diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index a6ffc1f475..fb21ee2ec4 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3357,6 +3357,7 @@ deletion = Remove secret
 deletion.description = Removing a secret is permanent and cannot be undone. Continue?
 deletion.success = The secret has been removed.
 deletion.failed = Failed to remove secret.
+management = Secrets Management
 
 [actions]
 actions = Actions
diff --git a/routers/web/admin/admin.go b/routers/web/admin/admin.go
index 9847a6d923..35c387c28b 100644
--- a/routers/web/admin/admin.go
+++ b/routers/web/admin/admin.go
@@ -113,7 +113,6 @@ func updateSystemStatus() {
 // Dashboard show admin panel dashboard
 func Dashboard(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.dashboard")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminDashboard"] = true
 	ctx.Data["Stats"] = activities_model.GetStatistic()
 	ctx.Data["NeedUpdate"] = updatechecker.GetNeedUpdate()
@@ -129,7 +128,6 @@ func Dashboard(ctx *context.Context) {
 func DashboardPost(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.AdminDashboardForm)
 	ctx.Data["Title"] = ctx.Tr("admin.dashboard")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminDashboard"] = true
 	ctx.Data["Stats"] = activities_model.GetStatistic()
 	updateSystemStatus()
@@ -155,7 +153,6 @@ func DashboardPost(ctx *context.Context) {
 // Monitor show admin monitor page
 func Monitor(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.monitor")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminMonitor"] = true
 	ctx.Data["Processes"], ctx.Data["ProcessCount"] = process.GetManager().Processes(false, true)
 	ctx.Data["Entries"] = cron.ListTasks()
@@ -167,7 +164,6 @@ func Monitor(ctx *context.Context) {
 // GoroutineStacktrace show admin monitor goroutines page
 func GoroutineStacktrace(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.monitor")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminMonitor"] = true
 
 	processStacks, processCount, goroutineCount, err := process.GetManager().ProcessStacktraces(false, false)
@@ -202,7 +198,6 @@ func Queue(ctx *context.Context) {
 		return
 	}
 	ctx.Data["Title"] = ctx.Tr("admin.monitor.queue", mq.Name)
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminMonitor"] = true
 	ctx.Data["Queue"] = mq
 	ctx.HTML(http.StatusOK, tplQueue)
diff --git a/routers/web/admin/applications.go b/routers/web/admin/applications.go
index 745d17ff2a..7b27524340 100644
--- a/routers/web/admin/applications.go
+++ b/routers/web/admin/applications.go
@@ -31,7 +31,6 @@ func newOAuth2CommonHandlers() *user_setting.OAuth2CommonHandlers {
 // Applications render org applications page (for org, at the moment, there are only OAuth2 applications)
 func Applications(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings.applications")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 
 	apps, err := auth.GetOAuth2ApplicationsByUserID(ctx, 0)
@@ -47,7 +46,6 @@ func Applications(ctx *context.Context) {
 // ApplicationsPost response for adding an oauth2 application
 func ApplicationsPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings.applications")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 
 	oa := newOAuth2CommonHandlers()
@@ -56,7 +54,6 @@ func ApplicationsPost(ctx *context.Context) {
 
 // EditApplication displays the given application
 func EditApplication(ctx *context.Context) {
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 
 	oa := newOAuth2CommonHandlers()
@@ -66,7 +63,6 @@ func EditApplication(ctx *context.Context) {
 // EditApplicationPost response for editing oauth2 application
 func EditApplicationPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings.applications")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 
 	oa := newOAuth2CommonHandlers()
@@ -76,7 +72,6 @@ func EditApplicationPost(ctx *context.Context) {
 // ApplicationsRegenerateSecret handles the post request for regenerating the secret
 func ApplicationsRegenerateSecret(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminApplications"] = true
 
 	oa := newOAuth2CommonHandlers()
diff --git a/routers/web/admin/auths.go b/routers/web/admin/auths.go
index 6ebd23b7bb..b6ea3ff403 100644
--- a/routers/web/admin/auths.go
+++ b/routers/web/admin/auths.go
@@ -45,7 +45,6 @@ var (
 // Authentications show authentication config page
 func Authentications(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.authentication")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminAuthentications"] = true
 
 	var err error
@@ -89,7 +88,6 @@ var (
 // NewAuthSource render adding a new auth source page
 func NewAuthSource(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.auths.new")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminAuthentications"] = true
 
 	ctx.Data["type"] = auth.LDAP.Int()
@@ -237,7 +235,6 @@ func parseSSPIConfig(ctx *context.Context, form forms.AuthenticationForm) (*sspi
 func NewAuthSourcePost(ctx *context.Context) {
 	form := *web.GetForm(ctx).(*forms.AuthenticationForm)
 	ctx.Data["Title"] = ctx.Tr("admin.auths.new")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminAuthentications"] = true
 
