diff --git a/Makefile b/Makefile
index 3b7b5da857..1cdc550d29 100644
--- a/Makefile
+++ b/Makefile
@@ -32,7 +32,7 @@ GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.6.0 # renovate: datasource=go
 GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.58.1 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11 # renovate: datasource=go
 MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.5.1 # renovate: datasource=go
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.6-0.20240201115257-bcc7c78b7786 # renovate: datasource=go
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
diff --git a/cmd/hook.go b/cmd/hook.go
index 4f73f8e2bc..f8184f9697 100644
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -316,12 +316,12 @@ func runHookUpdate(c *cli.Context) error {
 		return nil
 	}
 
-	// Deletion of the ref means that the new commit ID is only composed of '0'.
-	if strings.ContainsFunc(newCommitID, func(e rune) bool { return e != '0' }) {
-		return nil
+	// Empty new commit ID means deletion.
+	if git.IsEmptyCommitID(newCommitID, nil) {
+		return fail(ctx, fmt.Sprintf("The deletion of %s is skipped as it's an internal reference.", refFullName), "")
 	}
 
-	return fail(ctx, fmt.Sprintf("The deletion of %s is skipped as it's an internal reference.", refFullName), "")
+	return nil
 }
 
 func runHookPostReceive(c *cli.Context) error {
@@ -405,8 +405,7 @@ Forgejo or set your environment appropriately.`, "")
 		newCommitIDs[count] = string(fields[1])
 		refFullNames[count] = git.RefName(fields[2])
 
-		commitID, _ := git.NewIDFromString(newCommitIDs[count])
-		if refFullNames[count] == git.BranchPrefix+"master" && !commitID.IsZero() && count == total {
+		if refFullNames[count] == git.BranchPrefix+"master" && !git.IsEmptyCommitID(newCommitIDs[count], nil) && count == total {
 			masterPushed = true
 		}
 		count++
@@ -697,8 +696,7 @@ Forgejo or set your environment appropriately.`, "")
 		if err != nil {
 			return err
 		}
-		commitID, _ := git.NewIDFromString(rs.OldOID)
-		if !commitID.IsZero() {
+		if !git.IsEmptyCommitID(rs.OldOID, nil) {
 			err = writeDataPktLine(ctx, os.Stdout, []byte("option old-oid "+rs.OldOID))
 			if err != nil {
 				return err
diff --git a/models/repo/repo.go b/models/repo/repo.go
index 8af38f6248..6ab4af7990 100644
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@@ -332,7 +332,7 @@ func (repo *Repository) HTMLURL() string {
 // CommitLink make link to by commit full ID
 // note: won't check whether it's an right id
 func (repo *Repository) CommitLink(commitID string) (result string) {
-	if git.IsEmptyCommitID(commitID) {
+	if git.IsEmptyCommitID(commitID, nil) {
 		result = ""
 	} else {
 		result = repo.Link() + "/commit/" + url.PathEscape(commitID)
diff --git a/modules/git/object_format.go b/modules/git/object_format.go
index c2fcf4c063..2b462589a3 100644
--- a/modules/git/object_format.go
+++ b/modules/git/object_format.go
@@ -122,6 +122,7 @@ func (h Sha256ObjectFormatImpl) ComputeHash(t ObjectType, content []byte) Object
 var (
 	Sha1ObjectFormat   ObjectFormat = Sha1ObjectFormatImpl{}
 	Sha256ObjectFormat ObjectFormat = Sha256ObjectFormatImpl{}
+	// any addition must be reflected in IsEmptyCommitID
 )
 
 var SupportedObjectFormats = []ObjectFormat{
diff --git a/modules/git/object_id.go b/modules/git/object_id.go
index 4f8c39ee1d..26736bb766 100644
--- a/modules/git/object_id.go
+++ b/modules/git/object_id.go
@@ -79,17 +79,25 @@ func NewIDFromString(hexHash string) (ObjectID, error) {
 	return theObjectFormat.MustID(b), nil
 }
 
-func IsEmptyCommitID(commitID string) bool {
+// IsEmptyCommitID checks if an hexadecimal string represents an empty commit according to git (only '0').
+// If objectFormat is not nil, the length will be checked as well (otherwise the lenght must match the sha1 or sha256 length).
+func IsEmptyCommitID(commitID string, objectFormat ObjectFormat) bool {
 	if commitID == "" {
 		return true
 	}
-
-	id, err := NewIDFromString(commitID)
-	if err != nil {
+	if objectFormat == nil {
+		if Sha1ObjectFormat.FullLength() != len(commitID) && Sha256ObjectFormat.FullLength() != len(commitID) {
+			return false
+		}
+	} else if objectFormat.FullLength() != len(commitID) {
 		return false
 	}
-
-	return id.IsZero()
+	for _, c := range commitID {
+		if c != '0' {
+			return false
+		}
+	}
+	return true
 }
 
 // ComputeBlobHash compute the hash for a given blob content
diff --git a/modules/git/object_id_test.go b/modules/git/object_id_test.go
index 6f365d6b19..00a24e3981 100644
--- a/modules/git/object_id_test.go
+++ b/modules/git/object_id_test.go
@@ -23,3 +23,27 @@ func TestIsValidSHAPattern(t *testing.T) {
 	assert.Equal(t, "d5c6407415d85df49592672aa421aed39b9db5e3", ComputeBlobHash(Sha1ObjectFormat, []byte("same length blob")).String())
 	assert.Equal(t, "df0b5174ed06ae65aea40d43316bcbc21d82c9e3158ce2661df2ad28d7931dd6", ComputeBlobHash(Sha256ObjectFormat, []byte("some random blob")).String())
 }
+
+func TestIsEmptyCommitID(t *testing.T) {
+	assert.True(t, IsEmptyCommitID("", nil))
+	assert.True(t, IsEmptyCommitID("", Sha1ObjectFormat))
+	assert.True(t, IsEmptyCommitID("", Sha256ObjectFormat))
+
+	assert.False(t, IsEmptyCommitID("79ee38a6416c1ede423ec7ee0a8639ceea4aad20", Sha1ObjectFormat))
+	assert.True(t, IsEmptyCommitID("0000000000000000000000000000000000000000", nil))
+	assert.True(t, IsEmptyCommitID("0000000000000000000000000000000000000000", Sha1ObjectFormat))
+	assert.False(t, IsEmptyCommitID("0000000000000000000000000000000000000000", Sha256ObjectFormat))
+
+	assert.False(t, IsEmptyCommitID("00000000000000000000000000000000000000000", nil))
+
+	assert.False(t, IsEmptyCommitID("0f0b5174ed06ae65aea40d43316bcbc21d82c9e3158ce2661df2ad28d7931dd6", nil))
+	assert.True(t, IsEmptyCommitID("0000000000000000000000000000000000000000000000000000000000000000", nil))
+	assert.False(t, IsEmptyCommitID("0000000000000000000000000000000000000000000000000000000000000000", Sha1ObjectFormat))
+	assert.True(t, IsEmptyCommitID("0000000000000000000000000000000000000000000000000000000000000000", Sha256ObjectFormat))
+
+	assert.False(t, IsEmptyCommitID("1", nil))
+	assert.False(t, IsEmptyCommitID("0", nil))
+
+	assert.False(t, IsEmptyCommitID("010", nil))
+	assert.False(t, IsEmptyCommitID("0 0", nil))
+}
diff --git a/modules/repository/push.go b/modules/repository/push.go
index 751ee83a09..66d0417caf 100644
--- a/modules/repository/push.go
+++ b/modules/repository/push.go
@@ -21,14 +21,12 @@ type PushUpdateOptions struct {
 
 // IsNewRef return true if it's a first-time push to a branch, tag or etc.
 func (opts *PushUpdateOptions) IsNewRef() bool {
-	commitID, err := git.NewIDFromString(opts.OldCommitID)
-	return err == nil && commitID.IsZero()
+	return git.IsEmptyCommitID(opts.OldCommitID, nil)
 }
 
 // IsDelRef return true if it's a deletion to a branch or tag
 func (opts *PushUpdateOptions) IsDelRef() bool {
-	commitID, err := git.NewIDFromString(opts.NewCommitID)
-	return err == nil && commitID.IsZero()
+	return git.IsEmptyCommitID(opts.NewCommitID, nil)
 }
 
