Enable addtional linters (#34085)

enable mirror, usestdlibbars and perfsprint part of: https://github.com/go-gitea/gitea/issues/34083 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-12 10:48:46 +03:00 · 2025-04-01 12:14:01 +02:00
parent 56e42be36d
commit ee3c82f874
294 changed files with 848 additions and 805 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@ -13,14 +13,17 @@ linters:
    - gocritic
    - govet
    - ineffassign
    - mirror
    - nakedret
    - nolintlint
    - perfsprint
    - revive
    - staticcheck
    - testifylint
    - unconvert
    - unparam
    - unused
    - usestdlibvars
    - usetesting
    - wastedassign
  settings:
--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -5,7 +5,6 @@
 package cmd
 import (
 	"fmt"
 	"os"
 	"path"
 	"path/filepath"
@ -93,7 +92,7 @@ var CmdDump = &cli.Command{
 		},
 		&cli.StringFlag{
 			Name:  "type",
-			Usage: fmt.Sprintf(`Dump output format, default to "zip", supported types: %s`, strings.Join(dump.SupportedOutputTypes, ", ")),
+			Usage: `Dump output format, default to "zip", supported types: ` + strings.Join(dump.SupportedOutputTypes, ", "),
 		},
 	},
 }
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@ -4,6 +4,7 @@
 package cmd
 import (
 	"errors"
 	"fmt"
 	"io"
 	"path/filepath"
@ -127,7 +128,7 @@ func TestCliCmd(t *testing.T) {
 }
 func TestCliCmdError(t *testing.T) {
-	app := newTestApp(func(ctx *cli.Context) error { return fmt.Errorf("normal error") })
+	app := newTestApp(func(ctx *cli.Context) error { return errors.New("normal error") })
 	r, err := runTestApp(app, "./gitea", "test-cmd")
 	assert.Error(t, err)
 	assert.Equal(t, 1, r.ExitCode)
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -173,7 +173,7 @@ func getLFSAuthToken(ctx context.Context, lfsVerb string, results *private.ServC
 	if err != nil {
 		return "", fail(ctx, "Failed to sign JWT Token", "Failed to sign JWT token: %v", err)
 	}
-	return fmt.Sprintf("Bearer %s", tokenString), nil
+	return "Bearer " + tokenString, nil
 }
 func runServ(c *cli.Context) error {
@ -372,9 +372,9 @@ func runServ(c *cli.Context) error {
 		repo_module.EnvPusherEmail+"="+results.UserEmail,
 		repo_module.EnvPusherID+"="+strconv.FormatInt(results.UserID, 10),
 		repo_module.EnvRepoID+"="+strconv.FormatInt(results.RepoID, 10),
-		repo_module.EnvPRID+"="+fmt.Sprintf("%d", 0),
+		repo_module.EnvPRID+"="+strconv.Itoa(0),
-		repo_module.EnvDeployKeyID+"="+fmt.Sprintf("%d", results.DeployKeyID),
+		repo_module.EnvDeployKeyID+"="+strconv.FormatInt(results.DeployKeyID, 10),
-		repo_module.EnvKeyID+"="+fmt.Sprintf("%d", results.KeyID),
+		repo_module.EnvKeyID+"="+strconv.FormatInt(results.KeyID, 10),
 		repo_module.EnvAppURL+"="+setting.AppURL,
 	)
 	// to avoid breaking, here only use the minimal environment variables for the "gitea serv" command.
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@ -136,7 +136,7 @@ func runACME(listenAddr string, m http.Handler) error {
 }
 func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "GET" && r.Method != "HEAD" {
+	if r.Method != http.MethodGet && r.Method != http.MethodHead {
 		http.Error(w, "Use HTTPS", http.StatusBadRequest)
 		return
 	}
--- a/contrib/backport/backport.go
+++ b/contrib/backport/backport.go
@ -6,6 +6,7 @@ package main
 import (
 	"context"
 	"errors"
 	"fmt"
 	"log"
 	"net/http"
@ -158,7 +159,7 @@ func runBackport(c *cli.Context) error {
 	args := c.Args().Slice()
 	if len(args) == 0 && pr == "" {
-		return fmt.Errorf("no PR number provided\nProvide a PR number to backport")
+		return errors.New("no PR number provided\nProvide a PR number to backport")
 	} else if len(args) != 1 && pr == "" {
 		return fmt.Errorf("multiple PRs provided %v\nOnly a single PR can be backported at a time", args)
 	}
--- a/models/actions/run.go
+++ b/models/actions/run.go
@ -5,6 +5,7 @@ package actions
 import (
 	"context"
 	"errors"
 	"fmt"
 	"slices"
 	"strings"
@ -245,7 +246,7 @@ func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID strin
 				// If the update affected 0 rows, it means the job has changed in the meantime, so we need to try again.
 				if n == 0 {
-					return cancelledJobs, fmt.Errorf("job has changed, try again")
+					return cancelledJobs, errors.New("job has changed, try again")
 				}
 				cancelledJobs = append(cancelledJobs, job)
@ -412,7 +413,7 @@ func UpdateRun(ctx context.Context, run *ActionRun, cols ...string) error {
 		return err
 	}
 	if affected == 0 {
-		return fmt.Errorf("run has changed")
+		return errors.New("run has changed")
 		// It's impossible that the run is not found, since Gitea never deletes runs.
 	}
--- a/models/actions/task.go
+++ b/models/actions/task.go
@ -6,6 +6,7 @@ package actions
 import (
 	"context"
 	"crypto/subtle"
 	"errors"
 	"fmt"
 	"time"
@ -361,7 +362,7 @@ func UpdateTaskByState(ctx context.Context, runnerID int64, state *runnerv1.Task
 	} else if !has {
 		return nil, util.ErrNotExist
 	} else if runnerID != task.RunnerID {
-		return nil, fmt.Errorf("invalid runner for task")
+		return nil, errors.New("invalid runner for task")
 	}
 	if task.Status.IsDone() {
--- a/models/activities/action_list.go
+++ b/models/activities/action_list.go
@ -5,6 +5,7 @@ package activities
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strconv"
@ -205,7 +206,7 @@ func (actions ActionList) LoadIssues(ctx context.Context) error {
 // GetFeeds returns actions according to the provided options
 func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, error) {
 	if opts.RequestedUser == nil && opts.RequestedTeam == nil && opts.RequestedRepo == nil {
-		return nil, 0, fmt.Errorf("need at least one of these filters: RequestedUser, RequestedTeam, RequestedRepo")
+		return nil, 0, errors.New("need at least one of these filters: RequestedUser, RequestedTeam, RequestedRepo")
 	}
 	var err error
--- a/models/asymkey/error.go
+++ b/models/asymkey/error.go
@ -132,7 +132,7 @@ func IsErrGPGKeyParsing(err error) bool {
 }
 func (err ErrGPGKeyParsing) Error() string {
-	return fmt.Sprintf("failed to parse gpg key %s", err.ParseError.Error())
+	return "failed to parse gpg key " + err.ParseError.Error()
 }
 // ErrGPGKeyNotExist represents a "GPGKeyNotExist" kind of error.
--- a/models/asymkey/gpg_key.go
+++ b/models/asymkey/gpg_key.go
@ -5,6 +5,7 @@ package asymkey
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strings"
 	"time"
@ -207,7 +208,7 @@ func parseGPGKey(ctx context.Context, ownerID int64, e *openpgp.Entity, verified
 // deleteGPGKey does the actual key deletion
 func deleteGPGKey(ctx context.Context, keyID string) (int64, error) {
 	if keyID == "" {
-		return 0, fmt.Errorf("empty KeyId forbidden") // Should never happen but just to be sure
+		return 0, errors.New("empty KeyId forbidden") // Should never happen but just to be sure
 	}
 	// Delete imported key
 	n, err := db.GetEngine(ctx).Where("key_id=?", keyID).Delete(new(GPGKeyImport))
--- a/models/asymkey/gpg_key_commit_verification.go
+++ b/models/asymkey/gpg_key_commit_verification.go
@ -4,6 +4,7 @@
 package asymkey
 import (
 	"errors"
 	"fmt"
 	"hash"
@ -68,7 +69,7 @@ const (
 func verifySign(s *packet.Signature, h hash.Hash, k *GPGKey) error {
 	// Check if key can sign
 	if !k.CanSign {
-		return fmt.Errorf("key can not sign")
+		return errors.New("key can not sign")
 	}
 	// Decode key
 	pkey, err := base64DecPubKey(k.Content)
--- a/models/asymkey/gpg_key_common.go
+++ b/models/asymkey/gpg_key_common.go
@ -7,6 +7,7 @@ import (
 	"bytes"
 	"crypto"
 	"encoding/base64"
 	"errors"
 	"fmt"
 	"hash"
 	"io"
@ -75,7 +76,7 @@ func base64DecPubKey(content string) (*packet.PublicKey, error) {
 	// Check type
 	pkey, ok := p.(*packet.PublicKey)
 	if !ok {
-		return nil, fmt.Errorf("key is not a public key")
+		return nil, errors.New("key is not a public key")
 	}
 	return pkey, nil
 }
@ -122,15 +123,15 @@ func readArmoredSign(r io.Reader) (body io.Reader, err error) {
 func ExtractSignature(s string) (*packet.Signature, error) {
 	r, err := readArmoredSign(strings.NewReader(s))
 	if err != nil {
-		return nil, fmt.Errorf("Failed to read signature armor")
+		return nil, errors.New("Failed to read signature armor")
 	}
 	p, err := packet.Read(r)
 	if err != nil {
-		return nil, fmt.Errorf("Failed to read signature packet")
+		return nil, errors.New("Failed to read signature packet")
 	}
 	sig, ok := p.(*packet.Signature)
 	if !ok {
-		return nil, fmt.Errorf("Packet is not a signature")
+		return nil, errors.New("Packet is not a signature")
 	}
 	return sig, nil
 }
--- a/models/asymkey/ssh_key_commit_verification.go
+++ b/models/asymkey/ssh_key_commit_verification.go
@ -4,7 +4,6 @@
 package asymkey
 import (
 	"bytes"
 	"context"
 	"fmt"
 	"strings"
@ -65,7 +64,7 @@ func ParseCommitWithSSHSignature(ctx context.Context, c *git.Commit, committer *
 }
 func verifySSHCommitVerification(sig, payload string, k *PublicKey, committer, signer *user_model.User, email string) *CommitVerification {
-	if err := sshsig.Verify(bytes.NewBuffer([]byte(payload)), []byte(sig), []byte(k.Content), "git"); err != nil {
+	if err := sshsig.Verify(strings.NewReader(payload), []byte(sig), []byte(k.Content), "git"); err != nil {
 		return nil
 	}
--- a/models/asymkey/ssh_key_parse.go
+++ b/models/asymkey/ssh_key_parse.go
@ -10,6 +10,7 @@ import (
 	"encoding/base64"
 	"encoding/binary"
 	"encoding/pem"
 	"errors"
 	"fmt"
 	"math/big"
 	"os"
@ -93,7 +94,7 @@ func parseKeyString(content string) (string, error) {
 			block, _ := pem.Decode([]byte(content))
 			if block == nil {
-				return "", fmt.Errorf("failed to parse PEM block containing the public key")
+				return "", errors.New("failed to parse PEM block containing the public key")
 			}
 			if strings.Contains(block.Type, "PRIVATE") {
 				return "", ErrKeyIsPrivate
--- a/models/asymkey/ssh_key_verify.go
+++ b/models/asymkey/ssh_key_verify.go
@ -4,8 +4,8 @@
 package asymkey
 import (
 	"bytes"
 	"context"
 	"strings"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/log"
