isAdd bool, issue *mo
 		}
 	}

-	permReviewer, err := models.GetUserRepoPermission(issue.Repo, reviewer)
+	permReviewer, err := models.GetUserRepoPermission(ctx, issue.Repo, reviewer)
 	if err != nil {
 		return err
 	}

 	if permDoer == nil {
 		permDoer = new(models.Permission)
-		*permDoer, err = models.GetUserRepoPermission(issue.Repo, doer)
+		*permDoer, err = models.GetUserRepoPermission(ctx, issue.Repo, doer)
 		if err != nil {
 			return err
 		}
@ -168,7 +170,7 @@ func IsValidReviewRequest(reviewer, doer *user_model.User, isAdd bool, issue *mo
 }

 // IsValidTeamReviewRequest Check permission for ReviewRequest Team
-func IsValidTeamReviewRequest(reviewer *organization.Team, doer *user_model.User, isAdd bool, issue *models.Issue) error {
+func IsValidTeamReviewRequest(ctx context.Context, reviewer *organization.Team, doer *user_model.User, isAdd bool, issue *models.Issue) error {
 	if doer.IsOrganization() {
 		return models.ErrNotValidReviewRequest{
 			Reason: "Organization can't be doer to add reviewer",
@ -177,7 +179,7 @@ func IsValidTeamReviewRequest(reviewer *organization.Team, doer *user_model.User
 		}
 	}

-	permission, err := models.GetUserRepoPermission(issue.Repo, doer)
+	permission, err := models.GetUserRepoPermission(ctx, issue.Repo, doer)
 	if err != nil {
 		log.Error("Unable to GetUserRepoPermission for %-v in %-v#%d", doer, issue.Repo, issue.Index)
 		return err
@ -185,7 +187,7 @@ func IsValidTeamReviewRequest(reviewer *organization.Team, doer *user_model.User

 	if isAdd {
 		if issue.Repo.IsPrivate {
-			hasTeam := organization.HasTeamRepo(db.DefaultContext, reviewer.OrgID, reviewer.ID, issue.RepoID)
+			hasTeam := organization.HasTeamRepo(ctx, reviewer.OrgID, reviewer.ID, issue.RepoID)

 			if !hasTeam {
 				return models.ErrNotValidReviewRequest{
--- a/services/issue/commit.go
+++ b/services/issue/commit.go
@ -14,6 +14,7 @@ import (
 	"time"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/references"
@ -130,7 +131,7 @@ func UpdateIssuesCommit(doer *user_model.User, repo *repo_model.Repository, comm
 				continue
 			}

-			perm, err := models.GetUserRepoPermission(refRepo, doer)
+			perm, err := models.GetUserRepoPermission(db.DefaultContext, refRepo, doer)
 			if err != nil {
 				return err
 			}
--- a/services/issue/label.go
+++ b/services/issue/label.go
@ -44,11 +44,17 @@ func AddLabels(issue *models.Issue, doer *user_model.User, labels []*models.Labe

 // RemoveLabel removes a label from issue by given ID.
 func RemoveLabel(issue *models.Issue, doer *user_model.User, label *models.Label) error {
-	if err := issue.LoadRepo(db.DefaultContext); err != nil {
+	ctx, committer, err := db.TxContext()
+	if err != nil {
+		return err
+	}
+	defer committer.Close()
+
+	if err := issue.LoadRepo(ctx); err != nil {
 		return err
 	}

-	perm, err := models.GetUserRepoPermission(issue.Repo, doer)
+	perm, err := models.GetUserRepoPermission(ctx, issue.Repo, doer)
 	if err != nil {
 		return err
 	}
@ -59,7 +65,11 @@ func RemoveLabel(issue *models.Issue, doer *user_model.User, label *models.Label
 		return models.ErrRepoLabelNotExist{}
 	}

-	if err := models.DeleteIssueLabel(issue, label, doer); err != nil {
+	if err := models.DeleteIssueLabel(ctx, issue, label, doer); err != nil {
+		return err
+	}
+
+	if err := committer.Commit(); err != nil {
 		return err
 	}