 // IsUpdateRef return true if it's an update operation
diff --git a/package-lock.json b/package-lock.json
index b6b4913a1d..5e9a74dd38 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -33,7 +33,7 @@
         "jquery": "3.7.1",
         "katex": "0.16.10",
         "license-checker-webpack-plugin": "0.2.1",
-        "mermaid": "10.9.0",
+        "mermaid": "10.9.1",
         "mini-css-extract-plugin": "2.9.0",
         "minimatch": "9.0.4",
         "monaco-editor": "0.47.0",
@@ -8412,9 +8412,9 @@
       }
     },
     "node_modules/mermaid": {
-      "version": "10.9.0",
-      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.9.0.tgz",
-      "integrity": "sha512-swZju0hFox/B/qoLKK0rOxxgh8Cf7rJSfAUc1u8fezVihYMvrJAS45GzAxTVf4Q+xn9uMgitBcmWk7nWGXOs/g==",
+      "version": "10.9.1",
+      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.9.1.tgz",
+      "integrity": "sha512-Mx45Obds5W1UkW1nv/7dHRsbfMM1aOKA2+Pxs/IGHNonygDHwmng8xTHyS9z4KWVi0rbko8gjiBmuwwXQ7tiNA==",
       "dependencies": {
         "@braintree/sanitize-url": "^6.0.1",
         "@types/d3-scale": "^4.0.3",
diff --git a/package.json b/package.json
index 733eb7878d..1aeecee612 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
     "jquery": "3.7.1",
     "katex": "0.16.10",
     "license-checker-webpack-plugin": "0.2.1",
-    "mermaid": "10.9.0",
+    "mermaid": "10.9.1",
     "mini-css-extract-plugin": "2.9.0",
     "minimatch": "9.0.4",
     "monaco-editor": "0.47.0",
diff --git a/release-notes/8.0.0/fix/3776.md b/release-notes/8.0.0/fix/3776.md
new file mode 100644
index 0000000000..b3577271e8
--- /dev/null
+++ b/release-notes/8.0.0/fix/3776.md
@@ -0,0 +1 @@
+- backticks in [mermaid](https://mermaid.js.org/) block diagram labels [are not sanitized properly](https://github.com/mermaid-js/mermaid/commit/c7fe9a646574597adefe3e6fb2b3707112a151aa)
diff --git a/routers/private/hook_post_receive.go b/routers/private/hook_post_receive.go
index 10b300f3df..b78f19d51e 100644
--- a/routers/private/hook_post_receive.go
+++ b/routers/private/hook_post_receive.go
@@ -239,7 +239,7 @@ func HookPostReceive(ctx *gitea_context.PrivateContext) {
 		}
 
 		// If we've pushed a branch (and not deleted it)
-		if !git.IsEmptyCommitID(newCommitID) && refFullName.IsBranch() {
+		if !git.IsEmptyCommitID(newCommitID, nil) && refFullName.IsBranch() {
 			// First ensure we have the repository loaded, we're allowed pulls requests and we can get the base repo
 			if repo == nil {
 				repo = loadRepository(ctx, ownerName, repoName)
diff --git a/services/actions/notifier.go b/services/actions/notifier.go
index 6551da39e7..3a6dd9db5b 100644
--- a/services/actions/notifier.go
+++ b/services/actions/notifier.go
@@ -515,8 +515,7 @@ func (*actionsNotifier) MergePullRequest(ctx context.Context, doer *user_model.U
 }
 
 func (n *actionsNotifier) PushCommits(ctx context.Context, pusher *user_model.User, repo *repo_model.Repository, opts *repository.PushUpdateOptions, commits *repository.PushCommits) {
-	commitID, _ := git.NewIDFromString(opts.NewCommitID)
-	if commitID.IsZero() {
+	if git.IsEmptyCommitID(opts.NewCommitID, nil) {
 		log.Trace("new commitID is empty")
 		return
 	}
diff --git a/templates/install.tmpl b/templates/install.tmpl
index d49de33a3f..682e1e6511 100644
--- a/templates/install.tmpl
+++ b/templates/install.tmpl
@@ -174,7 +174,7 @@
 						<div class="inline field {{if .Err_SMTPFrom}}error{{end}}">
 							<label for="smtp_from">{{ctx.Locale.Tr "install.smtp_from"}}</label>
 							<input id="smtp_from" name="smtp_from" value="{{.smtp_from}}">
-							<span class="help">{{ctx.Locale.Tr "install.smtp_from_helper"}}</span>
+							<span class="help">{{ctx.Locale.TrString "install.smtp_from_helper"}}{{/* it contains lt/gt chars*/}}</span>
 						</div>
 						<div class="inline field {{if .Err_SMTPUser}}error{{end}}">
 							<label for="smtp_user">{{ctx.Locale.Tr "install.mailer_user"}}</label>
@@ -320,6 +320,8 @@
 						</div>
 					</details>
 
+					<div class="divider"></div>
+
 					{{if .EnvConfigKeys}}
 					<!-- Environment Config -->
 					<h4 class="ui dividing header">{{ctx.Locale.Tr "install.env_config_keys"}}</h4>
@@ -333,12 +335,11 @@
 					</div>
 					{{end}}
 