@ -30,11 +30,11 @@ func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signat
 		return "", ErrKeyNotExist{}
 	}
-	err = sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea")
+	err = sshsig.Verify(strings.NewReader(token), []byte(signature), []byte(key.Content), "gitea")
 	if err != nil {
 		// edge case for Windows based shells that will add CR LF if piped to ssh-keygen command
 		// see https://github.com/PowerShell/PowerShell/issues/5974
-		if sshsig.Verify(bytes.NewBuffer([]byte(token+"\r\n")), []byte(signature), []byte(key.Content), "gitea") != nil {
+		if sshsig.Verify(strings.NewReader(token+"\r\n"), []byte(signature), []byte(key.Content), "gitea") != nil {
 			log.Error("Unable to validate token signature. Error: %v", err)
 			return "", ErrSSHInvalidTokenSignature{
 				Fingerprint: key.Fingerprint,
--- a/models/auth/access_token_scope_test.go
+++ b/models/auth/access_token_scope_test.go
@ -28,11 +28,11 @@ func TestAccessTokenScope_Normalize(t *testing.T) {
 	for _, scope := range GetAccessTokenCategories() {
 		tests = append(tests,
-			scopeTestNormalize{AccessTokenScope(fmt.Sprintf("read:%s", scope)), AccessTokenScope(fmt.Sprintf("read:%s", scope)), nil},
+			scopeTestNormalize{AccessTokenScope("read:" + scope), AccessTokenScope("read:" + scope), nil},
-			scopeTestNormalize{AccessTokenScope(fmt.Sprintf("write:%s", scope)), AccessTokenScope(fmt.Sprintf("write:%s", scope)), nil},
+			scopeTestNormalize{AccessTokenScope("write:" + scope), AccessTokenScope("write:" + scope), nil},
-			scopeTestNormalize{AccessTokenScope(fmt.Sprintf("write:%[1]s,read:%[1]s", scope)), AccessTokenScope(fmt.Sprintf("write:%s", scope)), nil},
+			scopeTestNormalize{AccessTokenScope(fmt.Sprintf("write:%[1]s,read:%[1]s", scope)), AccessTokenScope("write:" + scope), nil},
-			scopeTestNormalize{AccessTokenScope(fmt.Sprintf("read:%[1]s,write:%[1]s", scope)), AccessTokenScope(fmt.Sprintf("write:%s", scope)), nil},
+			scopeTestNormalize{AccessTokenScope(fmt.Sprintf("read:%[1]s,write:%[1]s", scope)), AccessTokenScope("write:" + scope), nil},
-			scopeTestNormalize{AccessTokenScope(fmt.Sprintf("read:%[1]s,write:%[1]s,write:%[1]s", scope)), AccessTokenScope(fmt.Sprintf("write:%s", scope)), nil},
+			scopeTestNormalize{AccessTokenScope(fmt.Sprintf("read:%[1]s,write:%[1]s,write:%[1]s", scope)), AccessTokenScope("write:" + scope), nil},
 		)
 	}
@ -63,20 +63,20 @@ func TestAccessTokenScope_HasScope(t *testing.T) {
 	for _, scope := range GetAccessTokenCategories() {
 		tests = append(tests,
 			scopeTestHasScope{
-				AccessTokenScope(fmt.Sprintf("read:%s", scope)),
+				AccessTokenScope("read:" + scope),
-				AccessTokenScope(fmt.Sprintf("read:%s", scope)), true, nil,
+				AccessTokenScope("read:" + scope), true, nil,
 			},
 			scopeTestHasScope{
-				AccessTokenScope(fmt.Sprintf("write:%s", scope)),
+				AccessTokenScope("write:" + scope),
-				AccessTokenScope(fmt.Sprintf("write:%s", scope)), true, nil,
+				AccessTokenScope("write:" + scope), true, nil,
 			},
 			scopeTestHasScope{
-				AccessTokenScope(fmt.Sprintf("write:%s", scope)),
+				AccessTokenScope("write:" + scope),
-				AccessTokenScope(fmt.Sprintf("read:%s", scope)), true, nil,
+				AccessTokenScope("read:" + scope), true, nil,
 			},
 			scopeTestHasScope{
-				AccessTokenScope(fmt.Sprintf("read:%s", scope)),
+				AccessTokenScope("read:" + scope),
-				AccessTokenScope(fmt.Sprintf("write:%s", scope)), false, nil,
+				AccessTokenScope("write:" + scope), false, nil,
 			},
 		)
 	}
--- a/models/db/engine.go
+++ b/models/db/engine.go
@ -127,7 +127,7 @@ func IsTableNotEmpty(beanOrTableName any) (bool, error) {
 // DeleteAllRecords will delete all the records of this table
 func DeleteAllRecords(tableName string) error {
-	_, err := xormEngine.Exec(fmt.Sprintf("DELETE FROM %s", tableName))
+	_, err := xormEngine.Exec("DELETE FROM " + tableName)
 	return err
 }
--- a/models/db/error.go
+++ b/models/db/error.go
@ -65,7 +65,7 @@ func (err ErrNotExist) Error() string {
 	if err.ID != 0 {
 		return fmt.Sprintf("%s does not exist [id: %d]", name, err.ID)
 	}
-	return fmt.Sprintf("%s does not exist", name)
+	return name + " does not exist"
 }
 // Unwrap unwraps this as a ErrNotExist err
--- a/models/git/commit_status.go
+++ b/models/git/commit_status.go
@ -222,7 +222,7 @@ func (status *CommitStatus) HideActionsURL(ctx context.Context) {
 		}
 	}
-	prefix := fmt.Sprintf("%s/actions", status.Repo.Link())
+	prefix := status.Repo.Link() + "/actions"
 	if strings.HasPrefix(status.TargetURL, prefix) {
 		status.TargetURL = ""
 	}
--- a/models/issues/issue.go
+++ b/models/issues/issue.go
@ -10,6 +10,7 @@ import (
 	"html/template"
 	"regexp"
 	"slices"
 	"strconv"
 	"code.gitea.io/gitea/models/db"
 	project_model "code.gitea.io/gitea/models/project"
@ -815,7 +816,7 @@ func ChangeIssueTimeEstimate(ctx context.Context, issue *Issue, doer *user_model
 			Doer:    doer,
 			Repo:    issue.Repo,
 			Issue:   issue,
-			Content: fmt.Sprintf("%d", timeEstimate),
+			Content: strconv.FormatInt(timeEstimate, 10),
 		}
 		if _, err := CreateComment(ctx, opts); err != nil {
 			return fmt.Errorf("createComment: %w", err)
--- a/models/issues/issue_update.go
+++ b/models/issues/issue_update.go
@ -5,6 +5,7 @@ package issues
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strings"
@ -386,10 +387,10 @@ func NewIssueWithIndex(ctx context.Context, doer *user_model.User, opts NewIssue
 	}
 	if opts.Issue.Index <= 0 {
-		return fmt.Errorf("no issue index provided")
+		return errors.New("no issue index provided")
 	}
 	if opts.Issue.ID > 0 {
-		return fmt.Errorf("issue exist")
+		return errors.New("issue exist")
 	}
 	if _, err := e.Insert(opts.Issue); err != nil {
--- a/models/issues/pull.go
+++ b/models/issues/pull.go
@ -6,6 +6,7 @@ package issues
 import (
 	"context"
 	"errors"
 	"fmt"
 	"io"
 	"regexp"
@ -732,7 +733,7 @@ func (pr *PullRequest) GetWorkInProgressPrefix(ctx context.Context) string {
 // UpdateCommitDivergence update Divergence of a pull request
 func (pr *PullRequest) UpdateCommitDivergence(ctx context.Context, ahead, behind int) error {
 	if pr.ID == 0 {
-		return fmt.Errorf("pull ID is 0")
+		return errors.New("pull ID is 0")
 	}
 	pr.CommitsAhead = ahead
 	pr.CommitsBehind = behind
@ -925,7 +926,7 @@ func ParseCodeOwnersLine(ctx context.Context, tokens []string) (*CodeOwnerRule,
 		if strings.Contains(user, "/") {
 			s := strings.Split(user, "/")
 			if len(s) != 2 {
-				warnings = append(warnings, fmt.Sprintf("incorrect codeowner group: %s", user))
+				warnings = append(warnings, "incorrect codeowner group: "+user)
 				continue
 			}
 			orgName := s[0]
@ -933,12 +934,12 @@ func ParseCodeOwnersLine(ctx context.Context, tokens []string) (*CodeOwnerRule,
 			org, err := org_model.GetOrgByName(ctx, orgName)
 			if err != nil {
-				warnings = append(warnings, fmt.Sprintf("incorrect codeowner organization: %s", user))
+				warnings = append(warnings, "incorrect codeowner organization: "+user)
 				continue
 			}
 			teams, err := org.LoadTeams(ctx)
 			if err != nil {
-				warnings = append(warnings, fmt.Sprintf("incorrect codeowner team: %s", user))
+				warnings = append(warnings, "incorrect codeowner team: "+user)
 				continue
 			}
@ -950,7 +951,7 @@ func ParseCodeOwnersLine(ctx context.Context, tokens []string) (*CodeOwnerRule,
 		} else {
 			u, err := user_model.GetUserByName(ctx, user)
 			if err != nil {
-				warnings = append(warnings, fmt.Sprintf("incorrect codeowner user: %s", user))
+				warnings = append(warnings, "incorrect codeowner user: "+user)
 				continue
 			}
 			rule.Users = append(rule.Users, u)
--- a/models/issues/review.go
+++ b/models/issues/review.go
@ -5,6 +5,7 @@ package issues
 import (
 	"context"
 	"errors"
 	"fmt"
 	"slices"
 	"strings"
@ -374,7 +375,7 @@ func CreateReview(ctx context.Context, opts CreateReviewOptions) (*Review, error
 		review.Type = ReviewTypeRequest
 		review.ReviewerTeamID = opts.ReviewerTeam.ID
 	} else {
-		return nil, fmt.Errorf("provide either reviewer or reviewer team")
+		return nil, errors.New("provide either reviewer or reviewer team")
 	}
 	if _, err := sess.Insert(review); err != nil {
@ -933,7 +934,7 @@ func MarkConversation(ctx context.Context, comment *Comment, doer *user_model.Us
 // the PR writer , official reviewer and poster can do it
 func CanMarkConversation(ctx context.Context, issue *Issue, doer *user_model.User) (permResult bool, err error) {
 	if doer == nil || issue == nil {
-		return false, fmt.Errorf("issue or doer is nil")
+		return false, errors.New("issue or doer is nil")
 	}
 	if err = issue.LoadRepo(ctx); err != nil {
@ -972,11 +973,11 @@ func DeleteReview(ctx context.Context, r *Review) error {
 	defer committer.Close()
 	if r.ID == 0 {
-		return fmt.Errorf("review is not allowed to be 0")
+		return errors.New("review is not allowed to be 0")
 	}
 	if r.Type == ReviewTypeRequest {
-		return fmt.Errorf("review request can not be deleted using this method")
+		return errors.New("review request can not be deleted using this method")
 	}
 	opts := FindCommentsOptions{
--- a/models/migrations/base/db.go
+++ b/models/migrations/base/db.go
@ -52,7 +52,7 @@ func RecreateTable(sess *xorm.Session, bean any) error {
 	// TODO: This will not work if there are foreign keys
 	tableName := sess.Engine().TableName(bean)
-	tempTableName := fmt.Sprintf("tmp_recreate__%s", tableName)
+	tempTableName := "tmp_recreate__" + tableName
 	// We need to move the old table away and create a new one with the correct columns
 	// We will need to do this in stages to prevent data loss
@ -82,7 +82,7 @@ func RecreateTable(sess *xorm.Session, bean any) error {
 	}
 	newTableColumns := table.Columns()
 	if len(newTableColumns) == 0 {
-		return fmt.Errorf("no columns in new table")
+		return errors.New("no columns in new table")
 	}
 	hasID := false
 	for _, column := range newTableColumns {
@ -552,11 +552,11 @@ func deleteDB() error {
 		}
 		defer db.Close()
-		if _, err = db.Exec(fmt.Sprintf("DROP DATABASE IF EXISTS %s", setting.Database.Name)); err != nil {
