Enable addtional linters (#34085)

enable mirror, usestdlibbars and perfsprint part of: https://github.com/go-gitea/gitea/issues/34083 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-01 12:14:01 +02:00
parent 56e42be36d
commit ee3c82f874
294 changed files with 848 additions and 805 deletions
@@ -51,7 +51,7 @@ func saveUploadChunkBase(st storage.ObjectStorage, ctx *ArtifactContext,
 		log.Info("[artifact] check chunk md5, sum: %s, header: %s", chunkMd5String, reqMd5String)
 		// if md5 not match, delete the chunk
 		if reqMd5String != chunkMd5String {
-			checkErr = fmt.Errorf("md5 not match")
+			checkErr = errors.New("md5 not match")
 		}
 	}
 	if writtenSize != contentSize {
@@ -261,7 +261,7 @@ func mergeChunksForArtifact(ctx *ArtifactContext, chunks []*chunkFileItem, st st
 		return fmt.Errorf("save merged file error: %v", err)
 	}
 	if written != artifact.FileCompressedSize {
-		return fmt.Errorf("merged file size is not equal to chunk length")
+		return errors.New("merged file size is not equal to chunk length")
 	}

 	defer func() {
@@ -170,7 +170,7 @@ func (r artifactV4Routes) buildSignature(endp, expires, artifactName string, tas
 func (r artifactV4Routes) buildArtifactURL(ctx *ArtifactContext, endp, artifactName string, taskID, artifactID int64) string {
 	expires := time.Now().Add(60 * time.Minute).Format("2006-01-02 15:04:05.999999999 -0700 MST")
 	uploadURL := strings.TrimSuffix(httplib.GuessCurrentAppURL(ctx), "/") + strings.TrimSuffix(r.prefix, "/") +
-		"/" + endp + "?sig=" + base64.URLEncoding.EncodeToString(r.buildSignature(endp, expires, artifactName, taskID, artifactID)) + "&expires=" + url.QueryEscape(expires) + "&artifactName=" + url.QueryEscape(artifactName) + "&taskID=" + fmt.Sprint(taskID) + "&artifactID=" + fmt.Sprint(artifactID)
+		"/" + endp + "?sig=" + base64.URLEncoding.EncodeToString(r.buildSignature(endp, expires, artifactName, taskID, artifactID)) + "&expires=" + url.QueryEscape(expires) + "&artifactName=" + url.QueryEscape(artifactName) + "&taskID=" + strconv.FormatInt(taskID, 10) + "&artifactID=" + strconv.FormatInt(artifactID, 10)
 	return uploadURL
 }

@@ -552,10 +552,10 @@ func CommonRoutes() *web.Router {

 			r.Methods("HEAD,GET,PUT,DELETE", "*", func(ctx *context.Context) {
 				path := ctx.PathParam("*")
-				isHead := ctx.Req.Method == "HEAD"
-				isGetHead := ctx.Req.Method == "HEAD" || ctx.Req.Method == "GET"
-				isPut := ctx.Req.Method == "PUT"
-				isDelete := ctx.Req.Method == "DELETE"
+				isHead := ctx.Req.Method == http.MethodHead
+				isGetHead := ctx.Req.Method == http.MethodHead || ctx.Req.Method == http.MethodGet
+				isPut := ctx.Req.Method == http.MethodPut
+				isDelete := ctx.Req.Method == http.MethodDelete

 				m := repoPattern.FindStringSubmatch(path)
 				if len(m) == 2 && isGetHead {
@@ -12,6 +12,7 @@ import (
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"hash"
 	"math/big"
@@ -121,7 +122,7 @@ func verifyTimestamp(req *http.Request) error {
 	}

 	if diff > maxTimeDifference {
-		return fmt.Errorf("time difference")
+		return errors.New("time difference")
 	}

 	return nil
@@ -190,7 +191,7 @@ func getAuthorizationData(req *http.Request) ([]byte, error) {
 	tmp := make([]string, len(valueList))
 	for k, v := range valueList {
 		if k > len(tmp) {
-			return nil, fmt.Errorf("invalid X-Ops-Authorization headers")
+			return nil, errors.New("invalid X-Ops-Authorization headers")
 		}
 		tmp[k-1] = v
 	}
@@ -267,7 +268,7 @@ func verifyDataOld(signature, data []byte, pub *rsa.PublicKey) error {
 	}

 	if !slices.Equal(out[skip:], data) {
-		return fmt.Errorf("could not verify signature")
+		return errors.New("could not verify signature")
 	}

 	return nil
@@ -149,7 +149,7 @@ func getOrCreateUploadVersion(ctx context.Context, pi *packages_service.PackageI
 }

 func createFileForBlob(ctx context.Context, pv *packages_model.PackageVersion, pb *packages_model.PackageBlob) error {
-	filename := strings.ToLower(fmt.Sprintf("sha256_%s", pb.HashSHA256))
+	filename := strings.ToLower("sha256_" + pb.HashSHA256)

 	pf := &packages_model.PackageFile{
 		VersionID:    pv.ID,
@@ -406,7 +406,7 @@ func createFileFromBlobReference(ctx context.Context, pv, uploadVersion *package
 	}

 	if ref.Name == "" {
-		ref.Name = strings.ToLower(fmt.Sprintf("sha256_%s", ref.File.Blob.HashSHA256))
+		ref.Name = strings.ToLower("sha256_" + ref.File.Blob.HashSHA256)
 	}

 	pf := &packages_model.PackageFile{
@@ -488,7 +488,7 @@ func UploadPackage(ctx *context.Context) {
 		pv,
 		&packages_service.PackageFileCreationInfo{
 			PackageFileInfo: packages_service.PackageFileInfo{
-				Filename: strings.ToLower(fmt.Sprintf("%s.nuspec", np.ID)),
+				Filename: strings.ToLower(np.ID + ".nuspec"),
 			},
 			Data: nuspecBuf,
 		},
@@ -7,6 +7,7 @@ import (
 	"crypto"
 	"crypto/x509"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -34,7 +35,7 @@ func getPublicKeyFromResponse(b []byte, keyID *url.URL) (p crypto.PublicKey, err
 	pubKeyPem := pubKey.PublicKeyPem
 	block, _ := pem.Decode([]byte(pubKeyPem))
 	if block == nil || block.Type != "PUBLIC KEY" {
-		return nil, fmt.Errorf("could not decode publicKeyPem to PUBLIC KEY pem block type")
+		return nil, errors.New("could not decode publicKeyPem to PUBLIC KEY pem block type")
 	}
 	p, err = x509.ParsePKIXPublicKey(block.Bytes)
 	return p, err
@@ -296,7 +296,7 @@ func DeleteUser(ctx *context.APIContext) {

 	// admin should not delete themself
 	if ctx.ContextUser.ID == ctx.Doer.ID {
-		ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("you cannot delete yourself"))
+		ctx.APIError(http.StatusUnprocessableEntity, errors.New("you cannot delete yourself"))
 		return
 	}

@@ -307,7 +307,7 @@ func tokenRequiresScopes(requiredScopeCategories ...auth_model.AccessTokenScopeC

 		// use the http method to determine the access level
 		requiredScopeLevel := auth_model.Read
-		if ctx.Req.Method == "POST" || ctx.Req.Method == "PUT" || ctx.Req.Method == "PATCH" || ctx.Req.Method == "DELETE" {
+		if ctx.Req.Method == http.MethodPost || ctx.Req.Method == http.MethodPut || ctx.Req.Method == http.MethodPatch || ctx.Req.Method == http.MethodDelete {
 			requiredScopeLevel = auth_model.Write
 		}

@@ -6,7 +6,6 @@ package repo

 import (
 	"errors"
-	"fmt"
 	"net/http"

