Merge branch 'main' into add-file-tree-to-file-view-page

2025-07-26 23:35:20 +02:00 · 2025-01-16 08:18:34 +08:00 · 2025-01-16 08:18:34 +08:00 · 0aa1b867dd
commit 0aa1b867dd
parent bb82979191 2483a93fbc
55 changed files with 620 additions and 401 deletions
--- a/models/fixtures/access.yml
+++ b/models/fixtures/access.yml
@ -171,3 +171,9 @@
  user_id: 40
  repo_id: 61
  mode: 4
 -
  id: 30
  user_id: 40
  repo_id: 1
  mode: 2
--- a/modules/web/handler.go
+++ b/modules/web/handler.go
@ -121,7 +121,7 @@ func wrapHandlerProvider[T http.Handler](hp func(next http.Handler) T, funcInfo
 	return func(next http.Handler) http.Handler {
 		h := hp(next) // this handle could be dynamically generated, so we can't use it for debug info
 		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
-			routing.UpdateFuncInfo(req.Context(), funcInfo)
+			defer routing.RecordFuncInfo(req.Context(), funcInfo)()
 			h.ServeHTTP(resp, req)
 		})
 	}
@ -157,7 +157,7 @@ func toHandlerProvider(handler any) func(next http.Handler) http.Handler {
 				return // it's doing pre-check, just return
 			}
-			routing.UpdateFuncInfo(req.Context(), funcInfo)
+			defer routing.RecordFuncInfo(req.Context(), funcInfo)()
 			ret := fn.Call(argsIn)
 			// handle the return value (no-op at the moment)
--- a/modules/web/routing/context.go
+++ b/modules/web/routing/context.go
@ -12,16 +12,18 @@ type contextKeyType struct{}
 var contextKey contextKeyType
-// UpdateFuncInfo updates a context's func info
+// RecordFuncInfo records a func info into context
-func UpdateFuncInfo(ctx context.Context, funcInfo *FuncInfo) {
+func RecordFuncInfo(ctx context.Context, funcInfo *FuncInfo) (end func()) {
-	record, ok := ctx.Value(contextKey).(*requestRecord)
+	// TODO: reqCtx := reqctx.FromContext(ctx), add trace support
-	if !ok {
+	end = func() {}
 		return
 	}
-	record.lock.Lock()
+	// save the func info into the context record
-	record.funcInfo = funcInfo
+	if record, ok := ctx.Value(contextKey).(*requestRecord); ok {
-	record.lock.Unlock()
+		record.lock.Lock()
 		record.funcInfo = funcInfo
 		record.lock.Unlock()
 	}
 	return end
 }
 // MarkLongPolling marks the request is a long-polling request, and the logger may output different message for it
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@ -2714,6 +2714,8 @@ branch.create_branch_operation = Create branch
 branch.new_branch = Create new branch
 branch.new_branch_from = Create new branch from "%s"
 branch.renamed = Branch %s was renamed to %s.
 branch.rename_default_or_protected_branch_error = Only admins can rename default or protected branches.
 branch.rename_protected_branch_failed = This branch is protected by glob-based protection rules.
 tag.create_tag = Create tag %s
 tag.create_tag_operation = Create tag
--- a/routers/api/actions/runner/main_test.go
+++ b/routers/api/actions/runner/main_test.go
@ -1,14 +0,0 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package runner
 import (
 	"testing"
 	"code.gitea.io/gitea/models/unittest"
 )
 func TestMain(m *testing.M) {
 	unittest.MainTest(m)
 }
--- a/routers/api/actions/runner/utils.go
+++ b/routers/api/actions/runner/utils.go
@ -8,14 +8,8 @@ import (
 	"fmt"
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
 	secret_model "code.gitea.io/gitea/models/secret"
 	actions_module "code.gitea.io/gitea/modules/actions"
 	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/services/actions"
 	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
@ -65,82 +59,16 @@ func pickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv
 }
 func generateTaskContext(t *actions_model.ActionTask) *structpb.Struct {
 	event := map[string]any{}
 	_ = json.Unmarshal([]byte(t.Job.Run.EventPayload), &event)
 	// TriggerEvent is added in https://github.com/go-gitea/gitea/pull/25229
 	// This fallback is for the old ActionRun that doesn't have the TriggerEvent field
 	// and should be removed in 1.22
 	eventName := t.Job.Run.TriggerEvent
 	if eventName == "" {
 		eventName = t.Job.Run.Event.Event()
 	}
 	baseRef := ""
 	headRef := ""
 	ref := t.Job.Run.Ref
 	sha := t.Job.Run.CommitSHA
 	if pullPayload, err := t.Job.Run.GetPullRequestEventPayload(); err == nil && pullPayload.PullRequest != nil && pullPayload.PullRequest.Base != nil && pullPayload.PullRequest.Head != nil {
 		baseRef = pullPayload.PullRequest.Base.Ref
 		headRef = pullPayload.PullRequest.Head.Ref
 		// if the TriggerEvent is pull_request_target, ref and sha need to be set according to the base of pull request
 		// In GitHub's documentation, ref should be the branch or tag that triggered workflow. But when the TriggerEvent is pull_request_target,
 		// the ref will be the base branch.
 		if t.Job.Run.TriggerEvent == actions_module.GithubEventPullRequestTarget {
 			ref = git.BranchPrefix + pullPayload.PullRequest.Base.Name
 			sha = pullPayload.PullRequest.Base.Sha
 		}
 	}
 	refName := git.RefName(ref)
 	giteaRuntimeToken, err := actions.CreateAuthorizationToken(t.ID, t.Job.RunID, t.JobID)
 	if err != nil {
 		log.Error("actions.CreateAuthorizationToken failed: %v", err)
 	}
-	taskContext, err := structpb.NewStruct(map[string]any{
+	gitCtx := actions.GenerateGiteaContext(t.Job.Run, t.Job)
-		// standard contexts, see https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
+	gitCtx["token"] = t.Token
-		"action":            "",                                                   // string, The name of the action currently running, or the id of a step. GitHub removes special characters, and uses the name __run when the current step runs a script without an id. If you use the same action more than once in the same job, the name will include a suffix with the sequence number with underscore before it. For example, the first script you run will have the name __run, and the second script will be named __run_2. Similarly, the second invocation of actions/checkout will be actionscheckout2.
+	gitCtx["gitea_runtime_token"] = giteaRuntimeToken
 		"action_path":       "",                                                   // string, The path where an action is located. This property is only supported in composite actions. You can use this path to access files located in the same repository as the action.
 		"action_ref":        "",                                                   // string, For a step executing an action, this is the ref of the action being executed. For example, v2.
 		"action_repository": "",                                                   // string, For a step executing an action, this is the owner and repository name of the action. For example, actions/checkout.
 		"action_status":     "",                                                   // string, For a composite action, the current result of the composite action.
 		"actor":             t.Job.Run.TriggerUser.Name,                           // string, The username of the user that triggered the initial workflow run. If the workflow run is a re-run, this value may differ from github.triggering_actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
 		"api_url":           setting.AppURL + "api/v1",                            // string, The URL of the GitHub REST API.
 		"base_ref":          baseRef,                                              // string, The base_ref or target branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either pull_request or pull_request_target.
 		"env":               "",                                                   // string, Path on the runner to the file that sets environment variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
 		"event":             event,                                                // object, The full event webhook payload. You can access individual properties of the event using this context. This object is identical to the webhook payload of the event that triggered the workflow run, and is different for each event. The webhooks for each GitHub Actions event is linked in "Events that trigger workflows." For example, for a workflow run triggered by the push event, this object contains the contents of the push webhook payload.
 		"event_name":        eventName,                                            // string, The name of the event that triggered the workflow run.
 		"event_path":        "",                                                   // string, The path to the file on the runner that contains the full event webhook payload.
 		"graphql_url":       "",                                                   // string, The URL of the GitHub GraphQL API.
 		"head_ref":          headRef,                                              // string, The head_ref or source branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either pull_request or pull_request_target.
 		"job":               fmt.Sprint(t.JobID),                                  // string, The job_id of the current job.
 		"ref":               ref,                                                  // string, The fully-formed ref of the branch or tag that triggered the workflow run. For workflows triggered by push, this is the branch or tag ref that was pushed. For workflows triggered by pull_request, this is the pull request merge branch. For workflows triggered by release, this is the release tag created. For other triggers, this is the branch or tag ref that triggered the workflow run. This is only set if a branch or tag is available for the event type. The ref given is fully-formed, meaning that for branches the format is refs/heads/<branch_name>, for pull requests it is refs/pull/<pr_number>/merge, and for tags it is refs/tags/<tag_name>. For example, refs/heads/feature-branch-1.
 		"ref_name":          refName.ShortName(),                                  // string, The short ref name of the branch or tag that triggered the workflow run. This value matches the branch or tag name shown on GitHub. For example, feature-branch-1.
 		"ref_protected":     false,                                                // boolean, true if branch protections are configured for the ref that triggered the workflow run.
 		"ref_type":          string(refName.RefType()),                            // string, The type of ref that triggered the workflow run. Valid values are branch or tag.
 		"path":              "",                                                   // string, Path on the runner to the file that sets system PATH variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
 		"repository":        t.Job.Run.Repo.OwnerName + "/" + t.Job.Run.Repo.Name, // string, The owner and repository name. For example, Codertocat/Hello-World.
 		"repository_owner":  t.Job.Run.Repo.OwnerName,                             // string, The repository owner's name. For example, Codertocat.
 		"repositoryUrl":     t.Job.Run.Repo.HTMLURL(),                             // string, The Git URL to the repository. For example, git://github.com/codertocat/hello-world.git.
 		"retention_days":    "",                                                   // string, The number of days that workflow run logs and artifacts are kept.
 		"run_id":            fmt.Sprint(t.Job.RunID),                              // string, A unique number for each workflow run within a repository. This number does not change if you re-run the workflow run.
 		"run_number":        fmt.Sprint(t.Job.Run.Index),                          // string, A unique number for each run of a particular workflow in a repository. This number begins at 1 for the workflow's first run, and increments with each new run. This number does not change if you re-run the workflow run.
 		"run_attempt":       fmt.Sprint(t.Job.Attempt),                            // string, A unique number for each attempt of a particular workflow run in a repository. This number begins at 1 for the workflow run's first attempt, and increments with each re-run.
 		"secret_source":     "Actions",                                            // string, The source of a secret used in a workflow. Possible values are None, Actions, Dependabot, or Codespaces.
 		"server_url":        setting.AppURL,                                       // string, The URL of the GitHub server. For example: https://github.com.
 		"sha":               sha,                                                  // string, The commit SHA that triggered the workflow. The value of this commit SHA depends on the event that triggered the workflow. For more information, see "Events that trigger workflows." For example, ffac537e6cbbf934b08745a378932722df287a53.
 		"token":             t.Token,                                              // string, A token to authenticate on behalf of the GitHub App installed on your repository. This is functionally equivalent to the GITHUB_TOKEN secret. For more information, see "Automatic token authentication."
 		"triggering_actor":  "",                                                   // string, The username of the user that initiated the workflow run. If the workflow run is a re-run, this value may differ from github.actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
 		"workflow":          t.Job.Run.WorkflowID,                                 // string, The name of the workflow. If the workflow file doesn't specify a name, the value of this property is the full path of the workflow file in the repository.
 		"workspace":         "",                                                   // string, The default working directory on the runner for steps, and the default location of your repository when using the checkout action.