+		if _, err = db.Exec("DROP DATABASE IF EXISTS " + setting.Database.Name); err != nil {
 			return err
 		}
-		if _, err = db.Exec(fmt.Sprintf("CREATE DATABASE IF NOT EXISTS %s", setting.Database.Name)); err != nil {
+		if _, err = db.Exec("CREATE DATABASE IF NOT EXISTS " + setting.Database.Name); err != nil {
 			return err
 		}
 		return nil
@ -568,11 +568,11 @@ func deleteDB() error {
 		}
 		defer db.Close()
-		if _, err = db.Exec(fmt.Sprintf("DROP DATABASE IF EXISTS %s", setting.Database.Name)); err != nil {
+		if _, err = db.Exec("DROP DATABASE IF EXISTS " + setting.Database.Name); err != nil {
 			return err
 		}
-		if _, err = db.Exec(fmt.Sprintf("CREATE DATABASE %s", setting.Database.Name)); err != nil {
+		if _, err = db.Exec("CREATE DATABASE " + setting.Database.Name); err != nil {
 			return err
 		}
 		db.Close()
@ -594,7 +594,7 @@ func deleteDB() error {
 			if !schrows.Next() {
 				// Create and setup a DB schema
-				_, err = db.Exec(fmt.Sprintf("CREATE SCHEMA %s", setting.Database.Schema))
+				_, err = db.Exec("CREATE SCHEMA " + setting.Database.Schema)
 				if err != nil {
 					return err
 				}
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@ -6,6 +6,7 @@ package migrations
 import (
 	"context"
 	"errors"
 	"fmt"
 	"code.gitea.io/gitea/models/migrations/v1_10"
@ -424,7 +425,7 @@ func EnsureUpToDate(ctx context.Context, x *xorm.Engine) error {
 	}
 	if currentDB < 0 {
-		return fmt.Errorf("database has not been initialized")
+		return errors.New("database has not been initialized")
 	}
 	if minDBVersion > currentDB {
--- a/models/migrations/v1_13/v140.go
+++ b/models/migrations/v1_13/v140.go
@ -46,7 +46,7 @@ func FixLanguageStatsToSaveSize(x *xorm.Engine) error {
 	}
 	// Delete language stats
-	if _, err := x.Exec(fmt.Sprintf("%s language_stat", truncExpr)); err != nil {
+	if _, err := x.Exec(truncExpr + " language_stat"); err != nil {
 		return err
 	}
--- a/models/migrations/v1_13/v145.go
+++ b/models/migrations/v1_13/v145.go
@ -42,7 +42,7 @@ func IncreaseLanguageField(x *xorm.Engine) error {
 	switch {
 	case setting.Database.Type.IsMySQL():
-		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE language_stat MODIFY COLUMN language %s", sqlType)); err != nil {
+		if _, err := sess.Exec("ALTER TABLE language_stat MODIFY COLUMN language " + sqlType); err != nil {
 			return err
 		}
 	case setting.Database.Type.IsMSSQL():
@ -64,7 +64,7 @@ func IncreaseLanguageField(x *xorm.Engine) error {
 				return fmt.Errorf("Drop table `language_stat` constraint `%s`: %w", constraint, err)
 			}
 		}
-		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE language_stat ALTER COLUMN language %s", sqlType)); err != nil {
+		if _, err := sess.Exec("ALTER TABLE language_stat ALTER COLUMN language " + sqlType); err != nil {
 			return err
 		}
 		// Finally restore the constraint
@ -72,7 +72,7 @@ func IncreaseLanguageField(x *xorm.Engine) error {
 			return err
 		}
 	case setting.Database.Type.IsPostgreSQL():
-		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE language_stat ALTER COLUMN language TYPE %s", sqlType)); err != nil {
+		if _, err := sess.Exec("ALTER TABLE language_stat ALTER COLUMN language TYPE " + sqlType); err != nil {
 			return err
 		}
 	}
--- a/models/migrations/v1_13/v151.go
+++ b/models/migrations/v1_13/v151.go
@ -5,6 +5,7 @@ package v1_13 //nolint
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strings"
@ -113,7 +114,7 @@ func SetDefaultPasswordToArgon2(x *xorm.Engine) error {
 	newTableColumns := table.Columns()
 	if len(newTableColumns) == 0 {
-		return fmt.Errorf("no columns in new table")
+		return errors.New("no columns in new table")
 	}
 	hasID := false
 	for _, column := range newTableColumns {
--- a/models/migrations/v1_14/v158.go
+++ b/models/migrations/v1_14/v158.go
@ -4,7 +4,7 @@
 package v1_14 //nolint
 import (
-	"fmt"
+	"errors"
 	"strconv"
 	"code.gitea.io/gitea/modules/log"
@ -82,7 +82,7 @@ func UpdateCodeCommentReplies(x *xorm.Engine) error {
 			sqlCmd = "SELECT TOP " + strconv.Itoa(batchSize) + " * FROM #temp_comments WHERE " +
 				"(id NOT IN ( SELECT TOP " + strconv.Itoa(start) + " id FROM #temp_comments ORDER BY id )) ORDER BY id"
 		default:
-			return fmt.Errorf("Unsupported database type")
+			return errors.New("Unsupported database type")
 		}
 		if err := sess.SQL(sqlCmd).Find(&comments); err != nil {
--- a/models/migrations/v1_17/v222.go
+++ b/models/migrations/v1_17/v222.go
@ -5,6 +5,7 @@ package v1_17 //nolint
 import (
 	"context"
 	"errors"
 	"fmt"
 	"code.gitea.io/gitea/models/migrations/base"
@ -29,7 +30,7 @@ func DropOldCredentialIDColumn(x *xorm.Engine) error {
 	}
 	if !credentialIDBytesExists {
 		// looks like 221 hasn't properly run
-		return fmt.Errorf("webauthn_credential does not have a credential_id_bytes column... it is not safe to run this migration")
+		return errors.New("webauthn_credential does not have a credential_id_bytes column... it is not safe to run this migration")
 	}
 	// Create webauthnCredential table
--- a/models/migrations/v1_20/v245.go
+++ b/models/migrations/v1_20/v245.go
@ -5,7 +5,6 @@ package v1_20 //nolint
 import (
 	"context"
 	"fmt"
 	"code.gitea.io/gitea/models/migrations/base"
 	"code.gitea.io/gitea/modules/setting"
@ -57,7 +56,7 @@ func RenameWebhookOrgToOwner(x *xorm.Engine) error {
 			return err
 		}
 		sqlType := x.Dialect().SQLType(inferredTable.GetColumn("org_id"))
-		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `webhook` CHANGE org_id owner_id %s", sqlType)); err != nil {
+		if _, err := sess.Exec("ALTER TABLE `webhook` CHANGE org_id owner_id " + sqlType); err != nil {
 			return err
 		}
 	case setting.Database.Type.IsMSSQL():
--- a/models/migrations/v1_21/v264.go
+++ b/models/migrations/v1_21/v264.go
@ -5,7 +5,7 @@ package v1_21 //nolint
 import (
 	"context"
-	"fmt"
+	"errors"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/timeutil"
@ -57,7 +57,7 @@ func AddBranchTable(x *xorm.Engine) error {
 	if err != nil {
 		return err
 	} else if !has {
-		return fmt.Errorf("no admin user found")
+		return errors.New("no admin user found")
 	}
 	branches := make([]Branch, 0, 100)
--- a/models/migrations/v1_22/v287_test.go
+++ b/models/migrations/v1_22/v287_test.go
@ -4,7 +4,7 @@
 package v1_22 //nolint
 import (
-	"fmt"
+	"strconv"
 	"testing"
 	"code.gitea.io/gitea/models/migrations/base"
@ -50,7 +50,7 @@ func Test_UpdateBadgeColName(t *testing.T) {
 	for i, e := range oldBadges {
 		got := got[i+1] // 1 is in the badge.yml
 		assert.Equal(t, e.ID, got.ID)
-		assert.Equal(t, fmt.Sprintf("%d", e.ID), got.Slug)
+		assert.Equal(t, strconv.FormatInt(e.ID, 10), got.Slug)
 	}
 	// TODO: check if badges have been updated
--- a/models/packages/descriptor.go
+++ b/models/packages/descriptor.go
@ -197,7 +197,7 @@ func GetPackageDescriptor(ctx context.Context, pv *PackageVersion) (*PackageDesc
 	case TypeVagrant:
 		metadata = &vagrant.Metadata{}
 	default:
-		panic(fmt.Sprintf("unknown package type: %s", string(p.Type)))
+		panic("unknown package type: " + string(p.Type))
 	}
 	if metadata != nil {
 		if err := json.Unmarshal([]byte(pv.MetadataJSON), &metadata); err != nil {
--- a/models/packages/package.go
+++ b/models/packages/package.go
@ -127,7 +127,7 @@ func (pt Type) Name() string {
 	case TypeVagrant:
 		return "Vagrant"
 	}
-	panic(fmt.Sprintf("unknown package type: %s", string(pt)))
+	panic("unknown package type: " + string(pt))
 }
 // SVGName gets the name of the package type svg image
@ -178,7 +178,7 @@ func (pt Type) SVGName() string {
 	case TypeVagrant:
 		return "gitea-vagrant"
 	}
-	panic(fmt.Sprintf("unknown package type: %s", string(pt)))
+	panic("unknown package type: " + string(pt))
 }
 // Package represents a package
--- a/models/project/column.go
+++ b/models/project/column.go
@ -147,7 +147,7 @@ func NewColumn(ctx context.Context, column *Column) error {
 		return err
 	}
 	if res.ColumnCount >= maxProjectColumns {
-		return fmt.Errorf("NewBoard: maximum number of columns reached")
+		return errors.New("NewBoard: maximum number of columns reached")
 	}
 	column.Sorting = int8(util.Iif(res.ColumnCount > 0, res.MaxSorting+1, 0))
 	_, err := db.GetEngine(ctx).Insert(column)
@ -172,7 +172,7 @@ func deleteColumnByID(ctx context.Context, columnID int64) error {
 	}
 	if column.Default {
-		return fmt.Errorf("deleteColumnByID: cannot delete default column")
+		return errors.New("deleteColumnByID: cannot delete default column")
 	}
 	// move all issues to the default column
--- a/models/project/issue.go
+++ b/models/project/issue.go
@ -5,7 +5,7 @@ package project
 import (
 	"context"
-	"fmt"
+	"errors"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/util"
@ -35,7 +35,7 @@ func deleteProjectIssuesByProjectID(ctx context.Context, projectID int64) error
 func (c *Column) moveIssuesToAnotherColumn(ctx context.Context, newColumn *Column) error {
 	if c.ProjectID != newColumn.ProjectID {
-		return fmt.Errorf("columns have to be in the same project")
+		return errors.New("columns have to be in the same project")
 	}
 	if c.ID == newColumn.ID {
--- a/models/repo/attachment.go
+++ b/models/repo/attachment.go
@ -224,7 +224,7 @@ func DeleteAttachmentsByComment(ctx context.Context, commentID int64, remove boo
 // UpdateAttachmentByUUID Updates attachment via uuid
 func UpdateAttachmentByUUID(ctx context.Context, attach *Attachment, cols ...string) error {
 	if attach.UUID == "" {
-		return fmt.Errorf("attachment uuid should be not blank")
+		return errors.New("attachment uuid should be not blank")
 	}
 	_, err := db.GetEngine(ctx).Where("uuid=?", attach.UUID).Cols(cols...).Update(attach)
 	return err
--- a/models/repo/avatar.go
+++ b/models/repo/avatar.go
@ -9,6 +9,7 @@ import (
 	"image/png"
 	"io"
 	"net/url"
 	"strconv"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/avatar"
@ -37,7 +38,7 @@ func (repo *Repository) RelAvatarLink(ctx context.Context) string {
 // generateRandomAvatar generates a random avatar for repository.
