Update tool dependencies, lock govulncheck and actionlint (#25655)

- Update all tool dependencies - Lock `govulncheck` and `actionlint` to their latest tags --------- Co-authored-by: 6543 <m.huber@kithara.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-09 13:58:06 +02:00 · 2023-07-09 13:58:06 +02:00 · 887a683af9
parent 115f40e433
commit 887a683af9
26 changed files with 133 additions and 141 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@ -77,16 +77,21 @@ linters-settings:
    extra-rules: true
    lang-version: "1.20"
  depguard:
-    list-type: denylist
-    # Check the list against standard lib.
-    include-go-root: true
-    packages-with-error-message:
-      - encoding/json: "use gitea's modules/json instead of encoding/json"
-      - github.com/unknwon/com: "use gitea's util and replacements"
-      - io/ioutil: "use os or io instead"
-      - golang.org/x/exp: "it's experimental and unreliable."
-      - code.gitea.io/gitea/modules/git/internal: "do not use the internal package, use AddXxx function instead"
-      - gopkg.in/ini.v1: "do not use the ini package, use gitea's config system instead"
+    rules:
+      main:
+        deny:
+          - pkg: encoding/json
+            desc: use gitea's modules/json instead of encoding/json
+          - pkg: github.com/unknwon/com
+            desc: use gitea's util and replacements
+          - pkg: io/ioutil
+            desc: use os or io instead
+          - pkg: golang.org/x/exp
+            desc: it's experimental and unreliable
+          - pkg: code.gitea.io/gitea/modules/git/internal
+            desc: do not use the internal package, use AddXxx function instead
+          - pkg: gopkg.in/ini.v1
+            desc: do not use the ini package, use gitea's config system instead

 issues:
  max-issues-per-linter: 0
--- a/10
+++ b/10
@ -25,17 +25,17 @@ COMMA := ,

 XGO_VERSION := go-1.20.x

-AIR_PACKAGE ?= github.com/cosmtrek/air@v1.43.0
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1.44.0
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.7.0
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.5.0
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.52.2
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.53.3
 GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.4
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0
-GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest
-ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@latest
+GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v0.2.0
+ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1.6.25

 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
--- a/models/activities/notification.go
+++ b/models/activities/notification.go
@ -343,7 +343,7 @@ func getIssueNotification(ctx context.Context, userID, issueID int64) (*Notifica
 // NotificationsForUser returns notifications for a given user and status
 func NotificationsForUser(ctx context.Context, user *user_model.User, statuses []NotificationStatus, page, perPage int) (notifications NotificationList, err error) {
 	if len(statuses) == 0 {
-		return
+		return nil, nil
 	}

 	sess := db.GetEngine(ctx).
@ -372,16 +372,16 @@ func CountUnread(ctx context.Context, userID int64) int64 {
 // LoadAttributes load Repo Issue User and Comment if not loaded
 func (n *Notification) LoadAttributes(ctx context.Context) (err error) {
 	if err = n.loadRepo(ctx); err != nil {
-		return
+		return err
 	}
 	if err = n.loadIssue(ctx); err != nil {
-		return
+		return err
 	}
 	if err = n.loadUser(ctx); err != nil {
-		return
+		return err
 	}
 	if err = n.loadComment(ctx); err != nil {
-		return
+		return err
 	}
 	return err
 }
--- a/models/asymkey/gpg_key_common.go
+++ b/models/asymkey/gpg_key_common.go
@ -111,7 +111,7 @@ func populateHash(hashFunc crypto.Hash, msg []byte) (hash.Hash, error) {
 func readArmoredSign(r io.Reader) (body io.Reader, err error) {
 	block, err := armor.Decode(r)
 	if err != nil {
-		return
+		return nil, err
 	}
 	if block.Type != openpgp.SignatureType {
 		return nil, fmt.Errorf("expected '" + openpgp.SignatureType + "', got: " + block.Type)
--- a/models/issues/comment.go
+++ b/models/issues/comment.go
@ -749,7 +749,7 @@ func (c *Comment) LoadPushCommits(ctx context.Context) (err error) {

 	err = json.Unmarshal([]byte(c.Content), &data)
 	if err != nil {
-		return
+		return err
 	}

 	c.IsForcePush = data.IsForcePush
@ -925,7 +925,7 @@ func createIssueDependencyComment(ctx context.Context, doer *user_model.User, is
 		cType = CommentTypeRemoveDependency
 	}
 	if err = issue.LoadRepo(ctx); err != nil {
-		return
+		return err
 	}