--- a/services/lfs/locks.go
+++ b/services/lfs/locks.go
@ -88,7 +88,7 @@ func GetListLockHandler(ctx *context.Context) {
 			})
 			return
 		}
-		lock, err := models.GetLFSLockByID(v)
+		lock, err := models.GetLFSLockByID(ctx, v)
 		if err != nil && !models.IsErrLFSLockNotExist(err) {
 			log.Error("Unable to get lock with ID[%s]: Error: %v", v, err)
 		}
@ -98,7 +98,7 @@ func GetListLockHandler(ctx *context.Context) {

 	path := ctx.FormString("path")
 	if path != "" { // Case where we request a specific id
-		lock, err := models.GetLFSLock(repository, path)
+		lock, err := models.GetLFSLock(ctx, repository, path)
 		if err != nil && !models.IsErrLFSLockNotExist(err) {
 			log.Error("Unable to get lock for repository %-v with path %s: Error: %v", repository, path, err)
 		}
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@ -488,7 +488,7 @@ func authenticate(ctx *context.Context, repository *repo_model.Repository, autho
 	}

 	// ctx.IsSigned is unnecessary here, this will be checked in perm.CanAccess
-	perm, err := models.GetUserRepoPermission(repository, ctx.Doer)
+	perm, err := models.GetUserRepoPermission(ctx, repository, ctx.Doer)
 	if err != nil {
 		log.Error("Unable to GetUserRepoPermission for user %-v in repo %-v Error: %v", ctx.Doer, repository)
 		return false
--- a/services/migrations/gitea_uploader.go
+++ b/services/migrations/gitea_uploader.go
@ -7,6 +7,7 @@ package migrations

 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@ -253,7 +254,6 @@ func (g *GiteaLocalUploader) CreateReleases(releases ...*base.Release) error {
 			LowerTagName: strings.ToLower(release.TagName),
 			Target:       release.TargetCommitish,
 			Title:        release.Name,
-			Sha1:         release.TargetCommitish,
 			Note:         release.Body,
 			IsDraft:      release.Draft,
 			IsPrerelease: release.Prerelease,
@ -265,17 +265,20 @@ func (g *GiteaLocalUploader) CreateReleases(releases ...*base.Release) error {
 			return err
 		}

-		// calc NumCommits if no draft
-		if !release.Draft {
+		// calc NumCommits if possible
+		if rel.TagName != "" {
 			commit, err := g.gitRepo.GetTagCommit(rel.TagName)
+			if !errors.Is(err, git.ErrNotExist{}) {
 				if err != nil {
 					return fmt.Errorf("GetTagCommit[%v]: %v", rel.TagName, err)
 				}
+				rel.Sha1 = commit.ID.String()
 				rel.NumCommits, err = commit.CommitsCount()
 				if err != nil {
 					return fmt.Errorf("CommitsCount: %v", err)
 				}
 			}
+		}

 		for _, asset := range release.Assets {
 			if asset.Created.IsZero() {
--- a/services/pull/check.go
+++ b/services/pull/check.go
@ -227,7 +227,7 @@ func getMergeCommit(ctx context.Context, pr *models.PullRequest) (*git.Commit, e
 // manuallyMerged checks if a pull request got manually merged
 // When a pull request got manually merged mark the pull request as merged
 func manuallyMerged(ctx context.Context, pr *models.PullRequest) bool {
-	if err := pr.LoadBaseRepo(); err != nil {
+	if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		log.Error("PullRequest[%d].LoadBaseRepo: %v", pr.ID, err)
 		return false
 	}
@ -317,7 +317,7 @@ func testPR(id int64) {
 	ctx, _, finished := process.GetManager().AddContext(graceful.GetManager().HammerContext(), fmt.Sprintf("Test PR[%d] from patch checking queue", id))
 	defer finished()