 	"code.gitea.io/gitea/models/db"
@@ -157,9 +156,9 @@ func DeleteBranch(ctx *context.APIContext) {
 		case git.IsErrBranchNotExist(err):
 			ctx.APIErrorNotFound(err)
 		case errors.Is(err, repo_service.ErrBranchIsDefault):
-			ctx.APIError(http.StatusForbidden, fmt.Errorf("can not delete default branch"))
+			ctx.APIError(http.StatusForbidden, errors.New("can not delete default branch"))
 		case errors.Is(err, git_model.ErrBranchIsProtected):
-			ctx.APIError(http.StatusForbidden, fmt.Errorf("branch protected"))
+			ctx.APIError(http.StatusForbidden, errors.New("branch protected"))
 		default:
 			ctx.APIErrorInternal(err)
 		}
@@ -5,7 +5,6 @@
 package repo

 import (
-	"fmt"
 	"math"
 	"net/http"
 	"strconv"
@@ -65,7 +64,7 @@ func GetSingleCommit(ctx *context.APIContext) {

 	sha := ctx.PathParam("sha")
 	if !git.IsValidRefPattern(sha) {
-		ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("no valid ref or sha: %s", sha))
+		ctx.APIError(http.StatusUnprocessableEntity, "no valid ref or sha: "+sha)
 		return
 	}

@@ -4,7 +4,6 @@
 package repo

 import (
-	"fmt"
 	"net/http"

 	"code.gitea.io/gitea/modules/git"
@@ -23,7 +22,7 @@ func DownloadArchive(ctx *context.APIContext) {
 	case "bundle":
 		tp = git.ArchiveBundle
 	default:
-		ctx.APIError(http.StatusBadRequest, fmt.Sprintf("Unknown archive type: %s", ballType))
+		ctx.APIError(http.StatusBadRequest, "Unknown archive type: "+ballType)
 		return
 	}

@@ -661,7 +661,7 @@ func UpdateFile(ctx *context.APIContext) {
 	//     "$ref": "#/responses/repoArchivedError"
 	apiOpts := web.GetForm(ctx).(*api.UpdateFileOptions)
 	if ctx.Repo.Repository.IsEmpty {
-		ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("repo is empty"))
+		ctx.APIError(http.StatusUnprocessableEntity, errors.New("repo is empty"))
 		return
 	}

@@ -5,7 +5,7 @@
 package repo

 import (
-	"fmt"
+	"errors"
 	"net/http"
 	"reflect"

@@ -321,7 +321,7 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption)

 	if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
 		ctx.APIError(http.StatusForbidden, "write permission is required")
-		return nil, nil, fmt.Errorf("permission denied")
+		return nil, nil, errors.New("permission denied")
 	}

 	var (
@@ -337,12 +337,12 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption)
 			labelNames = append(labelNames, rv.String())
 		default:
 			ctx.APIError(http.StatusBadRequest, "a label must be an integer or a string")
-			return nil, nil, fmt.Errorf("invalid label")
+			return nil, nil, errors.New("invalid label")
 		}
 	}
 	if len(labelIDs) > 0 && len(labelNames) > 0 {
 		ctx.APIError(http.StatusBadRequest, "labels should be an array of strings or integers")
-		return nil, nil, fmt.Errorf("invalid labels")
+		return nil, nil, errors.New("invalid labels")
 	}
 	if len(labelNames) > 0 {
 		repoLabelIDs, err := issues_model.GetLabelIDsInRepoByNames(ctx, ctx.Repo.Repository.ID, labelNames)
@@ -4,6 +4,7 @@
 package repo

 import (
+	"errors"
 	"fmt"
 	"net/http"
 	"time"
@@ -116,7 +117,7 @@ func ListTrackedTimes(ctx *context.APIContext) {
 		if opts.UserID == 0 {
 			opts.UserID = ctx.Doer.ID
 		} else {
-			ctx.APIError(http.StatusForbidden, fmt.Errorf("query by user not allowed; not enough rights"))
+			ctx.APIError(http.StatusForbidden, errors.New("query by user not allowed; not enough rights"))
 			return
 		}
 	}
@@ -437,7 +438,7 @@ func ListTrackedTimesByUser(ctx *context.APIContext) {
 	}

 	if !ctx.IsUserRepoAdmin() && !ctx.Doer.IsAdmin && ctx.Doer.ID != user.ID {
-		ctx.APIError(http.StatusForbidden, fmt.Errorf("query by user not allowed; not enough rights"))
+		ctx.APIError(http.StatusForbidden, errors.New("query by user not allowed; not enough rights"))
 		return
 	}

@@ -545,7 +546,7 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
 		if opts.UserID == 0 {
 			opts.UserID = ctx.Doer.ID
 		} else {
-			ctx.APIError(http.StatusForbidden, fmt.Errorf("query by user not allowed; not enough rights"))
+			ctx.APIError(http.StatusForbidden, errors.New("query by user not allowed; not enough rights"))
 			return
 		}
 	}
@@ -115,12 +115,12 @@ func Migrate(ctx *context.APIContext) {
 	gitServiceType := convert.ToGitServiceType(form.Service)

 	if form.Mirror && setting.Mirror.DisableNewPull {
-		ctx.APIError(http.StatusForbidden, fmt.Errorf("the site administrator has disabled the creation of new pull mirrors"))
+		ctx.APIError(http.StatusForbidden, errors.New("the site administrator has disabled the creation of new pull mirrors"))
 		return
 	}

 	if setting.Repository.DisableMigrations {
-		ctx.APIError(http.StatusForbidden, fmt.Errorf("the site administrator has disabled migrations"))
+		ctx.APIError(http.StatusForbidden, errors.New("the site administrator has disabled migrations"))
 		return
 	}

@@ -5,7 +5,6 @@ package repo

 import (
 	"errors"
-	"fmt"
 	"net/http"
 	"time"

@@ -367,7 +366,7 @@ func CreatePushMirror(ctx *context.APIContext, mirrorOption *api.CreatePushMirro
 	pushMirror := &repo_model.PushMirror{
 		RepoID:        repo.ID,
 		Repo:          repo,
-		RemoteName:    fmt.Sprintf("remote_mirror_%s", remoteSuffix),
+		RemoteName:    "remote_mirror_" + remoteSuffix,
 		Interval:      interval,
 		SyncOnCommit:  mirrorOption.SyncOnCommit,
 		RemoteAddress: remoteAddress,
@@ -4,7 +4,7 @@
 package repo

 import (
-	"fmt"
+	"errors"
 	"net/http"

 	"code.gitea.io/gitea/modules/git"
@@ -54,7 +54,7 @@ func GetNote(ctx *context.APIContext) {

 	sha := ctx.PathParam("sha")
 	if !git.IsValidRefPattern(sha) {
-		ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("no valid ref or sha: %s", sha))
+		ctx.APIError(http.StatusUnprocessableEntity, "no valid ref or sha: "+sha)
 		return
 	}
 	getNote(ctx, sha)
@@ -62,7 +62,7 @@ func GetNote(ctx *context.APIContext) {

 func getNote(ctx *context.APIContext, identifier string) {
 	if ctx.Repo.GitRepo == nil {
-		ctx.APIErrorInternal(fmt.Errorf("no open git repo"))
+		ctx.APIErrorInternal(errors.New("no open git repo"))
 		return
 	}

@@ -1054,9 +1054,9 @@ func MergePullRequest(ctx *context.APIContext) {
 				case git.IsErrBranchNotExist(err):
 					ctx.APIErrorNotFound(err)
 				case errors.Is(err, repo_service.ErrBranchIsDefault):
-					ctx.APIError(http.StatusForbidden, fmt.Errorf("can not delete default branch"))
+					ctx.APIError(http.StatusForbidden, errors.New("can not delete default branch"))
 				case errors.Is(err, git_model.ErrBranchIsProtected):
-					ctx.APIError(http.StatusForbidden, fmt.Errorf("branch protected"))
+					ctx.APIError(http.StatusForbidden, errors.New("branch protected"))
 				default:
 					ctx.APIErrorInternal(err)
 				}
@@ -439,7 +439,7 @@ func SubmitPullReview(ctx *context.APIContext) {
 	}

 	if review.Type != issues_model.ReviewTypePending {
-		ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("only a pending review can be submitted"))
+		ctx.APIError(http.StatusUnprocessableEntity, errors.New("only a pending review can be submitted"))
 		return
 	}