 	ctx.Data["CurrentTypeName"] = auth.Type(form.Type).String()
@@ -333,7 +330,6 @@ func NewAuthSourcePost(ctx *context.Context) {
 // EditAuthSource render editing auth source page
 func EditAuthSource(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminAuthentications"] = true
 
 	ctx.Data["SecurityProtocols"] = securityProtocols
@@ -369,7 +365,6 @@ func EditAuthSource(ctx *context.Context) {
 func EditAuthSourcePost(ctx *context.Context) {
 	form := *web.GetForm(ctx).(*forms.AuthenticationForm)
 	ctx.Data["Title"] = ctx.Tr("admin.auths.edit")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminAuthentications"] = true
 
 	ctx.Data["SMTPAuths"] = smtp.Authenticators
diff --git a/routers/web/admin/config.go b/routers/web/admin/config.go
index 48815dcff8..7460ea24a7 100644
--- a/routers/web/admin/config.go
+++ b/routers/web/admin/config.go
@@ -100,7 +100,6 @@ func shadowPassword(provider, cfgItem string) string {
 // Config show admin config page
 func Config(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.config")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminConfig"] = true
 
 	systemSettings, err := system_model.GetAllSettings(ctx)
diff --git a/routers/web/admin/emails.go b/routers/web/admin/emails.go
index c16158c6ae..4618a78c3a 100644
--- a/routers/web/admin/emails.go
+++ b/routers/web/admin/emails.go
@@ -24,7 +24,6 @@ const (
 // Emails show all emails
 func Emails(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.emails")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminEmails"] = true
 
 	opts := &user_model.SearchEmailOptions{
diff --git a/routers/web/admin/notice.go b/routers/web/admin/notice.go
index f60cf90b3c..9e4588dd75 100644
--- a/routers/web/admin/notice.go
+++ b/routers/web/admin/notice.go
@@ -22,7 +22,6 @@ const (
 // Notices show notices for admin
 func Notices(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.notices")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminNotices"] = true
 
 	total := system_model.CountNotices()
diff --git a/routers/web/admin/orgs.go b/routers/web/admin/orgs.go
index a4eb0af58d..6a3617d67f 100644
--- a/routers/web/admin/orgs.go
+++ b/routers/web/admin/orgs.go
@@ -21,7 +21,6 @@ const (
 // Organizations show all the organizations
 func Organizations(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.organizations")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminOrganizations"] = true
 
 	explore.RenderUserSearch(ctx, &user_model.SearchUserOptions{
diff --git a/routers/web/admin/packages.go b/routers/web/admin/packages.go
index 88fb47ca01..4d5987e780 100644
--- a/routers/web/admin/packages.go
+++ b/routers/web/admin/packages.go
@@ -64,7 +64,6 @@ func Packages(ctx *context.Context) {
 	}
 
 	ctx.Data["Title"] = ctx.Tr("packages.title")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminPackages"] = true
 	ctx.Data["Query"] = query
 	ctx.Data["PackageType"] = packageType
diff --git a/routers/web/admin/repos.go b/routers/web/admin/repos.go
index 53b609af96..b22546f749 100644
--- a/routers/web/admin/repos.go
+++ b/routers/web/admin/repos.go
@@ -29,7 +29,6 @@ const (
 // Repos show all the repositories
 func Repos(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.repositories")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminRepositories"] = true
 
 	explore.RenderRepoSearch(ctx, &explore.RepoSearchOptions{
@@ -67,7 +66,6 @@ func DeleteRepo(ctx *context.Context) {
 // UnadoptedRepos lists the unadopted repositories
 func UnadoptedRepos(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.repositories")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminRepositories"] = true
 
 	opts := db.ListOptions{
diff --git a/routers/web/admin/runners.go b/routers/web/admin/runners.go
index a70b53fdcb..eaa268b4f1 100644
--- a/routers/web/admin/runners.go
+++ b/routers/web/admin/runners.go
@@ -4,75 +4,10 @@
 package admin
 
 import (
-	"net/url"
-
-	actions_model "code.gitea.io/gitea/models/actions"
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/setting"
-	actions_shared "code.gitea.io/gitea/routers/web/shared/actions"
 )
 