-		// additional contexts
+	taskContext, err := structpb.NewStruct(gitCtx)
 		"gitea_default_actions_url": setting.Actions.DefaultActionsURL.URL(),
 		"gitea_runtime_token":       giteaRuntimeToken,
 	})
 	if err != nil {
 		log.Error("structpb.NewStruct failed: %v", err)
 	}
@ -150,68 +78,18 @@ func generateTaskContext(t *actions_model.ActionTask) *structpb.Struct {
 func findTaskNeeds(ctx context.Context, task *actions_model.ActionTask) (map[string]*runnerv1.TaskNeed, error) {
 	if err := task.LoadAttributes(ctx); err != nil {
-		return nil, fmt.Errorf("LoadAttributes: %w", err)
+		return nil, fmt.Errorf("task LoadAttributes: %w", err)
 	}
-	if len(task.Job.Needs) == 0 {
+	taskNeeds, err := actions.FindTaskNeeds(ctx, task.Job)
 		return nil, nil
 	}
 	needs := container.SetOf(task.Job.Needs...)
 	jobs, err := db.Find[actions_model.ActionRunJob](ctx, actions_model.FindRunJobOptions{RunID: task.Job.RunID})
 	if err != nil {
-		return nil, fmt.Errorf("FindRunJobs: %w", err)
+		return nil, err
 	}
-
+	ret := make(map[string]*runnerv1.TaskNeed, len(taskNeeds))
-	jobIDJobs := make(map[string][]*actions_model.ActionRunJob)
+	for jobID, taskNeed := range taskNeeds {
 	for _, job := range jobs {
 		jobIDJobs[job.JobID] = append(jobIDJobs[job.JobID], job)
 	}
 	ret := make(map[string]*runnerv1.TaskNeed, len(needs))
 	for jobID, jobsWithSameID := range jobIDJobs {
 		if !needs.Contains(jobID) {
 			continue
 		}
 		var jobOutputs map[string]string
 		for _, job := range jobsWithSameID {
 			if job.TaskID == 0 || !job.Status.IsDone() {
 				// it shouldn't happen, or the job has been rerun
 				continue
 			}
 			got, err := actions_model.FindTaskOutputByTaskID(ctx, job.TaskID)
 			if err != nil {
 				return nil, fmt.Errorf("FindTaskOutputByTaskID: %w", err)
 			}
 			outputs := make(map[string]string, len(got))
 			for _, v := range got {
 				outputs[v.OutputKey] = v.OutputValue
 			}
 			if len(jobOutputs) == 0 {
 				jobOutputs = outputs
 			} else {
 				jobOutputs = mergeTwoOutputs(outputs, jobOutputs)
 			}
 		}
 		ret[jobID] = &runnerv1.TaskNeed{
-			Outputs: jobOutputs,
+			Outputs: taskNeed.Outputs,
-			Result:  runnerv1.Result(actions_model.AggregateJobStatus(jobsWithSameID)),
+			Result:  runnerv1.Result(taskNeed.Result),
 		}
 	}
 	return ret, nil
 }
 // mergeTwoOutputs merges two outputs from two different ActionRunJobs
 // Values with the same output name may be overridden. The user should ensure the output names are unique.
 // See https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#using-job-outputs-in-a-matrix-job
 func mergeTwoOutputs(o1, o2 map[string]string) map[string]string {
 	ret := make(map[string]string, len(o1))
 	for k1, v1 := range o1 {
 		if len(v1) > 0 {
 			ret[k1] = v1
 		} else {
 			ret[k1] = o2[k1]
 		}
 	}
 	return ret
 }
--- a/routers/api/v1/repo/branch.go
+++ b/routers/api/v1/repo/branch.go
@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
 	"code.gitea.io/gitea/models/organization"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
@ -443,7 +444,14 @@ func UpdateBranch(ctx *context.APIContext) {
 	msg, err := repo_service.RenameBranch(ctx, repo, ctx.Doer, ctx.Repo.GitRepo, oldName, opt.Name)
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "RenameBranch", err)
+		switch {
 		case repo_model.IsErrUserDoesNotHaveAccessToRepo(err):
 			ctx.Error(http.StatusForbidden, "", "User must be a repo or site admin to rename default or protected branches.")
 		case errors.Is(err, git_model.ErrBranchIsProtected):
 			ctx.Error(http.StatusForbidden, "", "Branch is protected by glob-based protection rules.")
 		default:
 			ctx.Error(http.StatusInternalServerError, "RenameBranch", err)
 		}
 		return
 	}
 	if msg == "target_exist" {
--- a/routers/init.go
+++ b/routers/init.go
@ -213,7 +213,7 @@ func NormalRoutes() *web.Router {
 	}
 	r.NotFound(func(w http.ResponseWriter, req *http.Request) {
-		routing.UpdateFuncInfo(req.Context(), routing.GetFuncInfo(http.NotFound, "GlobalNotFound"))
+		defer routing.RecordFuncInfo(req.Context(), routing.GetFuncInfo(http.NotFound, "GlobalNotFound"))()
 		http.NotFound(w, req)
 	})
 	return r
--- a/routers/web/base.go
+++ b/routers/web/base.go
@ -34,7 +34,7 @@ func storageHandler(storageSetting *setting.Storage, prefix string, objStore sto
 				http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
 				return
 			}
-			routing.UpdateFuncInfo(req.Context(), funcInfo)
+			defer routing.RecordFuncInfo(req.Context(), funcInfo)()
 			rPath := strings.TrimPrefix(req.URL.Path, "/"+prefix+"/")
 			rPath = util.PathJoinRelX(rPath)
@ -65,7 +65,7 @@ func storageHandler(storageSetting *setting.Storage, prefix string, objStore sto
 			http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
 			return
 		}
-		routing.UpdateFuncInfo(req.Context(), funcInfo)
+		defer routing.RecordFuncInfo(req.Context(), funcInfo)()
 		rPath := strings.TrimPrefix(req.URL.Path, "/"+prefix+"/")
 		rPath = util.PathJoinRelX(rPath)
--- a/routers/web/repo/release.go
+++ b/routers/web/repo/release.go
@ -295,6 +295,7 @@ func SingleRelease(ctx *context.Context) {
 	}
 	ctx.Data["PageIsSingleTag"] = release.IsTag
 	ctx.Data["SingleReleaseTagName"] = release.TagName
 	if release.IsTag {
 		ctx.Data["Title"] = release.TagName
 	} else {
--- a/routers/web/repo/search.go
+++ b/routers/web/repo/search.go
@ -70,7 +70,7 @@ func Search(ctx *context.Context) {
 		res, err := git.GrepSearch(ctx, ctx.Repo.GitRepo, prepareSearch.Keyword, git.GrepOptions{
 			ContextLineNumber: 1,
 			IsFuzzy:           prepareSearch.IsFuzzy,
-			RefName:           git.RefNameFromBranch(ctx.Repo.BranchName).String(), // BranchName should be default branch or the first existing branch
+			RefName:           git.RefNameFromBranch(ctx.Repo.Repository.DefaultBranch).String(), // BranchName should be default branch or the first existing branch
 			PathspecList:      indexSettingToGitGrepPathspecList(),
 		})
 		if err != nil {
--- a/routers/web/repo/setting/protected_branch.go
+++ b/routers/web/repo/setting/protected_branch.go
@ -4,6 +4,7 @@
 package setting
 import (
 	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
@ -14,6 +15,7 @@ import (
 	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/perm"
 	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/web"
@ -351,9 +353,15 @@ func RenameBranchPost(ctx *context.Context) {
 	msg, err := repository.RenameBranch(ctx, ctx.Repo.Repository, ctx.Doer, ctx.Repo.GitRepo, form.From, form.To)
 	if err != nil {
 		switch {
 		case repo_model.IsErrUserDoesNotHaveAccessToRepo(err):
 			ctx.Flash.Error(ctx.Tr("repo.branch.rename_default_or_protected_branch_error"))
 			ctx.Redirect(fmt.Sprintf("%s/branches", ctx.Repo.RepoLink))
 		case git_model.IsErrBranchAlreadyExists(err):
 			ctx.Flash.Error(ctx.Tr("repo.branch.branch_already_exists", form.To))
 			ctx.Redirect(fmt.Sprintf("%s/branches", ctx.Repo.RepoLink))
 		case errors.Is(err, git_model.ErrBranchIsProtected):
 			ctx.Flash.Error(ctx.Tr("repo.branch.rename_protected_branch_failed"))
 			ctx.Redirect(fmt.Sprintf("%s/branches", ctx.Repo.RepoLink))
 		default:
 			ctx.ServerError("RenameBranch", err)
 		}
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -1598,7 +1598,7 @@ func registerRoutes(m *web.Router) {
 		m.Get("/watchers", repo.Watchers)
 		m.Get("/search", reqUnitCodeReader, repo.Search)
 		m.Post("/action/{action}", reqSignIn, repo.Action)
-	}, optSignIn, context.RepoAssignment, context.RepoRef())
+	}, optSignIn, context.RepoAssignment)
 	common.AddOwnerRepoGitLFSRoutes(m, optSignInIgnoreCsrf, lfsServerEnabled) // "/{username}/{reponame}/{lfs-paths}": git-lfs support
@ -1628,7 +1628,7 @@ func registerRoutes(m *web.Router) {
 	m.NotFound(func(w http.ResponseWriter, req *http.Request) {
 		ctx := context.GetWebContext(req)
-		routing.UpdateFuncInfo(ctx, routing.GetFuncInfo(ctx.NotFound, "WebNotFound"))
+		defer routing.RecordFuncInfo(ctx, routing.GetFuncInfo(ctx.NotFound, "WebNotFound"))()
 		ctx.NotFound("", nil)
 	})
 }
--- a/services/actions/context.go
+++ b/services/actions/context.go
@ -0,0 +1,161 @@
 // Copyright 2025 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package actions
 import (
 	"context"
 	"fmt"
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
 	actions_module "code.gitea.io/gitea/modules/actions"
 	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/setting"
 )
 // GenerateGiteaContext generate the gitea context without token and gitea_runtime_token
 // job can be nil when generating a context for parsing workflow-level expressions
 func GenerateGiteaContext(run *actions_model.ActionRun, job *actions_model.ActionRunJob) map[string]any {
 	event := map[string]any{}
 	_ = json.Unmarshal([]byte(run.EventPayload), &event)
 	baseRef := ""
 	headRef := ""
 	ref := run.Ref
 	sha := run.CommitSHA
 	if pullPayload, err := run.GetPullRequestEventPayload(); err == nil && pullPayload.PullRequest != nil && pullPayload.PullRequest.Base != nil && pullPayload.PullRequest.Head != nil {
 		baseRef = pullPayload.PullRequest.Base.Ref
 		headRef = pullPayload.PullRequest.Head.Ref
 		// if the TriggerEvent is pull_request_target, ref and sha need to be set according to the base of pull request
 		// In GitHub's documentation, ref should be the branch or tag that triggered workflow. But when the TriggerEvent is pull_request_target,
 		// the ref will be the base branch.
 		if run.TriggerEvent == actions_module.GithubEventPullRequestTarget {
 			ref = git.BranchPrefix + pullPayload.PullRequest.Base.Name
 			sha = pullPayload.PullRequest.Base.Sha
 		}
 	}
 	refName := git.RefName(ref)
 	gitContext := map[string]any{
 		// standard contexts, see https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
 		"action":            "",                                       // string, The name of the action currently running, or the id of a step. GitHub removes special characters, and uses the name __run when the current step runs a script without an id. If you use the same action more than once in the same job, the name will include a suffix with the sequence number with underscore before it. For example, the first script you run will have the name __run, and the second script will be named __run_2. Similarly, the second invocation of actions/checkout will be actionscheckout2.
 		"action_path":       "",                                       // string, The path where an action is located. This property is only supported in composite actions. You can use this path to access files located in the same repository as the action.
 		"action_ref":        "",                                       // string, For a step executing an action, this is the ref of the action being executed. For example, v2.
 		"action_repository": "",                                       // string, For a step executing an action, this is the owner and repository name of the action. For example, actions/checkout.
 		"action_status":     "",                                       // string, For a composite action, the current result of the composite action.
 		"actor":             run.TriggerUser.Name,                     // string, The username of the user that triggered the initial workflow run. If the workflow run is a re-run, this value may differ from github.triggering_actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
 		"api_url":           setting.AppURL + "api/v1",                // string, The URL of the GitHub REST API.