@@ -451,7 +451,7 @@ func SubmitPullReview(ctx *context.APIContext) {

 	// if review stay pending return
 	if reviewType == issues_model.ReviewTypePending {
-		ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("review stay pending"))
+		ctx.APIError(http.StatusUnprocessableEntity, errors.New("review stay pending"))
 		return
 	}

@@ -496,7 +496,7 @@ func preparePullReviewType(ctx *context.APIContext, pr *issues_model.PullRequest
 	case api.ReviewStateApproved:
 		// can not approve your own PR
 		if pr.Issue.IsPoster(ctx.Doer.ID) {
-			ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("approve your own pull is not allowed"))
+			ctx.APIError(http.StatusUnprocessableEntity, errors.New("approve your own pull is not allowed"))
 			return -1, true
 		}
 		reviewType = issues_model.ReviewTypeApprove
@@ -505,7 +505,7 @@ func preparePullReviewType(ctx *context.APIContext, pr *issues_model.PullRequest
 	case api.ReviewStateRequestChanges:
 		// can not reject your own PR
 		if pr.Issue.IsPoster(ctx.Doer.ID) {
-			ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("reject your own pull is not allowed"))
+			ctx.APIError(http.StatusUnprocessableEntity, errors.New("reject your own pull is not allowed"))
 			return -1, true
 		}
 		reviewType = issues_model.ReviewTypeReject
@@ -4,6 +4,7 @@
 package repo

 import (
+	"errors"
 	"fmt"
 	"net/http"

@@ -220,7 +221,7 @@ func CreateRelease(ctx *context.APIContext) {

 	form := web.GetForm(ctx).(*api.CreateReleaseOption)
 	if ctx.Repo.Repository.IsEmpty {
-		ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("repo is empty"))
+		ctx.APIError(http.StatusUnprocessableEntity, errors.New("repo is empty"))
 		return
 	}
 	rel, err := repo_model.GetRelease(ctx, ctx.Repo.Repository.ID, form.TagName)
@@ -5,6 +5,7 @@
 package repo

 import (
+	"errors"
 	"fmt"
 	"net/http"
 	"slices"
@@ -711,7 +712,7 @@ func updateBasicProperties(ctx *context.APIContext, opts api.EditRepoOption) err
 		visibilityChanged = repo.IsPrivate != *opts.Private
 		// when ForcePrivate enabled, you could change public repo to private, but only admin users can change private to public
 		if visibilityChanged && setting.Repository.ForcePrivate && !*opts.Private && !ctx.Doer.IsAdmin {
-			err := fmt.Errorf("cannot change private repository to public")
+			err := errors.New("cannot change private repository to public")
 			ctx.APIError(http.StatusUnprocessableEntity, err)
 			return err
 		}
@@ -780,12 +781,12 @@ func updateRepoUnits(ctx *context.APIContext, opts api.EditRepoOption) error {
 		if newHasIssues && opts.ExternalTracker != nil && !unit_model.TypeExternalTracker.UnitGlobalDisabled() {
 			// Check that values are valid
 			if !validation.IsValidExternalURL(opts.ExternalTracker.ExternalTrackerURL) {
-				err := fmt.Errorf("External tracker URL not valid")
+				err := errors.New("External tracker URL not valid")
 				ctx.APIError(http.StatusUnprocessableEntity, err)
 				return err
 			}
 			if len(opts.ExternalTracker.ExternalTrackerFormat) != 0 && !validation.IsValidExternalTrackerURLFormat(opts.ExternalTracker.ExternalTrackerFormat) {
-				err := fmt.Errorf("External tracker URL format not valid")
+				err := errors.New("External tracker URL format not valid")
 				ctx.APIError(http.StatusUnprocessableEntity, err)
 				return err
 			}
@@ -847,7 +848,7 @@ func updateRepoUnits(ctx *context.APIContext, opts api.EditRepoOption) error {
 		if newHasWiki && opts.ExternalWiki != nil && !unit_model.TypeExternalWiki.UnitGlobalDisabled() {
 			// Check that values are valid
 			if !validation.IsValidExternalURL(opts.ExternalWiki.ExternalWikiURL) {
-				err := fmt.Errorf("External wiki URL not valid")
+				err := errors.New("External wiki URL not valid")
 				ctx.APIError(http.StatusUnprocessableEntity, "Invalid external wiki URL")
 				return err
 			}
@@ -1038,7 +1039,7 @@ func updateRepoArchivedState(ctx *context.APIContext, opts api.EditRepoOption) e
 	// archive / un-archive
 	if opts.Archived != nil {
 		if repo.IsMirror {
-			err := fmt.Errorf("repo is a mirror, cannot archive/un-archive")
+			err := errors.New("repo is a mirror, cannot archive/un-archive")
 			ctx.APIError(http.StatusUnprocessableEntity, err)
 			return err
 		}
@@ -4,7 +4,7 @@
 package user

 import (
-	"fmt"
+	"errors"
 	"net/http"
 	"strings"

@@ -135,7 +135,7 @@ func GetGPGKey(ctx *context.APIContext) {
 // CreateUserGPGKey creates new GPG key to given user by ID.
 func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) {
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {
-		ctx.APIErrorNotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited"))
+		ctx.APIErrorNotFound("Not Found", errors.New("gpg keys setting is not allowed to be visited"))
 		return
 	}

@@ -205,7 +205,7 @@ func VerifyUserGPGKey(ctx *context.APIContext) {

 	if err != nil {
 		if asymkey_model.IsErrGPGInvalidTokenSignature(err) {
-			ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
+			ctx.APIError(http.StatusUnprocessableEntity, "The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: "+token)
 			return
 		}
 		ctx.APIErrorInternal(err)
@@ -276,7 +276,7 @@ func DeleteGPGKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"

 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {
-		ctx.APIErrorNotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited"))
+		ctx.APIErrorNotFound("Not Found", errors.New("gpg keys setting is not allowed to be visited"))
 		return
 	}

@@ -302,9 +302,9 @@ func HandleAddGPGKeyError(ctx *context.APIContext, err error, token string) {
 	case asymkey_model.IsErrGPGKeyParsing(err):
 		ctx.APIError(http.StatusUnprocessableEntity, err)
 	case asymkey_model.IsErrGPGNoEmailFound(err):
-		ctx.APIError(http.StatusNotFound, fmt.Sprintf("None of the emails attached to the GPG key could be found. It may still be added if you provide a valid signature for the token: %s", token))
+		ctx.APIError(http.StatusNotFound, "None of the emails attached to the GPG key could be found. It may still be added if you provide a valid signature for the token: "+token)
 	case asymkey_model.IsErrGPGInvalidTokenSignature(err):
-		ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
+		ctx.APIError(http.StatusUnprocessableEntity, "The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: "+token)
 	default:
 		ctx.APIErrorInternal(err)
 	}
@@ -5,7 +5,7 @@ package user

 import (
 	std_ctx "context"
-	"fmt"
+	"errors"
 	"net/http"

 	asymkey_model "code.gitea.io/gitea/models/asymkey"
@@ -201,7 +201,7 @@ func GetPublicKey(ctx *context.APIContext) {
 // CreateUserPublicKey creates new public key to given user by ID.
 func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) {
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) {
-		ctx.APIErrorNotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited"))
+		ctx.APIErrorNotFound("Not Found", errors.New("ssh keys setting is not allowed to be visited"))
 		return
 	}

@@ -271,7 +271,7 @@ func DeletePublicKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"

 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) {
-		ctx.APIErrorNotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited"))
+		ctx.APIErrorNotFound("Not Found", errors.New("ssh keys setting is not allowed to be visited"))
 		return
 	}

