Backport #32668 

- Fixes a translation keystring misuse where the string 'open
milestones' is used in place of 'closed milestones'.
- De-duplicates the use of 'open milesones' and 'closed milestones'
keystrings on the sidebar of an issue, reusing the ones on the issues
filter and action bars.
- Closes #32667

Co-authored-by: Simon Pistache <105607989+SimonPistache@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

backport #32750

Backport #32783 by Sebastian-T-T

The R package repository currently does not have support for older
versions of packages which should be stored in a separate /Archive
router. This PR remedies that by adding a new path router.

Fixes #32782

Co-authored-by: Sebastian T. T. <109338575+Sebastian-T-T@users.noreply.github.com>

Backport #32732 by @lunny

Fix #20156

We reuse the code from the repository code view instead of the current
code.
Previously it took `5653ms` for
https://gitea.com/henri/wiki/wiki/?action=_pages

 in my local machine,
now it's about `300ms` .

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Backport https://github.com/go-gitea/gitea/pull/32730 to v1.22

Backport #32711 by @lunny

Fix #32709

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Backport of #32693

Fix #32683

This PR adds the login endpoint and fixes the documentation links.

Backport #32705 by @Zettat123

Fix #32335

When we call `GetRefCommitID` and the reference is already a commit ID,
the `GetRefCommitID` with go-git will return a `NotExist` error. This PR
improves the `GetRefCommitID` for go-git. If the input is already a
commit ID, it will be returned directly.

Co-authored-by: Zettat123 <zettat123@gmail.com>

Backport #32654 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Backport #32695 by yp05327

Co-authored-by: yp05327 <576951401@qq.com>

Backport #32599 by william-allspice

Backport #32659 by @lunny

Fix #27961

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Add release note for v1.22.4

---------

Co-authored-by: Kyle D. <kdumontnu@gmail.com>

This PR rewrites `GetReviewer` function and move it to service layer.

Reviewers should not be watchers, so that this PR removed all watchers
from reviewers. When the repository is under an organization, the pull
request unit read permission will be checked to resolve the bug of

Fix #32394
Backport #32415

Backport #32360 

Try to fix #31792 

Credit to @jeroenlaylo
Copied from
https://github.com/go-gitea/gitea/issues/31792#issuecomment-2311920520



Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Resolves #20475
Backport #31863

Co-authored-by: Job <LordChunk@users.noreply.github.com>

Backport #32313 

#29248 didn't modify the view page.
The class name is not good enough, so this is a quick fix.

Before:
org:

![image](https://github.com/user-attachments/assets/3e26502d-66b4-4043-ab03-003ba7391487)
user:

![image](https://github.com/user-attachments/assets/9b22b90c-d63c-4228-acad-4d9fb20590ac)

After:
org:

![image](https://github.com/user-attachments/assets/21bf98a7-8a5b-4dc6-950a-88f529e36450)
user: (no change)

![image](https://github.com/user-attachments/assets/fea0dcae-3625-44e8-bb9e-4c3733da8764

)

Co-authored-by: yp05327 <576951401@qq.com>

Partially backport #32351

Backport #32540 by @lunny

Fix #31480

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Backport #32527

We have some actions that leverage the Gitea API that began receiving
401 errors, with a message that the user was not found. These actions
use the `ACTIONS_RUNTIME_TOKEN` env var in the actions job to
authenticate with the Gitea API. The format of this env var in actions
jobs changed with go-gitea/gitea/pull/28885 to be a JWT (with a
corresponding update to `act_runner`) Since it was a JWT, the OAuth
parsing logic attempted to parse it as an OAuth token, and would return
user not found, instead of falling back to look up the running task and
assigning it to the actions user.

Make ACTIONS_RUNTIME_TOKEN in action runners could be used, attempting
to parse Oauth JWTs. The code to parse potential old
`ACTION_RUNTIME_TOKEN` was kept in case someone is running an older
version of act_runner that doesn't support the Actions JWT.

A quick fix for #32568
Partially backport from #32571

Backport #32560 by @lunny

PushMirrors only be used in the repository setting page. So it should
not be loaded on every repository page.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Backport #32528

- Move models/GetForks to services/FindForks
- Add doer as a parameter of FindForks to check permissions
- Slight performance optimization for get forks API with batch loading
of repository units
- Add tests for forking repository to organizations

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Backport #32243 by @lunny

Partially fix #31345

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

backport #32539

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

This is a backport-only fix for 1.22

1.23 has a proper fix #32533

Backport #32531 by @lunny

WebAuthn should behave the same way as TOTP. When enabled, basic auth
with username/password should need to WebAuthn auth, otherwise returned
401.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Backport #32186 by @lunny

Since there is a status column in the database, the transaction is
unnecessary when downloading an archive. The transaction is blocking
database operations, especially with SQLite.

Replace #27563

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Backport #32514 by lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Trim title before insert/update to database to match the size requirements of database (#32498) (#32507)

Backport #32501 by wxiaoguang

fix  #32496

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Backport #32424 by @Zettat123

Resolve #32232

Users can disable the "Actions" unit for all mirror repos by running 
```
gitea doctor check --run  disable-mirror-actions-unit --fix
```

Co-authored-by: Zettat123 <zettat123@gmail.com>

just bump:

 * golang:  v1.22.2 ->  v1.22.9
 * nodejs: v20.12.2 -> v20.18.0
 * python: v3.12.3 -> v3.12.7

Partially backport #32473. LFS related changes are not in 1.22, so skip
them.

1. Ignore non-existing repos during migrations
2. Improve ReadBatchLine's comment
3. Use `X-Gitea-Internal-Auth` header for internal API calls and make
the comparing constant time (it wasn't a serous problem because in a
real world it's nearly impossible to timing-attack the token, but indeed
security related and good to fix and backport)
4. Fix route mock nil check

Partially backport Disable Oauth check if oauth disabled #32368

Backport #32430 by usbalbin

Co-authored-by: Albin Hedman <albin9604@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>