 		"base_ref":          baseRef,                                  // string, The base_ref or target branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either pull_request or pull_request_target.
 		"env":               "",                                       // string, Path on the runner to the file that sets environment variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
 		"event":             event,                                    // object, The full event webhook payload. You can access individual properties of the event using this context. This object is identical to the webhook payload of the event that triggered the workflow run, and is different for each event. The webhooks for each GitHub Actions event is linked in "Events that trigger workflows." For example, for a workflow run triggered by the push event, this object contains the contents of the push webhook payload.
 		"event_name":        run.TriggerEvent,                         // string, The name of the event that triggered the workflow run.
 		"event_path":        "",                                       // string, The path to the file on the runner that contains the full event webhook payload.
 		"graphql_url":       "",                                       // string, The URL of the GitHub GraphQL API.
 		"head_ref":          headRef,                                  // string, The head_ref or source branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either pull_request or pull_request_target.
 		"job":               "",                                       // string, The job_id of the current job.
 		"ref":               ref,                                      // string, The fully-formed ref of the branch or tag that triggered the workflow run. For workflows triggered by push, this is the branch or tag ref that was pushed. For workflows triggered by pull_request, this is the pull request merge branch. For workflows triggered by release, this is the release tag created. For other triggers, this is the branch or tag ref that triggered the workflow run. This is only set if a branch or tag is available for the event type. The ref given is fully-formed, meaning that for branches the format is refs/heads/<branch_name>, for pull requests it is refs/pull/<pr_number>/merge, and for tags it is refs/tags/<tag_name>. For example, refs/heads/feature-branch-1.
 		"ref_name":          refName.ShortName(),                      // string, The short ref name of the branch or tag that triggered the workflow run. This value matches the branch or tag name shown on GitHub. For example, feature-branch-1.
 		"ref_protected":     false,                                    // boolean, true if branch protections are configured for the ref that triggered the workflow run.
 		"ref_type":          string(refName.RefType()),                // string, The type of ref that triggered the workflow run. Valid values are branch or tag.
 		"path":              "",                                       // string, Path on the runner to the file that sets system PATH variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
 		"repository":        run.Repo.OwnerName + "/" + run.Repo.Name, // string, The owner and repository name. For example, Codertocat/Hello-World.
 		"repository_owner":  run.Repo.OwnerName,                       // string, The repository owner's name. For example, Codertocat.
 		"repositoryUrl":     run.Repo.HTMLURL(),                       // string, The Git URL to the repository. For example, git://github.com/codertocat/hello-world.git.
 		"retention_days":    "",                                       // string, The number of days that workflow run logs and artifacts are kept.
 		"run_id":            "",                                       // string, A unique number for each workflow run within a repository. This number does not change if you re-run the workflow run.
 		"run_number":        fmt.Sprint(run.Index),                    // string, A unique number for each run of a particular workflow in a repository. This number begins at 1 for the workflow's first run, and increments with each new run. This number does not change if you re-run the workflow run.
 		"run_attempt":       "",                                       // string, A unique number for each attempt of a particular workflow run in a repository. This number begins at 1 for the workflow run's first attempt, and increments with each re-run.
 		"secret_source":     "Actions",                                // string, The source of a secret used in a workflow. Possible values are None, Actions, Dependabot, or Codespaces.
 		"server_url":        setting.AppURL,                           // string, The URL of the GitHub server. For example: https://github.com.
 		"sha":               sha,                                      // string, The commit SHA that triggered the workflow. The value of this commit SHA depends on the event that triggered the workflow. For more information, see "Events that trigger workflows." For example, ffac537e6cbbf934b08745a378932722df287a53.
 		"triggering_actor":  "",                                       // string, The username of the user that initiated the workflow run. If the workflow run is a re-run, this value may differ from github.actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
 		"workflow":          run.WorkflowID,                           // string, The name of the workflow. If the workflow file doesn't specify a name, the value of this property is the full path of the workflow file in the repository.
 		"workspace":         "",                                       // string, The default working directory on the runner for steps, and the default location of your repository when using the checkout action.
 		// additional contexts
 		"gitea_default_actions_url": setting.Actions.DefaultActionsURL.URL(),
 	}
 	if job != nil {
 		gitContext["job"] = job.JobID
 		gitContext["run_id"] = fmt.Sprint(job.RunID)
 		gitContext["run_attempt"] = fmt.Sprint(job.Attempt)
 	}
 	return gitContext
 }
 type TaskNeed struct {
 	Result  actions_model.Status
 	Outputs map[string]string
 }
 // FindTaskNeeds finds the `needs` for the task by the task's job
 func FindTaskNeeds(ctx context.Context, job *actions_model.ActionRunJob) (map[string]*TaskNeed, error) {
 	if len(job.Needs) == 0 {
 		return nil, nil
 	}
 	needs := container.SetOf(job.Needs...)
 	jobs, err := db.Find[actions_model.ActionRunJob](ctx, actions_model.FindRunJobOptions{RunID: job.RunID})
 	if err != nil {
 		return nil, fmt.Errorf("FindRunJobs: %w", err)
 	}
 	jobIDJobs := make(map[string][]*actions_model.ActionRunJob)
 	for _, job := range jobs {
 		jobIDJobs[job.JobID] = append(jobIDJobs[job.JobID], job)
 	}
 	ret := make(map[string]*TaskNeed, len(needs))
 	for jobID, jobsWithSameID := range jobIDJobs {
 		if !needs.Contains(jobID) {
 			continue
 		}
 		var jobOutputs map[string]string
 		for _, job := range jobsWithSameID {
 			if job.TaskID == 0 || !job.Status.IsDone() {
 				// it shouldn't happen, or the job has been rerun
 				continue
 			}
 			got, err := actions_model.FindTaskOutputByTaskID(ctx, job.TaskID)
 			if err != nil {
 				return nil, fmt.Errorf("FindTaskOutputByTaskID: %w", err)
 			}
 			outputs := make(map[string]string, len(got))
 			for _, v := range got {
 				outputs[v.OutputKey] = v.OutputValue
 			}
 			if len(jobOutputs) == 0 {
 				jobOutputs = outputs
 			} else {
 				jobOutputs = mergeTwoOutputs(outputs, jobOutputs)
 			}
 		}
 		ret[jobID] = &TaskNeed{
 			Outputs: jobOutputs,
 			Result:  actions_model.AggregateJobStatus(jobsWithSameID),
 		}
 	}
 	return ret, nil
 }
 // mergeTwoOutputs merges two outputs from two different ActionRunJobs
 // Values with the same output name may be overridden. The user should ensure the output names are unique.
 // See https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#using-job-outputs-in-a-matrix-job
 func mergeTwoOutputs(o1, o2 map[string]string) map[string]string {
 	ret := make(map[string]string, len(o1))
 	for k1, v1 := range o1 {
 		if len(v1) > 0 {
 			ret[k1] = v1
 		} else {
 			ret[k1] = o2[k1]
 		}
 	}
 	return ret
 }
--- a/routers/api/actions/runner/utils_test.go
+++ b/routers/api/actions/runner/utils_test.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
-package runner
+package actions
 import (
 	"context"
@ -13,12 +13,13 @@ import (
 	"github.com/stretchr/testify/assert"
 )
-func Test_findTaskNeeds(t *testing.T) {
+func TestFindTaskNeeds(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 51})
 	job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: task.JobID})
-	ret, err := findTaskNeeds(context.Background(), task)
+	ret, err := FindTaskNeeds(context.Background(), job)
 	assert.NoError(t, err)
 	assert.Len(t, ret, 1)
 	assert.Contains(t, ret, "job1")
--- a/services/actions/init_test.go
+++ b/services/actions/init_test.go
@ -17,9 +17,7 @@ import (
 )
 func TestMain(m *testing.M) {
-	unittest.MainTest(m, &unittest.TestOptions{
+	unittest.MainTest(m)
 		FixtureFiles: []string{"action_runner_token.yml"},
 	})
 	os.Exit(m.Run())
 }
--- a/services/context/base.go
+++ b/services/context/base.go
@ -4,7 +4,6 @@
 package context
 import (
 	"context"
 	"fmt"
 	"html/template"
 	"io"
@ -25,8 +24,7 @@ type BaseContextKeyType struct{}
 var BaseContextKey BaseContextKeyType
 type Base struct {
-	context.Context
+	reqctx.RequestContext
 	reqctx.RequestDataStore
 	Resp ResponseWriter
 	Req  *http.Request
@ -172,19 +170,19 @@ func (b *Base) TrN(cnt any, key1, keyN string, args ...any) template.HTML {
 }
 func NewBaseContext(resp http.ResponseWriter, req *http.Request) *Base {
-	ds := reqctx.GetRequestDataStore(req.Context())
+	reqCtx := reqctx.FromContext(req.Context())
 	b := &Base{
-		Context:          req.Context(),
+		RequestContext: reqCtx,
-		RequestDataStore: ds,
+
-		Req:              req,
+		Req:    req,
-		Resp:             WrapResponseWriter(resp),
+		Resp:   WrapResponseWriter(resp),
-		Locale:           middleware.Locale(resp, req),
+		Locale: middleware.Locale(resp, req),
-		Data:             ds.GetData(),
+		Data:   reqCtx.GetData(),
 	}
 	b.Req = b.Req.WithContext(b)
-	ds.SetContextValue(BaseContextKey, b)
+	reqCtx.SetContextValue(BaseContextKey, b)
-	ds.SetContextValue(translation.ContextKey, b.Locale)
+	reqCtx.SetContextValue(translation.ContextKey, b.Locale)
-	ds.SetContextValue(httplib.RequestContextKey, b.Req)
+	reqCtx.SetContextValue(httplib.RequestContextKey, b.Req)
 	return b
 }
--- a/services/context/repo.go
+++ b/services/context/repo.go
@ -56,7 +56,6 @@ type Repository struct {
 	// RefFullName is the full ref name that the user is viewing
 	RefFullName git.RefName
 	BranchName  string // it is the RefFullName's short name if its type is "branch"
 	TagName     string // it is the RefFullName's short name if its type is "tag"
 	TreePath    string
 	// Commit it is always set to the commit for the branch or tag, or just the commit that the user is viewing
@ -851,7 +850,6 @@ func RepoRefByType(detectRefType git.RefType) func(*Context) {
 				ctx.Repo.CommitID = ctx.Repo.Commit.ID.String()
 			} else if refType == git.RefTypeTag && ctx.Repo.GitRepo.IsTagExist(refShortName) {
 				ctx.Repo.RefFullName = git.RefNameFromTag(refShortName)
 				ctx.Repo.TagName = refShortName
 				ctx.Repo.Commit, err = ctx.Repo.GitRepo.GetTagCommit(refShortName)
 				if err != nil {
@ -901,8 +899,6 @@ func RepoRefByType(detectRefType git.RefType) func(*Context) {
 		ctx.Data["BranchName"] = ctx.Repo.BranchName
 		ctx.Data["TagName"] = ctx.Repo.TagName
 		ctx.Data["CommitID"] = ctx.Repo.CommitID
 		ctx.Data["CanCreateBranch"] = ctx.Repo.CanCreateBranch() // only used by the branch selector dropdown: AllowCreateNewRef
--- a/services/repository/branch.go
+++ b/services/repository/branch.go
@ -416,6 +416,29 @@ func RenameBranch(ctx context.Context, repo *repo_model.Repository, doer *user_m
 		return "from_not_exist", nil
 	}
 	perm, err := access_model.GetUserRepoPermission(ctx, repo, doer)
 	if err != nil {
 		return "", err
 	}
 	isDefault := from == repo.DefaultBranch
 	if isDefault && !perm.IsAdmin() {
 		return "", repo_model.ErrUserDoesNotHaveAccessToRepo{
 			UserID:   doer.ID,
 			RepoName: repo.LowerName,
 		}
 	}
 	// If from == rule name, admins are allowed to modify them.