 	// Make two comments, one in each issue
@ -937,7 +937,7 @@ func createIssueDependencyComment(ctx context.Context, doer *user_model.User, is
 		DependentIssueID: dependentIssue.ID,
 	}
 	if _, err = CreateComment(ctx, opts); err != nil {
-		return
+		return err
 	}

 	opts = &CreateCommentOptions{
@ -1170,11 +1170,11 @@ func CreateAutoMergeComment(ctx context.Context, typ CommentType, pr *PullReques
 		return nil, fmt.Errorf("comment type %d cannot be used to create an auto merge comment", typ)
 	}
 	if err = pr.LoadIssue(ctx); err != nil {
-		return
+		return nil, err
 	}

 	if err = pr.LoadBaseRepo(ctx); err != nil {
-		return
+		return nil, err
 	}

 	comment, err = CreateComment(ctx, &CreateCommentOptions{
--- a/models/issues/comment_list.go
+++ b/models/issues/comment_list.go
@ -468,42 +468,38 @@ func (comments CommentList) loadReviews(ctx context.Context) error {
 // loadAttributes loads all attributes
 func (comments CommentList) loadAttributes(ctx context.Context) (err error) {
 	if err = comments.LoadPosters(ctx); err != nil {
-		return
+		return err
 	}

 	if err = comments.loadLabels(ctx); err != nil {
-		return
+		return err
 	}

 	if err = comments.loadMilestones(ctx); err != nil {
-		return
+		return err
 	}

 	if err = comments.loadOldMilestones(ctx); err != nil {
-		return
+		return err
 	}

 	if err = comments.loadAssignees(ctx); err != nil {
-		return
+		return err
 	}

 	if err = comments.LoadAttachments(ctx); err != nil {
-		return
+		return err
 	}

 	if err = comments.loadReviews(ctx); err != nil {
-		return
+		return err
 	}

 	if err = comments.LoadIssues(ctx); err != nil {
-		return
+		return err
 	}

-	if err = comments.loadDependentIssues(ctx); err != nil {
-		return
-	}
-
-	return nil
+	return comments.loadDependentIssues(ctx)
 }

 // LoadAttributes loads attributes of the comments, except for attachments and
--- a/models/issues/issue.go
+++ b/models/issues/issue.go
@ -222,8 +222,7 @@ func (issue *Issue) LoadPoster(ctx context.Context) (err error) {
 			if !user_model.IsErrUserNotExist(err) {
 				return fmt.Errorf("getUserByID.(poster) [%d]: %w", issue.PosterID, err)
 			}
-			err = nil
-			return
+			return nil
 		}
 	}
 	return err
@ -316,27 +315,27 @@ func (issue *Issue) LoadMilestone(ctx context.Context) (err error) {
 // LoadAttributes loads the attribute of this issue.
 func (issue *Issue) LoadAttributes(ctx context.Context) (err error) {
 	if err = issue.LoadRepo(ctx); err != nil {
-		return
+		return err
 	}

 	if err = issue.LoadPoster(ctx); err != nil {
-		return
+		return err
 	}

 	if err = issue.LoadLabels(ctx); err != nil {
-		return
+		return err
 	}

 	if err = issue.LoadMilestone(ctx); err != nil {
-		return
+		return err
 	}

 	if err = issue.LoadProject(ctx); err != nil {
-		return
+		return err
 	}

 	if err = issue.LoadAssignees(ctx); err != nil {
-		return
+		return err
 	}

 	if err = issue.LoadPullRequest(ctx); err != nil && !IsErrPullRequestNotExist(err) {
--- a/models/issues/issue_label.go
+++ b/models/issues/issue_label.go
@ -39,7 +39,7 @@ func newIssueLabel(ctx context.Context, issue *Issue, label *Label, doer *user_m
 	}