 func generateRandomAvatar(ctx context.Context, repo *Repository) error {
-	idToString := fmt.Sprintf("%d", repo.ID)
+	idToString := strconv.FormatInt(repo.ID, 10)
 	seed := idToString
 	img, err := avatar.RandomImage([]byte(seed))
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@ -5,6 +5,7 @@ package repo
 import (
 	"context"
 	"errors"
 	"fmt"
 	"html/template"
 	"maps"
@ -59,7 +60,7 @@ type ErrRepoIsArchived struct {
 }
 func (err ErrRepoIsArchived) Error() string {
-	return fmt.Sprintf("%s is archived", err.Repo.LogString())
+	return err.Repo.LogString() + " is archived"
 }
 type globalVarsStruct struct {
@ -820,7 +821,7 @@ func GetRepositoryByName(ctx context.Context, ownerID int64, name string) (*Repo
 func GetRepositoryByURL(ctx context.Context, repoURL string) (*Repository, error) {
 	ret, err := giturl.ParseRepositoryURL(ctx, repoURL)
 	if err != nil || ret.OwnerName == "" {
-		return nil, fmt.Errorf("unknown or malformed repository URL")
+		return nil, errors.New("unknown or malformed repository URL")
 	}
 	return GetRepositoryByOwnerAndName(ctx, ret.OwnerName, ret.RepoName)
 }
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@ -5,7 +5,6 @@ package repo
 import (
 	"context"
 	"fmt"
 	"slices"
 	"strings"
@ -33,7 +32,7 @@ func IsErrUnitTypeNotExist(err error) bool {
 }
 func (err ErrUnitTypeNotExist) Error() string {
-	return fmt.Sprintf("Unit type does not exist: %s", err.UT.LogString())
+	return "Unit type does not exist: " + err.UT.LogString()
 }
 func (err ErrUnitTypeNotExist) Unwrap() error {
--- a/models/repo/wiki.go
+++ b/models/repo/wiki.go
@ -46,7 +46,7 @@ func IsErrWikiReservedName(err error) bool {
 }
 func (err ErrWikiReservedName) Error() string {
-	return fmt.Sprintf("wiki title is reserved: %s", err.Title)
+	return "wiki title is reserved: " + err.Title
 }
 func (err ErrWikiReservedName) Unwrap() error {
@ -65,7 +65,7 @@ func IsErrWikiInvalidFileName(err error) bool {
 }
 func (err ErrWikiInvalidFileName) Error() string {
-	return fmt.Sprintf("Invalid wiki filename: %s", err.FileName)
+	return "Invalid wiki filename: " + err.FileName
 }
 func (err ErrWikiInvalidFileName) Unwrap() error {
--- a/models/unittest/fixtures_loader.go
+++ b/models/unittest/fixtures_loader.go
@ -120,7 +120,7 @@ func (f *fixturesLoaderInternal) loadFixtures(tx *sql.Tx, fixture *FixtureItem)
 		}
 	}
-	_, err = tx.Exec(fmt.Sprintf("DELETE FROM %s", fixture.tableNameQuoted)) // sqlite3 doesn't support truncate
+	_, err = tx.Exec("DELETE FROM " + fixture.tableNameQuoted) // sqlite3 doesn't support truncate
 	if err != nil {
 		return err
 	}
--- a/models/unittest/unit_tests.go
+++ b/models/unittest/unit_tests.go
@ -153,9 +153,9 @@ func DumpQueryResult(t require.TestingT, sqlOrBean any, sqlArgs ...any) {
 	goDB := x.DB().DB
 	sql, ok := sqlOrBean.(string)
 	if !ok {
-		sql = fmt.Sprintf("SELECT * FROM %s", db.TableName(sqlOrBean))
+		sql = "SELECT * FROM " + db.TableName(sqlOrBean)
 	} else if !strings.Contains(sql, " ") {
-		sql = fmt.Sprintf("SELECT * FROM %s", sql)
+		sql = "SELECT * FROM " + sql
 	}
 	rows, err := goDB.Query(sql, sqlArgs...)
 	require.NoError(t, err)
--- a/models/user/setting.go
+++ b/models/user/setting.go
@ -5,6 +5,7 @@ package user
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strings"
@ -114,10 +115,10 @@ func GetUserAllSettings(ctx context.Context, uid int64) (map[string]*Setting, er
 func validateUserSettingKey(key string) error {
 	if len(key) == 0 {
-		return fmt.Errorf("setting key must be set")
+		return errors.New("setting key must be set")
 	}
 	if strings.ToLower(key) != key {
-		return fmt.Errorf("setting key should be lowercase")
+		return errors.New("setting key should be lowercase")
 	}
 	return nil
 }
--- a/models/user/user.go
+++ b/models/user/user.go
@ -1169,8 +1169,8 @@ func GetUsersByEmails(ctx context.Context, emails []string) (map[string]*User, e
 	needCheckEmails := make(container.Set[string])
 	needCheckUserNames := make(container.Set[string])
 	for _, email := range emails {
-		if strings.HasSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress)) {
+		if strings.HasSuffix(email, "@"+setting.Service.NoReplyAddress) {
-			username := strings.TrimSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress))
+			username := strings.TrimSuffix(email, "@"+setting.Service.NoReplyAddress)
 			needCheckUserNames.Add(username)
 		} else {
 			needCheckEmails.Add(strings.ToLower(email))
@ -1232,8 +1232,8 @@ func GetUserByEmail(ctx context.Context, email string) (*User, error) {
 	}
 	// Finally, if email address is the protected email address:
-	if strings.HasSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress)) {
+	if strings.HasSuffix(email, "@"+setting.Service.NoReplyAddress) {
-		username := strings.TrimSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress))
+		username := strings.TrimSuffix(email, "@"+setting.Service.NoReplyAddress)
 		user := &User{}
 		has, err := db.GetEngine(ctx).Where("lower_name=?", username).Get(user)
 		if err != nil {
--- a/modules/avatar/identicon/identicon.go
+++ b/modules/avatar/identicon/identicon.go
@ -8,6 +8,7 @@ package identicon
 import (
 	"crypto/sha256"
 	"errors"
 	"fmt"
 	"image"
 	"image/color"
@ -29,7 +30,7 @@ type Identicon struct {
 // fore all possible foreground colors. only one foreground color will be picked randomly for one image
 func New(size int, back color.Color, fore ...color.Color) (*Identicon, error) {
 	if len(fore) == 0 {
-		return nil, fmt.Errorf("foreground is not set")
+		return nil, errors.New("foreground is not set")
 	}
 	if size < minImageSize {
--- a/modules/cache/cache.go
+++ b/modules/cache/cache.go
@ -4,6 +4,8 @@
 package cache
 import (
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"strconv"
 	"time"
@ -48,10 +50,10 @@ const (
 // returns
 func Test() (time.Duration, error) {
 	if defaultCache == nil {
-		return 0, fmt.Errorf("default cache not initialized")
+		return 0, errors.New("default cache not initialized")
 	}
-	testData := fmt.Sprintf("%x", make([]byte, 500))
+	testData := hex.EncodeToString(make([]byte, 500))
 	start := time.Now()
@ -63,10 +65,10 @@ func Test() (time.Duration, error) {
 	}
 	testVal, hit := defaultCache.Get(testCacheKey)
 	if !hit {
-		return 0, fmt.Errorf("expect cache hit but got none")
+		return 0, errors.New("expect cache hit but got none")
 	}
 	if testVal != testData {
-		return 0, fmt.Errorf("expect cache to return same value as stored but got other")
+		return 0, errors.New("expect cache to return same value as stored but got other")
 	}
 	return time.Since(start), nil
--- a/modules/cache/cache_test.go
+++ b/modules/cache/cache_test.go
@ -4,7 +4,7 @@
 package cache
 import (
-	"fmt"
+	"errors"
 	"testing"
 	"time"
@ -57,7 +57,7 @@ func TestGetString(t *testing.T) {
 	createTestCache()
 	data, err := GetString("key", func() (string, error) {
-		return "", fmt.Errorf("some error")
+		return "", errors.New("some error")
 	})
 	assert.Error(t, err)
 	assert.Empty(t, data)
@ -82,7 +82,7 @@ func TestGetString(t *testing.T) {
 	assert.Equal(t, "some data", data)
 	data, err = GetString("key", func() (string, error) {
-		return "", fmt.Errorf("some error")
+		return "", errors.New("some error")
 	})
 	assert.NoError(t, err)
 	assert.Equal(t, "some data", data)
@ -93,7 +93,7 @@ func TestGetInt64(t *testing.T) {
 	createTestCache()
 	data, err := GetInt64("key", func() (int64, error) {
-		return 0, fmt.Errorf("some error")
+		return 0, errors.New("some error")
 	})
 	assert.Error(t, err)
 	assert.EqualValues(t, 0, data)
@ -118,7 +118,7 @@ func TestGetInt64(t *testing.T) {
 	assert.EqualValues(t, 100, data)
 	data, err = GetInt64("key", func() (int64, error) {
-		return 0, fmt.Errorf("some error")
+		return 0, errors.New("some error")
 	})
 	assert.NoError(t, err)
 	assert.EqualValues(t, 100, data)
--- a/modules/git/grep.go
+++ b/modules/git/grep.go
@ -61,7 +61,7 @@ func GrepSearch(ctx context.Context, repo *Repository, search string, opts GrepO
 	*/
 	var results []*GrepResult
 	cmd := NewCommand("grep", "--null", "--break", "--heading", "--line-number", "--full-name")
-	cmd.AddOptionValues("--context", fmt.Sprint(opts.ContextLineNumber))
+	cmd.AddOptionValues("--context", strconv.Itoa(opts.ContextLineNumber))
 	switch opts.GrepMode {
 	case GrepModeExact:
 		cmd.AddArguments("--fixed-strings")
--- a/modules/git/object_id.go
+++ b/modules/git/object_id.go
@ -99,5 +99,5 @@ type ErrInvalidSHA struct {
 }
 func (err ErrInvalidSHA) Error() string {
-	return fmt.Sprintf("invalid sha: %s", err.SHA)
+	return "invalid sha: " + err.SHA
 }
--- a/modules/git/repo_attribute.go
+++ b/modules/git/repo_attribute.go
@ -6,6 +6,7 @@ package git
 import (
 	"bytes"
 	"context"
 	"errors"
 	"fmt"
 	"io"
 	"os"
@ -74,7 +75,7 @@ func (repo *Repository) CheckAttribute(opts CheckAttributeOpts) (map[string]map[
 	fields := bytes.Split(stdOut.Bytes(), []byte{'\000'})
 	if len(fields)%3 != 1 {
-		return nil, fmt.Errorf("wrong number of fields in return from check-attr")
+		return nil, errors.New("wrong number of fields in return from check-attr")
 	}
 	name2attribute2info := make(map[string]map[string]string)
@ -120,7 +121,7 @@ func (c *CheckAttributeReader) Init(ctx context.Context) error {
 		c.stdOut = lw
 		c.stdOut.Close()
-		return fmt.Errorf("no provided Attributes to check")
+		return errors.New("no provided Attributes to check")
 	}
 	c.ctx, c.cancel = context.WithCancel(ctx)
--- a/modules/git/repo_branch.go
+++ b/modules/git/repo_branch.go
@ -36,7 +36,7 @@ type Branch struct {
 // GetHEADBranch returns corresponding branch of HEAD.