 	if protectedBranch, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, from); err != nil {
 		return "", err
 	} else if protectedBranch != nil && !perm.IsAdmin() {
 		return "", repo_model.ErrUserDoesNotHaveAccessToRepo{
 			UserID:   doer.ID,
 			RepoName: repo.LowerName,
 		}
 	}
 	if err := git_model.RenameBranch(ctx, repo, from, to, func(ctx context.Context, isDefault bool) error {
 		err2 := gitRepo.RenameBranch(from, to)
 		if err2 != nil {
--- a/templates/repo/issue/sidebar/issue_dependencies.tmpl
+++ b/templates/repo/issue/sidebar/issue_dependencies.tmpl
@ -22,7 +22,7 @@
 				{{range .BlockingDependencies}}
 					<div class="item dependency{{if .Issue.IsClosed}} is-closed{{end}} tw-flex tw-items-center tw-justify-between">
 						<div class="item-left tw-flex tw-justify-center tw-flex-col tw-flex-1 gt-ellipsis">
-							<a class="muted gt-ellipsis" href="{{.Issue.Link}}" data-tooltip-content="#{{.Issue.Index}} {{.Issue.Title | ctx.RenderUtils.RenderEmoji}}">
+							<a class="muted issue-dependency-title gt-ellipsis" href="{{.Issue.Link}}" data-tooltip-content="#{{.Issue.Index}} {{.Issue.Title | ctx.RenderUtils.RenderEmoji}}">
 								#{{.Issue.Index}} {{.Issue.Title | ctx.RenderUtils.RenderEmoji}}
 							</a>
 							<div class="text small gt-ellipsis" data-tooltip-content="{{.Repository.OwnerName}}/{{.Repository.Name}}">
@ -54,7 +54,7 @@
 				{{range .BlockedByDependencies}}
 					<div class="item dependency{{if .Issue.IsClosed}} is-closed{{end}} tw-flex tw-items-center tw-justify-between">
 						<div class="item-left tw-flex tw-justify-center tw-flex-col tw-flex-1 gt-ellipsis">
-							<a class="muted gt-ellipsis" href="{{.Issue.Link}}" data-tooltip-content="#{{.Issue.Index}} {{.Issue.Title | ctx.RenderUtils.RenderEmoji}}">
+							<a class="muted issue-dependency-title gt-ellipsis" href="{{.Issue.Link}}" data-tooltip-content="#{{.Issue.Index}} {{.Issue.Title | ctx.RenderUtils.RenderEmoji}}">
 								#{{.Issue.Index}} {{.Issue.Title | ctx.RenderUtils.RenderEmoji}}
 							</a>
 							<div class="text small gt-ellipsis" data-tooltip-content="{{.Repository.OwnerName}}/{{.Repository.Name}}">
@ -76,7 +76,7 @@
 							<div class="item-left tw-flex tw-justify-center tw-flex-col tw-flex-1 gt-ellipsis">
 								<div class="gt-ellipsis">
 									<span data-tooltip-content="{{ctx.Locale.Tr "repo.issues.dependency.no_permission.can_remove"}}">{{svg "octicon-lock" 16}}</span>
-									<span class="gt-ellipsis" data-tooltip-content="#{{.Issue.Index}} {{.Issue.Title | ctx.RenderUtils.RenderEmoji}}">
+									<span class="gt-ellipsis issue-dependency-title" data-tooltip-content="#{{.Issue.Index}} {{.Issue.Title | ctx.RenderUtils.RenderEmoji}}">
 										#{{.Issue.Index}} {{.Issue.Title | ctx.RenderUtils.RenderEmoji}}
 									</span>
 								</div>
--- a/templates/repo/release_tag_header.tmpl
+++ b/templates/repo/release_tag_header.tmpl
@ -17,7 +17,7 @@
 			</a>
 		{{end}}
 		{{if and (not .PageIsTagList) .CanCreateRelease}}
-			<a class="ui small primary button" href="{{$.RepoLink}}/releases/new{{if .PageIsSingleTag}}?tag={{.TagName}}{{end}}">
+			<a class="ui small primary button" href="{{$.RepoLink}}/releases/new{{if .PageIsSingleTag}}?tag={{.SingleReleaseTagName}}{{end}}">
 				{{ctx.Locale.Tr "repo.release.new_release"}}
 			</a>
 		{{end}}
--- a/tests/integration/actions_job_test.go
+++ b/tests/integration/actions_job_test.go
@ -4,17 +4,23 @@
 package integration
 import (
 	"context"
 	"encoding/base64"
 	"fmt"
 	"net/http"
 	"net/url"
 	"reflect"
 	"testing"
 	"time"
 	actions_model "code.gitea.io/gitea/models/actions"
 	auth_model "code.gitea.io/gitea/models/auth"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
@ -347,6 +353,91 @@ jobs:
 	})
 }
 func TestActionsGiteaContext(t *testing.T) {
 	onGiteaRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		user2Session := loginUser(t, user2.Name)
 		user2Token := getTokenForLoggedInUser(t, user2Session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
 		apiBaseRepo := createActionsTestRepo(t, user2Token, "actions-gitea-context", false)
 		baseRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiBaseRepo.ID})
 		user2APICtx := NewAPITestContext(t, baseRepo.OwnerName, baseRepo.Name, auth_model.AccessTokenScopeWriteRepository)
 		runner := newMockRunner()
 		runner.registerAsRepoRunner(t, baseRepo.OwnerName, baseRepo.Name, "mock-runner", []string{"ubuntu-latest"})
 		// init the workflow
 		wfTreePath := ".gitea/workflows/pull.yml"
 		wfFileContent := `name: Pull Request
 on: pull_request
 jobs:
  wf1-job:
    runs-on: ubuntu-latest
    steps:
      - run: echo 'test the pull'
 `
 		opts := getWorkflowCreateFileOptions(user2, baseRepo.DefaultBranch, fmt.Sprintf("create %s", wfTreePath), wfFileContent)
 		createWorkflowFile(t, user2Token, baseRepo.OwnerName, baseRepo.Name, wfTreePath, opts)
 		// user2 creates a pull request
 		doAPICreateFile(user2APICtx, "user2-patch.txt", &api.CreateFileOptions{
 			FileOptions: api.FileOptions{
 				NewBranchName: "user2/patch-1",
 				Message:       "create user2-patch.txt",
 				Author: api.Identity{
 					Name:  user2.Name,
 					Email: user2.Email,
 				},
 				Committer: api.Identity{
 					Name:  user2.Name,
 					Email: user2.Email,
 				},
 				Dates: api.CommitDateOptions{
 					Author:    time.Now(),
 					Committer: time.Now(),
 				},
 			},
 			ContentBase64: base64.StdEncoding.EncodeToString([]byte("user2-fix")),
 		})(t)
 		apiPull, err := doAPICreatePullRequest(user2APICtx, baseRepo.OwnerName, baseRepo.Name, baseRepo.DefaultBranch, "user2/patch-1")(t)
 		assert.NoError(t, err)
 		task := runner.fetchTask(t)
 		gtCtx := task.Context.GetFields()
 		actionTask := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: task.Id})
 		actionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: actionTask.JobID})
 		actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: actionRunJob.RunID})
 		assert.NoError(t, actionRun.LoadAttributes(context.Background()))
 		assert.Equal(t, user2.Name, gtCtx["actor"].GetStringValue())
 		assert.Equal(t, setting.AppURL+"api/v1", gtCtx["api_url"].GetStringValue())
 		assert.Equal(t, apiPull.Base.Ref, gtCtx["base_ref"].GetStringValue())
 		runEvent := map[string]any{}
 		assert.NoError(t, json.Unmarshal([]byte(actionRun.EventPayload), &runEvent))
 		assert.True(t, reflect.DeepEqual(gtCtx["event"].GetStructValue().AsMap(), runEvent))
 		assert.Equal(t, actionRun.TriggerEvent, gtCtx["event_name"].GetStringValue())
 		assert.Equal(t, apiPull.Head.Ref, gtCtx["head_ref"].GetStringValue())
 		assert.Equal(t, actionRunJob.JobID, gtCtx["job"].GetStringValue())
 		assert.Equal(t, actionRun.Ref, gtCtx["ref"].GetStringValue())
 		assert.Equal(t, (git.RefName(actionRun.Ref)).ShortName(), gtCtx["ref_name"].GetStringValue())
 		assert.False(t, gtCtx["ref_protected"].GetBoolValue())
 		assert.Equal(t, string((git.RefName(actionRun.Ref)).RefType()), gtCtx["ref_type"].GetStringValue())
 		assert.Equal(t, actionRun.Repo.OwnerName+"/"+actionRun.Repo.Name, gtCtx["repository"].GetStringValue())
 		assert.Equal(t, actionRun.Repo.OwnerName, gtCtx["repository_owner"].GetStringValue())
 		assert.Equal(t, actionRun.Repo.HTMLURL(), gtCtx["repositoryUrl"].GetStringValue())
 		assert.Equal(t, fmt.Sprint(actionRunJob.RunID), gtCtx["run_id"].GetStringValue())
 		assert.Equal(t, fmt.Sprint(actionRun.Index), gtCtx["run_number"].GetStringValue())
 		assert.Equal(t, fmt.Sprint(actionRunJob.Attempt), gtCtx["run_attempt"].GetStringValue())
 		assert.Equal(t, "Actions", gtCtx["secret_source"].GetStringValue())
 		assert.Equal(t, setting.AppURL, gtCtx["server_url"].GetStringValue())
 		assert.Equal(t, actionRun.CommitSHA, gtCtx["sha"].GetStringValue())
 		assert.Equal(t, actionRun.WorkflowID, gtCtx["workflow"].GetStringValue())
 		assert.Equal(t, setting.Actions.DefaultActionsURL.URL(), gtCtx["gitea_default_actions_url"].GetStringValue())
 		token := gtCtx["token"].GetStringValue()
 		assert.Equal(t, actionTask.TokenLastEight, token[len(token)-8:])
 		doAPIDeleteRepository(user2APICtx)(t)
 	})
 }
 func createActionsTestRepo(t *testing.T, authToken, repoName string, isPrivate bool) *api.Repository {
 	req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos", &api.CreateRepoOption{
 		Name:          repoName,
--- a/tests/integration/api_branch_test.go
+++ b/tests/integration/api_branch_test.go
@ -190,28 +190,61 @@ func testAPICreateBranch(t testing.TB, session *TestSession, user, repo, oldBran
 func TestAPIUpdateBranch(t *testing.T) {
 	onGiteaRun(t, func(t *testing.T, _ *url.URL) {
 		t.Run("UpdateBranchWithEmptyRepo", func(t *testing.T) {
-			testAPIUpdateBranch(t, "user10", "repo6", "master", "test", http.StatusNotFound)
+			testAPIUpdateBranch(t, "user10", "user10", "repo6", "master", "test", http.StatusNotFound)
 		})
 		t.Run("UpdateBranchWithSameBranchNames", func(t *testing.T) {
-			resp := testAPIUpdateBranch(t, "user2", "repo1", "master", "master", http.StatusUnprocessableEntity)
+			resp := testAPIUpdateBranch(t, "user2", "user2", "repo1", "master", "master", http.StatusUnprocessableEntity)
 			assert.Contains(t, resp.Body.String(), "Cannot rename a branch using the same name or rename to a branch that already exists.")
 		})
 		t.Run("UpdateBranchThatAlreadyExists", func(t *testing.T) {
-			resp := testAPIUpdateBranch(t, "user2", "repo1", "master", "branch2", http.StatusUnprocessableEntity)
+			resp := testAPIUpdateBranch(t, "user2", "user2", "repo1", "master", "branch2", http.StatusUnprocessableEntity)
 			assert.Contains(t, resp.Body.String(), "Cannot rename a branch using the same name or rename to a branch that already exists.")