-					<div class="divider"></div>
 					<div class="inline field">
 						<div class="right-content">
 							{{ctx.Locale.Tr "install.config_location_hint"}} {{.CustomConfFile}}
 						</div>
-						<div class="right-content tw-mt-2">
+						<div class="tw-mt-4 tw-mb-2 tw-text-center">
 							<button class="ui primary button">{{ctx.Locale.Tr "install.install_btn_confirm"}}</button>
 						</div>
 					</div>
diff --git a/templates/repo/create.tmpl b/templates/repo/create.tmpl
index bcc04ff28d..3afd978ee9 100644
--- a/templates/repo/create.tmpl
+++ b/templates/repo/create.tmpl
@@ -49,14 +49,17 @@
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
 						<div class="ui checkbox">
-							{{if .IsForcedPrivate}}
-								<input name="private" type="checkbox" checked readonly>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</label>
-							{{else}}
-								<input name="private" type="checkbox" {{if .private}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
-							{{end}}
+							<input name="private" type="checkbox"
+								{{if .IsForcedPrivate}}
+									checked disabled
+								{{else}}
+									{{if .private}}checked{{end}}
+								{{end}}>
+							<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
 						</div>
+						{{if .IsForcedPrivate}}
+							<span class="help">{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</span>
+						{{end}}
 						<span class="help">{{ctx.Locale.Tr "repo.visibility_description"}}</span>
 					</div>
 					<div class="inline field {{if .Err_Description}}error{{end}}">
diff --git a/templates/repo/migrate/codebase.tmpl b/templates/repo/migrate/codebase.tmpl
index 439a883863..1b5e84067e 100644
--- a/templates/repo/migrate/codebase.tmpl
+++ b/templates/repo/migrate/codebase.tmpl
@@ -88,14 +88,18 @@
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
 						<div class="ui checkbox">
-							{{if .IsForcedPrivate}}
-								<input name="private" type="checkbox" checked readonly>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</label>
-							{{else}}
-								<input name="private" type="checkbox" {{if .private}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
-							{{end}}
+							<input name="private" type="checkbox"
+								{{if .IsForcedPrivate}}
+									checked disabled
+								{{else}}
+									{{if .private}}checked{{end}}
+								{{end}}>
+							<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
 						</div>
+						{{if .IsForcedPrivate}}
+							<span class="help">{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</span>
+						{{end}}
+						<span class="help">{{ctx.Locale.Tr "repo.visibility_description"}}</span>
 					</div>
 					<div class="inline field {{if .Err_Description}}error{{end}}">
 						<label for="description">{{ctx.Locale.Tr "repo.repo_desc"}}</label>
diff --git a/templates/repo/migrate/git.tmpl b/templates/repo/migrate/git.tmpl
index db01b8d858..5ebf4cfd6a 100644
--- a/templates/repo/migrate/git.tmpl
+++ b/templates/repo/migrate/git.tmpl
@@ -62,14 +62,18 @@
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
 						<div class="ui checkbox">
-							{{if .IsForcedPrivate}}
-								<input name="private" type="checkbox" checked readonly>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</label>
-							{{else}}
-								<input name="private" type="checkbox" {{if .private}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
-							{{end}}
+							<input name="private" type="checkbox"
+								{{if .IsForcedPrivate}}
+									checked disabled
+								{{else}}
+									{{if .private}}checked{{end}}
+								{{end}}>
+							<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
 						</div>
+						{{if .IsForcedPrivate}}
+							<span class="help">{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</span>
+						{{end}}
+						<span class="help">{{ctx.Locale.Tr "repo.visibility_description"}}</span>
 					</div>
 					<div class="inline field {{if .Err_Description}}error{{end}}">
 						<label for="description">{{ctx.Locale.Tr "repo.repo_desc"}}</label>
diff --git a/templates/repo/migrate/gitbucket.tmpl b/templates/repo/migrate/gitbucket.tmpl
index d1f1db99ba..6d671777a4 100644
--- a/templates/repo/migrate/gitbucket.tmpl
+++ b/templates/repo/migrate/gitbucket.tmpl
@@ -104,14 +104,18 @@
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
 						<div class="ui checkbox">
-							{{if .IsForcedPrivate}}
-								<input name="private" type="checkbox" checked readonly>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</label>
-							{{else}}
-								<input name="private" type="checkbox" {{if .private}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
-							{{end}}
+							<input name="private" type="checkbox"
+								{{if .IsForcedPrivate}}
+									checked disabled
+								{{else}}
+									{{if .private}}checked{{end}}
+								{{end}}>
+							<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
 						</div>
+						{{if .IsForcedPrivate}}
+							<span class="help">{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</span>
+						{{end}}
+						<span class="help">{{ctx.Locale.Tr "repo.visibility_description"}}</span>
 					</div>
 					<div class="inline field {{if .Err_Description}}error{{end}}">
 						<label for="description">{{ctx.Locale.Tr "repo.repo_desc"}}</label>
diff --git a/templates/repo/migrate/gitea.tmpl b/templates/repo/migrate/gitea.tmpl
index f2a3ae4348..20d85c27c7 100644
--- a/templates/repo/migrate/gitea.tmpl
+++ b/templates/repo/migrate/gitea.tmpl
@@ -100,14 +100,18 @@
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
 						<div class="ui checkbox">
-							{{if .IsForcedPrivate}}
-								<input name="private" type="checkbox" checked readonly>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</label>
-							{{else}}
-								<input name="private" type="checkbox" {{if .private}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
-							{{end}}
+							<input name="private" type="checkbox"
+								{{if .IsForcedPrivate}}
+									checked disabled
+								{{else}}
+									{{if .private}}checked{{end}}
+								{{end}}>
+							<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
 						</div>
+						{{if .IsForcedPrivate}}
+							<span class="help">{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</span>
+						{{end}}
+						<span class="help">{{ctx.Locale.Tr "repo.visibility_description"}}</span>
 					</div>
 					<div class="inline field {{if .Err_Description}}error{{end}}">
 						<label for="description">{{ctx.Locale.Tr "repo.repo_desc"}}</label>
diff --git a/templates/repo/migrate/github.tmpl b/templates/repo/migrate/github.tmpl
index dfb2b4bc46..6e801b8c1d 100644
--- a/templates/repo/migrate/github.tmpl
+++ b/templates/repo/migrate/github.tmpl
@@ -102,14 +102,18 @@
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
 						<div class="ui checkbox">
-							{{if .IsForcedPrivate}}
-								<input name="private" type="checkbox" checked readonly>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</label>
-							{{else}}
-								<input name="private" type="checkbox" {{if .private}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
-							{{end}}
+							<input name="private" type="checkbox"
+								{{if .IsForcedPrivate}}
+									checked disabled
+								{{else}}
+									{{if .private}}checked{{end}}
+								{{end}}>
+							<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
 						</div>
+						{{if .IsForcedPrivate}}
+							<span class="help">{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</span>
+						{{end}}
+						<span class="help">{{ctx.Locale.Tr "repo.visibility_description"}}</span>
 					</div>
 					<div class="inline field {{if .Err_Description}}error{{end}}">
 						<label for="description">{{ctx.Locale.Tr "repo.repo_desc"}}</label>
diff --git a/templates/repo/migrate/gitlab.tmpl b/templates/repo/migrate/gitlab.tmpl
index 76c2828257..164578222e 100644
--- a/templates/repo/migrate/gitlab.tmpl
+++ b/templates/repo/migrate/gitlab.tmpl
@@ -99,14 +99,18 @@
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
 						<div class="ui checkbox">
-							{{if .IsForcedPrivate}}
-								<input name="private" type="checkbox" checked readonly>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</label>
-							{{else}}
-								<input name="private" type="checkbox" {{if .private}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
-							{{end}}
+							<input name="private" type="checkbox"
+								{{if .IsForcedPrivate}}
+									checked disabled
+								{{else}}
+									{{if .private}}checked{{end}}
+								{{end}}>
+							<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
 						</div>
+						{{if .IsForcedPrivate}}
+							<span class="help">{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</span>
+						{{end}}
+						<span class="help">{{ctx.Locale.Tr "repo.visibility_description"}}</span>
 					</div>
 					<div class="inline field {{if .Err_Description}}error{{end}}">
 						<label for="description">{{ctx.Locale.Tr "repo.repo_desc"}}</label>
diff --git a/templates/repo/migrate/gogs.tmpl b/templates/repo/migrate/gogs.tmpl
index b01d0eeb67..312a4e9e9a 100644
--- a/templates/repo/migrate/gogs.tmpl
+++ b/templates/repo/migrate/gogs.tmpl
@@ -102,14 +102,18 @@
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
 						<div class="ui checkbox">
-							{{if .IsForcedPrivate}}
-								<input name="private" type="checkbox" checked readonly>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</label>
-							{{else}}
-								<input name="private" type="checkbox" {{if .private}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
-							{{end}}
+							<input name="private" type="checkbox"
+								{{if .IsForcedPrivate}}
+									checked disabled
+								{{else}}
+									{{if .private}}checked{{end}}
+								{{end}}>
+							<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
 						</div>
+						{{if .IsForcedPrivate}}
+							<span class="help">{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</span>
+						{{end}}
+						<span class="help">{{ctx.Locale.Tr "repo.visibility_description"}}</span>
 					</div>
 					<div class="inline field {{if .Err_Description}}error{{end}}">
 						<label for="description">{{ctx.Locale.Tr "repo.repo_desc"}}</label>
diff --git a/templates/repo/migrate/onedev.tmpl b/templates/repo/migrate/onedev.tmpl
index 8b2a2d8730..a5a216c6ec 100644
--- a/templates/repo/migrate/onedev.tmpl
+++ b/templates/repo/migrate/onedev.tmpl
@@ -88,14 +88,18 @@
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
 						<div class="ui checkbox">
-							{{if .IsForcedPrivate}}
-								<input name="private" type="checkbox" checked readonly>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</label>
-							{{else}}
-								<input name="private" type="checkbox" {{if .private}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
-							{{end}}
+							<input name="private" type="checkbox"
+								{{if .IsForcedPrivate}}
+									checked disabled
+								{{else}}
+									{{if .private}}checked{{end}}
+								{{end}}>
+							<label>{{ctx.Locale.Tr "repo.visibility_helper"}}</label>
 						</div>
+						{{if .IsForcedPrivate}}
+							<span class="help">{{ctx.Locale.Tr "repo.visibility_helper_forced"}}</span>
+						{{end}}
+						<span class="help">{{ctx.Locale.Tr "repo.visibility_description"}}</span>
 					</div>
 					<div class="inline field {{if .Err_Description}}error{{end}}">
 						<label for="description">{{ctx.Locale.Tr "repo.repo_desc"}}</label>
diff --git a/templates/repo/settings/deploy_keys.tmpl b/templates/repo/settings/deploy_keys.tmpl
index 3410c103a2..4bc3abf6fb 100644
--- a/templates/repo/settings/deploy_keys.tmpl
+++ b/templates/repo/settings/deploy_keys.tmpl
@@ -28,7 +28,7 @@
 					<div class="field">
 						<div class="ui checkbox {{if .Err_IsWritable}}error{{end}}">
 							<input id="ssh-key-is-writable" name="is_writable" type="checkbox" value="1">
-							<label for="is_writable">
+							<label for="ssh-key-is-writable">
 								{{ctx.Locale.Tr "repo.settings.is_writable"}}
 							</label>
 							<small class="tw-pl-[26px]">{{ctx.Locale.Tr "repo.settings.is_writable_info"}}</small>
diff --git a/tests/integration/api_branch_test.go b/tests/integration/api_branch_test.go
index dc1aaec2a2..089221dec2 100644
--- a/tests/integration/api_branch_test.go
+++ b/tests/integration/api_branch_test.go
@@ -11,6 +11,7 @@ import (
 	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
+	"code.gitea.io/gitea/modules/git"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/tests"
 