 	if err = issue.LoadRepo(ctx); err != nil {
-		return
+		return err
 	}

 	opts := &CreateCommentOptions{
@ -168,7 +168,7 @@ func deleteIssueLabel(ctx context.Context, issue *Issue, label *Label, doer *use
 	}

 	if err = issue.LoadRepo(ctx); err != nil {
-		return
+		return err
 	}

 	opts := &CreateCommentOptions{
--- a/models/issues/issue_update.go
+++ b/models/issues/issue_update.go
@ -538,10 +538,10 @@ func FindAndUpdateIssueMentions(ctx context.Context, issue *Issue, doer *user_mo
 // don't have access to reading it. Teams are expanded into their users, but organizations are ignored.
 func ResolveIssueMentionsByVisibility(ctx context.Context, issue *Issue, doer *user_model.User, mentions []string) (users []*user_model.User, err error) {
 	if len(mentions) == 0 {
-		return
+		return nil, nil
 	}
 	if err = issue.LoadRepo(ctx); err != nil {
-		return
+		return nil, err
 	}

 	resolved := make(map[string]bool, 10)
@ -635,7 +635,7 @@ func ResolveIssueMentionsByVisibility(ctx context.Context, issue *Issue, doer *u
 		}
 	}
 	if len(mentionUsers) == 0 {
-		return
+		return users, err
 	}

 	if users == nil {
@ -702,66 +702,66 @@ func DeleteIssuesByRepoID(ctx context.Context, repoID int64) (attachmentPaths []
 	// Delete content histories
 	if _, err = sess.In("issue_id", deleteCond).
 		Delete(&ContentHistory{}); err != nil {
-		return
+		return nil, err
 	}

 	// Delete comments and attachments
 	if _, err = sess.In("issue_id", deleteCond).
 		Delete(&Comment{}); err != nil {
-		return
+		return nil, err
 	}

 	// Dependencies for issues in this repository
 	if _, err = sess.In("issue_id", deleteCond).
 		Delete(&IssueDependency{}); err != nil {
-		return
+		return nil, err
 	}

 	// Delete dependencies for issues in other repositories
 	if _, err = sess.In("dependency_id", deleteCond).
 		Delete(&IssueDependency{}); err != nil {
-		return
+		return nil, err
 	}

 	if _, err = sess.In("issue_id", deleteCond).
 		Delete(&IssueUser{}); err != nil {
-		return
+		return nil, err
 	}

 	if _, err = sess.In("issue_id", deleteCond).
 		Delete(&Reaction{}); err != nil {
-		return
+		return nil, err
 	}

 	if _, err = sess.In("issue_id", deleteCond).
 		Delete(&IssueWatch{}); err != nil {
-		return
+		return nil, err
 	}

 	if _, err = sess.In("issue_id", deleteCond).
 		Delete(&Stopwatch{}); err != nil {
-		return
+		return nil, err
 	}

 	if _, err = sess.In("issue_id", deleteCond).
 		Delete(&TrackedTime{}); err != nil {
-		return
+		return nil, err
 	}

 	if _, err = sess.In("issue_id", deleteCond).
 		Delete(&project_model.ProjectIssue{}); err != nil {
-		return
+		return nil, err
 	}

 	if _, err = sess.In("dependent_issue_id", deleteCond).
 		Delete(&Comment{}); err != nil {
-		return
+		return nil, err
 	}

 	var attachments []*repo_model.Attachment
 	if err = sess.In("issue_id", deleteCond).
 		Find(&attachments); err != nil {
-		return
+		return nil, err
 	}

 	for j := range attachments {
@ -770,11 +770,11 @@ func DeleteIssuesByRepoID(ctx context.Context, repoID int64) (attachmentPaths []

 	if _, err = sess.In("issue_id", deleteCond).
 		Delete(&repo_model.Attachment{}); err != nil {
-		return
+		return nil, err
 	}

 	if _, err = db.DeleteByBean(ctx, &Issue{RepoID: repoID}); err != nil {
-		return
+		return nil, err
 	}