@@ -5,6 +5,7 @@ package utils

 import (
 	gocontext "context"
+	"errors"
 	"fmt"
 	"net/http"

@@ -50,7 +51,7 @@ func ResolveRefOrSha(ctx *context.APIContext, ref string) string {
 // GetGitRefs return git references based on filter
 func GetGitRefs(ctx *context.APIContext, filter string) ([]*git.Reference, string, error) {
 	if ctx.Repo.GitRepo == nil {
-		return nil, "", fmt.Errorf("no open git repo found in context")
+		return nil, "", errors.New("no open git repo found in context")
 	}
 	if len(filter) > 0 {
 		filter = "refs/" + filter
@@ -4,7 +4,6 @@
 package utils

 import (
-	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
@@ -80,7 +79,7 @@ func GetRepoHook(ctx *context.APIContext, repoID, hookID int64) (*webhook.Webhoo
 // write the appropriate error to `ctx`. Return whether the form is valid
 func checkCreateHookOption(ctx *context.APIContext, form *api.CreateHookOption) bool {
 	if !webhook_service.IsValidHookTaskType(form.Type) {
-		ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("Invalid hook type: %s", form.Type))
+		ctx.APIError(http.StatusUnprocessableEntity, "Invalid hook type: "+form.Type)
 		return false
 	}
 	for _, name := range []string{"url", "content_type"} {
@@ -5,7 +5,7 @@ package common

 import (
 	"context"
-	"fmt"
+	"errors"
 	"time"

 	"code.gitea.io/gitea/models/db"
@@ -25,7 +25,7 @@ func InitDBEngine(ctx context.Context) (err error) {
 	for i := 0; i < setting.Database.DBConnectRetries; i++ {
 		select {
 		case <-ctx.Done():
-			return fmt.Errorf("Aborted due to shutdown:\nin retry ORM engine initialization")
+			return errors.New("Aborted due to shutdown:\nin retry ORM engine initialization")
 		default:
 		}
 		log.Info("ORM engine initialization attempt #%d/%d...", i+1, setting.Database.DBConnectRetries)
@@ -88,7 +88,7 @@ func RenderMarkup(ctx *context.Base, ctxRepo *context.Repository, mode, text, ur
 		})
 		rctx = rctx.WithMarkupType("").WithRelativePath(filePath) // render the repo file content by its extension
 	default:
-		ctx.HTTPError(http.StatusUnprocessableEntity, fmt.Sprintf("Unknown mode: %s", mode))
+		ctx.HTTPError(http.StatusUnprocessableEntity, "Unknown mode: "+mode)
 		return
 	}
 	rctx = rctx.WithUseAbsoluteLink(true)
@@ -5,7 +5,6 @@
 package install

 import (
-	"fmt"
 	"net/http"
 	"net/mail"
 	"os"
@@ -398,7 +397,7 @@ func SubmitInstall(ctx *context.Context) {
 		cfg.Section("server").Key("DISABLE_SSH").SetValue("true")
 	} else {
 		cfg.Section("server").Key("DISABLE_SSH").SetValue("false")
-		cfg.Section("server").Key("SSH_PORT").SetValue(fmt.Sprint(form.SSHPort))
+		cfg.Section("server").Key("SSH_PORT").SetValue(strconv.Itoa(form.SSHPort))
 	}

 	if form.LFSRootPath != "" {
@@ -429,10 +428,10 @@ func SubmitInstall(ctx *context.Context) {
 	} else {
 		cfg.Section("mailer").Key("ENABLED").SetValue("false")
 	}
-	cfg.Section("service").Key("REGISTER_EMAIL_CONFIRM").SetValue(fmt.Sprint(form.RegisterConfirm))
-	cfg.Section("service").Key("ENABLE_NOTIFY_MAIL").SetValue(fmt.Sprint(form.MailNotify))
+	cfg.Section("service").Key("REGISTER_EMAIL_CONFIRM").SetValue(strconv.FormatBool(form.RegisterConfirm))
+	cfg.Section("service").Key("ENABLE_NOTIFY_MAIL").SetValue(strconv.FormatBool(form.MailNotify))

-	cfg.Section("server").Key("OFFLINE_MODE").SetValue(fmt.Sprint(form.OfflineMode))
+	cfg.Section("server").Key("OFFLINE_MODE").SetValue(strconv.FormatBool(form.OfflineMode))
 	if err := system_model.SetSettings(ctx, map[string]string{
 		setting.Config().Picture.DisableGravatar.DynKey():       strconv.FormatBool(form.DisableGravatar),
 		setting.Config().Picture.EnableFederatedAvatar.DynKey(): strconv.FormatBool(form.EnableFederatedAvatar),
@@ -441,17 +440,17 @@ func SubmitInstall(ctx *context.Context) {
 		return
 	}

-	cfg.Section("openid").Key("ENABLE_OPENID_SIGNIN").SetValue(fmt.Sprint(form.EnableOpenIDSignIn))
-	cfg.Section("openid").Key("ENABLE_OPENID_SIGNUP").SetValue(fmt.Sprint(form.EnableOpenIDSignUp))
-	cfg.Section("service").Key("DISABLE_REGISTRATION").SetValue(fmt.Sprint(form.DisableRegistration))
-	cfg.Section("service").Key("ALLOW_ONLY_EXTERNAL_REGISTRATION").SetValue(fmt.Sprint(form.AllowOnlyExternalRegistration))
-	cfg.Section("service").Key("ENABLE_CAPTCHA").SetValue(fmt.Sprint(form.EnableCaptcha))
-	cfg.Section("service").Key("REQUIRE_SIGNIN_VIEW").SetValue(fmt.Sprint(form.RequireSignInView))
-	cfg.Section("service").Key("DEFAULT_KEEP_EMAIL_PRIVATE").SetValue(fmt.Sprint(form.DefaultKeepEmailPrivate))
-	cfg.Section("service").Key("DEFAULT_ALLOW_CREATE_ORGANIZATION").SetValue(fmt.Sprint(form.DefaultAllowCreateOrganization))
-	cfg.Section("service").Key("DEFAULT_ENABLE_TIMETRACKING").SetValue(fmt.Sprint(form.DefaultEnableTimetracking))
-	cfg.Section("service").Key("NO_REPLY_ADDRESS").SetValue(fmt.Sprint(form.NoReplyAddress))
-	cfg.Section("cron.update_checker").Key("ENABLED").SetValue(fmt.Sprint(form.EnableUpdateChecker))
+	cfg.Section("openid").Key("ENABLE_OPENID_SIGNIN").SetValue(strconv.FormatBool(form.EnableOpenIDSignIn))
+	cfg.Section("openid").Key("ENABLE_OPENID_SIGNUP").SetValue(strconv.FormatBool(form.EnableOpenIDSignUp))
+	cfg.Section("service").Key("DISABLE_REGISTRATION").SetValue(strconv.FormatBool(form.DisableRegistration))
+	cfg.Section("service").Key("ALLOW_ONLY_EXTERNAL_REGISTRATION").SetValue(strconv.FormatBool(form.AllowOnlyExternalRegistration))
+	cfg.Section("service").Key("ENABLE_CAPTCHA").SetValue(strconv.FormatBool(form.EnableCaptcha))
+	cfg.Section("service").Key("REQUIRE_SIGNIN_VIEW").SetValue(strconv.FormatBool(form.RequireSignInView))
+	cfg.Section("service").Key("DEFAULT_KEEP_EMAIL_PRIVATE").SetValue(strconv.FormatBool(form.DefaultKeepEmailPrivate))
+	cfg.Section("service").Key("DEFAULT_ALLOW_CREATE_ORGANIZATION").SetValue(strconv.FormatBool(form.DefaultAllowCreateOrganization))
+	cfg.Section("service").Key("DEFAULT_ENABLE_TIMETRACKING").SetValue(strconv.FormatBool(form.DefaultEnableTimetracking))
+	cfg.Section("service").Key("NO_REPLY_ADDRESS").SetValue(form.NoReplyAddress)
+	cfg.Section("cron.update_checker").Key("ENABLED").SetValue(strconv.FormatBool(form.EnableUpdateChecker))

 	cfg.Section("session").Key("PROVIDER").SetValue("file")