@@ -110,61 +111,62 @@ func TestAPICreateBranch(t *testing.T) {
 }
 
 func testAPICreateBranches(t *testing.T, giteaURL *url.URL) {
-	username := "user2"
-	ctx := NewAPITestContext(t, username, "my-noo-repo", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-	giteaURL.Path = ctx.GitPath()
+	forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
+		ctx := NewAPITestContext(t, "user2", "my-noo-repo-"+objectFormat.Name(), auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+		giteaURL.Path = ctx.GitPath()
 
-	t.Run("CreateRepo", doAPICreateRepository(ctx, false))
-	testCases := []struct {
-		OldBranch          string
-		NewBranch          string
-		ExpectedHTTPStatus int
-	}{
-		// Creating branch from default branch
-		{
-			OldBranch:          "",
-			NewBranch:          "new_branch_from_default_branch",
-			ExpectedHTTPStatus: http.StatusCreated,
-		},
-		// Creating branch from master
-		{
-			OldBranch:          "master",
-			NewBranch:          "new_branch_from_master_1",
-			ExpectedHTTPStatus: http.StatusCreated,
-		},
-		// Trying to create from master but already exists
-		{
-			OldBranch:          "master",
-			NewBranch:          "new_branch_from_master_1",
-			ExpectedHTTPStatus: http.StatusConflict,
-		},
-		// Trying to create from other branch (not default branch)
-		// ps: it can't test the case-sensitive behavior here: the "BRANCH_2" can't be created by git on a case-insensitive filesystem, it makes the test fail quickly before the database code.
-		// Suppose some users are running Gitea on a case-insensitive filesystem, it seems that it's unable to support case-sensitive branch names.
-		{
-			OldBranch:          "new_branch_from_master_1",
-			NewBranch:          "branch_2",
-			ExpectedHTTPStatus: http.StatusCreated,
-		},
-		// Trying to create from a branch which does not exist
-		{
-			OldBranch:          "does_not_exist",
-			NewBranch:          "new_branch_from_non_existent",
-			ExpectedHTTPStatus: http.StatusNotFound,
-		},
-		// Trying to create a branch with UTF8
-		{
-			OldBranch:          "master",
-			NewBranch:          "test-👀",
-			ExpectedHTTPStatus: http.StatusCreated,
-		},
-	}
-	for _, test := range testCases {
-		session := ctx.Session
-		t.Run(test.NewBranch, func(t *testing.T) {
-			testAPICreateBranch(t, session, "user2", "my-noo-repo", test.OldBranch, test.NewBranch, test.ExpectedHTTPStatus)
-		})
-	}
+		t.Run("CreateRepo", doAPICreateRepository(ctx, false, objectFormat))
+		testCases := []struct {
+			OldBranch          string
+			NewBranch          string
+			ExpectedHTTPStatus int
+		}{
+			// Creating branch from default branch
+			{
+				OldBranch:          "",
+				NewBranch:          "new_branch_from_default_branch",
+				ExpectedHTTPStatus: http.StatusCreated,
+			},
+			// Creating branch from master
+			{
+				OldBranch:          "master",
+				NewBranch:          "new_branch_from_master_1",
+				ExpectedHTTPStatus: http.StatusCreated,
+			},
+			// Trying to create from master but already exists
+			{
+				OldBranch:          "master",
+				NewBranch:          "new_branch_from_master_1",
+				ExpectedHTTPStatus: http.StatusConflict,
+			},
+			// Trying to create from other branch (not default branch)
+			// ps: it can't test the case-sensitive behavior here: the "BRANCH_2" can't be created by git on a case-insensitive filesystem, it makes the test fail quickly before the database code.
+			// Suppose some users are running Gitea on a case-insensitive filesystem, it seems that it's unable to support case-sensitive branch names.
+			{
+				OldBranch:          "new_branch_from_master_1",
+				NewBranch:          "branch_2",
+				ExpectedHTTPStatus: http.StatusCreated,
+			},
+			// Trying to create from a branch which does not exist
+			{
+				OldBranch:          "does_not_exist",
+				NewBranch:          "new_branch_from_non_existent",
+				ExpectedHTTPStatus: http.StatusNotFound,
+			},
+			// Trying to create a branch with UTF8
+			{
+				OldBranch:          "master",
+				NewBranch:          "test-👀",
+				ExpectedHTTPStatus: http.StatusCreated,
+			},
+		}
+		for _, test := range testCases {
+			session := ctx.Session
+			t.Run(test.NewBranch, func(t *testing.T) {
+				testAPICreateBranch(t, session, ctx.Username, ctx.Reponame, test.OldBranch, test.NewBranch, test.ExpectedHTTPStatus)
+			})
+		}
+	})
 }
 
 func testAPICreateBranch(t testing.TB, session *TestSession, user, repo, oldBranch, newBranch string, status int) bool {
diff --git a/tests/integration/api_helper_for_declarative_test.go b/tests/integration/api_helper_for_declarative_test.go
index 7755b9861a..3e54e2fe3f 100644
--- a/tests/integration/api_helper_for_declarative_test.go
+++ b/tests/integration/api_helper_for_declarative_test.go
@@ -16,6 +16,7 @@ import (
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/queue"
 	api "code.gitea.io/gitea/modules/structs"
@@ -47,17 +48,18 @@ func (ctx APITestContext) GitPath() string {
 	return fmt.Sprintf("%s/%s.git", ctx.Username, ctx.Reponame)
 }
 
-func doAPICreateRepository(ctx APITestContext, empty bool, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
+func doAPICreateRepository(ctx APITestContext, empty bool, objectFormat git.ObjectFormat, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
 	return func(t *testing.T) {
 		createRepoOption := &api.CreateRepoOption{
-			AutoInit:    !empty,
-			Description: "Temporary repo",
-			Name:        ctx.Reponame,
-			Private:     true,
-			Template:    true,
-			Gitignores:  "",
-			License:     "WTFPL",
-			Readme:      "Default",
+			AutoInit:         !empty,
+			Description:      "Temporary repo",
+			Name:             ctx.Reponame,
+			Private:          true,
+			Template:         true,
+			Gitignores:       "",
+			License:          "WTFPL",
+			Readme:           "Default",
+			ObjectFormatName: objectFormat.Name(),
 		}
 		req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos", createRepoOption).
 			AddTokenAuth(ctx.Token)
diff --git a/tests/integration/api_repo_file_create_test.go b/tests/integration/api_repo_file_create_test.go
index 41ad7211ff..c7c30db1ff 100644
--- a/tests/integration/api_repo_file_create_test.go
+++ b/tests/integration/api_repo_file_create_test.go
@@ -17,6 +17,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/gitrepo"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
@@ -52,6 +53,10 @@ func getCreateFileOptions() api.CreateFileOptions {
 
 func getExpectedFileResponseForCreate(repoFullName, commitID, treePath, latestCommitSHA string) *api.FileResponse {
 	sha := "a635aa942442ddfdba07468cf9661c08fbdf0ebf"
+	if len(latestCommitSHA) > len(sha) {
+		// repository is in SHA256 format
+		sha = "3edd190f61237b7a0a5c49aa47fb58b2ec14d53a2afc90803bc713fab5d5aec0"
+	}
 	encoding := "base64"
 	content := "VGhpcyBpcyBuZXcgdGV4dA=="
 	selfURL := setting.AppURL + "api/v1/repos/" + repoFullName + "/contents/" + treePath + "?ref=master"
@@ -277,28 +282,31 @@ func TestAPICreateFile(t *testing.T) {
 		MakeRequest(t, req, http.StatusForbidden)
 