-	pr, err := models.GetPullRequestByID(id)
+	pr, err := models.GetPullRequestByID(ctx, id)
 	if err != nil {
 		log.Error("GetPullRequestByID[%d]: %v", id, err)
 		return
--- a/services/pull/commit_status.go
+++ b/services/pull/commit_status.go
@ -83,7 +83,7 @@ func IsCommitStatusContextSuccess(commitStatuses []*models.CommitStatus, require

 // IsPullCommitStatusPass returns if all required status checks PASS
 func IsPullCommitStatusPass(ctx context.Context, pr *models.PullRequest) (bool, error) {
-	if err := pr.LoadProtectedBranch(); err != nil {
+	if err := pr.LoadProtectedBranchCtx(ctx); err != nil {
 		return false, errors.Wrap(err, "GetLatestCommitStatus")
 	}
 	if pr.ProtectedBranch == nil || !pr.ProtectedBranch.EnableStatusCheck {
@ -100,7 +100,7 @@ func IsPullCommitStatusPass(ctx context.Context, pr *models.PullRequest) (bool,
 // GetPullRequestCommitStatusState returns pull request merged commit status state
 func GetPullRequestCommitStatusState(ctx context.Context, pr *models.PullRequest) (structs.CommitStatusState, error) {
 	// Ensure HeadRepo is loaded
-	if err := pr.LoadHeadRepo(); err != nil {
+	if err := pr.LoadHeadRepoCtx(ctx); err != nil {
 		return "", errors.Wrap(err, "LoadHeadRepo")
 	}

@ -114,7 +114,7 @@ func GetPullRequestCommitStatusState(ctx context.Context, pr *models.PullRequest
 	if pr.Flow == models.PullRequestFlowGithub && !headGitRepo.IsBranchExist(pr.HeadBranch) {
 		return "", errors.New("Head branch does not exist, can not merge")
 	}
-	if pr.Flow == models.PullRequestFlowAGit && !git.IsReferenceExist(headGitRepo.Ctx, headGitRepo.Path, pr.GetGitRefName()) {
+	if pr.Flow == models.PullRequestFlowAGit && !git.IsReferenceExist(ctx, headGitRepo.Path, pr.GetGitRefName()) {
 		return "", errors.New("Head branch does not exist, can not merge")
 	}

@ -128,11 +128,11 @@ func GetPullRequestCommitStatusState(ctx context.Context, pr *models.PullRequest
 		return "", err
 	}

-	if err := pr.LoadBaseRepo(); err != nil {
+	if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		return "", errors.Wrap(err, "LoadBaseRepo")
 	}

-	commitStatuses, _, err := models.GetLatestCommitStatus(pr.BaseRepo.ID, sha, db.ListOptions{})
+	commitStatuses, _, err := models.GetLatestCommitStatusCtx(ctx, pr.BaseRepo.ID, sha, db.ListOptions{})
 	if err != nil {
 		return "", errors.Wrap(err, "GetLatestCommitStatus")
 	}
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@ -35,10 +35,10 @@ import (
 // Caller should check PR is ready to be merged (review and status checks)
 // FIXME: add repoWorkingPull make sure two merges does not happen at same time.
 func Merge(ctx context.Context, pr *models.PullRequest, doer *user_model.User, baseGitRepo *git.Repository, mergeStyle repo_model.MergeStyle, expectedHeadCommitID, message string) (err error) {
-	if err = pr.LoadHeadRepo(); err != nil {
+	if err = pr.LoadHeadRepoCtx(ctx); err != nil {
 		log.Error("LoadHeadRepo: %v", err)
 		return fmt.Errorf("LoadHeadRepo: %v", err)
-	} else if err = pr.LoadBaseRepo(); err != nil {
+	} else if err = pr.LoadBaseRepoCtx(ctx); err != nil {
 		log.Error("LoadBaseRepo: %v", err)
 		return fmt.Errorf("LoadBaseRepo: %v", err)
 	}
@ -664,7 +664,7 @@ func IsUserAllowedToMerge(pr *models.PullRequest, p models.Permission, user *use