@@ -36,7 +36,7 @@ func Routes() *web.Router {

 func installNotFound(w http.ResponseWriter, req *http.Request) {
 	w.Header().Add("Content-Type", "text/html; charset=utf-8")
-	w.Header().Add("Refresh", fmt.Sprintf("1; url=%s", setting.AppSubURL+"/"))
+	w.Header().Add("Refresh", "1; url="+setting.AppSubURL+"/")
 	// do not use 30x status, because the "post-install" page needs to use 404/200 to detect if Gitea has been installed.
 	// the fetch API could follow 30x requests to the page with 200 status.
 	w.WriteHeader(http.StatusNotFound)
@@ -4,6 +4,7 @@
 package install

 import (
+	"net/http"
 	"net/http/httptest"
 	"testing"

@@ -17,18 +18,18 @@ func TestRoutes(t *testing.T) {
 	assert.NotNil(t, r)

 	w := httptest.NewRecorder()
-	req := httptest.NewRequest("GET", "/", nil)
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
 	r.ServeHTTP(w, req)
 	assert.Equal(t, 200, w.Code)
 	assert.Contains(t, w.Body.String(), `class="page-content install"`)

 	w = httptest.NewRecorder()
-	req = httptest.NewRequest("GET", "/no-such", nil)
+	req = httptest.NewRequest(http.MethodGet, "/no-such", nil)
 	r.ServeHTTP(w, req)
 	assert.Equal(t, 404, w.Code)

 	w = httptest.NewRecorder()
-	req = httptest.NewRequest("GET", "/assets/img/gitea.svg", nil)
+	req = httptest.NewRequest(http.MethodGet, "/assets/img/gitea.svg", nil)
 	r.ServeHTTP(w, req)
 	assert.Equal(t, 200, w.Code)
 }
@@ -311,13 +311,13 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r
 			if isForcePush {
 				log.Warn("Forbidden: User %d is not allowed to force-push to protected branch: %s in %-v", ctx.opts.UserID, branchName, repo)
 				ctx.JSON(http.StatusForbidden, private.Response{
-					UserMsg: fmt.Sprintf("Not allowed to force-push to protected branch %s", branchName),
+					UserMsg: "Not allowed to force-push to protected branch " + branchName,
 				})
 				return
 			}
 			log.Warn("Forbidden: User %d is not allowed to push to protected branch: %s in %-v", ctx.opts.UserID, branchName, repo)
 			ctx.JSON(http.StatusForbidden, private.Response{
-				UserMsg: fmt.Sprintf("Not allowed to push to protected branch %s", branchName),
+				UserMsg: "Not allowed to push to protected branch " + branchName,
 			})
 			return
 		}
@@ -353,7 +353,7 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r
 		if !allowedMerge {
 			log.Warn("Forbidden: User %d is not allowed to push to protected branch: %s in %-v and is not allowed to merge pr #%d", ctx.opts.UserID, branchName, repo, pr.Index)
 			ctx.JSON(http.StatusForbidden, private.Response{
-				UserMsg: fmt.Sprintf("Not allowed to push to protected branch %s", branchName),
+				UserMsg: "Not allowed to push to protected branch " + branchName,
 			})
 			return
 		}
@@ -6,7 +6,6 @@ package private
 import (
 	"bufio"
 	"context"
-	"fmt"
 	"io"
 	"os"

@@ -113,7 +112,7 @@ type errUnverifiedCommit struct {
 }

 func (e *errUnverifiedCommit) Error() string {
-	return fmt.Sprintf("Unverified commit: %s", e.sha)
+	return "Unverified commit: " + e.sha
 }

 func isErrUnverifiedCommit(err error) bool {
@@ -180,7 +180,7 @@ func AddLogger(ctx *context.PrivateContext) {
 		writerOption.Addr, _ = opts.Config["address"].(string)
 		writerMode.WriterOption = writerOption
 	default:
-		panic(fmt.Sprintf("invalid log writer mode: %s", writerType))
+		panic("invalid log writer mode: " + writerType)
 	}
 	writer, err := log.NewEventWriter(opts.Writer, writerType, writerMode)
 	if err != nil {
@@ -4,7 +4,6 @@
 package admin

 import (
-	"fmt"
 	"net/http"

 	"code.gitea.io/gitea/models/auth"
@@ -23,8 +22,8 @@ var (
 func newOAuth2CommonHandlers() *user_setting.OAuth2CommonHandlers {
 	return &user_setting.OAuth2CommonHandlers{
 		OwnerID:            0,
-		BasePathList:       fmt.Sprintf("%s/-/admin/applications", setting.AppSubURL),
-		BasePathEditPrefix: fmt.Sprintf("%s/-/admin/applications/oauth2", setting.AppSubURL),
+		BasePathList:       setting.AppSubURL + "/-/admin/applications",
+		BasePathEditPrefix: setting.AppSubURL + "/-/admin/applications/oauth2",
 		TplAppEdit:         tplSettingsOauth2ApplicationEdit,
 	}
 }
@@ -10,6 +10,7 @@ import (
 	"html/template"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"

 	"code.gitea.io/gitea/models/auth"
@@ -98,7 +99,7 @@ func InfoOAuth(ctx *context.Context) {
 	}

 	response := &userInfoResponse{
-		Sub:               fmt.Sprint(ctx.Doer.ID),
+		Sub:               strconv.FormatInt(ctx.Doer.ID, 10),
 		Name:              ctx.Doer.DisplayName(),
 		PreferredUsername: ctx.Doer.Name,
 		Email:             ctx.Doer.Email,
@@ -171,7 +172,7 @@ func IntrospectOAuth(ctx *context.Context) {
 				response.Scope = grant.Scope
 				response.Issuer = setting.AppURL
 				response.Audience = []string{app.ClientID}
-				response.Subject = fmt.Sprint(grant.UserID)
+				response.Subject = strconv.FormatInt(grant.UserID, 10)
 			}
 			if user, err := user_model.GetUserByID(ctx, grant.UserID); err == nil {
 				response.Username = user.Name
@@ -4,7 +4,7 @@
 package auth

 import (
-	"fmt"
+	"errors"
 	"net/http"
 	"net/url"

@@ -55,13 +55,13 @@ func allowedOpenIDURI(uri string) (err error) {
 			}
 		}
 		// must match one of this or be refused
-		return fmt.Errorf("URI not allowed by whitelist")
+		return errors.New("URI not allowed by whitelist")
 	}

 	// A blacklist match expliclty forbids
 	for _, pat := range setting.Service.OpenIDBlacklist {
 		if pat.MatchString(uri) {
-			return fmt.Errorf("URI forbidden by blacklist")
+			return errors.New("URI forbidden by blacklist")
 		}
 	}

@@ -99,7 +99,7 @@ func SignInOpenIDPost(ctx *context.Context) {
 	url, err := openid.RedirectURL(id, redirectTo, setting.AppURL)
 	if err != nil {
 		log.Error("Error in OpenID redirect URL: %s, %v", redirectTo, err.Error())
-		ctx.RenderWithErr(fmt.Sprintf("Unable to find OpenID provider in %s", redirectTo), tplSignInOpenID, &form)
+		ctx.RenderWithErr("Unable to find OpenID provider in "+redirectTo, tplSignInOpenID, &form)
 		return
 	}

@@ -5,7 +5,6 @@ package auth

 import (
 	"errors"
-	"fmt"
 	"net/http"

 	"code.gitea.io/gitea/models/auth"
@@ -108,14 +107,14 @@ func commonResetPassword(ctx *context.Context) (*user_model.User, *auth.TwoFacto
 	}

 	if len(code) == 0 {
-		ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", fmt.Sprintf("%s/user/forgot_password", setting.AppSubURL)), true)
+		ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", setting.AppSubURL+"/user/forgot_password"), true)
 		return nil, nil
 	}