 		// Test creating a file in an empty repository
-		doAPICreateRepository(NewAPITestContext(t, "user2", "empty-repo", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser), true)(t)
-		createFileOptions = getCreateFileOptions()
-		fileID++
-		treePath = fmt.Sprintf("new/file%d.txt", fileID)
-		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user2.Name, "empty-repo", treePath), &createFileOptions).
-			AddTokenAuth(token2)
-		resp = MakeRequest(t, req, http.StatusCreated)
-		emptyRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerName: "user2", Name: "empty-repo"}) // public repo
-		gitRepo, _ := gitrepo.OpenRepository(stdCtx.Background(), emptyRepo)
-		commitID, _ := gitRepo.GetBranchCommitID(createFileOptions.NewBranchName)
-		latestCommit, _ := gitRepo.GetCommitByPath(treePath)
-		expectedFileResponse := getExpectedFileResponseForCreate("user2/empty-repo", commitID, treePath, latestCommit.ID.String())
-		DecodeJSON(t, resp, &fileResponse)
-		assert.EqualValues(t, expectedFileResponse.Content, fileResponse.Content)
-		assert.EqualValues(t, expectedFileResponse.Commit.SHA, fileResponse.Commit.SHA)
-		assert.EqualValues(t, expectedFileResponse.Commit.HTMLURL, fileResponse.Commit.HTMLURL)
-		assert.EqualValues(t, expectedFileResponse.Commit.Author.Email, fileResponse.Commit.Author.Email)
-		assert.EqualValues(t, expectedFileResponse.Commit.Author.Name, fileResponse.Commit.Author.Name)
-		assert.EqualValues(t, expectedFileResponse.Commit.Author.Date, fileResponse.Commit.Author.Date)
-		assert.EqualValues(t, expectedFileResponse.Commit.Committer.Email, fileResponse.Commit.Committer.Email)
-		assert.EqualValues(t, expectedFileResponse.Commit.Committer.Name, fileResponse.Commit.Committer.Name)
-		assert.EqualValues(t, expectedFileResponse.Commit.Committer.Date, fileResponse.Commit.Committer.Date)
-		gitRepo.Close()
+		forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
+			reponame := "empty-repo-" + objectFormat.Name()
+			doAPICreateRepository(NewAPITestContext(t, "user2", reponame, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser), true, objectFormat)(t)
+			createFileOptions = getCreateFileOptions()
+			fileID++
+			treePath = fmt.Sprintf("new/file%d.txt", fileID)
+			req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user2.Name, reponame, treePath), &createFileOptions).
+				AddTokenAuth(token2)
+			resp = MakeRequest(t, req, http.StatusCreated)
+			emptyRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerName: "user2", Name: reponame}) // public repo
+			gitRepo, _ := gitrepo.OpenRepository(stdCtx.Background(), emptyRepo)
+			commitID, _ := gitRepo.GetBranchCommitID(createFileOptions.NewBranchName)
+			latestCommit, _ := gitRepo.GetCommitByPath(treePath)
+			expectedFileResponse := getExpectedFileResponseForCreate("user2/"+reponame, commitID, treePath, latestCommit.ID.String())
+			DecodeJSON(t, resp, &fileResponse)
+			assert.EqualValues(t, expectedFileResponse.Content, fileResponse.Content)
+			assert.EqualValues(t, expectedFileResponse.Commit.SHA, fileResponse.Commit.SHA)
+			assert.EqualValues(t, expectedFileResponse.Commit.HTMLURL, fileResponse.Commit.HTMLURL)
+			assert.EqualValues(t, expectedFileResponse.Commit.Author.Email, fileResponse.Commit.Author.Email)
+			assert.EqualValues(t, expectedFileResponse.Commit.Author.Name, fileResponse.Commit.Author.Name)
+			assert.EqualValues(t, expectedFileResponse.Commit.Author.Date, fileResponse.Commit.Author.Date)
+			assert.EqualValues(t, expectedFileResponse.Commit.Committer.Email, fileResponse.Commit.Committer.Email)
+			assert.EqualValues(t, expectedFileResponse.Commit.Committer.Name, fileResponse.Commit.Committer.Name)
+			assert.EqualValues(t, expectedFileResponse.Commit.Committer.Date, fileResponse.Commit.Committer.Date)
+			gitRepo.Close()
+		})
 	})
 }
diff --git a/tests/integration/api_repo_file_get_test.go b/tests/integration/api_repo_file_get_test.go
index 4649babad1..1a4e670bc1 100644
--- a/tests/integration/api_repo_file_get_test.go
+++ b/tests/integration/api_repo_file_get_test.go
@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/modules/git"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/tests"
 
@@ -26,7 +27,7 @@ func TestAPIGetRawFileOrLFS(t *testing.T) {
 	// Test with LFS
 	onGiteaRun(t, func(t *testing.T, u *url.URL) {
 		httpContext := NewAPITestContext(t, "user2", "repo-lfs-test", auth_model.AccessTokenScopeWriteRepository)
-		doAPICreateRepository(httpContext, false, func(t *testing.T, repository api.Repository) {
+		doAPICreateRepository(httpContext, false, git.Sha1ObjectFormat, func(t *testing.T, repository api.Repository) { // FIXME: use forEachObjectFormat
 			u.Path = httpContext.GitPath()
 			dstPath := t.TempDir()
 
diff --git a/tests/integration/api_repo_lfs_test.go b/tests/integration/api_repo_lfs_test.go
index 211dcf76c1..763082b178 100644
--- a/tests/integration/api_repo_lfs_test.go
+++ b/tests/integration/api_repo_lfs_test.go
@@ -17,6 +17,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/lfs"
 	"code.gitea.io/gitea/modules/setting"
@@ -61,7 +62,7 @@ func TestAPILFSMediaType(t *testing.T) {
 
 func createLFSTestRepository(t *testing.T, name string) *repo_model.Repository {
 	ctx := NewAPITestContext(t, "user2", "lfs-"+name+"-repo", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-	t.Run("CreateRepo", doAPICreateRepository(ctx, false))
+	t.Run("CreateRepo", doAPICreateRepository(ctx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 
 	repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, "user2", "lfs-"+name+"-repo")
 	assert.NoError(t, err)
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index a503b201bc..4c2c43b197 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -16,6 +16,7 @@ import (
 	unit_model "code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	repo_service "code.gitea.io/gitea/services/repository"
@@ -427,7 +428,7 @@ func testAPIRepoMigrateConflict(t *testing.T, u *url.URL) {
 		httpContext := baseAPITestContext
 
 		httpContext.Reponame = "repo-tmp-17"
-		t.Run("CreateRepo", doAPICreateRepository(httpContext, false))
+		t.Run("CreateRepo", doAPICreateRepository(httpContext, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 
 		user, err := user_model.GetUserByName(db.DefaultContext, httpContext.Username)
 		assert.NoError(t, err)
@@ -510,7 +511,7 @@ func testAPIRepoCreateConflict(t *testing.T, u *url.URL) {
 		httpContext := baseAPITestContext
 
 		httpContext.Reponame = "repo-tmp-17"
-		t.Run("CreateRepo", doAPICreateRepository(httpContext, false))
+		t.Run("CreateRepo", doAPICreateRepository(httpContext, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 
 		req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos",
 			&api.CreateRepoOption{
diff --git a/tests/integration/git_helper_for_declarative_test.go b/tests/integration/git_helper_for_declarative_test.go
index 77fe07128e..ff06dab07a 100644
--- a/tests/integration/git_helper_for_declarative_test.go
+++ b/tests/integration/git_helper_for_declarative_test.go
@@ -117,10 +117,10 @@ func doGitCloneFail(u *url.URL) func(*testing.T) {
 	}
 }
 