 // CheckPRReadyToMerge checks whether the PR is ready to be merged (reviews and status checks)
 func CheckPRReadyToMerge(ctx context.Context, pr *models.PullRequest, skipProtectedFilesCheck bool) (err error) {
-	if err = pr.LoadBaseRepo(); err != nil {
+	if err = pr.LoadBaseRepoCtx(ctx); err != nil {
 		return fmt.Errorf("LoadBaseRepo: %v", err)
 	}

--- a/services/pull/patch.go
+++ b/services/pull/patch.go
@ -27,7 +27,7 @@ import (

 // DownloadDiffOrPatch will write the patch for the pr to the writer
 func DownloadDiffOrPatch(ctx context.Context, pr *models.PullRequest, w io.Writer, patch, binary bool) error {
-	if err := pr.LoadBaseRepo(); err != nil {
+	if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		log.Error("Unable to load base repository ID %d for pr #%d [%d]", pr.BaseRepoID, pr.Index, pr.ID)
 		return err
 	}
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@ -230,7 +230,7 @@ func checkForInvalidation(ctx context.Context, requests models.PullRequestList,
 	}
 	go func() {
 		// FIXME: graceful: We need to tell the manager we're doing something...
-		err := requests.InvalidateCodeComments(doer, gitRepo, branch)
+		err := requests.InvalidateCodeComments(ctx, doer, gitRepo, branch)
 		if err != nil {
 			log.Error("PullRequestList.InvalidateCodeComments: %v", err)
 		}
@ -341,14 +341,14 @@ func AddTestPullRequestTask(doer *user_model.User, repoID int64, branch string,
 // checkIfPRContentChanged checks if diff to target branch has changed by push
 // A commit can be considered to leave the PR untouched if the patch/diff with its merge base is unchanged
 func checkIfPRContentChanged(ctx context.Context, pr *models.PullRequest, oldCommitID, newCommitID string) (hasChanged bool, err error) {
-	if err = pr.LoadHeadRepo(); err != nil {
+	if err = pr.LoadHeadRepoCtx(ctx); err != nil {
 		return false, fmt.Errorf("LoadHeadRepo: %v", err)
 	} else if pr.HeadRepo == nil {
 		// corrupt data assumed changed
 		return true, nil
 	}

-	if err = pr.LoadBaseRepo(); err != nil {
+	if err = pr.LoadBaseRepoCtx(ctx); err != nil {
 		return false, fmt.Errorf("LoadBaseRepo: %v", err)
 	}

@ -419,13 +419,13 @@ func PushToBaseRepo(ctx context.Context, pr *models.PullRequest) (err error) {
 func pushToBaseRepoHelper(ctx context.Context, pr *models.PullRequest, prefixHeadBranch string) (err error) {
 	log.Trace("PushToBaseRepo[%d]: pushing commits to base repo '%s'", pr.BaseRepoID, pr.GetGitRefName())

-	if err := pr.LoadHeadRepo(); err != nil {
+	if err := pr.LoadHeadRepoCtx(ctx); err != nil {
 		log.Error("Unable to load head repository for PR[%d] Error: %v", pr.ID, err)
 		return err
 	}
 	headRepoPath := pr.HeadRepo.RepoPath()

-	if err := pr.LoadBaseRepo(); err != nil {
+	if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		log.Error("Unable to load base repository for PR[%d] Error: %v", pr.ID, err)
 		return err
 	}
@ -474,7 +474,7 @@ func pushToBaseRepoHelper(ctx context.Context, pr *models.PullRequest, prefixHea
 // UpdateRef update refs/pull/id/head directly for agit flow pull request
 func UpdateRef(ctx context.Context, pr *models.PullRequest) (err error) {
 	log.Trace("UpdateRef[%d]: upgate pull request ref in base repo '%s'", pr.ID, pr.GetGitRefName())
-	if err := pr.LoadBaseRepo(); err != nil {
+	if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		log.Error("Unable to load base repository for PR[%d] Error: %v", pr.ID, err)
 		return err
 	}
@ -726,18 +726,25 @@ func GetSquashMergeCommitMessages(ctx context.Context, pr *models.PullRequest) s
 	return stringBuilder.String()
 }