 func (repo *Repository) GetHEADBranch() (*Branch, error) {
 	if repo == nil {
-		return nil, fmt.Errorf("nil repo")
+		return nil, errors.New("nil repo")
 	}
 	stdout, _, err := NewCommand("symbolic-ref", "HEAD").RunStdString(repo.Ctx, &RunOpts{Dir: repo.Path})
 	if err != nil {
--- a/modules/globallock/redis_locker.go
+++ b/modules/globallock/redis_locker.go
@ -6,7 +6,6 @@ package globallock
 import (
 	"context"
 	"errors"
 	"fmt"
 	"sync"
 	"sync/atomic"
 	"time"
@ -78,7 +77,7 @@ func (l *redisLocker) Close() error {
 func (l *redisLocker) lock(ctx context.Context, key string, tries int) (ReleaseFunc, error) {
 	if l.closed.Load() {
-		return func() {}, fmt.Errorf("locker is closed")
+		return func() {}, errors.New("locker is closed")
 	}
 	options := []redsync.Option{
--- a/modules/httplib/request.go
+++ b/modules/httplib/request.go
@ -108,7 +108,7 @@ func (r *Request) Body(data any) *Request {
 	switch t := data.(type) {
 	case nil: // do nothing
 	case string:
-		bf := bytes.NewBufferString(t)
+		bf := strings.NewReader(t)
 		r.req.Body = io.NopCloser(bf)
 		r.req.ContentLength = int64(len(t))
 	case []byte:
@ -143,13 +143,13 @@ func (r *Request) getResponse() (*http.Response, error) {
 		paramBody = paramBody[0 : len(paramBody)-1]
 	}
-	if r.req.Method == "GET" && len(paramBody) > 0 {
+	if r.req.Method == http.MethodGet && len(paramBody) > 0 {
 		if strings.Contains(r.url, "?") {
 			r.url += "&" + paramBody
 		} else {
 			r.url = r.url + "?" + paramBody
 		}
-	} else if r.req.Method == "POST" && r.req.Body == nil && len(paramBody) > 0 {
+	} else if r.req.Method == http.MethodPost && r.req.Body == nil && len(paramBody) > 0 {
 		r.Header("Content-Type", "application/x-www-form-urlencoded")
 		r.Body(paramBody) // string
 	}
--- a/modules/httplib/serve_test.go
+++ b/modules/httplib/serve_test.go
@ -4,11 +4,11 @@
 package httplib
 import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
 	"os"
 	"strconv"
 	"strings"
 	"testing"
@ -23,14 +23,14 @@ func TestServeContentByReader(t *testing.T) {
 		_, rangeStr, _ := strings.Cut(t.Name(), "_range_")
 		r := &http.Request{Header: http.Header{}, Form: url.Values{}}
 		if rangeStr != "" {
-			r.Header.Set("Range", fmt.Sprintf("bytes=%s", rangeStr))
+			r.Header.Set("Range", "bytes="+rangeStr)
 		}
 		reader := strings.NewReader(data)
 		w := httptest.NewRecorder()
 		ServeContentByReader(r, w, int64(len(data)), reader, &ServeHeaderOptions{})
 		assert.Equal(t, expectedStatusCode, w.Code)
 		if expectedStatusCode == http.StatusPartialContent || expectedStatusCode == http.StatusOK {
-			assert.Equal(t, fmt.Sprint(len(expectedContent)), w.Header().Get("Content-Length"))
+			assert.Equal(t, strconv.Itoa(len(expectedContent)), w.Header().Get("Content-Length"))
 			assert.Equal(t, expectedContent, w.Body.String())
 		}
 	}
@ -68,7 +68,7 @@ func TestServeContentByReadSeeker(t *testing.T) {
 		_, rangeStr, _ := strings.Cut(t.Name(), "_range_")
 		r := &http.Request{Header: http.Header{}, Form: url.Values{}}
 		if rangeStr != "" {
-			r.Header.Set("Range", fmt.Sprintf("bytes=%s", rangeStr))
+			r.Header.Set("Range", "bytes="+rangeStr)
 		}
 		seekReader, err := os.OpenFile(tmpFile, os.O_RDONLY, 0o644)
@ -79,7 +79,7 @@ func TestServeContentByReadSeeker(t *testing.T) {
 		ServeContentByReadSeeker(r, w, nil, seekReader, &ServeHeaderOptions{})
 		assert.Equal(t, expectedStatusCode, w.Code)
 		if expectedStatusCode == http.StatusPartialContent || expectedStatusCode == http.StatusOK {
-			assert.Equal(t, fmt.Sprint(len(expectedContent)), w.Header().Get("Content-Length"))
+			assert.Equal(t, strconv.Itoa(len(expectedContent)), w.Header().Get("Content-Length"))
 			assert.Equal(t, expectedContent, w.Body.String())
 		}
 	}
--- a/modules/indexer/code/bleve/token/path/path.go
+++ b/modules/indexer/code/bleve/token/path/path.go
@ -53,11 +53,11 @@ func generatePathTokens(input analysis.TokenStream, reversed bool) analysis.Toke
 	for i := 0; i < len(input); i++ {
 		var sb strings.Builder
-		sb.WriteString(string(input[0].Term))
+		sb.Write(input[0].Term)
 		for j := 1; j < i; j++ {
 			sb.WriteString("/")
-			sb.WriteString(string(input[j].Term))
+			sb.Write(input[j].Term)
 		}
 		term := sb.String()
--- a/modules/indexer/code/internal/indexer.go
+++ b/modules/indexer/code/internal/indexer.go
@ -5,7 +5,7 @@ package internal
 import (
 	"context"
-	"fmt"
+	"errors"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
@ -48,13 +48,13 @@ func (d *dummyIndexer) SupportedSearchModes() []indexer.SearchMode {
 }
 func (d *dummyIndexer) Index(ctx context.Context, repo *repo_model.Repository, sha string, changes *RepoChanges) error {
-	return fmt.Errorf("indexer is not ready")
+	return errors.New("indexer is not ready")
 }
 func (d *dummyIndexer) Delete(ctx context.Context, repoID int64) error {
-	return fmt.Errorf("indexer is not ready")
+	return errors.New("indexer is not ready")
 }
 func (d *dummyIndexer) Search(ctx context.Context, opts *SearchOptions) (int64, []*SearchResult, []*SearchResultLanguages, error) {
-	return 0, nil, nil, fmt.Errorf("indexer is not ready")
+	return 0, nil, nil, errors.New("indexer is not ready")
 }
--- a/modules/indexer/internal/bleve/indexer.go
+++ b/modules/indexer/internal/bleve/indexer.go
@ -5,7 +5,7 @@ package bleve
 import (
 	"context"
-	"fmt"
+	"errors"
 	"code.gitea.io/gitea/modules/indexer/internal"
 	"code.gitea.io/gitea/modules/log"
@ -39,11 +39,11 @@ func NewIndexer(indexDir string, version int, mappingGetter func() (mapping.Inde
 // Init initializes the indexer
 func (i *Indexer) Init(_ context.Context) (bool, error) {
 	if i == nil {
-		return false, fmt.Errorf("cannot init nil indexer")
+		return false, errors.New("cannot init nil indexer")
 	}
 	if i.Indexer != nil {
-		return false, fmt.Errorf("indexer is already initialized")
+		return false, errors.New("indexer is already initialized")
 	}
 	indexer, version, err := openIndexer(i.indexDir, i.version)
@ -83,10 +83,10 @@ func (i *Indexer) Init(_ context.Context) (bool, error) {
 // Ping checks if the indexer is available
 func (i *Indexer) Ping(_ context.Context) error {
 	if i == nil {
-		return fmt.Errorf("cannot ping nil indexer")
+		return errors.New("cannot ping nil indexer")
 	}
 	if i.Indexer == nil {
-		return fmt.Errorf("indexer is not initialized")
+		return errors.New("indexer is not initialized")
 	}
 	return nil
 }
--- a/modules/indexer/internal/elasticsearch/indexer.go
+++ b/modules/indexer/internal/elasticsearch/indexer.go
@ -5,6 +5,7 @@ package elasticsearch
 import (
 	"context"
 	"errors"
 	"fmt"
 	"code.gitea.io/gitea/modules/indexer/internal"
@ -36,10 +37,10 @@ func NewIndexer(url, indexName string, version int, mapping string) *Indexer {
 // Init initializes the indexer
 func (i *Indexer) Init(ctx context.Context) (bool, error) {
 	if i == nil {
-		return false, fmt.Errorf("cannot init nil indexer")
+		return false, errors.New("cannot init nil indexer")
 	}
 	if i.Client != nil {
-		return false, fmt.Errorf("indexer is already initialized")
+		return false, errors.New("indexer is already initialized")
 	}
 	client, err := i.initClient()
@ -66,10 +67,10 @@ func (i *Indexer) Init(ctx context.Context) (bool, error) {
 // Ping checks if the indexer is available
 func (i *Indexer) Ping(ctx context.Context) error {
 	if i == nil {
-		return fmt.Errorf("cannot ping nil indexer")
+		return errors.New("cannot ping nil indexer")
 	}
 	if i.Client == nil {
-		return fmt.Errorf("indexer is not initialized")
+		return errors.New("indexer is not initialized")
 	}
 	resp, err := i.Client.ClusterHealth().Do(ctx)
--- a/modules/indexer/internal/indexer.go
+++ b/modules/indexer/internal/indexer.go
@ -5,7 +5,7 @@ package internal
 import (
 	"context"
-	"fmt"
+	"errors"
 )
 // Indexer defines an basic indexer interface
@ -27,11 +27,11 @@ func NewDummyIndexer() Indexer {
 type dummyIndexer struct{}
 func (d *dummyIndexer) Init(ctx context.Context) (bool, error) {
-	return false, fmt.Errorf("indexer is not ready")
+	return false, errors.New("indexer is not ready")
 }
 func (d *dummyIndexer) Ping(ctx context.Context) error {
-	return fmt.Errorf("indexer is not ready")
+	return errors.New("indexer is not ready")
 }
 func (d *dummyIndexer) Close() {}
--- a/modules/indexer/internal/meilisearch/indexer.go
+++ b/modules/indexer/internal/meilisearch/indexer.go
@ -5,6 +5,7 @@ package meilisearch
 import (
 	"context"
 	"errors"
 	"fmt"
 	"github.com/meilisearch/meilisearch-go"
@ -33,11 +34,11 @@ func NewIndexer(url, apiKey, indexName string, version int, settings *meilisearc
 // Init initializes the indexer
 func (i *Indexer) Init(_ context.Context) (bool, error) {
 	if i == nil {
-		return false, fmt.Errorf("cannot init nil indexer")
+		return false, errors.New("cannot init nil indexer")
 	}
 	if i.Client != nil {
-		return false, fmt.Errorf("indexer is already initialized")
+		return false, errors.New("indexer is already initialized")
 	}
 	i.Client = meilisearch.New(i.url, meilisearch.WithAPIKey(i.apiKey))
@ -62,10 +63,10 @@ func (i *Indexer) Init(_ context.Context) (bool, error) {
 // Ping checks if the indexer is available
 func (i *Indexer) Ping(ctx context.Context) error {
 	if i == nil {
-		return fmt.Errorf("cannot ping nil indexer")
+		return errors.New("cannot ping nil indexer")
 	}
 	if i.Client == nil {
-		return fmt.Errorf("indexer is not initialized")
+		return errors.New("indexer is not initialized")
 	}
 	resp, err := i.Client.Health()
 	if err != nil {
--- a/modules/indexer/issues/elasticsearch/elasticsearch.go
+++ b/modules/indexer/issues/elasticsearch/elasticsearch.go
@ -5,7 +5,6 @@ package elasticsearch
 import (
 	"context"
 	"fmt"
 	"strconv"
 	"strings"
@ -96,7 +95,7 @@ func (b *Indexer) Index(ctx context.Context, issues ...*internal.IndexerData) er
 		issue := issues[0]
 		_, err := b.inner.Client.Index().