-func doGitInitTestRepository(dstPath string) func(*testing.T) {
+func doGitInitTestRepository(dstPath string, objectFormat git.ObjectFormat) func(*testing.T) {
 	return func(t *testing.T) {
 		// Init repository in dstPath
-		assert.NoError(t, git.InitRepository(git.DefaultContext, dstPath, false, git.Sha1ObjectFormat.Name()))
+		assert.NoError(t, git.InitRepository(git.DefaultContext, dstPath, false, objectFormat.Name()))
 		// forcibly set default branch to master
 		_, _, err := git.NewCommand(git.DefaultContext, "symbolic-ref", "HEAD", git.BranchPrefix+"master").RunStdString(&git.RunOpts{Dir: dstPath})
 		assert.NoError(t, err)
@@ -148,6 +148,7 @@ func doGitAddRemote(dstPath, remoteName string, u *url.URL) func(*testing.T) {
 
 func doGitPushTestRepository(dstPath string, args ...string) func(*testing.T) {
 	return func(t *testing.T) {
+		t.Helper()
 		_, _, err := git.NewCommand(git.DefaultContext, "push", "-u").AddArguments(git.ToTrustedCmdArgs(args)...).RunStdString(&git.RunOpts{Dir: dstPath})
 		assert.NoError(t, err)
 	}
diff --git a/tests/integration/git_push_test.go b/tests/integration/git_push_test.go
index 838ee0ff79..bbc80cc927 100644
--- a/tests/integration/git_push_test.go
+++ b/tests/integration/git_push_test.go
@@ -24,90 +24,101 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func forEachObjectFormat(t *testing.T, f func(t *testing.T, objectFormat git.ObjectFormat)) {
+	for _, objectFormat := range []git.ObjectFormat{git.Sha256ObjectFormat, git.Sha1ObjectFormat} {
+		t.Run(objectFormat.Name(), func(t *testing.T) {
+			f(t, objectFormat)
+		})
+	}
+}
+
 func TestGitPush(t *testing.T) {
 	onGiteaRun(t, testGitPush)
 }
 
 func testGitPush(t *testing.T, u *url.URL) {
-	t.Run("Push branches at once", func(t *testing.T) {
-		runTestGitPush(t, u, func(t *testing.T, gitPath string) (pushed, deleted []string) {
-			for i := 0; i < 100; i++ {
-				branchName := fmt.Sprintf("branch-%d", i)
-				pushed = append(pushed, branchName)
-				doGitCreateBranch(gitPath, branchName)(t)
-			}
-			pushed = append(pushed, "master")
-			doGitPushTestRepository(gitPath, "origin", "--all")(t)
-			return pushed, deleted
+	forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
+		t.Run("Push branches at once", func(t *testing.T) {
+			runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
+				for i := 0; i < 100; i++ {
+					branchName := fmt.Sprintf("branch-%d", i)
+					pushed = append(pushed, branchName)
+					doGitCreateBranch(gitPath, branchName)(t)
+				}
+				pushed = append(pushed, "master")
+				doGitPushTestRepository(gitPath, "origin", "--all")(t)
+				return pushed, deleted
+			})
 		})
-	})
 
-	t.Run("Push branches one by one", func(t *testing.T) {
-		runTestGitPush(t, u, func(t *testing.T, gitPath string) (pushed, deleted []string) {
-			for i := 0; i < 100; i++ {
-				branchName := fmt.Sprintf("branch-%d", i)
-				doGitCreateBranch(gitPath, branchName)(t)
-				doGitPushTestRepository(gitPath, "origin", branchName)(t)
-				pushed = append(pushed, branchName)
-			}
-			return pushed, deleted
+		t.Run("Push branches one by one", func(t *testing.T) {
+			runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
+				for i := 0; i < 100; i++ {
+					branchName := fmt.Sprintf("branch-%d", i)
+					doGitCreateBranch(gitPath, branchName)(t)
+					doGitPushTestRepository(gitPath, "origin", branchName)(t)
+					pushed = append(pushed, branchName)
+				}
+				return pushed, deleted
+			})
 		})
-	})
 
-	t.Run("Delete branches", func(t *testing.T) {
-		runTestGitPush(t, u, func(t *testing.T, gitPath string) (pushed, deleted []string) {
-			doGitPushTestRepository(gitPath, "origin", "master")(t) // make sure master is the default branch instead of a branch we are going to delete
-			pushed = append(pushed, "master")
+		t.Run("Delete branches", func(t *testing.T) {
+			runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
+				doGitPushTestRepository(gitPath, "origin", "master")(t) // make sure master is the default branch instead of a branch we are going to delete
+				pushed = append(pushed, "master")
 
-			for i := 0; i < 100; i++ {
-				branchName := fmt.Sprintf("branch-%d", i)
-				pushed = append(pushed, branchName)
-				doGitCreateBranch(gitPath, branchName)(t)
-			}
-			doGitPushTestRepository(gitPath, "origin", "--all")(t)
+				for i := 0; i < 100; i++ {
+					branchName := fmt.Sprintf("branch-%d", i)
+					pushed = append(pushed, branchName)
+					doGitCreateBranch(gitPath, branchName)(t)
+				}
+				doGitPushTestRepository(gitPath, "origin", "--all")(t)
 
-			for i := 0; i < 10; i++ {
-				branchName := fmt.Sprintf("branch-%d", i)
-				doGitPushTestRepository(gitPath, "origin", "--delete", branchName)(t)
-				deleted = append(deleted, branchName)
-			}
-			return pushed, deleted
+				for i := 0; i < 10; i++ {
+					branchName := fmt.Sprintf("branch-%d", i)
+					doGitPushTestRepository(gitPath, "origin", "--delete", branchName)(t)
+					deleted = append(deleted, branchName)
+				}
+				return pushed, deleted
+			})
 		})
-	})
 
-	t.Run("Push to deleted branch", func(t *testing.T) {
-		runTestGitPush(t, u, func(t *testing.T, gitPath string) (pushed, deleted []string) {
-			doGitPushTestRepository(gitPath, "origin", "master")(t) // make sure master is the default branch instead of a branch we are going to delete
-			pushed = append(pushed, "master")
+		t.Run("Push to deleted branch", func(t *testing.T) {
+			runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
+				doGitPushTestRepository(gitPath, "origin", "master")(t) // make sure master is the default branch instead of a branch we are going to delete
+				pushed = append(pushed, "master")
 
-			doGitCreateBranch(gitPath, "branch-1")(t)
-			doGitPushTestRepository(gitPath, "origin", "branch-1")(t)
-			pushed = append(pushed, "branch-1")
+				doGitCreateBranch(gitPath, "branch-1")(t)
+				doGitPushTestRepository(gitPath, "origin", "branch-1")(t)
+				pushed = append(pushed, "branch-1")
 
-			// delete and restore
-			doGitPushTestRepository(gitPath, "origin", "--delete", "branch-1")(t)
-			doGitPushTestRepository(gitPath, "origin", "branch-1")(t)
+				// delete and restore
+				doGitPushTestRepository(gitPath, "origin", "--delete", "branch-1")(t)
+				doGitPushTestRepository(gitPath, "origin", "branch-1")(t)
 
-			return pushed, deleted
+				return pushed, deleted
+			})
 		})
 	})
 }
 
-func runTestGitPush(t *testing.T, u *url.URL, gitOperation func(t *testing.T, gitPath string) (pushed, deleted []string)) {
+func runTestGitPush(t *testing.T, u *url.URL, objectFormat git.ObjectFormat, gitOperation func(t *testing.T, gitPath string) (pushed, deleted []string)) {
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 	repo, err := repo_service.CreateRepository(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
-		Name:          "repo-to-push",
-		Description:   "test git push",
-		AutoInit:      false,
-		DefaultBranch: "main",
-		IsPrivate:     false,
+		Name:             "repo-to-push",
+		Description:      "test git push",
+		AutoInit:         false,
+		DefaultBranch:    "main",
+		IsPrivate:        false,
+		ObjectFormatName: objectFormat.Name(),
 	})
 	require.NoError(t, err)
 	require.NotEmpty(t, repo)
 
 	gitPath := t.TempDir()
 
-	doGitInitTestRepository(gitPath)(t)
+	doGitInitTestRepository(gitPath, objectFormat)(t)
 
 	oldPath := u.Path
 	oldUser := u.User
@@ -158,83 +169,87 @@ func TestOptionsGitPush(t *testing.T) {
 
 func testOptionsGitPush(t *testing.T, u *url.URL) {
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-	repo, err := repo_service.CreateRepository(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
-		Name:          "repo-to-push",
-		Description:   "test git push",
-		AutoInit:      false,
-		DefaultBranch: "main",
-		IsPrivate:     false,
-	})
-	require.NoError(t, err)
-	require.NotEmpty(t, repo)
 