-// GetIssuesLastCommitStatus returns a map
+// GetIssuesLastCommitStatus returns a map of issue ID to the most recent commit's latest status
 func GetIssuesLastCommitStatus(ctx context.Context, issues models.IssueList) (map[int64]*models.CommitStatus, error) {
+	_, lastStatus, err := GetIssuesAllCommitStatus(ctx, issues)
+	return lastStatus, err
+}
+
+// GetIssuesAllCommitStatus returns a map of issue ID to a list of all statuses for the most recent commit as well as a map of issue ID to only the commit's latest status
+func GetIssuesAllCommitStatus(ctx context.Context, issues models.IssueList) (map[int64][]*models.CommitStatus, map[int64]*models.CommitStatus, error) {
 	if err := issues.LoadPullRequests(); err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	if _, err := issues.LoadRepositories(); err != nil {
-		return nil, err
+		return nil, nil, err
 	}

 	var (
 		gitRepos = make(map[int64]*git.Repository)
-		res      = make(map[int64]*models.CommitStatus)
+		res      = make(map[int64][]*models.CommitStatus)
+		lastRes  = make(map[int64]*models.CommitStatus)
 		err      error
 	)
 	defer func() {
@ -760,34 +767,33 @@ func GetIssuesLastCommitStatus(ctx context.Context, issues models.IssueList) (ma
 			gitRepos[issue.RepoID] = gitRepo
 		}

-		status, err := getLastCommitStatus(gitRepo, issue.PullRequest)
+		statuses, lastStatus, err := getAllCommitStatus(gitRepo, issue.PullRequest)
 		if err != nil {
-			log.Error("getLastCommitStatus: cant get last commit of pull [%d]: %v", issue.PullRequest.ID, err)
+			log.Error("getAllCommitStatus: cant get commit statuses of pull [%d]: %v", issue.PullRequest.ID, err)
 			continue
 		}
-		res[issue.PullRequest.ID] = status
+		res[issue.PullRequest.ID] = statuses
+		lastRes[issue.PullRequest.ID] = lastStatus
 	}
-	return res, nil
+	return res, lastRes, nil
 }

-// getLastCommitStatus get pr's last commit status. PR's last commit status is the head commit id's last commit status
-func getLastCommitStatus(gitRepo *git.Repository, pr *models.PullRequest) (status *models.CommitStatus, err error) {
-	sha, err := gitRepo.GetRefCommitID(pr.GetGitRefName())
-	if err != nil {
-		return nil, err
+// getAllCommitStatus get pr's commit statuses.
+func getAllCommitStatus(gitRepo *git.Repository, pr *models.PullRequest) (statuses []*models.CommitStatus, lastStatus *models.CommitStatus, err error) {
+	sha, shaErr := gitRepo.GetRefCommitID(pr.GetGitRefName())
+	if shaErr != nil {
+		return nil, nil, shaErr
 	}

-	statusList, _, err := models.GetLatestCommitStatus(pr.BaseRepo.ID, sha, db.ListOptions{})
-	if err != nil {
-		return nil, err
-	}
-	return models.CalcCommitStatus(statusList), nil
+	statuses, _, err = models.GetLatestCommitStatus(pr.BaseRepo.ID, sha, db.ListOptions{})
+	lastStatus = models.CalcCommitStatus(statuses)
+	return statuses, lastStatus, err
 }

 // IsHeadEqualWithBranch returns if the commits of branchName are available in pull request head
 func IsHeadEqualWithBranch(ctx context.Context, pr *models.PullRequest, branchName string) (bool, error) {
 	var err error
-	if err = pr.LoadBaseRepo(); err != nil {
+	if err = pr.LoadBaseRepoCtx(ctx); err != nil {
 		return false, err
 	}
 	baseGitRepo, closer, err := git.RepositoryFromContextOrOpen(ctx, pr.BaseRepo.RepoPath())
@ -801,7 +807,7 @@ func IsHeadEqualWithBranch(ctx context.Context, pr *models.PullRequest, branchNa
 		return false, err
 	}