 	return attachmentPaths, err
--- a/models/issues/review.go
+++ b/models/issues/review.go
@ -136,10 +136,10 @@ func init() {
 // LoadCodeComments loads CodeComments
 func (r *Review) LoadCodeComments(ctx context.Context) (err error) {
 	if r.CodeComments != nil {
-		return
+		return err
 	}
 	if err = r.loadIssue(ctx); err != nil {
-		return
+		return err
 	}
 	r.CodeComments, err = fetchCodeCommentsByReview(ctx, r.Issue, nil, r, false)
 	return err
@ -147,7 +147,7 @@ func (r *Review) LoadCodeComments(ctx context.Context) (err error) {

 func (r *Review) loadIssue(ctx context.Context) (err error) {
 	if r.Issue != nil {
-		return
+		return err
 	}
 	r.Issue, err = GetIssueByID(ctx, r.IssueID)
 	return err
@ -156,7 +156,7 @@ func (r *Review) loadIssue(ctx context.Context) (err error) {
 // LoadReviewer loads reviewer
 func (r *Review) LoadReviewer(ctx context.Context) (err error) {
 	if r.ReviewerID == 0 || r.Reviewer != nil {
-		return
+		return err
 	}
 	r.Reviewer, err = user_model.GetPossibleUserByID(ctx, r.ReviewerID)
 	return err
@ -186,7 +186,7 @@ func LoadReviewers(ctx context.Context, reviews []*Review) (err error) {
 // LoadReviewerTeam loads reviewer team
 func (r *Review) LoadReviewerTeam(ctx context.Context) (err error) {
 	if r.ReviewerTeamID == 0 || r.ReviewerTeam != nil {
-		return
+		return nil
 	}

 	r.ReviewerTeam, err = organization.GetTeamByID(ctx, r.ReviewerTeamID)
@ -196,16 +196,16 @@ func (r *Review) LoadReviewerTeam(ctx context.Context) (err error) {
 // LoadAttributes loads all attributes except CodeComments
 func (r *Review) LoadAttributes(ctx context.Context) (err error) {
 	if err = r.loadIssue(ctx); err != nil {
-		return
+		return err
 	}
 	if err = r.LoadCodeComments(ctx); err != nil {
-		return
+		return err
 	}
 	if err = r.LoadReviewer(ctx); err != nil {
-		return
+		return err
 	}
 	if err = r.LoadReviewerTeam(ctx); err != nil {
-		return
+		return err
 	}
 	return err
 }
--- a/models/issues/tracked_time.go
+++ b/models/issues/tracked_time.go
@ -302,7 +302,7 @@ func DeleteTime(t *TrackedTime) error {
 func deleteTimes(ctx context.Context, opts FindTrackedTimesOptions) (removedTime int64, err error) {
 	removedTime, err = GetTrackedSeconds(ctx, opts)
 	if err != nil || removedTime == 0 {
-		return
+		return removedTime, err
 	}

 	_, err = opts.toSession(db.GetEngine(ctx)).Table("tracked_time").Cols("deleted").Update(&TrackedTime{Deleted: true})
--- a/models/migrations/v1_14/v166.go
+++ b/models/migrations/v1_14/v166.go
@ -78,14 +78,14 @@ func RecalculateUserEmptyPWD(x *xorm.Engine) (err error) {
 	for start := 0; ; start += batchSize {
 		users := make([]*User, 0, batchSize)
 		if err = sess.Limit(batchSize, start).Where(builder.Neq{"passwd": ""}, 0).Find(&users); err != nil {
-			return
+			return err
 		}
 		if len(users) == 0 {
 			break
 		}

 		if err = sess.Begin(); err != nil {
-			return
+			return err
 		}

 		for _, user := range users {
@ -100,7 +100,7 @@ func RecalculateUserEmptyPWD(x *xorm.Engine) (err error) {
 		}

 		if err = sess.Commit(); err != nil {
-			return
+			return err
 		}
 	}

--- a/models/repo.go
+++ b/models/repo.go
@ -628,14 +628,14 @@ func DoctorUserStarNum() (err error) {
 	for start := 0; ; start += batchSize {
 		users := make([]user_model.User, 0, batchSize)
 		if err = db.GetEngine(db.DefaultContext).Limit(batchSize, start).Where("type = ?", 0).Cols("id").Find(&users); err != nil {
-			return
+			return err
 		}
 		if len(users) == 0 {
 			break
 		}

 		if err = updateUserStarNumbers(users); err != nil {
-			return
+			return err
 		}
 	}