-	gitPath := t.TempDir()
-
-	doGitInitTestRepository(gitPath)(t)
-
-	u.Path = repo.FullName() + ".git"
-	u.User = url.UserPassword(user.LowerName, userPassword)
-	doGitAddRemote(gitPath, "origin", u)(t)
-
-	t.Run("Unknown push options are rejected", func(t *testing.T) {
-		logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
-		logChecker.Filter("unknown option").StopMark("Git push options validation")
-		defer cleanup()
-		branchName := "branch0"
-		doGitCreateBranch(gitPath, branchName)(t)
-		doGitPushTestRepositoryFail(gitPath, "origin", branchName, "-o", "repo.template=false", "-o", "uknownoption=randomvalue")(t)
-		logFiltered, logStopped := logChecker.Check(5 * time.Second)
-		assert.True(t, logStopped)
-		assert.True(t, logFiltered[0])
-	})
-
-	t.Run("Owner sets private & template to true via push options", func(t *testing.T) {
-		branchName := "branch1"
-		doGitCreateBranch(gitPath, branchName)(t)
-		doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
-		repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
+	forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
+		repo, err := repo_service.CreateRepository(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
+			Name:             "repo-to-push",
+			Description:      "test git push",
+			AutoInit:         false,
+			DefaultBranch:    "main",
+			IsPrivate:        false,
+			ObjectFormatName: objectFormat.Name(),
+		})
 		require.NoError(t, err)
-		require.True(t, repo.IsPrivate)
-		require.True(t, repo.IsTemplate)
+		require.NotEmpty(t, repo)
+
+		gitPath := t.TempDir()
+
+		doGitInitTestRepository(gitPath, objectFormat)(t)
+
+		u.Path = repo.FullName() + ".git"
+		u.User = url.UserPassword(user.LowerName, userPassword)
+		doGitAddRemote(gitPath, "origin", u)(t)
+
+		t.Run("Unknown push options are rejected", func(t *testing.T) {
+			logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
+			logChecker.Filter("unknown option").StopMark("Git push options validation")
+			defer cleanup()
+			branchName := "branch0"
+			doGitCreateBranch(gitPath, branchName)(t)
+			doGitPushTestRepositoryFail(gitPath, "origin", branchName, "-o", "repo.template=false", "-o", "uknownoption=randomvalue")(t)
+			logFiltered, logStopped := logChecker.Check(5 * time.Second)
+			assert.True(t, logStopped)
+			assert.True(t, logFiltered[0])
+		})
+
+		t.Run("Owner sets private & template to true via push options", func(t *testing.T) {
+			branchName := "branch1"
+			doGitCreateBranch(gitPath, branchName)(t)
+			doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
+			repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
+			require.NoError(t, err)
+			require.True(t, repo.IsPrivate)
+			require.True(t, repo.IsTemplate)
+		})
+
+		t.Run("Owner sets private & template to false via push options", func(t *testing.T) {
+			branchName := "branch2"
+			doGitCreateBranch(gitPath, branchName)(t)
+			doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=false", "-o", "repo.template=false")(t)
+			repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
+			require.NoError(t, err)
+			require.False(t, repo.IsPrivate)
+			require.False(t, repo.IsTemplate)
+		})
+
+		// create a collaborator with write access
+		collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+		u.User = url.UserPassword(collaborator.LowerName, userPassword)
+		doGitAddRemote(gitPath, "collaborator", u)(t)
+		repo_module.AddCollaborator(db.DefaultContext, repo, collaborator)
+
+		t.Run("Collaborator with write access is allowed to push", func(t *testing.T) {
+			branchName := "branch3"
+			doGitCreateBranch(gitPath, branchName)(t)
+			doGitPushTestRepository(gitPath, "collaborator", branchName)(t)
+		})
+
+		t.Run("Collaborator with write access fails to change private & template via push options", func(t *testing.T) {
+			logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
+			logChecker.Filter("permission denied for changing repo settings").StopMark("Git push options validation")
+			defer cleanup()
+			branchName := "branch4"
+			doGitCreateBranch(gitPath, branchName)(t)
+			doGitPushTestRepositoryFail(gitPath, "collaborator", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
+			repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
+			require.NoError(t, err)
+			require.False(t, repo.IsPrivate)
+			require.False(t, repo.IsTemplate)
+			logFiltered, logStopped := logChecker.Check(5 * time.Second)
+			assert.True(t, logStopped)
+			assert.True(t, logFiltered[0])
+		})
+
+		require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID))
 	})
-
-	t.Run("Owner sets private & template to false via push options", func(t *testing.T) {
-		branchName := "branch2"
-		doGitCreateBranch(gitPath, branchName)(t)
-		doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=false", "-o", "repo.template=false")(t)
-		repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
-		require.NoError(t, err)
-		require.False(t, repo.IsPrivate)
-		require.False(t, repo.IsTemplate)
-	})
-
-	// create a collaborator with write access
-	collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
-	u.User = url.UserPassword(collaborator.LowerName, userPassword)
-	doGitAddRemote(gitPath, "collaborator", u)(t)
-	repo_module.AddCollaborator(db.DefaultContext, repo, collaborator)
-
-	t.Run("Collaborator with write access is allowed to push", func(t *testing.T) {
-		branchName := "branch3"
-		doGitCreateBranch(gitPath, branchName)(t)
-		doGitPushTestRepository(gitPath, "collaborator", branchName)(t)
-	})
-
-	t.Run("Collaborator with write access fails to change private & template via push options", func(t *testing.T) {
-		logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
-		logChecker.Filter("permission denied for changing repo settings").StopMark("Git push options validation")
-		defer cleanup()
-		branchName := "branch4"
-		doGitCreateBranch(gitPath, branchName)(t)
-		doGitPushTestRepositoryFail(gitPath, "collaborator", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
-		repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
-		require.NoError(t, err)
-		require.False(t, repo.IsPrivate)
-		require.False(t, repo.IsTemplate)
-		logFiltered, logStopped := logChecker.Check(5 * time.Second)
-		assert.True(t, logStopped)
-		assert.True(t, logFiltered[0])
-	})
-
-	require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID))
 }
diff --git a/tests/integration/git_test.go b/tests/integration/git_test.go
index d19b34a528..7f15bc81b4 100644
--- a/tests/integration/git_test.go
+++ b/tests/integration/git_test.go
@@ -64,7 +64,7 @@ func testGit(t *testing.T, u *url.URL) {
 
 		dstPath := t.TempDir()
 
-		t.Run("CreateRepoInDifferentUser", doAPICreateRepository(forkedUserCtx, false))
+		t.Run("CreateRepoInDifferentUser", doAPICreateRepository(forkedUserCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 		t.Run("AddUserAsCollaborator", doAPIAddCollaborator(forkedUserCtx, httpContext.Username, perm.AccessModeRead))
 
 		t.Run("ForkFromDifferentUser", doAPIForkRepository(httpContext, forkedUserCtx.Username))
@@ -103,7 +103,7 @@ func testGit(t *testing.T, u *url.URL) {
 		sshContext.Reponame = "repo-tmp-18"
 		keyname := "my-testing-key"
 		forkedUserCtx.Reponame = sshContext.Reponame
-		t.Run("CreateRepoInDifferentUser", doAPICreateRepository(forkedUserCtx, false))
+		t.Run("CreateRepoInDifferentUser", doAPICreateRepository(forkedUserCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 		t.Run("AddUserAsCollaborator", doAPIAddCollaborator(forkedUserCtx, sshContext.Username, perm.AccessModeRead))
 		t.Run("ForkFromDifferentUser", doAPIForkRepository(sshContext, forkedUserCtx.Username))
 
@@ -598,7 +598,7 @@ func doPushCreate(ctx APITestContext, u *url.URL) func(t *testing.T) {
 		tmpDir := t.TempDir()
 
 		// Now create local repository to push as our test and set its origin
-		t.Run("InitTestRepository", doGitInitTestRepository(tmpDir))
+		t.Run("InitTestRepository", doGitInitTestRepository(tmpDir, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 		t.Run("AddRemote", doGitAddRemote(tmpDir, "origin", u))
 