 	// Fail early, don't frustrate the user
 	u := user_model.VerifyUserTimeLimitCode(ctx, &user_model.TimeLimitCodeOptions{Purpose: user_model.TimeLimitCodeResetPassword}, code)
 	if u == nil {
-		ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", fmt.Sprintf("%s/user/forgot_password", setting.AppSubURL)), true)
+		ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", setting.AppSubURL+"/user/forgot_password"), true)
 		return nil, nil
 	}

@@ -25,7 +25,7 @@ func avatarStorageHandler(storageSetting *setting.Storage, prefix string, objSto

 	if storageSetting.ServeDirect() {
 		return func(w http.ResponseWriter, req *http.Request) {
-			if req.Method != "GET" && req.Method != "HEAD" {
+			if req.Method != http.MethodGet && req.Method != http.MethodHead {
 				http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
 				return
 			}
@@ -56,7 +56,7 @@ func avatarStorageHandler(storageSetting *setting.Storage, prefix string, objSto
 	}

 	return func(w http.ResponseWriter, req *http.Request) {
-		if req.Method != "GET" && req.Method != "HEAD" {
+		if req.Method != http.MethodGet && req.Method != http.MethodHead {
 			http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
 			return
 		}
@@ -179,7 +179,7 @@ func prepareMockData(ctx *context.Context) {

 func TmplCommon(ctx *context.Context) {
 	prepareMockData(ctx)
-	if ctx.Req.Method == "POST" {
+	if ctx.Req.Method == http.MethodPost {
 		_ = ctx.Req.ParseForm()
 		ctx.Flash.Info("form: "+ctx.Req.Method+" "+ctx.Req.RequestURI+"<br>"+
 			"Form: "+ctx.Req.Form.Encode()+"<br>"+
@@ -4,9 +4,9 @@
 package devtest

 import (
-	"fmt"
 	mathRand "math/rand/v2"
 	"net/http"
+	"strconv"
 	"strings"
 	"time"

@@ -38,8 +38,8 @@ func generateMockStepsLog(logCur actions.LogCursor) (stepsLog []*actions.ViewSte
 	for i := 0; i < mockCount; i++ {
 		logStr := mockedLogs[int(cur)%len(mockedLogs)]
 		cur++
-		logStr = strings.ReplaceAll(logStr, "{step}", fmt.Sprintf("%d", logCur.Step))
-		logStr = strings.ReplaceAll(logStr, "{cursor}", fmt.Sprintf("%d", cur))
+		logStr = strings.ReplaceAll(logStr, "{step}", strconv.Itoa(logCur.Step))
+		logStr = strings.ReplaceAll(logStr, "{cursor}", strconv.FormatInt(cur, 10))
 		stepsLog = append(stepsLog, &actions.ViewStepLog{
 			Step:    logCur.Step,
 			Cursor:  cur,
@@ -4,7 +4,6 @@
 package feed

 import (
-	"fmt"
 	"strings"
 	"time"

@@ -22,7 +21,7 @@ func ShowBranchFeed(ctx *context.Context, repo *repo.Repository, formatType stri
 		return
 	}

-	title := fmt.Sprintf("Latest commits for branch %s", ctx.Repo.BranchName)
+	title := "Latest commits for branch " + ctx.Repo.BranchName
 	link := &feeds.Link{Href: repo.HTMLURL() + "/" + ctx.Repo.RefTypeNameSubURL()}

 	feed := &feeds.Feed{
@@ -4,7 +4,6 @@
 package feed

 import (
-	"fmt"
 	"strings"
 	"time"

@@ -33,7 +32,7 @@ func ShowFileFeed(ctx *context.Context, repo *repo.Repository, formatType string
 		return
 	}

-	title := fmt.Sprintf("Latest commits for file %s", ctx.Repo.TreePath)
+	title := "Latest commits for file " + ctx.Repo.TreePath

 	link := &feeds.Link{Href: repo.HTMLURL() + "/" + ctx.Repo.RefTypeNameSubURL() + "/" + util.PathEscapeSegments(ctx.Repo.TreePath)}

@@ -18,7 +18,7 @@ import (
 )

 func goGet(ctx *context.Context) {
-	if ctx.Req.Method != "GET" || len(ctx.Req.URL.RawQuery) < 8 || ctx.FormString("go-get") != "1" {
+	if ctx.Req.Method != http.MethodGet || len(ctx.Req.URL.RawQuery) < 8 || ctx.FormString("go-get") != "1" {
 		return
 	}

@@ -4,7 +4,6 @@
 package web

 import (
-	"fmt"
 	"net/http"

 	"code.gitea.io/gitea/modules/setting"
@@ -24,7 +23,7 @@ type nodeInfoLink struct {
 func NodeInfoLinks(ctx *context.Context) {
 	nodeinfolinks := &nodeInfoLinks{
 		Links: []nodeInfoLink{{
-			fmt.Sprintf("%sapi/v1/nodeinfo", setting.AppURL),
+			setting.AppURL + "api/v1/nodeinfo",
 			"http://nodeinfo.diaspora.software/ns/schema/2.1",
 		}},
 	}
@@ -170,7 +170,7 @@ func SettingsDelete(ctx *context.Context) {
 	ctx.Data["PageIsOrgSettings"] = true
 	ctx.Data["PageIsSettingsDelete"] = true

-	if ctx.Req.Method == "POST" {
+	if ctx.Req.Method == http.MethodPost {
 		if ctx.Org.Organization.Name != ctx.FormString("org_name") {
 			ctx.Data["Err_OrgName"] = true
 			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_org_name"), tplSettingsDelete, nil)
@@ -508,7 +508,7 @@ func Cancel(ctx *context_module.Context) {
 					return err
 				}
 				if n == 0 {
-					return fmt.Errorf("job has changed, try again")
+					return errors.New("job has changed, try again")
 				}
 				if n > 0 {
 					updatedjobs = append(updatedjobs, job)
@@ -6,6 +6,7 @@ package repo
 import (
 	"bytes"
 	"errors"
+	"net/http"
 	"strings"

 	git_model "code.gitea.io/gitea/models/git"
@@ -59,7 +60,7 @@ func CherryPick(ctx *context.Context) {
 	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL()

-	ctx.HTML(200, tplCherryPick)
+	ctx.HTML(http.StatusOK, tplCherryPick)
 }

 // CherryPickPost handles cherrypick POSTs
@@ -88,7 +89,7 @@ func CherryPickPost(ctx *context.Context) {
 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL()

 	if ctx.HasError() {
-		ctx.HTML(200, tplCherryPick)
+		ctx.HTML(http.StatusOK, tplCherryPick)
 		return
 	}

@@ -78,7 +78,7 @@ func httpBase(ctx *context.Context) *serviceHandler {
 		strings.HasSuffix(ctx.Req.URL.Path, "git-upload-archive") {
 		isPull = true
 	} else {
-		isPull = ctx.Req.Method == "HEAD" || ctx.Req.Method == "GET"
+		isPull = ctx.Req.Method == http.MethodHead || ctx.Req.Method == http.MethodGet
 	}

 	var accessMode perm.AccessMode
@@ -360,8 +360,8 @@ func setHeaderNoCache(ctx *context.Context) {
 func setHeaderCacheForever(ctx *context.Context) {
 	now := time.Now().Unix()
 	expires := now + 31536000
-	ctx.Resp.Header().Set("Date", fmt.Sprintf("%d", now))
-	ctx.Resp.Header().Set("Expires", fmt.Sprintf("%d", expires))
+	ctx.Resp.Header().Set("Date", strconv.FormatInt(now, 10))
+	ctx.Resp.Header().Set("Expires", strconv.FormatInt(expires, 10))
 	ctx.Resp.Header().Set("Cache-Control", "public, max-age=31536000")
 }