 		})
 		t.Run("UpdateBranchWithNonExistentBranch", func(t *testing.T) {
-			resp := testAPIUpdateBranch(t, "user2", "repo1", "i-dont-exist", "new-branch-name", http.StatusNotFound)
+			resp := testAPIUpdateBranch(t, "user2", "user2", "repo1", "i-dont-exist", "new-branch-name", http.StatusNotFound)
 			assert.Contains(t, resp.Body.String(), "Branch doesn't exist.")
 		})
-		t.Run("RenameBranchNormalScenario", func(t *testing.T) {
+		t.Run("UpdateBranchWithNonAdminDoer", func(t *testing.T) {
-			testAPIUpdateBranch(t, "user2", "repo1", "branch2", "new-branch-name", http.StatusNoContent)
+			// don't allow default branch renaming
 			resp := testAPIUpdateBranch(t, "user40", "user2", "repo1", "master", "new-branch-name", http.StatusForbidden)
 			assert.Contains(t, resp.Body.String(), "User must be a repo or site admin to rename default or protected branches.")
 			// don't allow protected branch renaming
 			token := getUserToken(t, "user2", auth_model.AccessTokenScopeWriteRepository)
 			req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/branches", &api.CreateBranchRepoOption{
 				BranchName: "protected-branch",
 			}).AddTokenAuth(token)
 			MakeRequest(t, req, http.StatusCreated)
 			testAPICreateBranchProtection(t, "protected-branch", 1, http.StatusCreated)
 			resp = testAPIUpdateBranch(t, "user40", "user2", "repo1", "protected-branch", "new-branch-name", http.StatusForbidden)
 			assert.Contains(t, resp.Body.String(), "User must be a repo or site admin to rename default or protected branches.")
 		})
 		t.Run("UpdateBranchWithGlobedBasedProtectionRulesAndAdminAccess", func(t *testing.T) {
 			// don't allow branch that falls under glob-based protection rules to be renamed
 			token := getUserToken(t, "user2", auth_model.AccessTokenScopeWriteRepository)
 			req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/branch_protections", &api.BranchProtection{
 				RuleName:   "protected/**",
 				EnablePush: true,
 			}).AddTokenAuth(token)
 			MakeRequest(t, req, http.StatusCreated)
 			from := "protected/1"
 			req = NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/branches", &api.CreateBranchRepoOption{
 				BranchName: from,
 			}).AddTokenAuth(token)
 			MakeRequest(t, req, http.StatusCreated)
 			resp := testAPIUpdateBranch(t, "user2", "user2", "repo1", from, "new-branch-name", http.StatusForbidden)
 			assert.Contains(t, resp.Body.String(), "Branch is protected by glob-based protection rules.")
 		})
 		t.Run("UpdateBranchNormalScenario", func(t *testing.T) {
 			testAPIUpdateBranch(t, "user2", "user2", "repo1", "branch2", "new-branch-name", http.StatusNoContent)
 		})
 	})
 }
-func testAPIUpdateBranch(t *testing.T, ownerName, repoName, from, to string, expectedHTTPStatus int) *httptest.ResponseRecorder {
+func testAPIUpdateBranch(t *testing.T, doerName, ownerName, repoName, from, to string, expectedHTTPStatus int) *httptest.ResponseRecorder {
-	token := getUserToken(t, ownerName, auth_model.AccessTokenScopeWriteRepository)
+	token := getUserToken(t, doerName, auth_model.AccessTokenScopeWriteRepository)
 	req := NewRequestWithJSON(t, "PATCH", "api/v1/repos/"+ownerName+"/"+repoName+"/branches/"+from, &api.UpdateBranchRepoOption{
 		Name: to,
 	}).AddTokenAuth(token)
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@ -735,5 +735,5 @@ func TestAPIRepoGetAssignees(t *testing.T) {
 	resp := MakeRequest(t, req, http.StatusOK)
 	var assignees []*api.User
 	DecodeJSON(t, resp, &assignees)
-	assert.Len(t, assignees, 1)
+	assert.Len(t, assignees, 2)
 }
--- a/tests/integration/release_test.go
+++ b/tests/integration/release_test.go
@ -173,17 +173,25 @@ func TestViewReleaseListNoLogin(t *testing.T) {
 	}, commitsToMain)
 }
-func TestViewSingleReleaseNoLogin(t *testing.T) {
+func TestViewSingleRelease(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
-	req := NewRequest(t, "GET", "/user2/repo-release/releases/tag/v1.0")
+	t.Run("NoLogin", func(t *testing.T) {
-	resp := MakeRequest(t, req, http.StatusOK)
+		req := NewRequest(t, "GET", "/user2/repo-release/releases/tag/v1.0")
-
+		resp := MakeRequest(t, req, http.StatusOK)
-	htmlDoc := NewHTMLParser(t, resp.Body)
+		htmlDoc := NewHTMLParser(t, resp.Body)
-	// check the "number of commits to main since this release"
+		// check the "number of commits to main since this release"
-	releaseList := htmlDoc.doc.Find("#release-list .ahead > a")
+		releaseList := htmlDoc.doc.Find("#release-list .ahead > a")
-	assert.EqualValues(t, 1, releaseList.Length())
+		assert.EqualValues(t, 1, releaseList.Length())
-	assert.EqualValues(t, "3 commits", releaseList.First().Text())
+		assert.EqualValues(t, "3 commits", releaseList.First().Text())
 	})
 	t.Run("Login", func(t *testing.T) {
 		session := loginUser(t, "user1")
 		req := NewRequest(t, "GET", "/user2/repo1/releases/tag/delete-tag") // "delete-tag" is the only one with is_tag=true (although strange name)
 		resp := session.MakeRequest(t, req, http.StatusOK)
 		// the New Release button should contain the tag name
 		assert.Contains(t, resp.Body.String(), `<a class="ui small primary button" href="/user2/repo1/releases/new?tag=delete-tag">`)
 	})
 }
 func TestViewReleaseListLogin(t *testing.T) {
--- a/tsconfig.json
+++ b/tsconfig.json
@ -23,6 +23,7 @@
    "stripInternal": true,
    "strict": false,
    "strictFunctionTypes": true,
    "noImplicitThis": true,
    "noUnusedLocals": true,
    "noUnusedParameters": true,
    "noPropertyAccessFromIndexSignature": false,
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@ -784,7 +784,7 @@ td .commit-summary {
  box-shadow: none;
 }
-.repository.view.issue .ui.depending .item.is-closed .title {
+.repository.view.issue .ui.depending .item.is-closed .issue-dependency-title {
  text-decoration: line-through;
 }
--- a/web_src/js/components/DashboardRepoList.vue
+++ b/web_src/js/components/DashboardRepoList.vue
@ -1,5 +1,5 @@
 <script lang="ts">
-import {createApp, nextTick} from 'vue';
+import {nextTick, defineComponent} from 'vue';
 import {SvgIcon} from '../svg.ts';
 import {GET} from '../modules/fetch.ts';
 import {fomanticQuery} from '../modules/fomantic/base.ts';
@ -24,7 +24,7 @@ const commitStatus: CommitStatusMap = {
  warning: {name: 'gitea-exclamation', color: 'yellow'},
 };
-const sfc = {
+export default defineComponent({
  components: {SvgIcon},
  data() {
    const params = new URLSearchParams(window.location.search);
@ -335,16 +335,8 @@ const sfc = {
      }
    },
  },
-};
+});
 export function initDashboardRepoList() {
  const el = document.querySelector('#dashboard-repo-list');
  if (el) {
    createApp(sfc).mount(el);
  }
 }
 export default sfc; // activate the IDE's Vue plugin
 </script>
 <template>
  <div>
--- a/web_src/js/components/DiffCommitSelector.vue
+++ b/web_src/js/components/DiffCommitSelector.vue
@ -1,9 +1,10 @@
 <script lang="ts">
 import {defineComponent} from 'vue';
 import {SvgIcon} from '../svg.ts';
 import {GET} from '../modules/fetch.ts';
 import {generateAriaId} from '../modules/fomantic/base.ts';
-export default {
+export default defineComponent({
  components: {SvgIcon},
  data: () => {
    const el = document.querySelector('#diff-commit-select');
@ -55,11 +56,11 @@ export default {
      switch (event.key) {
        case 'ArrowDown': // select next element
          event.preventDefault();
-          this.focusElem(item.nextElementSibling, item);
+          this.focusElem(item.nextElementSibling as HTMLElement, item);
          break;
        case 'ArrowUp': // select previous element
          event.preventDefault();
-          this.focusElem(item.previousElementSibling, item);
+          this.focusElem(item.previousElementSibling as HTMLElement, item);
          break;
        case 'Escape': // close menu
          event.preventDefault();
@ -118,9 +119,9 @@ export default {
      // set correct tabindex to allow easier navigation
      this.$nextTick(() => {
        if (this.menuVisible) {
-          this.focusElem(this.$refs.showAllChanges, this.$refs.expandBtn);
+          this.focusElem(this.$refs.showAllChanges as HTMLElement, this.$refs.expandBtn as HTMLElement);
        } else {
-          this.focusElem(this.$refs.expandBtn, this.$refs.showAllChanges);
+          this.focusElem(this.$refs.expandBtn as HTMLElement, this.$refs.showAllChanges as HTMLElement);
        }
      });
    },
@ -188,7 +189,7 @@ export default {
      }
    },
  },
-};
+});
 </script>
 <template>
  <div class="ui scrolling dropdown custom diff-commit-selector">
--- a/web_src/js/components/DiffFileList.vue
+++ b/web_src/js/components/DiffFileList.vue
@ -17,7 +17,7 @@ function toggleFileList() {
  store.fileListIsVisible = !store.fileListIsVisible;
 }
-function diffTypeToString(pType) {
+function diffTypeToString(pType: number) {
  const diffTypes = {
    1: 'add',
    2: 'modify',
@ -28,7 +28,7 @@ function diffTypeToString(pType) {
  return diffTypes[pType];
 }
-function diffStatsWidth(adds, dels) {
+function diffStatsWidth(adds: number, dels: number) {
  return `${adds / (adds + dels) * 100}%`;
 }
--- a/web_src/js/components/DiffFileTree.vue
+++ b/web_src/js/components/DiffFileTree.vue
@ -60,7 +60,7 @@ const fileTree = computed(() => {
      parent = newParent;
    }
  }
-  const mergeChildIfOnlyOneDir = (entries) => {
+  const mergeChildIfOnlyOneDir = (entries: Array<Record<string, any>>) => {
    for (const entry of entries) {
      if (entry.children) {
        mergeChildIfOnlyOneDir(entry.children);
@ -110,13 +110,13 @@ function toggleVisibility() {
  updateVisibility(!store.fileTreeIsVisible);
 }
-function updateVisibility(visible) {
+function updateVisibility(visible: boolean) {
  store.fileTreeIsVisible = visible;
  localStorage.setItem(LOCAL_STORAGE_KEY, store.fileTreeIsVisible);
  updateState(store.fileTreeIsVisible);
 }
-function updateState(visible) {
+function updateState(visible: boolean) {
  const btn = document.querySelector('.diff-toggle-file-tree-button');
  const [toShow, toHide] = btn.querySelectorAll('.icon');
  const tree = document.querySelector('#diff-file-tree');
--- a/web_src/js/components/DiffFileTreeItem.vue
+++ b/web_src/js/components/DiffFileTreeItem.vue
@ -25,7 +25,7 @@ defineProps<{
 const store = diffTreeStore();
 const collapsed = ref(false);
-function getIconForDiffType(pType) {
+function getIconForDiffType(pType: number) {
  const diffTypes = {
    1: {name: 'octicon-diff-added', classes: ['text', 'green']},
    2: {name: 'octicon-diff-modified', classes: ['text', 'yellow']},
@ -36,7 +36,7 @@ function getIconForDiffType(pType) {
  return diffTypes[pType];
 }
-function fileIcon(file) {
+function fileIcon(file: File) {
  if (file.IsSubmodule) {
    return 'octicon-file-submodule';
  }
--- a/web_src/js/components/PullRequestMergeForm.vue
+++ b/web_src/js/components/PullRequestMergeForm.vue
@ -68,7 +68,7 @@ function toggleActionForm(show: boolean) {
  mergeMessageFieldValue.value = mergeStyleDetail.value.mergeMessageFieldText;
 }
-function switchMergeStyle(name, autoMerge = false) {
+function switchMergeStyle(name: string, autoMerge = false) {
  mergeStyle.value = name;
  autoMergeWhenSucceed.value = autoMerge;
 }