-	if err = pr.LoadHeadRepo(); err != nil {
+	if err = pr.LoadHeadRepoCtx(ctx); err != nil {
 		return false, err
 	}
 	var headGitRepo *git.Repository
--- a/services/pull/review.go
+++ b/services/pull/review.go
@ -122,7 +122,7 @@ func createCodeComment(ctx context.Context, doer *user_model.User, repo *repo_mo
 		return nil, fmt.Errorf("GetPullRequestByIssueID: %v", err)
 	}
 	pr := issue.PullRequest
-	if err := pr.LoadBaseRepo(); err != nil {
+	if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		return nil, fmt.Errorf("LoadHeadRepo: %v", err)
 	}
 	gitRepo, closer, err := git.RepositoryFromContextOrOpen(ctx, pr.BaseRepo.RepoPath())
--- a/services/pull/temp_repo.go
+++ b/services/pull/temp_repo.go
@ -21,7 +21,7 @@ import (
 // createTemporaryRepo creates a temporary repo with "base" for pr.BaseBranch and "tracking" for  pr.HeadBranch
 // it also create a second base branch called "original_base"
 func createTemporaryRepo(ctx context.Context, pr *models.PullRequest) (string, error) {
-	if err := pr.LoadHeadRepo(); err != nil {
+	if err := pr.LoadHeadRepoCtx(ctx); err != nil {
 		log.Error("LoadHeadRepo: %v", err)
 		return "", fmt.Errorf("LoadHeadRepo: %v", err)
 	} else if pr.HeadRepo == nil {
@ -29,7 +29,7 @@ func createTemporaryRepo(ctx context.Context, pr *models.PullRequest) (string, e
 		return "", &repo_model.ErrRepoNotExist{
 			ID: pr.HeadRepoID,
 		}
-	} else if err := pr.LoadBaseRepo(); err != nil {
+	} else if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		log.Error("LoadBaseRepo: %v", err)
 		return "", fmt.Errorf("LoadBaseRepo: %v", err)
 	} else if pr.BaseRepo == nil {
--- a/services/pull/update.go
+++ b/services/pull/update.go
@ -42,10 +42,10 @@ func Update(ctx context.Context, pull *models.PullRequest, doer *user_model.User
 		return fmt.Errorf("Not support update agit flow pull request's head branch")
 	}

-	if err := pr.LoadHeadRepo(); err != nil {
+	if err := pr.LoadHeadRepoCtx(ctx); err != nil {
 		log.Error("LoadHeadRepo: %v", err)
 		return fmt.Errorf("LoadHeadRepo: %v", err)
-	} else if err = pr.LoadBaseRepo(); err != nil {
+	} else if err = pr.LoadBaseRepoCtx(ctx); err != nil {
 		log.Error("LoadBaseRepo: %v", err)
 		return fmt.Errorf("LoadBaseRepo: %v", err)
 	}
@ -71,7 +71,7 @@ func Update(ctx context.Context, pull *models.PullRequest, doer *user_model.User
 }

 // IsUserAllowedToUpdate check if user is allowed to update PR with given permissions and branch protections
-func IsUserAllowedToUpdate(pull *models.PullRequest, user *user_model.User) (mergeAllowed, rebaseAllowed bool, err error) {
+func IsUserAllowedToUpdate(ctx context.Context, pull *models.PullRequest, user *user_model.User) (mergeAllowed, rebaseAllowed bool, err error) {
 	if pull.Flow == models.PullRequestFlowAGit {
 		return false, false, nil
 	}
@ -79,7 +79,7 @@ func IsUserAllowedToUpdate(pull *models.PullRequest, user *user_model.User) (mer
 	if user == nil {
 		return false, false, nil
 	}
-	headRepoPerm, err := models.GetUserRepoPermission(pull.HeadRepo, user)
+	headRepoPerm, err := models.GetUserRepoPermission(ctx, pull.HeadRepo, user)
 	if err != nil {
 		return false, false, err
 	}
@ -122,10 +122,10 @@ func IsUserAllowedToUpdate(pull *models.PullRequest, user *user_model.User) (mer
 // GetDiverging determines how many commits a PR is ahead or behind the PR base branch
 func GetDiverging(ctx context.Context, pr *models.PullRequest) (*git.DivergeObject, error) {
 	log.Trace("GetDiverging[%d]: compare commits", pr.ID)
-	if err := pr.LoadBaseRepo(); err != nil {
+	if err := pr.LoadBaseRepoCtx(ctx); err != nil {
 		return nil, err
 	}
-	if err := pr.LoadHeadRepo(); err != nil {
+	if err := pr.LoadHeadRepoCtx(ctx); err != nil {
 		return nil, err
 	}