 			Index(b.inner.VersionedIndexName()).
-			Id(fmt.Sprintf("%d", issue.ID)).
+			Id(strconv.FormatInt(issue.ID, 10)).
 			BodyJson(issue).
 			Do(ctx)
 		return err
@ -107,7 +106,7 @@ func (b *Indexer) Index(ctx context.Context, issues ...*internal.IndexerData) er
 		reqs = append(reqs,
 			elastic.NewBulkIndexRequest().
 				Index(b.inner.VersionedIndexName()).
-				Id(fmt.Sprintf("%d", issue.ID)).
+				Id(strconv.FormatInt(issue.ID, 10)).
 				Doc(issue),
 		)
 	}
@ -126,7 +125,7 @@ func (b *Indexer) Delete(ctx context.Context, ids ...int64) error {
 	} else if len(ids) == 1 {
 		_, err := b.inner.Client.Delete().
 			Index(b.inner.VersionedIndexName()).
-			Id(fmt.Sprintf("%d", ids[0])).
+			Id(strconv.FormatInt(ids[0], 10)).
 			Do(ctx)
 		return err
 	}
@ -136,7 +135,7 @@ func (b *Indexer) Delete(ctx context.Context, ids ...int64) error {
 		reqs = append(reqs,
 			elastic.NewBulkDeleteRequest().
 				Index(b.inner.VersionedIndexName()).
-				Id(fmt.Sprintf("%d", id)),
+				Id(strconv.FormatInt(id, 10)),
 		)
 	}
--- a/modules/indexer/issues/internal/indexer.go
+++ b/modules/indexer/issues/internal/indexer.go
@ -5,7 +5,7 @@ package internal
 import (
 	"context"
-	"fmt"
+	"errors"
 	"code.gitea.io/gitea/modules/indexer"
 	"code.gitea.io/gitea/modules/indexer/internal"
@ -36,13 +36,13 @@ func (d *dummyIndexer) SupportedSearchModes() []indexer.SearchMode {
 }
 func (d *dummyIndexer) Index(_ context.Context, _ ...*IndexerData) error {
-	return fmt.Errorf("indexer is not ready")
+	return errors.New("indexer is not ready")
 }
 func (d *dummyIndexer) Delete(_ context.Context, _ ...int64) error {
-	return fmt.Errorf("indexer is not ready")
+	return errors.New("indexer is not ready")
 }
 func (d *dummyIndexer) Search(_ context.Context, _ *SearchOptions) (*SearchResult, error) {
-	return nil, fmt.Errorf("indexer is not ready")
+	return nil, errors.New("indexer is not ready")
 }
--- a/modules/indexer/stats/queue.go
+++ b/modules/indexer/stats/queue.go
@ -4,7 +4,7 @@
 package stats
 import (
-	"fmt"
+	"errors"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/graceful"
@ -31,7 +31,7 @@ func handler(items ...int64) []int64 {
 func initStatsQueue() error {
 	statsQueue = queue.CreateUniqueQueue(graceful.GetManager().ShutdownContext(), "repo_stats_update", handler)
 	if statsQueue == nil {
-		return fmt.Errorf("unable to create repo_stats_update queue")
+		return errors.New("unable to create repo_stats_update queue")
 	}
 	go graceful.GetManager().RunWithCancel(statsQueue)
 	return nil
--- a/modules/issue/template/template.go
+++ b/modules/issue/template/template.go
@ -4,6 +4,7 @@
 package template
 import (
 	"errors"
 	"fmt"
 	"net/url"
 	"regexp"
@ -31,17 +32,17 @@ func Validate(template *api.IssueTemplate) error {
 func validateMetadata(template *api.IssueTemplate) error {
 	if strings.TrimSpace(template.Name) == "" {
-		return fmt.Errorf("'name' is required")
+		return errors.New("'name' is required")
 	}
 	if strings.TrimSpace(template.About) == "" {
-		return fmt.Errorf("'about' is required")
+		return errors.New("'about' is required")
 	}
 	return nil
 }
 func validateYaml(template *api.IssueTemplate) error {
 	if len(template.Fields) == 0 {
-		return fmt.Errorf("'body' is required")
+		return errors.New("'body' is required")
 	}
 	ids := make(container.Set[string])
 	for idx, field := range template.Fields {
@ -401,7 +402,7 @@ func (f *valuedField) Render() string {
 }
 func (f *valuedField) Value() string {
-	return strings.TrimSpace(f.Get(fmt.Sprintf("form-field-%s", f.ID)))
+	return strings.TrimSpace(f.Get("form-field-" + f.ID))
 }
 func (f *valuedField) Options() []*valuedOption {
@ -444,7 +445,7 @@ func (o *valuedOption) Label() string {
 func (o *valuedOption) IsChecked() bool {
 	switch o.field.Type {
 	case api.IssueFormFieldTypeDropdown:
-		checks := strings.Split(o.field.Get(fmt.Sprintf("form-field-%s", o.field.ID)), ",")
+		checks := strings.Split(o.field.Get("form-field-"+o.field.ID), ",")
 		idx := strconv.Itoa(o.index)
 		for _, v := range checks {
 			if v == idx {
--- a/modules/lfs/http_client.go
+++ b/modules/lfs/http_client.go
@ -70,7 +70,7 @@ func (c *HTTPClient) transferNames() []string {
 func (c *HTTPClient) batch(ctx context.Context, operation string, objects []Pointer) (*BatchResponse, error) {
 	log.Trace("BATCH operation with objects: %v", objects)
-	url := fmt.Sprintf("%s/objects/batch", c.endpoint)
+	url := c.endpoint + "/objects/batch"
 	// Original:  In some lfs server implementations, they require the ref attribute. #32838
 	// `ref` is an "optional object describing the server ref that the objects belong to"
--- a/modules/lfs/http_client_test.go
+++ b/modules/lfs/http_client_test.go
@ -31,7 +31,7 @@ func (a *DummyTransferAdapter) Name() string {
 }
 func (a *DummyTransferAdapter) Download(ctx context.Context, l *Link) (io.ReadCloser, error) {
-	return io.NopCloser(bytes.NewBufferString("dummy")), nil
+	return io.NopCloser(strings.NewReader("dummy")), nil
 }
 func (a *DummyTransferAdapter) Upload(ctx context.Context, l *Link, p Pointer, r io.Reader) error {
@ -49,7 +49,7 @@ func lfsTestRoundtripHandler(req *http.Request) *http.Response {
 	if strings.Contains(url, "status-not-ok") {
 		return &http.Response{StatusCode: http.StatusBadRequest}
 	} else if strings.Contains(url, "invalid-json-response") {
-		return &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(bytes.NewBufferString("invalid json"))}
+		return &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(strings.NewReader("invalid json"))}
 	} else if strings.Contains(url, "valid-batch-request-download") {
 		batchResponse = &BatchResponse{
 			Transfer: "dummy",
--- a/modules/lfs/transferadapter_test.go
+++ b/modules/lfs/transferadapter_test.go
@ -32,7 +32,7 @@ func TestBasicTransferAdapter(t *testing.T) {
 		if strings.Contains(url, "download-request") {
 			assert.Equal(t, "GET", req.Method)
-			return &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(bytes.NewBufferString("dummy"))}
+			return &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(strings.NewReader("dummy"))}
 		} else if strings.Contains(url, "upload-request") {
 			assert.Equal(t, "PUT", req.Method)
 			assert.Equal(t, "application/octet-stream", req.Header.Get("Content-Type"))
@ -126,7 +126,7 @@ func TestBasicTransferAdapter(t *testing.T) {
 		}
 		for n, c := range cases {
-			err := a.Upload(t.Context(), c.link, p, bytes.NewBufferString("dummy"))
+			err := a.Upload(t.Context(), c.link, p, strings.NewReader("dummy"))
 			if len(c.expectederror) > 0 {
 				assert.Contains(t, err.Error(), c.expectederror, "case %d: '%s' should contain '%s'", n, err.Error(), c.expectederror)
 			} else {
--- a/modules/lfstransfer/backend/backend.go
+++ b/modules/lfstransfer/backend/backend.go
@ -47,7 +47,7 @@ func New(ctx context.Context, repo, op, token string, logger transfer.Logger) (t
 		return nil, err
 	}
 	server = server.JoinPath("api/internal/repo", repo, "info/lfs")
-	return &GiteaBackend{ctx: ctx, server: server, op: op, authToken: token, internalAuth: fmt.Sprintf("Bearer %s", setting.InternalToken), logger: logger}, nil
+	return &GiteaBackend{ctx: ctx, server: server, op: op, authToken: token, internalAuth: "Bearer " + setting.InternalToken, logger: logger}, nil
 }
 // Batch implements transfer.Backend
--- a/modules/lfstransfer/backend/lock.go
+++ b/modules/lfstransfer/backend/lock.go
@ -5,6 +5,7 @@ package backend
 import (
 	"context"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
@ -74,7 +75,7 @@ func (g *giteaLockBackend) Create(path, refname string) (transfer.Lock, error) {
 	if respBody.Lock == nil {
 		g.logger.Log("api returned nil lock")
-		return nil, fmt.Errorf("api returned nil lock")
+		return nil, errors.New("api returned nil lock")
 	}
 	respLock := respBody.Lock
 	owner := userUnknown
@ -263,7 +264,7 @@ func (g *giteaLock) CurrentUser() (string, error) {
 // AsLockSpec implements transfer.Lock
 func (g *giteaLock) AsLockSpec(ownerID bool) ([]string, error) {
 	msgs := []string{
-		fmt.Sprintf("lock %s", g.ID()),
+		"lock " + g.ID(),
 		fmt.Sprintf("path %s %s", g.ID(), g.Path()),
 		fmt.Sprintf("locked-at %s %s", g.ID(), g.FormattedTimestamp()),
 		fmt.Sprintf("ownername %s %s", g.ID(), g.OwnerName()),
@ -285,9 +286,9 @@ func (g *giteaLock) AsLockSpec(ownerID bool) ([]string, error) {
 // AsArguments implements transfer.Lock
 func (g *giteaLock) AsArguments() []string {
 	return []string{
-		fmt.Sprintf("id=%s", g.ID()),
+		"id=" + g.ID(),
-		fmt.Sprintf("path=%s", g.Path()),
+		"path=" + g.Path(),
-		fmt.Sprintf("locked-at=%s", g.FormattedTimestamp()),
+		"locked-at=" + g.FormattedTimestamp(),
-		fmt.Sprintf("ownername=%s", g.OwnerName()),
+		"ownername=" + g.OwnerName(),
 	}
 }
--- a/modules/markup/common/footnote.go
+++ b/modules/markup/common/footnote.go
@ -53,7 +53,7 @@ type FootnoteLink struct {
 // Dump implements Node.Dump.