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@ -1,7 +1,7 @@
 <script lang="ts">
 import {SvgIcon} from '../svg.ts';
 import ActionRunStatus from './ActionRunStatus.vue';
-import {createApp} from 'vue';
+import {defineComponent, type PropType} from 'vue';
 import {createElementFromAttrs, toggleElem} from '../utils/dom.ts';
 import {formatDatetime} from '../utils/time.ts';
 import {renderAnsi} from '../render/ansi.ts';
@ -38,7 +38,7 @@ function parseLineCommand(line: LogLine): LogLineCommand | null {
  return null;
 }
-function isLogElementInViewport(el: HTMLElement): boolean {
+function isLogElementInViewport(el: Element): boolean {
  const rect = el.getBoundingClientRect();
  return rect.top >= 0 && rect.bottom <= window.innerHeight; // only check height but not width
 }
@ -57,25 +57,28 @@ function getLocaleStorageOptions(): LocaleStorageOptions {
  return {autoScroll: true, expandRunning: false};
 }
-const sfc = {
+export default defineComponent({
  name: 'RepoActionView',
  components: {
    SvgIcon,
    ActionRunStatus,
  },
  props: {
-    runIndex: String,
+    runIndex: {
-    jobIndex: String,
+      type: String,
-    actionsURL: String,
+      default: '',
    locale: Object,
  },
  watch: {
    optionAlwaysAutoScroll() {
      this.saveLocaleStorageOptions();
    },
-    optionAlwaysExpandRunning() {
+    jobIndex: {
-      this.saveLocaleStorageOptions();
+      type: String,
      default: '',
    },
    actionsURL: {
      type: String,
      default: '',
    },
    locale: {
      type: Object as PropType<Record<string, string>>,
      default: null,
    },
  },
@ -102,10 +105,11 @@ const sfc = {
        link: '',
        title: '',
        titleHTML: '',
-        status: '',
+        status: 'unknown' as RunStatus,
        canCancel: false,
        canApprove: false,
        canRerun: false,
        canDeleteArtifact: false,
        done: false,
        workflowID: '',
        workflowLink: '',
@ -131,6 +135,7 @@ const sfc = {
          branch: {
            name: '',
            link: '',
            isDeleted: false,
          },
        },
      },
@ -148,7 +153,16 @@ const sfc = {
    };
  },
-  async mounted() {
+  watch: {
    optionAlwaysAutoScroll() {
      this.saveLocaleStorageOptions();
    },
    optionAlwaysExpandRunning() {
      this.saveLocaleStorageOptions();
    },
  },
  async mounted() { // eslint-disable-line @typescript-eslint/no-misused-promises
    // load job data and then auto-reload periodically
    // need to await first loadJob so this.currentJobStepsStates is initialized and can be used in hashChangeListener
    await this.loadJob();
@ -186,6 +200,7 @@ const sfc = {
    // get the active logs container element, either the `job-step-logs` or the `job-log-list` in the `job-log-group`
    getActiveLogsContainer(stepIndex: number): HTMLElement {
      const el = this.getJobStepLogsContainer(stepIndex);
      // @ts-expect-error - _stepLogsActiveContainer is a custom property
      return el._stepLogsActiveContainer ?? el;
    },
    // begin a log group
@ -263,7 +278,7 @@ const sfc = {
      const el = this.getJobStepLogsContainer(stepIndex);
      // if the logs container is empty, then auto-scroll if the step is expanded
      if (!el.lastChild) return this.currentJobStepsStates[stepIndex].expanded;
-      return isLogElementInViewport(el.lastChild);
+      return isLogElementInViewport(el.lastChild as Element);
    },
    appendLogs(stepIndex: number, startTime: number, logLines: LogLine[]) {
@ -380,7 +395,7 @@ const sfc = {
    toggleTimeDisplay(type: string) {
      this.timeVisible[`log-time-${type}`] = !this.timeVisible[`log-time-${type}`];
-      for (const el of this.$refs.steps.querySelectorAll(`.log-time-${type}`)) {
+      for (const el of (this.$refs.steps as HTMLElement).querySelectorAll(`.log-time-${type}`)) {
        toggleElem(el, this.timeVisible[`log-time-${type}`]);
      }
    },
@ -414,59 +429,12 @@ const sfc = {
        // so logline can be selected by querySelector
        await this.loadJob();
      }
-      const logLine = this.$refs.steps.querySelector(selectedLogStep);
+      const logLine = (this.$refs.steps as HTMLElement).querySelector(selectedLogStep);
      if (!logLine) return;
-      logLine.querySelector('.line-num').click();
+      logLine.querySelector<HTMLAnchorElement>('.line-num').click();
    },
  },
-};
+});
 export default sfc;
 export function initRepositoryActionView() {
  const el = document.querySelector('#repo-action-view');
  if (!el) return;
  // TODO: the parent element's full height doesn't work well now,
  // but we can not pollute the global style at the moment, only fix the height problem for pages with this component
  const parentFullHeight = document.querySelector<HTMLElement>('body > div.full.height');
  if (parentFullHeight) parentFullHeight.style.paddingBottom = '0';
  const view = createApp(sfc, {
    runIndex: el.getAttribute('data-run-index'),
    jobIndex: el.getAttribute('data-job-index'),
    actionsURL: el.getAttribute('data-actions-url'),
    locale: {
      approve: el.getAttribute('data-locale-approve'),
      cancel: el.getAttribute('data-locale-cancel'),
      rerun: el.getAttribute('data-locale-rerun'),
      rerun_all: el.getAttribute('data-locale-rerun-all'),
      scheduled: el.getAttribute('data-locale-runs-scheduled'),
      commit: el.getAttribute('data-locale-runs-commit'),
      pushedBy: el.getAttribute('data-locale-runs-pushed-by'),
      artifactsTitle: el.getAttribute('data-locale-artifacts-title'),
      areYouSure: el.getAttribute('data-locale-are-you-sure'),
      confirmDeleteArtifact: el.getAttribute('data-locale-confirm-delete-artifact'),
      showTimeStamps: el.getAttribute('data-locale-show-timestamps'),
      showLogSeconds: el.getAttribute('data-locale-show-log-seconds'),
      showFullScreen: el.getAttribute('data-locale-show-full-screen'),
      downloadLogs: el.getAttribute('data-locale-download-logs'),
      status: {
        unknown: el.getAttribute('data-locale-status-unknown'),
        waiting: el.getAttribute('data-locale-status-waiting'),
        running: el.getAttribute('data-locale-status-running'),
        success: el.getAttribute('data-locale-status-success'),
        failure: el.getAttribute('data-locale-status-failure'),
        cancelled: el.getAttribute('data-locale-status-cancelled'),
        skipped: el.getAttribute('data-locale-status-skipped'),
        blocked: el.getAttribute('data-locale-status-blocked'),
      },
      logsAlwaysAutoScroll: el.getAttribute('data-locale-logs-always-auto-scroll'),
      logsAlwaysExpandRunning: el.getAttribute('data-locale-logs-always-expand-running'),
    },
  });
  view.mount(el);
 }
 </script>
 <template>
  <div class="ui container action-view-container">
--- a/web_src/js/components/RepoActivityTopAuthors.vue
+++ b/web_src/js/components/RepoActivityTopAuthors.vue
@ -8,13 +8,15 @@ const colors = ref({
  textAltColor: 'white',
 });
-// possible keys:
+type ActivityAuthorData = {
-// * avatar_link: (...)
+  avatar_link: string;
-// * commits: (...)
+  commits: number;
-// * home_link: (...)
+  home_link: string;
-// * login: (...)
+  login: string;
-// * name: (...)
+  name: string;
-const activityTopAuthors = window.config.pageData.repoActivityTopAuthors || [];
+}
 const activityTopAuthors: Array<ActivityAuthorData> = window.config.pageData.repoActivityTopAuthors || [];
 const graphPoints = computed(() => {
  return activityTopAuthors.map((item) => {
@ -26,7 +28,7 @@ const graphPoints = computed(() => {
 });
 const graphAuthors = computed(() => {
-  return activityTopAuthors.map((item, idx) => {
+  return activityTopAuthors.map((item, idx: number) => {
    return {
      position: idx + 1,
      ...item,
--- a/web_src/js/components/RepoBranchTagSelector.vue
+++ b/web_src/js/components/RepoBranchTagSelector.vue
@ -1,5 +1,5 @@
 <script lang="ts">
-import {nextTick} from 'vue';
+import {defineComponent, nextTick} from 'vue';
 import {SvgIcon} from '../svg.ts';
 import {showErrorToast} from '../modules/toast.ts';
 import {GET} from '../modules/fetch.ts';
@ -17,51 +17,11 @@ type SelectedTab = 'branches' | 'tags';
 type TabLoadingStates = Record<SelectedTab, '' | 'loading' | 'done'>
-const sfc = {
+export default defineComponent({
  components: {SvgIcon},
  props: {
    elRoot: HTMLElement,
  },
  computed: {
    searchFieldPlaceholder() {
      return this.selectedTab === 'branches' ? this.textFilterBranch : this.textFilterTag;
    },
    filteredItems(): ListItem[] {
      const searchTermLower = this.searchTerm.toLowerCase();
      const items = this.allItems.filter((item: ListItem) => {
        const typeMatched = (this.selectedTab === 'branches' && item.refType === 'branch') || (this.selectedTab === 'tags' && item.refType === 'tag');
        if (!typeMatched) return false;
        if (!this.searchTerm) return true; // match all
        return item.refShortName.toLowerCase().includes(searchTermLower);
      });
      // TODO: fix this anti-pattern: side-effects-in-computed-properties
      this.activeItemIndex = !items.length && this.showCreateNewRef ? 0 : -1;
      return items;
    },
    showNoResults() {
      if (this.tabLoadingStates[this.selectedTab] !== 'done') return false;
      return !this.filteredItems.length && !this.showCreateNewRef;
    },
    showCreateNewRef() {
      if (!this.allowCreateNewRef || !this.searchTerm) {
        return false;
      }
      return !this.allItems.filter((item: ListItem) => {
        return item.refShortName === this.searchTerm; // FIXME: not quite right here, it mixes "branch" and "tag" names
      }).length;
    },
    createNewRefFormActionUrl() {
      return `${this.currentRepoLink}/branches/_new/${this.currentRefType}/${pathEscapeSegments(this.currentRefShortName)}`;
    },
  },
  watch: {
    menuVisible(visible: boolean) {
      if (!visible) return;
      this.focusSearchField();
      this.loadTabItems();
    },
  },
  data() {
    const shouldShowTabBranches = this.elRoot.getAttribute('data-show-tab-branches') === 'true';
    return {
@ -89,7 +49,7 @@ const sfc = {
      currentRepoDefaultBranch: this.elRoot.getAttribute('data-current-repo-default-branch'),
      currentRepoLink: this.elRoot.getAttribute('data-current-repo-link'),
      currentTreePath: this.elRoot.getAttribute('data-current-tree-path'),
-      currentRefType: this.elRoot.getAttribute('data-current-ref-type'),
+      currentRefType: this.elRoot.getAttribute('data-current-ref-type') as GitRefType,
      currentRefShortName: this.elRoot.getAttribute('data-current-ref-short-name'),
      refLinkTemplate: this.elRoot.getAttribute('data-ref-link-template'),
@ -102,6 +62,46 @@ const sfc = {
      enableFeed: this.elRoot.getAttribute('data-enable-feed') === 'true',
    };
  },
  computed: {
    searchFieldPlaceholder() {
      return this.selectedTab === 'branches' ? this.textFilterBranch : this.textFilterTag;
    },
    filteredItems(): ListItem[] {
      const searchTermLower = this.searchTerm.toLowerCase();
      const items = this.allItems.filter((item: ListItem) => {