--- a/modules/activitypub/client.go
+++ b/modules/activitypub/client.go
@ -63,19 +63,19 @@ type Client struct {
 // NewClient function
 func NewClient(user *user_model.User, pubID string) (c *Client, err error) {
 	if err = containsRequiredHTTPHeaders(http.MethodGet, setting.Federation.GetHeaders); err != nil {
-		return
+		return nil, err
 	} else if err = containsRequiredHTTPHeaders(http.MethodPost, setting.Federation.PostHeaders); err != nil {
-		return
+		return nil, err
 	}

 	priv, err := GetPrivateKey(user)
 	if err != nil {
-		return
+		return nil, err
 	}
 	privPem, _ := pem.Decode([]byte(priv))
 	privParsed, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)
 	if err != nil {
-		return
+		return nil, err
 	}

 	c = &Client{
@ -99,14 +99,14 @@ func (c *Client) NewRequest(b []byte, to string) (req *http.Request, err error)
 	buf := bytes.NewBuffer(b)
 	req, err = http.NewRequest(http.MethodPost, to, buf)
 	if err != nil {
-		return
+		return nil, err
 	}
 	req.Header.Add("Content-Type", ActivityStreamsContentType)
 	req.Header.Add("Date", CurrentTime())
 	req.Header.Add("User-Agent", "Gitea/"+setting.AppVer)
 	signer, _, err := httpsig.NewSigner(c.algs, c.digestAlg, c.postHeaders, httpsig.Signature, httpsigExpirationTime)
 	if err != nil {
-		return
+		return nil, err
 	}
 	err = signer.SignRequest(c.priv, c.pubID, req, b)
 	return req, err
@ -116,7 +116,7 @@ func (c *Client) NewRequest(b []byte, to string) (req *http.Request, err error)
 func (c *Client) Post(b []byte, to string) (resp *http.Response, err error) {
 	var req *http.Request
 	if req, err = c.NewRequest(b, to); err != nil {
-		return
+		return nil, err
 	}
 	resp, err = c.client.Do(req)
 	return resp, err
--- a/modules/activitypub/user_settings.go
+++ b/modules/activitypub/user_settings.go
@ -15,22 +15,22 @@ func GetKeyPair(user *user_model.User) (pub, priv string, err error) {
 	var settings map[string]*user_model.Setting
 	settings, err = user_model.GetSettings(user.ID, []string{user_model.UserActivityPubPrivPem, user_model.UserActivityPubPubPem})
 	if err != nil {
-		return
+		return pub, priv, err
 	} else if len(settings) == 0 {
 		if priv, pub, err = util.GenerateKeyPair(rsaBits); err != nil {
-			return
+			return pub, priv, err
 		}
 		if err = user_model.SetUserSetting(user.ID, user_model.UserActivityPubPrivPem, priv); err != nil {
-			return
+			return pub, priv, err
 		}
 		if err = user_model.SetUserSetting(user.ID, user_model.UserActivityPubPubPem, pub); err != nil {
-			return
+			return pub, priv, err
 		}
-		return
+		return pub, priv, err
 	} else {
 		priv = settings[user_model.UserActivityPubPrivPem].SettingValue
 		pub = settings[user_model.UserActivityPubPubPem].SettingValue
-		return
+		return pub, priv, err
 	}
 }

--- a/modules/context/api.go
+++ b/modules/context/api.go
@ -294,7 +294,7 @@ func ReferencesGitRepo(allowEmpty ...bool) func(ctx *APIContext) (cancel context
 	return func(ctx *APIContext) (cancel context.CancelFunc) {
 		// Empty repository does not have reference information.
 		if ctx.Repo.Repository.IsEmpty && !(len(allowEmpty) != 0 && allowEmpty[0]) {
-			return
+			return nil
 		}