 func (n *FootnoteLink) Dump(source []byte, level int) {
 	m := map[string]string{}
-	m["Index"] = fmt.Sprintf("%v", n.Index)
+	m["Index"] = strconv.Itoa(n.Index)
 	m["Name"] = fmt.Sprintf("%v", n.Name)
 	ast.DumpHelper(n, source, level, m, nil)
 }
@ -85,7 +85,7 @@ type FootnoteBackLink struct {
 // Dump implements Node.Dump.
 func (n *FootnoteBackLink) Dump(source []byte, level int) {
 	m := map[string]string{}
-	m["Index"] = fmt.Sprintf("%v", n.Index)
+	m["Index"] = strconv.Itoa(n.Index)
 	m["Name"] = fmt.Sprintf("%v", n.Name)
 	ast.DumpHelper(n, source, level, m, nil)
 }
@ -151,7 +151,7 @@ type FootnoteList struct {
 // Dump implements Node.Dump.
 func (n *FootnoteList) Dump(source []byte, level int) {
 	m := map[string]string{}
-	m["Count"] = fmt.Sprintf("%v", n.Count)
+	m["Count"] = strconv.Itoa(n.Count)
 	ast.DumpHelper(n, source, level, m, nil)
 }
--- a/modules/markup/markdown/markdown.go
+++ b/modules/markup/markdown/markdown.go
@ -5,7 +5,7 @@
 package markdown
 import (
-	"fmt"
+	"errors"
 	"html/template"
 	"io"
 	"strings"
@ -48,7 +48,7 @@ func (l *limitWriter) Write(data []byte) (int, error) {
 		if err != nil {
 			return n, err
 		}
-		return n, fmt.Errorf("rendered content too large - truncating render")
+		return n, errors.New("rendered content too large - truncating render")
 	}
 	n, err := l.w.Write(data)
 	l.sum += int64(n)
--- a/modules/markup/markdown/toc.go
+++ b/modules/markup/markdown/toc.go
@ -4,7 +4,6 @@
 package markdown
 import (
 	"fmt"
 	"net/url"
 	"code.gitea.io/gitea/modules/translation"
@ -50,7 +49,7 @@ func createTOCNode(toc []Header, lang string, detailsAttrs map[string]string) as
 		}
 		li := ast.NewListItem(currentLevel * 2)
 		a := ast.NewLink()
-		a.Destination = []byte(fmt.Sprintf("#%s", url.QueryEscape(header.ID)))
+		a.Destination = []byte("#" + url.QueryEscape(header.ID))
 		a.AppendChild(a, ast.NewString([]byte(header.Text)))
 		li.AppendChild(li, a)
 		ul.AppendChild(ul, li)
--- a/modules/packages/goproxy/metadata.go
+++ b/modules/packages/goproxy/metadata.go
@ -5,7 +5,6 @@ package goproxy
 import (
 	"archive/zip"
 	"fmt"
 	"io"
 	"path"
 	"strings"
@ -88,7 +87,7 @@ func ParsePackage(r io.ReaderAt, size int64) (*Package, error) {
 		return nil, ErrInvalidStructure
 	}
-	p.GoMod = fmt.Sprintf("module %s", p.Name)
+	p.GoMod = "module " + p.Name
 	return p, nil
 }
--- a/modules/private/internal.go
+++ b/modules/private/internal.go
@ -6,7 +6,6 @@ package private
 import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
 	"os"
@ -47,7 +46,7 @@ Ensure you are running in the correct environment or set the correct configurati
 	req := httplib.NewRequest(url, method).
 		SetContext(ctx).
 		Header("X-Real-IP", getClientIP()).
-		Header("X-Gitea-Internal-Auth", fmt.Sprintf("Bearer %s", setting.InternalToken)).
+		Header("X-Gitea-Internal-Auth", "Bearer "+setting.InternalToken).
 		SetTLSClientConfig(&tls.Config{
 			InsecureSkipVerify: true,
 			ServerName:         setting.Domain,
--- a/modules/private/serv.go
+++ b/modules/private/serv.go
@ -55,7 +55,7 @@ func ServCommand(ctx context.Context, keyID int64, ownerName, repoName string, m
 	)
 	for _, verb := range verbs {
 		if verb != "" {
-			reqURL += fmt.Sprintf("&verb=%s", url.QueryEscape(verb))
+			reqURL += "&verb=" + url.QueryEscape(verb)
 		}
 	}
 	req := newInternalRequestAPI(ctx, reqURL, "GET")
--- a/modules/proxyprotocol/errors.go
+++ b/modules/proxyprotocol/errors.go
@ -20,7 +20,7 @@ type ErrBadAddressType struct {
 }
 func (e *ErrBadAddressType) Error() string {
-	return fmt.Sprintf("Unexpected proxy header address type: %s", e.Address)
+	return "Unexpected proxy header address type: " + e.Address
 }
 // ErrBadRemote is an error demonstrating a bad proxy header with bad Remote
--- a/modules/repository/env.go
+++ b/modules/repository/env.go
@ -4,8 +4,8 @@
 package repository
 import (
 	"fmt"
 	"os"
 	"strconv"
 	"strings"
 	repo_model "code.gitea.io/gitea/models/repo"
@ -72,9 +72,9 @@ func FullPushingEnvironment(author, committer *user_model.User, repo *repo_model
 		EnvRepoUsername+"="+repo.OwnerName,
 		EnvRepoIsWiki+"="+isWiki,
 		EnvPusherName+"="+committer.Name,
-		EnvPusherID+"="+fmt.Sprintf("%d", committer.ID),
+		EnvPusherID+"="+strconv.FormatInt(committer.ID, 10),
-		EnvRepoID+"="+fmt.Sprintf("%d", repo.ID),
+		EnvRepoID+"="+strconv.FormatInt(repo.ID, 10),
-		EnvPRID+"="+fmt.Sprintf("%d", prID),
+		EnvPRID+"="+strconv.FormatInt(prID, 10),
 		EnvAppURL+"="+setting.AppURL,
 		"SSH_ORIGINAL_COMMAND=gitea-internal",
 	)
--- a/modules/setting/config_provider.go
+++ b/modules/setting/config_provider.go
@ -258,7 +258,7 @@ func (p *iniConfigProvider) Save() error {
 	}
 	filename := p.file
 	if filename == "" {
-		return fmt.Errorf("config file path must not be empty")
+		return errors.New("config file path must not be empty")
 	}
 	if p.loadedFromEmpty {
 		if err := os.MkdirAll(filepath.Dir(filename), os.ModePerm); err != nil {
--- a/modules/setting/incoming_email.go
+++ b/modules/setting/incoming_email.go
@ -4,6 +4,7 @@
 package setting
 import (
 	"errors"
 	"fmt"
 	"net/mail"
 	"strings"
@ -50,7 +51,7 @@ func checkReplyToAddress() error {
 	}
 	if parsed.Name != "" {
-		return fmt.Errorf("name must not be set")
+		return errors.New("name must not be set")
 	}
 	c := strings.Count(IncomingEmail.ReplyToAddress, IncomingEmail.TokenPlaceholder)
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@ -11,7 +11,6 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"errors"
 	"fmt"
 	"io"
 	"net"
 	"os"
@ -216,7 +215,7 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
 	ctx.Permissions().Permissions = &gossh.Permissions{}
 	setPermExt := func(keyID int64) {
 		ctx.Permissions().Permissions.Extensions = map[string]string{
-			giteaPermissionExtensionKeyID: fmt.Sprint(keyID),
+			giteaPermissionExtensionKeyID: strconv.FormatInt(keyID, 10),
 		}
 	}
--- a/modules/storage/azureblob_test.go
+++ b/modules/storage/azureblob_test.go
@ -4,9 +4,9 @@
 package storage
 import (
 	"bytes"
 	"io"
 	"os"
 	"strings"
 	"testing"
 	"code.gitea.io/gitea/modules/setting"
@ -76,7 +76,7 @@ func Test_azureBlobObject(t *testing.T) {
 	assert.NoError(t, err)
 	data := "Q2xTckt6Y1hDOWh0"
-	_, err = s.Save("test.txt", bytes.NewBufferString(data), int64(len(data)))
+	_, err = s.Save("test.txt", strings.NewReader(data), int64(len(data)))
 	assert.NoError(t, err)
 	obj, err := s.Open("test.txt")
 	assert.NoError(t, err)
--- a/modules/storage/storage_test.go
+++ b/modules/storage/storage_test.go
@ -4,7 +4,7 @@
 package storage
 import (
-	"bytes"
+	"strings"
 	"testing"
 	"code.gitea.io/gitea/modules/setting"
@ -26,7 +26,7 @@ func testStorageIterator(t *testing.T, typStr Type, cfg *setting.Storage) {
 		{"b/x 4.txt", "bx4"},
 	}
 	for _, f := range testFiles {
-		_, err = l.Save(f[0], bytes.NewBufferString(f[1]), -1)
+		_, err = l.Save(f[0], strings.NewReader(f[1]), -1)
 		assert.NoError(t, err)
 	}
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@ -9,6 +9,7 @@ import (
 	"html"
 	"html/template"
 	"net/url"
 	"strconv"
 	"strings"
 	"time"
@ -73,7 +74,7 @@ func NewFuncMap() template.FuncMap {
 		"TimeEstimateString": timeEstimateString,
 		"LoadTimes": func(startTime time.Time) string {
-			return fmt.Sprint(time.Since(startTime).Nanoseconds()/1e6) + "ms"
+			return strconv.FormatInt(time.Since(startTime).Nanoseconds()/1e6, 10) + "ms"
 		},
 		// -----------------------------------------------------------------
--- a/modules/templates/helper_test.go
+++ b/modules/templates/helper_test.go
@ -15,7 +15,7 @@ import (
 func TestSubjectBodySeparator(t *testing.T) {
 	test := func(input, subject, body string) {
-		loc := mailSubjectSplit.FindIndex([]byte(input))
+		loc := mailSubjectSplit.FindStringIndex(input)
 		if loc == nil {
 			assert.Empty(t, subject, "no subject found, but one expected")
 			assert.Equal(t, body, input)
--- a/modules/templates/util_avatar.go
+++ b/modules/templates/util_avatar.go
@ -5,9 +5,9 @@ package templates
 import (
 	"context"
 	"fmt"
 	"html"
 	"html/template"
 	"strconv"
 	activities_model "code.gitea.io/gitea/models/activities"
 	"code.gitea.io/gitea/models/avatars"
@ -28,7 +28,7 @@ func NewAvatarUtils(ctx context.Context) *AvatarUtils {
 // AvatarHTML creates the HTML for an avatar
 func AvatarHTML(src string, size int, class, name string) template.HTML {
-	sizeStr := fmt.Sprintf(`%d`, size)
+	sizeStr := strconv.Itoa(size)
 	if name == "" {
 		name = "avatar"
--- a/modules/templates/util_date.go
+++ b/modules/templates/util_date.go
@ -99,7 +99,7 @@ func dateTimeFormat(format string, datetime any) template.HTML {
 		attrs = append(attrs, `format="datetime"`, `month="short"`, `day="numeric"`, `hour="numeric"`, `minute="numeric"`, `second="numeric"`, `data-tooltip-content`, `data-tooltip-interactive="true"`)
 		return template.HTML(fmt.Sprintf(`<relative-time %s datetime="%s">%s</relative-time>`, strings.Join(attrs, " "), datetimeEscaped, textEscaped))
 	default:
-		panic(fmt.Sprintf("Unsupported format %s", format))
+		panic("Unsupported format " + format)
 	}
 }
--- a/modules/templates/util_dict.go
+++ b/modules/templates/util_dict.go
@ -4,6 +4,7 @@
 package templates
 import (
 	"errors"
 	"fmt"
 	"html"
 	"html/template"
@ -33,7 +34,7 @@ func dictMerge(base map[string]any, arg any) bool {
 // The dot syntax is highly discouraged because it might cause unclear key conflicts. It's always good to use explicit keys.