        const typeMatched = (this.selectedTab === 'branches' && item.refType === 'branch') || (this.selectedTab === 'tags' && item.refType === 'tag');
        if (!typeMatched) return false;
        if (!this.searchTerm) return true; // match all
        return item.refShortName.toLowerCase().includes(searchTermLower);
      });
      // TODO: fix this anti-pattern: side-effects-in-computed-properties
      this.activeItemIndex = !items.length && this.showCreateNewRef ? 0 : -1; // eslint-disable-line vue/no-side-effects-in-computed-properties
      return items;
    },
    showNoResults() {
      if (this.tabLoadingStates[this.selectedTab] !== 'done') return false;
      return !this.filteredItems.length && !this.showCreateNewRef;
    },
    showCreateNewRef() {
      if (!this.allowCreateNewRef || !this.searchTerm) {
        return false;
      }
      return !this.allItems.filter((item: ListItem) => {
        return item.refShortName === this.searchTerm; // FIXME: not quite right here, it mixes "branch" and "tag" names
      }).length;
    },
    createNewRefFormActionUrl() {
      return `${this.currentRepoLink}/branches/_new/${this.currentRefType}/${pathEscapeSegments(this.currentRefShortName)}`;
    },
  },
  watch: {
    menuVisible(visible: boolean) {
      if (!visible) return;
      this.focusSearchField();
      this.loadTabItems();
    },
  },
  beforeMount() {
    document.body.addEventListener('click', (e) => {
      if (this.$el.contains(e.target)) return;
@ -139,11 +139,11 @@ const sfc = {
      }
    },
    createNewRef() {
-      this.$refs.createNewRefForm?.submit();
+      (this.$refs.createNewRefForm as HTMLFormElement)?.submit();
    },
    focusSearchField() {
      nextTick(() => {
-        this.$refs.searchField.focus();
+        (this.$refs.searchField as HTMLInputElement).focus();
      });
    },
    getSelectedIndexInFiltered() {
@ -154,6 +154,7 @@ const sfc = {
    },
    getActiveItem() {
      const el = this.$refs[`listItem${this.activeItemIndex}`]; // eslint-disable-line no-jquery/variable-pattern
      // @ts-expect-error - el is unknown type
      return (el && el.length) ? el[0] : null;
    },
    keydown(e) {
@ -212,9 +213,7 @@ const sfc = {
      }
    },
  },
-};
+});
 export default sfc; // activate IDE's Vue plugin
 </script>
 <template>
  <div class="ui dropdown custom branch-selector-dropdown ellipsis-items-nowrap">
--- a/web_src/js/components/RepoContributors.vue
+++ b/web_src/js/components/RepoContributors.vue
@ -1,4 +1,5 @@
 <script lang="ts">
 import {defineComponent, type PropType} from 'vue';
 import {SvgIcon} from '../svg.ts';
 import dayjs from 'dayjs';
 import {
@ -56,11 +57,11 @@ Chart.register(
  customEventListener,
 );
-export default {
+export default defineComponent({
  components: {ChartLine, SvgIcon},
  props: {
    locale: {
-      type: Object,
+      type: Object as PropType<Record<string, any>>,
      required: true,
    },
    repoLink: {
@ -88,7 +89,7 @@ export default {
    this.fetchGraphData();
    fomanticQuery('#repo-contributors').dropdown({
-      onChange: (val) => {
+      onChange: (val: string) => {
        this.xAxisMin = this.xAxisStart;
        this.xAxisMax = this.xAxisEnd;
        this.type = val;
@ -320,7 +321,7 @@ export default {
      };
    },
  },
-};
+});
 </script>
 <template>
  <div>
--- a/web_src/js/features/common-organization.ts
+++ b/web_src/js/features/common-organization.ts
@ -6,7 +6,7 @@ export function initCommonOrganization() {
    return;
  }
-  document.querySelector('.organization.settings.options #org_name')?.addEventListener('input', function () {
+  document.querySelector<HTMLInputElement>('.organization.settings.options #org_name')?.addEventListener('input', function () {
    const nameChanged = this.value.toLowerCase() !== this.getAttribute('data-org-name').toLowerCase();
    toggleElem('#org-name-change-prompt', nameChanged);
  });
--- a/web_src/js/features/comp/WebHookEditor.ts
+++ b/web_src/js/features/comp/WebHookEditor.ts
@ -6,7 +6,7 @@ export function initCompWebHookEditor() {
    return;
  }
-  for (const input of document.querySelectorAll('.events.checkbox input')) {
+  for (const input of document.querySelectorAll<HTMLInputElement>('.events.checkbox input')) {
    input.addEventListener('change', function () {
      if (this.checked) {
        showElem('.events.fields');
@ -14,7 +14,7 @@ export function initCompWebHookEditor() {
    });
  }
-  for (const input of document.querySelectorAll('.non-events.checkbox input')) {
+  for (const input of document.querySelectorAll<HTMLInputElement>('.non-events.checkbox input')) {
    input.addEventListener('change', function () {
      if (this.checked) {
        hideElem('.events.fields');
@ -34,7 +34,7 @@ export function initCompWebHookEditor() {
  }
  // Test delivery
-  document.querySelector('#test-delivery')?.addEventListener('click', async function () {
+  document.querySelector<HTMLButtonElement>('#test-delivery')?.addEventListener('click', async function () {
    this.classList.add('is-loading', 'disabled');
    await POST(this.getAttribute('data-link'));
    setTimeout(() => {
--- a/web_src/js/features/dashboard.ts
+++ b/web_src/js/features/dashboard.ts
@ -0,0 +1,9 @@
 import {createApp} from 'vue';
 import DashboardRepoList from '../components/DashboardRepoList.vue';
 export function initDashboardRepoList() {
  const el = document.querySelector('#dashboard-repo-list');
  if (el) {
    createApp(DashboardRepoList).mount(el);
  }
 }
--- a/web_src/js/features/install.ts
+++ b/web_src/js/features/install.ts
@ -27,7 +27,7 @@ function initPreInstall() {
  const dbName = document.querySelector<HTMLInputElement>('#db_name');
  // Database type change detection.
-  document.querySelector('#db_type').addEventListener('change', function () {
+  document.querySelector<HTMLInputElement>('#db_type').addEventListener('change', function () {
    const dbType = this.value;
    hideElem('div[data-db-setting-for]');
    showElem(`div[data-db-setting-for=${dbType}]`);
@ -59,26 +59,26 @@ function initPreInstall() {
  }
  // TODO: better handling of exclusive relations.
-  document.querySelector('#offline-mode input').addEventListener('change', function () {
+  document.querySelector<HTMLInputElement>('#offline-mode input').addEventListener('change', function () {
    if (this.checked) {
      document.querySelector<HTMLInputElement>('#disable-gravatar input').checked = true;
      document.querySelector<HTMLInputElement>('#federated-avatar-lookup input').checked = false;
    }
  });
-  document.querySelector('#disable-gravatar input').addEventListener('change', function () {
+  document.querySelector<HTMLInputElement>('#disable-gravatar input').addEventListener('change', function () {
    if (this.checked) {
      document.querySelector<HTMLInputElement>('#federated-avatar-lookup input').checked = false;
    } else {
      document.querySelector<HTMLInputElement>('#offline-mode input').checked = false;
    }
  });
-  document.querySelector('#federated-avatar-lookup input').addEventListener('change', function () {
+  document.querySelector<HTMLInputElement>('#federated-avatar-lookup input').addEventListener('change', function () {
    if (this.checked) {
      document.querySelector<HTMLInputElement>('#disable-gravatar input').checked = false;
      document.querySelector<HTMLInputElement>('#offline-mode input').checked = false;
    }
  });
-  document.querySelector('#enable-openid-signin input').addEventListener('change', function () {
+  document.querySelector<HTMLInputElement>('#enable-openid-signin input').addEventListener('change', function () {
    if (this.checked) {
      if (!document.querySelector<HTMLInputElement>('#disable-registration input').checked) {
        document.querySelector<HTMLInputElement>('#enable-openid-signup input').checked = true;
@ -87,7 +87,7 @@ function initPreInstall() {
      document.querySelector<HTMLInputElement>('#enable-openid-signup input').checked = false;
    }
  });
-  document.querySelector('#disable-registration input').addEventListener('change', function () {
+  document.querySelector<HTMLInputElement>('#disable-registration input').addEventListener('change', function () {
    if (this.checked) {
      document.querySelector<HTMLInputElement>('#enable-captcha input').checked = false;
      document.querySelector<HTMLInputElement>('#enable-openid-signup input').checked = false;
@ -95,7 +95,7 @@ function initPreInstall() {
      document.querySelector<HTMLInputElement>('#enable-openid-signup input').checked = true;
    }
  });
-  document.querySelector('#enable-captcha input').addEventListener('change', function () {
+  document.querySelector<HTMLInputElement>('#enable-captcha input').addEventListener('change', function () {
    if (this.checked) {
      document.querySelector<HTMLInputElement>('#disable-registration input').checked = false;
    }
--- a/web_src/js/features/pull-view-file.ts
+++ b/web_src/js/features/pull-view-file.ts
@ -38,7 +38,7 @@ export function initViewedCheckboxListenerFor() {
    // The checkbox consists of a div containing the real checkbox with its label and the CSRF token,
    // hence the actual checkbox first has to be found
-    const checkbox = form.querySelector('input[type=checkbox]');
+    const checkbox = form.querySelector<HTMLInputElement>('input[type=checkbox]');
    checkbox.addEventListener('input', function() {
      // Mark the file as viewed visually - will especially change the background
      if (this.checked) {
--- a/web_src/js/features/repo-actions.ts
+++ b/web_src/js/features/repo-actions.ts
@ -0,0 +1,47 @@
 import {createApp} from 'vue';
 import RepoActionView from '../components/RepoActionView.vue';
 export function initRepositoryActionView() {
  const el = document.querySelector('#repo-action-view');
  if (!el) return;
  // TODO: the parent element's full height doesn't work well now,
  // but we can not pollute the global style at the moment, only fix the height problem for pages with this component
  const parentFullHeight = document.querySelector<HTMLElement>('body > div.full.height');
  if (parentFullHeight) parentFullHeight.style.paddingBottom = '0';
  const view = createApp(RepoActionView, {
    runIndex: el.getAttribute('data-run-index'),
    jobIndex: el.getAttribute('data-job-index'),
    actionsURL: el.getAttribute('data-actions-url'),
    locale: {
      approve: el.getAttribute('data-locale-approve'),
      cancel: el.getAttribute('data-locale-cancel'),
      rerun: el.getAttribute('data-locale-rerun'),
      rerun_all: el.getAttribute('data-locale-rerun-all'),
      scheduled: el.getAttribute('data-locale-runs-scheduled'),
      commit: el.getAttribute('data-locale-runs-commit'),
      pushedBy: el.getAttribute('data-locale-runs-pushed-by'),
      artifactsTitle: el.getAttribute('data-locale-artifacts-title'),
      areYouSure: el.getAttribute('data-locale-are-you-sure'),
      confirmDeleteArtifact: el.getAttribute('data-locale-confirm-delete-artifact'),
      showTimeStamps: el.getAttribute('data-locale-show-timestamps'),
      showLogSeconds: el.getAttribute('data-locale-show-log-seconds'),
      showFullScreen: el.getAttribute('data-locale-show-full-screen'),