 		// For API calls.
@ -303,7 +303,7 @@ func ReferencesGitRepo(allowEmpty ...bool) func(ctx *APIContext) (cancel context
 			gitRepo, err := git.OpenRepository(ctx, repoPath)
 			if err != nil {
 				ctx.Error(http.StatusInternalServerError, "RepoRef Invalid repo "+repoPath, err)
-				return
+				return cancel
 			}
 			ctx.Repo.GitRepo = gitRepo
 			// We opened it, we should close it
--- a/modules/git/batch_reader.go
+++ b/modules/git/batch_reader.go
@ -148,27 +148,25 @@ func CatFileBatch(ctx context.Context, repoPath string) (WriteCloserError, *bufi
 func ReadBatchLine(rd *bufio.Reader) (sha []byte, typ string, size int64, err error) {
 	typ, err = rd.ReadString('\n')
 	if err != nil {
-		return
+		return sha, typ, size, err
 	}
 	if len(typ) == 1 {
 		typ, err = rd.ReadString('\n')
 		if err != nil {
-			return
+			return sha, typ, size, err
 		}
 	}
 	idx := strings.IndexByte(typ, ' ')
 	if idx < 0 {
 		log.Debug("missing space typ: %s", typ)
-		err = ErrNotExist{ID: string(sha)}
-		return
+		return sha, typ, size, ErrNotExist{ID: string(sha)}
 	}
 	sha = []byte(typ[:idx])
 	typ = typ[idx+1:]

 	idx = strings.IndexByte(typ, ' ')
 	if idx < 0 {
-		err = ErrNotExist{ID: string(sha)}
-		return
+		return sha, typ, size, ErrNotExist{ID: string(sha)}
 	}

 	sizeStr := typ[idx+1 : len(typ)-1]
@ -285,14 +283,12 @@ func ParseTreeLine(rd *bufio.Reader, modeBuf, fnameBuf, shaBuf []byte) (mode, fn
 	// Read the Mode & fname
 	readBytes, err = rd.ReadSlice('\x00')
 	if err != nil {
-		return
+		return mode, fname, sha, n, err
 	}
 	idx := bytes.IndexByte(readBytes, ' ')
 	if idx < 0 {
 		log.Debug("missing space in readBytes ParseTreeLine: %s", readBytes)
-
-		err = &ErrNotExist{}
-		return
+		return mode, fname, sha, n, &ErrNotExist{}
 	}

 	n += idx + 1
@ -319,7 +315,7 @@ func ParseTreeLine(rd *bufio.Reader, modeBuf, fnameBuf, shaBuf []byte) (mode, fn
 	}
 	n += len(fnameBuf)
 	if err != nil {
-		return
+		return mode, fname, sha, n, err
 	}
 	fnameBuf = fnameBuf[:len(fnameBuf)-1]
 	fname = fnameBuf
@ -331,7 +327,7 @@ func ParseTreeLine(rd *bufio.Reader, modeBuf, fnameBuf, shaBuf []byte) (mode, fn
 		read, err = rd.Read(shaBuf[idx:20])
 		n += read
 		if err != nil {
-			return
+			return mode, fname, sha, n, err
 		}
 		idx += read
 	}
--- a/modules/git/commit.go
+++ b/modules/git/commit.go
@ -435,7 +435,7 @@ func (c *Commit) GetBranchName() (string, error) {
 // LoadBranchName load branch name for commit
 func (c *Commit) LoadBranchName() (err error) {
 	if len(c.Branch) != 0 {
-		return
+		return nil
 	}

 	c.Branch, err = c.GetBranchName()
--- a/modules/git/git.go
+++ b/modules/git/git.go
@ -171,7 +171,7 @@ func InitFull(ctx context.Context) (err error) {
 	}

 	if err = InitSimple(ctx); err != nil {
-		return
+		return err
 	}

 	// when git works with gnupg (commit signing), there should be a stable home for gnupg commands
--- a/modules/git/repo_base_nogogit.go
+++ b/modules/git/repo_base_nogogit.go
@ -87,7 +87,7 @@ func (repo *Repository) CatFileBatchCheck(ctx context.Context) (WriteCloserError
 // Close this repository, in particular close the underlying gogitStorage if this is not nil
 func (repo *Repository) Close() (err error) {
 	if repo == nil {
-		return
+		return nil
 	}
 	if repo.batchCancel != nil {
 		repo.batchCancel()
--- a/modules/git/repo_index.go
+++ b/modules/git/repo_index.go
@ -48,7 +48,7 @@ func (repo *Repository) readTreeToIndex(id SHA1, indexFilename ...string) error
 func (repo *Repository) ReadTreeToTemporaryIndex(treeish string) (filename, tmpDir string, cancel context.CancelFunc, err error) {
 	tmpDir, err = os.MkdirTemp("", "index")
 	if err != nil {
-		return
+		return filename, tmpDir, cancel, err
 	}