 func dict(args ...any) (map[string]any, error) {
 	if len(args)%2 != 0 {
-		return nil, fmt.Errorf("invalid dict constructor syntax: must have key-value pairs")
+		return nil, errors.New("invalid dict constructor syntax: must have key-value pairs")
 	}
 	m := make(map[string]any, len(args)/2)
 	for i := 0; i < len(args); i += 2 {
--- a/modules/templates/util_format.go
+++ b/modules/templates/util_format.go
@ -5,6 +5,7 @@ package templates
 import (
 	"fmt"
 	"strconv"
 	"code.gitea.io/gitea/modules/util"
 )
@ -24,7 +25,7 @@ func countFmt(data any) string {
 		return ""
 	}
 	if num < 1000 {
-		return fmt.Sprintf("%d", num)
+		return strconv.FormatInt(num, 10)
 	} else if num < 1_000_000 {
 		num2 := float32(num) / 1000.0
 		return fmt.Sprintf("%.1fk", num2)
--- a/modules/templates/vars/vars.go
+++ b/modules/templates/vars/vars.go
@ -16,7 +16,7 @@ type ErrWrongSyntax struct {
 }
 func (err ErrWrongSyntax) Error() string {
-	return fmt.Sprintf("wrong syntax found in %s", err.Template)
+	return "wrong syntax found in " + err.Template
 }
 // ErrVarMissing represents an error that no matched variable
--- a/modules/test/logchecker.go
+++ b/modules/test/logchecker.go
@ -5,7 +5,7 @@ package test
 import (
 	"context"
-	"fmt"
+	"strconv"
 	"strings"
 	"sync"
 	"sync/atomic"
@ -58,7 +58,7 @@ var checkerIndex int64
 func NewLogChecker(namePrefix string) (logChecker *LogChecker, cancel func()) {
 	logger := log.GetManager().GetLogger(namePrefix)
 	newCheckerIndex := atomic.AddInt64(&checkerIndex, 1)
-	writerName := namePrefix + "-" + fmt.Sprint(newCheckerIndex)
+	writerName := namePrefix + "-" + strconv.FormatInt(newCheckerIndex, 10)
 	lc := &LogChecker{}
 	lc.EventWriterBaseImpl = log.NewEventWriterBase(writerName, "test-log-checker", log.WriterMode{})
--- a/modules/test/utils.go
+++ b/modules/test/utils.go
@ -4,7 +4,6 @@
 package test
 import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"os"
@ -57,7 +56,7 @@ func SetupGiteaRoot() string {
 	giteaRoot = filepath.Dir(filepath.Dir(filepath.Dir(filename)))
 	fixturesDir := filepath.Join(giteaRoot, "models", "fixtures")
 	if exist, _ := util.IsDir(fixturesDir); !exist {
-		panic(fmt.Sprintf("fixtures directory not found: %s", fixturesDir))
+		panic("fixtures directory not found: " + fixturesDir)
 	}
 	_ = os.Setenv("GITEA_ROOT", giteaRoot)
 	return giteaRoot
--- a/modules/updatechecker/update_checker.go
+++ b/modules/updatechecker/update_checker.go
@ -34,7 +34,7 @@ func GiteaUpdateChecker(httpEndpoint string) error {
 		},
 	}
-	req, err := http.NewRequest("GET", httpEndpoint, nil)
+	req, err := http.NewRequest(http.MethodGet, httpEndpoint, nil)
 	if err != nil {
 		return err
 	}
--- a/modules/util/truncate_test.go
+++ b/modules/util/truncate_test.go
@ -5,6 +5,7 @@ package util
 import (
 	"fmt"
 	"strconv"
 	"strings"
 	"testing"
@ -100,7 +101,7 @@ func TestEllipsisString(t *testing.T) {
 			{limit: 7, left: "\xef\x03\xfe\xef\x03\xfe", right: ""},
 		}
 		for _, c := range invalidCases {
-			t.Run(fmt.Sprintf("%d", c.limit), func(t *testing.T) {
+			t.Run(strconv.Itoa(c.limit), func(t *testing.T) {
 				left, right := EllipsisDisplayStringX("\xef\x03\xfe\xef\x03\xfe", c.limit)
 				assert.Equal(t, c.left, left, "left")
 				assert.Equal(t, c.right, right, "right")
--- a/modules/validation/binding_test.go
+++ b/modules/validation/binding_test.go
@ -47,7 +47,7 @@ func performValidationTest(t *testing.T, testCase validationTestCase) {
 		assert.Equal(t, testCase.expectedErrors, actual)
 	})
-	req, err := http.NewRequest("POST", testRoute, nil)
+	req, err := http.NewRequest(http.MethodPost, testRoute, nil)
 	if err != nil {
 		panic(err)
 	}
--- a/modules/web/routemock_test.go
+++ b/modules/web/routemock_test.go
@ -30,7 +30,7 @@ func TestRouteMock(t *testing.T) {
 	// normal request
 	recorder := httptest.NewRecorder()
-	req, err := http.NewRequest("GET", "http://localhost:8000/foo", nil)
+	req, err := http.NewRequest(http.MethodGet, "http://localhost:8000/foo", nil)
 	assert.NoError(t, err)
 	r.ServeHTTP(recorder, req)
 	assert.Len(t, recorder.Header(), 3)
@ -45,7 +45,7 @@ func TestRouteMock(t *testing.T) {
 		resp.WriteHeader(http.StatusOK)
 	})
 	recorder = httptest.NewRecorder()
-	req, err = http.NewRequest("GET", "http://localhost:8000/foo", nil)
+	req, err = http.NewRequest(http.MethodGet, "http://localhost:8000/foo", nil)
 	assert.NoError(t, err)
 	r.ServeHTTP(recorder, req)
 	assert.Len(t, recorder.Header(), 2)
@ -59,7 +59,7 @@ func TestRouteMock(t *testing.T) {
 		resp.WriteHeader(http.StatusOK)
 	})
 	recorder = httptest.NewRecorder()
-	req, err = http.NewRequest("GET", "http://localhost:8000/foo", nil)
+	req, err = http.NewRequest(http.MethodGet, "http://localhost:8000/foo", nil)
 	assert.NoError(t, err)
 	r.ServeHTTP(recorder, req)
 	assert.Len(t, recorder.Header(), 3)
--- a/modules/web/router_path.go
+++ b/modules/web/router_path.go
@ -4,7 +4,6 @@
 package web
 import (
 	"fmt"
 	"net/http"
 	"regexp"
 	"strings"
@ -103,7 +102,7 @@ func newRouterPathMatcher(methods, pattern string, h ...any) *routerPathMatcher
 	for _, method := range strings.Split(methods, ",") {
 		method = strings.TrimSpace(method)
 		if !isValidMethod(method) {
-			panic(fmt.Sprintf("invalid HTTP method: %s", method))
+			panic("invalid HTTP method: " + method)
 		}
 		p.methods.Add(method)
 	}
@ -117,7 +116,7 @@ func newRouterPathMatcher(methods, pattern string, h ...any) *routerPathMatcher
 		}
 		end := strings.IndexByte(pattern[lastEnd+start:], '>')
 		if end == -1 {
-			panic(fmt.Sprintf("invalid pattern: %s", pattern))
+			panic("invalid pattern: " + pattern)
 		}
 		re = append(re, pattern[lastEnd:lastEnd+start]...)
 		partName, partExp, _ := strings.Cut(pattern[lastEnd+start+1:lastEnd+start+end], ":")
--- a/modules/web/router_test.go
+++ b/modules/web/router_test.go
@ -51,7 +51,7 @@ func TestPathProcessor(t *testing.T) {
 }
 func TestRouter(t *testing.T) {
-	buff := bytes.NewBufferString("")
+	buff := &bytes.Buffer{}
 	recorder := httptest.NewRecorder()
 	recorder.Body = buff
@ -224,7 +224,7 @@ func TestRouteNormalizePath(t *testing.T) {
 			actualPaths.Path = req.URL.Path
 		})
-		req, err := http.NewRequest("GET", reqPath, nil)
+		req, err := http.NewRequest(http.MethodGet, reqPath, nil)
 		assert.NoError(t, err)
 		r.ServeHTTP(recorder, req)
 		assert.Equal(t, expectedPaths, actualPaths, "req path = %q", reqPath)
--- a/Show More
+++ b/Show More