--- a/services/repository/archiver/archiver.go
+++ b/services/repository/archiver/archiver.go
@ -172,7 +172,7 @@ func doArchive(r *ArchiveRequest) (*repo_model.RepoArchiver, error) {
 		w.Close()
 		rd.Close()
 	}()
-	done := make(chan error)
+	done := make(chan error, 1) // Ensure that there is some capacity which will ensure that the goroutine below can always finish
 	repo, err := repo_model.GetRepositoryByID(archiver.RepoID)
 	if err != nil {
 		return nil, fmt.Errorf("archiver.LoadRepo failed: %v", err)
--- a/templates/repo/clone_buttons.tmpl
+++ b/templates/repo/clone_buttons.tmpl
@ -10,7 +10,7 @@
 	</button>
 {{end}}
 <!-- the value will be updated by initRepoCloneLink, the code below is used to avoid UI flicking  -->
-<input id="repo-clone-url" value="" readonly>
+<input id="repo-clone-url" value="" size="1" readonly>
 <script>
 	(() => {
 		const proto = localStorage.getItem('repo-clone-protocol') || 'https';
--- a/templates/repo/settings/webhook/discord.tmpl
+++ b/templates/repo/settings/webhook/discord.tmpl
@ -12,7 +12,7 @@
 		</div>
 		<div class="field">
 			<label for="icon_url">{{.i18n.Tr "repo.settings.discord_icon_url"}}</label>
-			<input id="icon_url" name="icon_url" value="{{.DiscordHook.IconURL}}" placeholder="e.g. https://example.com/img/favicon.png">
+			<input id="icon_url" name="icon_url" value="{{.DiscordHook.IconURL}}" placeholder="e.g. https://example.com/assets/img/logo.svg">
 		</div>
 		{{template "repo/settings/webhook/settings" .}}
 	</form>
--- a/templates/shared/issuelist.tmpl
+++ b/templates/shared/issuelist.tmpl
@ -33,8 +33,8 @@
 				<div class="issue-item-top-row">
 					<a class="title tdn" href="{{if .HTMLURL}}{{.HTMLURL}}{{else}}{{$.Link}}/{{.Index}}{{end}}">{{RenderEmoji .Title}}</a>
 					{{if .IsPull}}
-						{{if (index $.CommitStatus .PullRequest.ID)}}
-							{{template "repo/commit_status" (index $.CommitStatus .PullRequest.ID)}}
+						{{if (index $.CommitStatuses .PullRequest.ID)}}
+							{{template "repo/commit_statuses" dict "Status" (index $.CommitLastStatus .PullRequest.ID) "Statuses" (index $.CommitStatuses .PullRequest.ID) "root" $}}
 						{{end}}
 					{{end}}
 					<span class="labels-list ml-2">
--- a/web_src/less/_repository.less
+++ b/web_src/less/_repository.less
@ -3247,6 +3247,27 @@ td.blob-excerpt {
 }

@media @mediaSm {
+  .repository.file.list {
+    #repo-files-table {
+      .entry,
+      .commit-list {
+        align-items: center;
+        display: flex !important;
+        padding-top: 4px;
+        padding-bottom: 4px;
+
+        td.age,
+        th.age {
+          margin-left: auto;
+        }
+
+        td.message,
+        span.commit-summary {
+          display: none !important;
+        }
+      }
+    }
+  }
  .issue-list-headers.ui[class].grid {
    > div:nth-child(1) {
      order: 1;