 		// Disable "Push To Create" and attempt to push
diff --git a/tests/integration/gpg_git_test.go b/tests/integration/gpg_git_test.go
index 3ba4a5882c..b1f8fad268 100644
--- a/tests/integration/gpg_git_test.go
+++ b/tests/integration/gpg_git_test.go
@@ -13,6 +13,7 @@ import (
 	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
@@ -56,7 +57,7 @@ func TestGPGGit(t *testing.T) {
 		t.Run("Unsigned-Initial", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			testCtx := NewAPITestContext(t, username, "initial-unsigned", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateRepository", doAPICreateRepository(testCtx, false))
+			t.Run("CreateRepository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 			t.Run("CheckMasterBranchUnsigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
 				assert.NotNil(t, branch.Commit)
 				assert.NotNil(t, branch.Commit.Verification)
@@ -149,7 +150,7 @@ func TestGPGGit(t *testing.T) {
 		t.Run("AlwaysSign-Initial", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			testCtx := NewAPITestContext(t, username, "initial-always", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateRepository", doAPICreateRepository(testCtx, false))
+			t.Run("CreateRepository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 			t.Run("CheckMasterBranchSigned", doAPIGetBranch(testCtx, "master", func(t *testing.T, branch api.Branch) {
 				assert.NotNil(t, branch.Commit)
 				if branch.Commit == nil {
@@ -171,7 +172,7 @@ func TestGPGGit(t *testing.T) {
 		t.Run("AlwaysSign-Initial-CRUD-Never", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			testCtx := NewAPITestContext(t, username, "initial-always-never", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateRepository", doAPICreateRepository(testCtx, false))
+			t.Run("CreateRepository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 			t.Run("CreateCRUDFile-Never", crudActionCreateFile(
 				t, testCtx, user, "master", "never", "unsigned-never.txt", func(t *testing.T, response api.FileResponse) {
 					assert.False(t, response.Verification.Verified)
@@ -182,7 +183,7 @@ func TestGPGGit(t *testing.T) {
 		t.Run("AlwaysSign-Initial-CRUD-ParentSigned-On-Always", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			testCtx := NewAPITestContext(t, username, "initial-always-parent", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateRepository", doAPICreateRepository(testCtx, false))
+			t.Run("CreateRepository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 			t.Run("CreateCRUDFile-ParentSigned", crudActionCreateFile(
 				t, testCtx, user, "master", "parentsigned", "signed-parent.txt", func(t *testing.T, response api.FileResponse) {
 					assert.True(t, response.Verification.Verified)
@@ -198,7 +199,7 @@ func TestGPGGit(t *testing.T) {
 		t.Run("AlwaysSign-Initial-CRUD-Always", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			testCtx := NewAPITestContext(t, username, "initial-always-always", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-			t.Run("CreateRepository", doAPICreateRepository(testCtx, false))
+			t.Run("CreateRepository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 			t.Run("CreateCRUDFile-Always", crudActionCreateFile(
 				t, testCtx, user, "master", "always", "signed-always.txt", func(t *testing.T, response api.FileResponse) {
 					assert.True(t, response.Verification.Verified)
diff --git a/tests/integration/ssh_key_test.go b/tests/integration/ssh_key_test.go
index eb3a3e926a..cf261dc39b 100644
--- a/tests/integration/ssh_key_test.go
+++ b/tests/integration/ssh_key_test.go
@@ -47,35 +47,36 @@ func TestPushDeployKeyOnEmptyRepo(t *testing.T) {
 }
 
 func testPushDeployKeyOnEmptyRepo(t *testing.T, u *url.URL) {
-	// OK login
-	ctx := NewAPITestContext(t, "user2", "deploy-key-empty-repo-1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-	ctxWithDeleteRepo := NewAPITestContext(t, "user2", "deploy-key-empty-repo-1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+	forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
+		// OK login
+		ctx := NewAPITestContext(t, "user2", "deploy-key-empty-repo-"+objectFormat.Name(), auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
 
-	keyname := fmt.Sprintf("%s-push", ctx.Reponame)
-	u.Path = ctx.GitPath()
+		keyname := fmt.Sprintf("%s-push", ctx.Reponame)
+		u.Path = ctx.GitPath()
 
-	t.Run("CreateEmptyRepository", doAPICreateRepository(ctx, true))
+		t.Run("CreateEmptyRepository", doAPICreateRepository(ctx, true, objectFormat))
 
-	t.Run("CheckIsEmpty", doCheckRepositoryEmptyStatus(ctx, true))
+		t.Run("CheckIsEmpty", doCheckRepositoryEmptyStatus(ctx, true))
 
-	withKeyFile(t, keyname, func(keyFile string) {
-		t.Run("CreatePushDeployKey", doAPICreateDeployKey(ctx, keyname, keyFile, false))
+		withKeyFile(t, keyname, func(keyFile string) {
+			t.Run("CreatePushDeployKey", doAPICreateDeployKey(ctx, keyname, keyFile, false))
 
-		// Setup the testing repository
-		dstPath := t.TempDir()
+			// Setup the testing repository
+			dstPath := t.TempDir()
 
-		t.Run("InitTestRepository", doGitInitTestRepository(dstPath))
+			t.Run("InitTestRepository", doGitInitTestRepository(dstPath, objectFormat))
 
-		// Setup remote link
-		sshURL := createSSHUrl(ctx.GitPath(), u)
+			// Setup remote link
+			sshURL := createSSHUrl(ctx.GitPath(), u)
 
-		t.Run("AddRemote", doGitAddRemote(dstPath, "origin", sshURL))
+			t.Run("AddRemote", doGitAddRemote(dstPath, "origin", sshURL))
 
-		t.Run("SSHPushTestRepository", doGitPushTestRepository(dstPath, "origin", "master"))
+			t.Run("SSHPushTestRepository", doGitPushTestRepository(dstPath, "origin", "master"))
 
-		t.Run("CheckIsNotEmpty", doCheckRepositoryEmptyStatus(ctx, false))
+			t.Run("CheckIsNotEmpty", doCheckRepositoryEmptyStatus(ctx, false))
 
-		t.Run("DeleteRepository", doAPIDeleteRepository(ctxWithDeleteRepo))
+			t.Run("DeleteRepository", doAPIDeleteRepository(ctx))
+		})
 	})
 }
 
@@ -103,8 +104,8 @@ func testKeyOnlyOneType(t *testing.T, u *url.URL) {
 	failCtx := ctx
 	failCtx.ExpectedCode = http.StatusUnprocessableEntity
 
-	t.Run("CreateRepository", doAPICreateRepository(ctx, false))
-	t.Run("CreateOtherRepository", doAPICreateRepository(otherCtx, false))
+	t.Run("CreateRepository", doAPICreateRepository(ctx, false, git.Sha1ObjectFormat))           // FIXME: use forEachObjectFormat
+	t.Run("CreateOtherRepository", doAPICreateRepository(otherCtx, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 
 	withKeyFile(t, keyname, func(keyFile string) {
 		var userKeyPublicKeyID int64
@@ -178,7 +179,7 @@ func testKeyOnlyOneType(t *testing.T, u *url.URL) {
 
 			t.Run("DeleteOtherRepository", doAPIDeleteRepository(otherCtxWithDeleteRepo))
 
-			t.Run("RecreateRepository", doAPICreateRepository(ctxWithDeleteRepo, false))
+			t.Run("RecreateRepository", doAPICreateRepository(ctxWithDeleteRepo, false, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
 
 			t.Run("CreateUserKey", doAPICreateUserKey(ctx, keyname, keyFile, func(t *testing.T, publicKey api.PublicKey) {
 				userKeyPublicKeyID = publicKey.ID
diff --git a/web_src/css/install.css b/web_src/css/install.css
index ee2395e6c5..7ab729405e 100644
--- a/web_src/css/install.css
+++ b/web_src/css/install.css
@@ -13,8 +13,7 @@
 .page-content.install .ui.form .field > .help,
 .page-content.install .ui.form .field > .ui.checkbox:first-child,
 .page-content.install .ui.form .field > .right-content {
-  margin-left: 30%;
-  padding-left: 5px;
+  margin-left: calc(30% + 5px);
   width: auto;
 }
 
@@ -24,10 +23,11 @@
 }
 
 .page-content.install form.ui.form details.optional.field[open] {
-  border-bottom: 1px dashed var(--color-secondary);
   padding-bottom: 10px;
 }
-
+.page-content.install form.ui.form details.optional.field[open]:not(:last-child) {
+  border-bottom: 1px dashed var(--color-secondary);
+}
 .page-content.install form.ui.form details.optional.field[open] summary {
   margin-bottom: 10px;
 }