@@ -394,7 +394,7 @@ func (h *serviceHandler) sendFile(ctx *context.Context, contentType, file string
 	}

 	ctx.Resp.Header().Set("Content-Type", contentType)
-	ctx.Resp.Header().Set("Content-Length", fmt.Sprintf("%d", fi.Size()))
+	ctx.Resp.Header().Set("Content-Length", strconv.FormatInt(fi.Size(), 10))
 	// http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat
 	ctx.Resp.Header().Set("Last-Modified", fi.ModTime().UTC().Format(http.TimeFormat))
 	http.ServeFile(ctx.Resp, ctx.Req, reqFile)
@@ -502,7 +502,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption opt
 		case "mentioned":
 			mentionedID = ctx.Doer.ID
 		case "assigned":
-			assigneeID = fmt.Sprint(ctx.Doer.ID)
+			assigneeID = strconv.FormatInt(ctx.Doer.ID, 10)
 		case "review_requested":
 			reviewRequestedID = ctx.Doer.ID
 		case "reviewed_by":
@@ -223,11 +223,11 @@ func DeleteIssue(ctx *context.Context) {
 	}

 	if issue.IsPull {
-		ctx.Redirect(fmt.Sprintf("%s/pulls", ctx.Repo.Repository.Link()), http.StatusSeeOther)
+		ctx.Redirect(ctx.Repo.Repository.Link()+"/pulls", http.StatusSeeOther)
 		return
 	}

-	ctx.Redirect(fmt.Sprintf("%s/issues", ctx.Repo.Repository.Link()), http.StatusSeeOther)
+	ctx.Redirect(ctx.Repo.Repository.Link()+"/issues", http.StatusSeeOther)
 }

 func toSet[ItemType any, KeyType comparable](slice []ItemType, keyFunc func(ItemType) KeyType) container.Set[KeyType] {
@@ -4,6 +4,7 @@
 package repo

 import (
+	"net/http"
 	"strings"

 	git_model "code.gitea.io/gitea/models/git"
@@ -39,7 +40,7 @@ func NewDiffPatch(ctx *context.Context) {
 	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL()

-	ctx.HTML(200, tplPatchFile)
+	ctx.HTML(http.StatusOK, tplPatchFile)
 }

 // NewDiffPatchPost response for sending patch page
@@ -62,7 +63,7 @@ func NewDiffPatchPost(ctx *context.Context) {
 	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")

 	if ctx.HasError() {
-		ctx.HTML(200, tplPatchFile)
+		ctx.HTML(http.StatusOK, tplPatchFile)
 		return
 	}

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
 	"time"

@@ -110,7 +111,7 @@ func SettingsProtectedBranchPost(ctx *context.Context) {
 	var protectBranch *git_model.ProtectedBranch
 	if f.RuleName == "" {
 		ctx.Flash.Error(ctx.Tr("repo.settings.protected_branch_required_rule_name"))
-		ctx.Redirect(fmt.Sprintf("%s/settings/branches/edit", ctx.Repo.RepoLink))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/branches/edit")
 		return
 	}

@@ -283,32 +284,32 @@ func SettingsProtectedBranchPost(ctx *context.Context) {
 func DeleteProtectedBranchRulePost(ctx *context.Context) {
 	ruleID := ctx.PathParamInt64("id")
 	if ruleID <= 0 {
-		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", fmt.Sprintf("%d", ruleID)))
-		ctx.JSONRedirect(fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink))
+		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", strconv.FormatInt(ruleID, 10)))
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/branches")
 		return
 	}

 	rule, err := git_model.GetProtectedBranchRuleByID(ctx, ctx.Repo.Repository.ID, ruleID)
 	if err != nil {
-		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", fmt.Sprintf("%d", ruleID)))
-		ctx.JSONRedirect(fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink))
+		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", strconv.FormatInt(ruleID, 10)))
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/branches")
 		return
 	}

 	if rule == nil {
-		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", fmt.Sprintf("%d", ruleID)))
-		ctx.JSONRedirect(fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink))
+		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", strconv.FormatInt(ruleID, 10)))
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/branches")
 		return
 	}

 	if err := git_model.DeleteProtectedBranch(ctx, ctx.Repo.Repository, ruleID); err != nil {
 		ctx.Flash.Error(ctx.Tr("repo.settings.remove_protected_branch_failed", rule.RuleName))
-		ctx.JSONRedirect(fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink))
+		ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/branches")
 		return
 	}

 	ctx.Flash.Success(ctx.Tr("repo.settings.remove_protected_branch_success", rule.RuleName))
-	ctx.JSONRedirect(fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink))
+	ctx.JSONRedirect(ctx.Repo.RepoLink + "/settings/branches")
 }

 func UpdateBranchProtectionPriories(ctx *context.Context) {
@@ -332,7 +333,7 @@ func RenameBranchPost(ctx *context.Context) {

 	if ctx.HasError() {
 		ctx.Flash.Error(ctx.GetErrMsg())
-		ctx.Redirect(fmt.Sprintf("%s/branches", ctx.Repo.RepoLink))
+		ctx.Redirect(ctx.Repo.RepoLink + "/branches")
 		return
 	}

@@ -341,13 +342,13 @@ func RenameBranchPost(ctx *context.Context) {
 		switch {
 		case repo_model.IsErrUserDoesNotHaveAccessToRepo(err):
 			ctx.Flash.Error(ctx.Tr("repo.branch.rename_default_or_protected_branch_error"))
-			ctx.Redirect(fmt.Sprintf("%s/branches", ctx.Repo.RepoLink))
+			ctx.Redirect(ctx.Repo.RepoLink + "/branches")
 		case git_model.IsErrBranchAlreadyExists(err):
 			ctx.Flash.Error(ctx.Tr("repo.branch.branch_already_exists", form.To))
-			ctx.Redirect(fmt.Sprintf("%s/branches", ctx.Repo.RepoLink))
+			ctx.Redirect(ctx.Repo.RepoLink + "/branches")
 		case errors.Is(err, git_model.ErrBranchIsProtected):
 			ctx.Flash.Error(ctx.Tr("repo.branch.rename_protected_branch_failed"))
-			ctx.Redirect(fmt.Sprintf("%s/branches", ctx.Repo.RepoLink))
+			ctx.Redirect(ctx.Repo.RepoLink + "/branches")
 		default:
 			ctx.ServerError("RenameBranch", err)
 		}
@@ -356,16 +357,16 @@ func RenameBranchPost(ctx *context.Context) {

 	if msg == "target_exist" {
 		ctx.Flash.Error(ctx.Tr("repo.settings.rename_branch_failed_exist", form.To))
-		ctx.Redirect(fmt.Sprintf("%s/branches", ctx.Repo.RepoLink))
+		ctx.Redirect(ctx.Repo.RepoLink + "/branches")
 		return
 	}

 	if msg == "from_not_exist" {
 		ctx.Flash.Error(ctx.Tr("repo.settings.rename_branch_failed_not_exist", form.From))
-		ctx.Redirect(fmt.Sprintf("%s/branches", ctx.Repo.RepoLink))
+		ctx.Redirect(ctx.Repo.RepoLink + "/branches")
 		return
 	}

 	ctx.Flash.Success(ctx.Tr("repo.settings.rename_branch_success", form.From, form.To))
-	ctx.Redirect(fmt.Sprintf("%s/branches", ctx.Repo.RepoLink))
+	ctx.Redirect(ctx.Repo.RepoLink + "/branches")
 }
@@ -6,7 +6,6 @@ package setting