 	filename = filepath.Join(tmpDir, ".tmp-index")
--- a/modules/git/signature_nogogit.go
+++ b/modules/git/signature_nogogit.go
@ -43,12 +43,13 @@ func (s *Signature) Decode(b []byte) {
 //
 // but without the "author " at the beginning (this method should)
 // be used for author and committer.
+// FIXME: there are a lot of "return sig, err" (but the err is also nil), that's the old behavior, to avoid breaking
 func newSignatureFromCommitline(line []byte) (sig *Signature, err error) {
 	sig = new(Signature)
 	emailStart := bytes.LastIndexByte(line, '<')
 	emailEnd := bytes.LastIndexByte(line, '>')
 	if emailStart == -1 || emailEnd == -1 || emailEnd < emailStart {
-		return
+		return sig, err
 	}

 	if emailStart > 0 { // Empty name has already occurred, even if it shouldn't
@ -58,7 +59,7 @@ func newSignatureFromCommitline(line []byte) (sig *Signature, err error) {

 	hasTime := emailEnd+2 < len(line)
 	if !hasTime {
-		return
+		return sig, err
 	}

 	// Check date format.
@ -66,7 +67,7 @@ func newSignatureFromCommitline(line []byte) (sig *Signature, err error) {
 	if firstChar >= 48 && firstChar <= 57 {
 		idx := bytes.IndexByte(line[emailEnd+2:], ' ')
 		if idx < 0 {
-			return
+			return sig, err
 		}

 		timestring := string(line[emailEnd+2 : emailEnd+2+idx])
@ -75,14 +76,14 @@ func newSignatureFromCommitline(line []byte) (sig *Signature, err error) {

 		idx += emailEnd + 3
 		if idx >= len(line) || idx+5 > len(line) {
-			return
+			return sig, err
 		}

 		timezone := string(line[idx : idx+5])
 		tzhours, err1 := strconv.ParseInt(timezone[0:3], 10, 64)
 		tzmins, err2 := strconv.ParseInt(timezone[3:], 10, 64)
 		if err1 != nil || err2 != nil {
-			return
+			return sig, err
 		}
 		if tzhours < 0 {
 			tzmins *= -1
@ -92,7 +93,7 @@ func newSignatureFromCommitline(line []byte) (sig *Signature, err error) {
 	} else {
 		sig.When, err = time.Parse(GitTimeLayout, string(line[emailEnd+2:]))
 		if err != nil {
-			return
+			return sig, err
 		}
 	}
 	return sig, err
--- a/modules/nosql/manager.go
+++ b/modules/nosql/manager.go
@ -71,7 +71,7 @@ func valToTimeDuration(vs []string) (result time.Duration) {
 			result = time.Duration(val)
 		}
 		if err == nil {
-			return
+			return result
 		}
 	}
 	return result
--- a/modules/queue/workerqueue.go
+++ b/modules/queue/workerqueue.go
@ -93,7 +93,7 @@ func (q *WorkerPoolQueue[T]) GetQueueItemNumber() int {

 func (q *WorkerPoolQueue[T]) FlushWithContext(ctx context.Context, timeout time.Duration) (err error) {
 	if q.isBaseQueueDummy() {
-		return
+		return nil
 	}