      downloadLogs: el.getAttribute('data-locale-download-logs'),
      status: {
        unknown: el.getAttribute('data-locale-status-unknown'),
        waiting: el.getAttribute('data-locale-status-waiting'),
        running: el.getAttribute('data-locale-status-running'),
        success: el.getAttribute('data-locale-status-success'),
        failure: el.getAttribute('data-locale-status-failure'),
        cancelled: el.getAttribute('data-locale-status-cancelled'),
        skipped: el.getAttribute('data-locale-status-skipped'),
        blocked: el.getAttribute('data-locale-status-blocked'),
      },
      logsAlwaysAutoScroll: el.getAttribute('data-locale-logs-always-auto-scroll'),
      logsAlwaysExpandRunning: el.getAttribute('data-locale-logs-always-expand-running'),
    },
  });
  view.mount(el);
 }
--- a/web_src/js/features/repo-commit.ts
+++ b/web_src/js/features/repo-commit.ts
@ -6,7 +6,7 @@ export function initRepoEllipsisButton() {
 }
 export function initTargetRepoEllipsisButton(target: ParentNode) {
-  for (const button of target.querySelectorAll('.js-toggle-commit-body')) {
+  for (const button of target.querySelectorAll<HTMLButtonElement>('.js-toggle-commit-body')) {
    button.addEventListener('click', function (e) {
      e.preventDefault();
      const expanded = this.getAttribute('aria-expanded') === 'true';
--- a/web_src/js/features/repo-home.ts
+++ b/web_src/js/features/repo-home.ts
@ -89,7 +89,7 @@ export function initRepoTopicBar() {
      url: `${appSubUrl}/explore/topics/search?q={query}`,
      throttle: 500,
      cache: false,
-      onResponse(res) {
+      onResponse(this: any, res: any) {
        const formattedResponse = {
          success: false,
          results: [],
--- a/web_src/js/features/repo-issue.ts
+++ b/web_src/js/features/repo-issue.ts
@ -216,7 +216,7 @@ export function initRepoIssueCodeCommentCancel() {
 export function initRepoPullRequestUpdate() {
  // Pull Request update button
-  const pullUpdateButton = document.querySelector('.update-button > button');
+  const pullUpdateButton = document.querySelector<HTMLButtonElement>('.update-button > button');
  if (!pullUpdateButton) return;
  pullUpdateButton.addEventListener('click', async function (e) {
--- a/web_src/js/features/repo-settings.ts
+++ b/web_src/js/features/repo-settings.ts
@ -79,21 +79,21 @@ function initRepoSettingsGitHook() {
 function initRepoSettingsBranches() {
  if (!document.querySelector('.repository.settings.branches')) return;
-  for (const el of document.querySelectorAll('.toggle-target-enabled')) {
+  for (const el of document.querySelectorAll<HTMLInputElement>('.toggle-target-enabled')) {
    el.addEventListener('change', function () {
      const target = document.querySelector(this.getAttribute('data-target'));
      target?.classList.toggle('disabled', !this.checked);
    });
  }
-  for (const el of document.querySelectorAll('.toggle-target-disabled')) {
+  for (const el of document.querySelectorAll<HTMLInputElement>('.toggle-target-disabled')) {
    el.addEventListener('change', function () {
      const target = document.querySelector(this.getAttribute('data-target'));
      if (this.checked) target?.classList.add('disabled'); // only disable, do not auto enable
    });
  }
-  document.querySelector('#dismiss_stale_approvals')?.addEventListener('change', function () {
+  document.querySelector<HTMLInputElement>('#dismiss_stale_approvals')?.addEventListener('change', function () {
    document.querySelector('#ignore_stale_approvals_box')?.classList.toggle('disabled', this.checked);
  });
--- a/web_src/js/features/sshkey-helper.ts
+++ b/web_src/js/features/sshkey-helper.ts
@ -1,6 +1,6 @@
 export function initSshKeyFormParser() {
  // Parse SSH Key
-  document.querySelector('#ssh-key-content')?.addEventListener('input', function () {
+  document.querySelector<HTMLTextAreaElement>('#ssh-key-content')?.addEventListener('input', function () {
    const arrays = this.value.split(' ');
    const title = document.querySelector<HTMLInputElement>('#ssh-key-title');
    if (!title.value && arrays.length === 3 && arrays[2] !== '') {
--- a/web_src/js/features/user-settings.ts
+++ b/web_src/js/features/user-settings.ts
@ -13,7 +13,7 @@ export function initUserSettings() {
  initUserSettingsAvatarCropper();
-  const usernameInput = document.querySelector('#username');
+  const usernameInput = document.querySelector<HTMLInputElement>('#username');
  if (!usernameInput) return;
  usernameInput.addEventListener('input', function () {
    const prompt = document.querySelector('#name-change-prompt');
--- a/web_src/js/index.ts
+++ b/web_src/js/index.ts
@ -2,8 +2,7 @@
 import './bootstrap.ts';
 import './htmx.ts';
-import {initDashboardRepoList} from './components/DashboardRepoList.vue';
+import {initDashboardRepoList} from './features/dashboard.ts';
 import {initGlobalCopyToClipboardListener} from './features/clipboard.ts';
 import {initContextPopups} from './features/contextpopup.ts';
 import {initRepoGraphGit} from './features/repo-graph.ts';
@ -54,7 +53,7 @@ import {initRepoWikiForm} from './features/repo-wiki.ts';
 import {initRepository, initBranchSelectorTabs} from './features/repo-legacy.ts';
 import {initCopyContent} from './features/copycontent.ts';
 import {initCaptcha} from './features/captcha.ts';
-import {initRepositoryActionView} from './components/RepoActionView.vue';
+import {initRepositoryActionView} from './features/repo-actions.ts';
 import {initGlobalTooltips} from './modules/tippy.ts';
 import {initGiteaFomantic} from './modules/fomantic.ts';
 import {initSubmitEventPolyfill, onDomReady} from './utils/dom.ts';
--- a/web_src/js/modules/fomantic/dimmer.ts
+++ b/web_src/js/modules/fomantic/dimmer.ts
@ -3,7 +3,7 @@ import {queryElemChildren} from '../../utils/dom.ts';
 export function initFomanticDimmer() {
  // stand-in for removed dimmer module
-  $.fn.dimmer = function (arg0: string, arg1: any) {
+  $.fn.dimmer = function (this: any, arg0: string, arg1: any) {
    if (arg0 === 'add content') {
      const $el = arg1;
      const existingDimmer = document.querySelector('body > .ui.dimmer');
--- a/web_src/js/modules/fomantic/dropdown.ts
+++ b/web_src/js/modules/fomantic/dropdown.ts
@ -17,7 +17,7 @@ export function initAriaDropdownPatch() {
 // the patched `$.fn.dropdown` function, it passes the arguments to Fomantic's `$.fn.dropdown` function, and:
 // * it does the one-time attaching on the first call
 // * it delegates the `onLabelCreate` to the patched `onLabelCreate` to add necessary aria attributes
-function ariaDropdownFn(...args: Parameters<FomanticInitFunction>) {
+function ariaDropdownFn(this: any, ...args: Parameters<FomanticInitFunction>) {
  const ret = fomanticDropdownFn.apply(this, args);
  // if the `$().dropdown()` call is without arguments, or it has non-string (object) argument,
@ -76,18 +76,18 @@ function delegateOne($dropdown: any) {
  const oldFocusSearch = dropdownCall('internal', 'focusSearch');
  const oldBlurSearch = dropdownCall('internal', 'blurSearch');
  // * If the "dropdown icon" is clicked, Fomantic calls "focusSearch", so show the menu
-  dropdownCall('internal', 'focusSearch', function () { dropdownCall('show'); oldFocusSearch.call(this) });
+  dropdownCall('internal', 'focusSearch', function (this: any) { dropdownCall('show'); oldFocusSearch.call(this) });
  // * If the "dropdown icon" is clicked again when the menu is visible, Fomantic calls "blurSearch", so hide the menu
-  dropdownCall('internal', 'blurSearch', function () { oldBlurSearch.call(this); dropdownCall('hide') });
+  dropdownCall('internal', 'blurSearch', function (this: any) { oldBlurSearch.call(this); dropdownCall('hide') });
  const oldFilterItems = dropdownCall('internal', 'filterItems');
-  dropdownCall('internal', 'filterItems', function (...args: any[]) {
+  dropdownCall('internal', 'filterItems', function (this: any, ...args: any[]) {
    oldFilterItems.call(this, ...args);
    processMenuItems($dropdown, dropdownCall);
  });
  const oldShow = dropdownCall('internal', 'show');
-  dropdownCall('internal', 'show', function (...args: any[]) {
+  dropdownCall('internal', 'show', function (this: any, ...args: any[]) {
    oldShow.call(this, ...args);
    processMenuItems($dropdown, dropdownCall);
  });
@ -110,7 +110,7 @@ function delegateOne($dropdown: any) {
  // the `onLabelCreate` is used to add necessary aria attributes for dynamically created selection labels
  const dropdownOnLabelCreateOld = dropdownCall('setting', 'onLabelCreate');
-  dropdownCall('setting', 'onLabelCreate', function(value: any, text: string) {
+  dropdownCall('setting', 'onLabelCreate', function(this: any, value: any, text: string) {
    const $label = dropdownOnLabelCreateOld.call(this, value, text);
    updateSelectionLabel($label[0]);
    return $label;
--- a/web_src/js/modules/fomantic/modal.ts
+++ b/web_src/js/modules/fomantic/modal.ts
@ -12,7 +12,7 @@ export function initAriaModalPatch() {
 // the patched `$.fn.modal` modal function
 // * it does the one-time attaching on the first call
-function ariaModalFn(...args: Parameters<FomanticInitFunction>) {
+function ariaModalFn(this: any, ...args: Parameters<FomanticInitFunction>) {
  const ret = fomanticModalFn.apply(this, args);
  if (args[0] === 'show' || args[0]?.autoShow) {
    for (const el of this) {
--- a/web_src/js/modules/tippy.ts
+++ b/web_src/js/modules/tippy.ts
@ -121,7 +121,7 @@ function switchTitleToTooltip(target: Element): void {
 * Some browsers like PaleMoon don't support "addEventListener('mouseenter', capture)"
 * The tippy by default uses "mouseenter" event to show, so we use "mouseover" event to switch to tippy
 */
-function lazyTooltipOnMouseHover(e: Event): void {
+function lazyTooltipOnMouseHover(this: HTMLElement, e: Event): void {
  e.target.removeEventListener('mouseover', lazyTooltipOnMouseHover, true);
  attachTooltip(this);
 }
--- a/web_src/js/svg.ts
+++ b/web_src/js/svg.ts
@ -1,4 +1,4 @@
-import {h} from 'vue';
+import {defineComponent, h, type PropType} from 'vue';
 import {parseDom, serializeXml} from './utils.ts';
 import giteaDoubleChevronLeft from '../../public/assets/img/svg/gitea-double-chevron-left.svg';
 import giteaDoubleChevronRight from '../../public/assets/img/svg/gitea-double-chevron-right.svg';
@ -196,10 +196,10 @@ export function svgParseOuterInner(name: SvgName) {
  return {svgOuter, svgInnerHtml};
 }
-export const SvgIcon = {
+export const SvgIcon = defineComponent({
  name: 'SvgIcon',
  props: {
-    name: {type: String, required: true},
+    name: {type: String as PropType<SvgName>, required: true},
    size: {type: Number, default: 16},
    className: {type: String, default: ''},
    symbolId: {type: String},
@ -217,7 +217,7 @@ export const SvgIcon = {
    attrs[`^height`] = this.size;
    // make the <SvgIcon class="foo" class-name="bar"> classes work together
-    const classes = [];
+    const classes: Array<string> = [];
    for (const cls of svgOuter.classList) {
      classes.push(cls);
    }
@ -236,4 +236,4 @@ export const SvgIcon = {
      innerHTML: svgInnerHtml,
    });
  },
-};
+});