 import (
 	"errors"
-	"fmt"
 	"net/http"
 	"strings"
 	"time"
@@ -474,7 +473,7 @@ func handleSettingsPostPushMirrorAdd(ctx *context.Context) {
 	m := &repo_model.PushMirror{
 		RepoID:        repo.ID,
 		Repo:          repo,
-		RemoteName:    fmt.Sprintf("remote_mirror_%s", remoteSuffix),
+		RemoteName:    "remote_mirror_" + remoteSuffix,
 		SyncOnCommit:  form.PushMirrorSyncOnCommit,
 		Interval:      interval,
 		RemoteAddress: remoteAddress,
@@ -76,7 +76,7 @@ func prepareOpenWithEditorApps(ctx *context.Context) {
 		schema, _, _ := strings.Cut(app.OpenURL, ":")
 		var iconHTML template.HTML
 		if schema == "vscode" || schema == "vscodium" || schema == "jetbrains" {
-			iconHTML = svg.RenderHTML(fmt.Sprintf("gitea-%s", schema), 16)
+			iconHTML = svg.RenderHTML("gitea-"+schema, 16)
 		} else {
 			iconHTML = svg.RenderHTML("gitea-git", 16) // TODO: it could support user's customized icon in the future
 		}
@@ -7,7 +7,6 @@ package repo
 import (
 	"bytes"
 	gocontext "context"
-	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -581,7 +580,7 @@ func Wiki(ctx *context.Context) {
 	wikiPath := entry.Name()
 	if markup.DetectMarkupTypeByFileName(wikiPath) != markdown.MarkupName {
 		ext := strings.ToUpper(filepath.Ext(wikiPath))
-		ctx.Data["FormatWarning"] = fmt.Sprintf("%s rendering is not supported at the moment. Rendered as Markdown.", ext)
+		ctx.Data["FormatWarning"] = ext + " rendering is not supported at the moment. Rendered as Markdown."
 	}
 	// Get last change information.
 	lastCommit, err := wikiRepo.GetCommitByPath(wikiPath)
@@ -699,7 +699,7 @@ func ShowGPGKeys(ctx *context.Context) {

 	headers := make(map[string]string)
 	if len(failedEntitiesID) > 0 { // If some key need re-import to be exported
-		headers["Note"] = fmt.Sprintf("The keys with the following IDs couldn't be exported and need to be reuploaded %s", strings.Join(failedEntitiesID, ", "))
+		headers["Note"] = "The keys with the following IDs couldn't be exported and need to be reuploaded " + strings.Join(failedEntitiesID, ", ")
 	} else if len(entities) == 0 {
 		headers["Note"] = "This user hasn't uploaded any GPG keys."
 	}
@@ -6,7 +6,6 @@ package setting

 import (
 	"errors"
-	"fmt"
 	"net/http"
 	"time"

@@ -37,7 +36,7 @@ const (
 // Account renders change user's password, user's email and user suicide page
 func Account(ctx *context.Context) {
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageCredentials, setting.UserFeatureDeletion) && !setting.Service.EnableNotifyMail {
-		ctx.NotFound(fmt.Errorf("account setting are not allowed to be changed"))
+		ctx.NotFound(errors.New("account setting are not allowed to be changed"))
 		return
 	}

@@ -54,7 +53,7 @@ func Account(ctx *context.Context) {
 // AccountPost response for change user's password
 func AccountPost(ctx *context.Context) {
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageCredentials) {
-		ctx.NotFound(fmt.Errorf("password setting is not allowed to be changed"))
+		ctx.NotFound(errors.New("password setting is not allowed to be changed"))
 		return
 	}

@@ -105,7 +104,7 @@ func AccountPost(ctx *context.Context) {
 // EmailPost response for change user's email
 func EmailPost(ctx *context.Context) {
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageCredentials) {
-		ctx.NotFound(fmt.Errorf("emails are not allowed to be changed"))
+		ctx.NotFound(errors.New("emails are not allowed to be changed"))
 		return
 	}

@@ -239,7 +238,7 @@ func EmailPost(ctx *context.Context) {
 // DeleteEmail response for delete user's email
 func DeleteEmail(ctx *context.Context) {
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageCredentials) {
-		ctx.NotFound(fmt.Errorf("emails are not allowed to be changed"))
+		ctx.NotFound(errors.New("emails are not allowed to be changed"))
 		return
 	}
 	email, err := user_model.GetEmailAddressByID(ctx, ctx.Doer.ID, ctx.FormInt64("id"))
@@ -5,7 +5,7 @@
 package setting

 import (
-	"fmt"
+	"errors"
 	"net/http"

 	asymkey_model "code.gitea.io/gitea/models/asymkey"
@@ -26,7 +26,7 @@ const (
 // Keys render user's SSH/GPG public keys page
 func Keys(ctx *context.Context) {
 	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys, setting.UserFeatureManageGPGKeys) {
-		ctx.NotFound(fmt.Errorf("keys setting is not allowed to be changed"))
+		ctx.NotFound(errors.New("keys setting is not allowed to be changed"))
 		return
 	}

@@ -87,7 +87,7 @@ func KeysPost(ctx *context.Context) {
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	case "gpg":
 		if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {
-			ctx.NotFound(fmt.Errorf("gpg keys setting is not allowed to be visited"))
+			ctx.NotFound(errors.New("gpg keys setting is not allowed to be visited"))
 			return
 		}

@@ -168,7 +168,7 @@ func KeysPost(ctx *context.Context) {
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	case "ssh":
 		if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) {
-			ctx.NotFound(fmt.Errorf("ssh keys setting is not allowed to be visited"))
+			ctx.NotFound(errors.New("ssh keys setting is not allowed to be visited"))
 			return
 		}

@@ -212,7 +212,7 @@ func KeysPost(ctx *context.Context) {
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	case "verify_ssh":
 		if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) {
-			ctx.NotFound(fmt.Errorf("ssh keys setting is not allowed to be visited"))
+			ctx.NotFound(errors.New("ssh keys setting is not allowed to be visited"))
 			return
 		}

@@ -249,7 +249,7 @@ func DeleteKey(ctx *context.Context) {
 	switch ctx.FormString("type") {
 	case "gpg":
 		if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) {
-			ctx.NotFound(fmt.Errorf("gpg keys setting is not allowed to be visited"))
+			ctx.NotFound(errors.New("gpg keys setting is not allowed to be visited"))
 			return
 		}
 		if err := asymkey_model.DeleteGPGKey(ctx, ctx.Doer, ctx.FormInt64("id")); err != nil {
@@ -259,7 +259,7 @@ func DeleteKey(ctx *context.Context) {
 		}
 	case "ssh":
 		if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) {
-			ctx.NotFound(fmt.Errorf("ssh keys setting is not allowed to be visited"))
+			ctx.NotFound(errors.New("ssh keys setting is not allowed to be visited"))
 			return
 		}

@@ -178,7 +178,7 @@ func verifyAuthWithOptions(options *common.VerifyOptions) func(ctx *context.Cont
 			return
 		}

-		if !options.SignOutRequired && !options.DisableCSRF && ctx.Req.Method == "POST" {
+		if !options.SignOutRequired && !options.DisableCSRF && ctx.Req.Method == http.MethodPost {
 			ctx.Csrf.Validate(ctx)
 			if ctx.Written() {
 				return
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"

 	user_model "code.gitea.io/gitea/models/user"
@@ -85,10 +86,10 @@ func WebfingerQuery(ctx *context.Context) {

 	aliases := []string{
 		u.HTMLURL(),
-		appURL.String() + "api/v1/activitypub/user-id/" + fmt.Sprint(u.ID),
+		appURL.String() + "api/v1/activitypub/user-id/" + strconv.FormatInt(u.ID, 10),
 	}
 	if !u.KeepEmailPrivate {
-		aliases = append(aliases, fmt.Sprintf("mailto:%s", u.Email))
+		aliases = append(aliases, "mailto:"+u.Email)
 	}

 	links := []*webfingerLink{
@@ -104,7 +105,7 @@ func WebfingerQuery(ctx *context.Context) {
 		{
 			Rel:  "self",
 			Type: "application/activity+json",
-			Href: appURL.String() + "api/v1/activitypub/user-id/" + fmt.Sprint(u.ID),
+			Href: appURL.String() + "api/v1/activitypub/user-id/" + strconv.FormatInt(u.ID, 10),
 		},
 		{
 			Rel:  "http://openid.net/specs/connect/1.0/issuer",