 	log.Debug("Try to flush queue %q with timeout %v", q.GetName(), timeout)
--- a/routers/api/v1/activitypub/reqsignature.go
+++ b/routers/api/v1/activitypub/reqsignature.go
@ -25,19 +25,16 @@ func getPublicKeyFromResponse(b []byte, keyID *url.URL) (p crypto.PublicKey, err
 	person := ap.PersonNew(ap.IRI(keyID.String()))
 	err = person.UnmarshalJSON(b)
 	if err != nil {
-		err = fmt.Errorf("ActivityStreams type cannot be converted to one known to have publicKey property: %w", err)
-		return
+		return nil, fmt.Errorf("ActivityStreams type cannot be converted to one known to have publicKey property: %w", err)
 	}
 	pubKey := person.PublicKey
 	if pubKey.ID.String() != keyID.String() {
-		err = fmt.Errorf("cannot find publicKey with id: %s in %s", keyID, string(b))
-		return
+		return nil, fmt.Errorf("cannot find publicKey with id: %s in %s", keyID, string(b))
 	}
 	pubKeyPem := pubKey.PublicKeyPem
 	block, _ := pem.Decode([]byte(pubKeyPem))
 	if block == nil || block.Type != "PUBLIC KEY" {
-		err = fmt.Errorf("could not decode publicKeyPem to PUBLIC KEY pem block type")
-		return
+		return nil, fmt.Errorf("could not decode publicKeyPem to PUBLIC KEY pem block type")
 	}
 	p, err = x509.ParsePKIXPublicKey(block.Bytes)
 	return p, err
@ -49,13 +46,12 @@ func fetch(iri *url.URL) (b []byte, err error) {
 	req.Header("User-Agent", "Gitea/"+setting.AppVer)
 	resp, err := req.Response()
 	if err != nil {
-		return
+		return nil, err
 	}
 	defer resp.Body.Close()

 	if resp.StatusCode != http.StatusOK {
-		err = fmt.Errorf("url IRI fetch [%s] failed with status (%d): %s", iri, resp.StatusCode, resp.Status)
-		return
+		return nil, fmt.Errorf("url IRI fetch [%s] failed with status (%d): %s", iri, resp.StatusCode, resp.Status)
 	}
 	b, err = io.ReadAll(io.LimitReader(resp.Body, setting.Federation.MaxSize))
 	return b, err
@ -67,21 +63,21 @@ func verifyHTTPSignatures(ctx *gitea_context.APIContext) (authenticated bool, er
 	// 1. Figure out what key we need to verify
 	v, err := httpsig.NewVerifier(r)
 	if err != nil {
-		return
+		return false, err
 	}
 	ID := v.KeyId()
 	idIRI, err := url.Parse(ID)
 	if err != nil {
-		return
+		return false, err
 	}
 	// 2. Fetch the public key of the other actor
 	b, err := fetch(idIRI)
 	if err != nil {
-		return
+		return false, err
 	}
 	pubKey, err := getPublicKeyFromResponse(b, idIRI)
 	if err != nil {
-		return
+		return false, err
 	}
 	// 3. Verify the other actor's key
 	algo := httpsig.Algorithm(setting.Federation.Algorithms[0])
--- a/services/task/migrate.go
+++ b/services/task/migrate.go
@ -71,7 +71,7 @@ func runMigrateTask(t *admin_model.Task) (err error) {
 	}()

 	if err = t.LoadRepo(); err != nil {
-		return
+		return err
 	}

 	// if repository is ready, then just finish the task
@ -80,16 +80,16 @@ func runMigrateTask(t *admin_model.Task) (err error) {
 	}

 	if err = t.LoadDoer(); err != nil {
-		return
+		return err
 	}
 	if err = t.LoadOwner(); err != nil {
-		return
+		return err
 	}

 	var opts *migration.MigrateOptions
 	opts, err = t.MigrateConfig()
 	if err != nil {
-		return
+		return err
 	}

 	opts.MigrateToRepoID = t.RepoID
@ -101,7 +101,7 @@ func runMigrateTask(t *admin_model.Task) (err error) {
 	t.StartTime = timeutil.TimeStampNow()
 	t.Status = structs.TaskStatusRunning
 	if err = t.UpdateCols("start_time", "status"); err != nil {
-		return
+		return err
 	}

 	// check whether the task should be canceled, this goroutine is also managed by process manager
@ -133,12 +133,11 @@ func runMigrateTask(t *admin_model.Task) (err error) {

 	if err == nil {
 		log.Trace("Repository migrated [%d]: %s/%s", t.Repo.ID, t.Owner.Name, t.Repo.Name)
-		return
+		return nil
 	}

 	if repo_model.IsErrRepoAlreadyExist(err) {
-		err = errors.New("the repository name is already used")
-		return
+		return errors.New("the repository name is already used")
 	}

 	// remoteAddr may contain credentials, so we sanitize it