-const (
-	tplRunners    base.TplName = "admin/runners/base"
-	tplRunnerEdit base.TplName = "admin/runners/edit"
-)
-
-// Runners show all the runners
-func Runners(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("actions.runners")
-	ctx.Data["PageIsAdmin"] = true
-	ctx.Data["PageIsAdminRunners"] = true
-
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
-
-	opts := actions_model.FindRunnerOptions{
-		ListOptions: db.ListOptions{
-			Page:     page,
-			PageSize: 100,
-		},
-		Sort:   ctx.Req.URL.Query().Get("sort"),
-		Filter: ctx.Req.URL.Query().Get("q"),
-	}
-
-	actions_shared.RunnersList(ctx, tplRunners, opts)
-}
-
-// EditRunner show editing runner page
-func EditRunner(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("actions.runners.edit_runner")
-	ctx.Data["PageIsAdmin"] = true
-	ctx.Data["PageIsAdminRunners"] = true
-
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
-
-	actions_shared.RunnerDetails(ctx, tplRunnerEdit, page, ctx.ParamsInt64(":runnerid"), 0, 0)
-}
-
-// EditRunnerPost response for editing runner
-func EditRunnerPost(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("actions.runners.edit")
-	ctx.Data["PageIsAdmin"] = true
-	ctx.Data["PageIsAdminRunners"] = true
-	actions_shared.RunnerDetailsEditPost(ctx, ctx.ParamsInt64(":runnerid"), 0, 0,
-		setting.AppSubURL+"/admin/runners/"+url.PathEscape(ctx.Params(":runnerid")))
-}
-
-// DeleteRunnerPost response for deleting a runner
-func DeleteRunnerPost(ctx *context.Context) {
-	actions_shared.RunnerDeletePost(ctx, ctx.ParamsInt64(":runnerid"),
-		setting.AppSubURL+"/admin/runners/",
-		setting.AppSubURL+"/admin/runners/"+url.PathEscape(ctx.Params(":runnerid")),
-	)
-}
-
-func ResetRunnerRegistrationToken(ctx *context.Context) {
-	actions_shared.RunnerResetRegistrationToken(ctx, 0, 0, setting.AppSubURL+"/admin/runners/")
+func RedirectToDefaultSetting(ctx *context.Context) {
+	ctx.Redirect(setting.AppSubURL + "/admin/actions/runners")
 }
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 531f14d086..2150bc42f7 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -37,7 +37,6 @@ const (
 // Users show all the users
 func Users(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.users")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminUsers"] = true
 
 	extraParamStrings := map[string]string{}
@@ -80,7 +79,6 @@ func Users(ctx *context.Context) {
 // NewUser render adding a new user page
 func NewUser(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.users.new_account")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminUsers"] = true
 	ctx.Data["DefaultUserVisibilityMode"] = setting.Service.DefaultUserVisibilityMode
 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()
@@ -102,7 +100,6 @@ func NewUser(ctx *context.Context) {
 func NewUserPost(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.AdminCreateUserForm)
 	ctx.Data["Title"] = ctx.Tr("admin.users.new_account")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminUsers"] = true
 	ctx.Data["DefaultUserVisibilityMode"] = setting.Service.DefaultUserVisibilityMode
 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()
@@ -253,7 +250,6 @@ func prepareUserInfo(ctx *context.Context) *user_model.User {
 // EditUser show editing user page
 func EditUser(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.users.edit_account")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminUsers"] = true
 	ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation
 	ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
@@ -271,7 +267,6 @@ func EditUser(ctx *context.Context) {
 func EditUserPost(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.AdminEditUserForm)
 	ctx.Data["Title"] = ctx.Tr("admin.users.edit_account")
-	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminUsers"] = true
 	ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()
diff --git a/routers/web/org/org_runners.go b/routers/web/org/org_runners.go
deleted file mode 100644
index f87a506504..0000000000
--- a/routers/web/org/org_runners.go
+++ /dev/null
@@ -1,78 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package org
-
-import (
-	"net/url"
-
-	actions_model "code.gitea.io/gitea/models/actions"
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/context"
-	actions_shared "code.gitea.io/gitea/routers/web/shared/actions"
-)
-
-// Runners render runners page
-func Runners(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("org.runners")
-	ctx.Data["PageIsOrgSettings"] = true
-	ctx.Data["PageIsOrgSettingsRunners"] = true
-
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
-
-	opts := actions_model.FindRunnerOptions{
-		ListOptions: db.ListOptions{
-			Page:     page,
-			PageSize: 100,
-		},
-		Sort:          ctx.Req.URL.Query().Get("sort"),
-		Filter:        ctx.Req.URL.Query().Get("q"),
-		OwnerID:       ctx.Org.Organization.ID,
-		WithAvailable: true,
-	}
-
-	actions_shared.RunnersList(ctx, tplSettingsRunners, opts)
-}
-
-// ResetRunnerRegistrationToken reset runner registration token
-func ResetRunnerRegistrationToken(ctx *context.Context) {
-	actions_shared.RunnerResetRegistrationToken(ctx,
-		ctx.Org.Organization.ID, 0,
-		ctx.Org.OrgLink+"/settings/runners")
-}
-
-// RunnersEdit render runner edit page
-func RunnersEdit(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("org.runners.edit")
-	ctx.Data["PageIsOrgSettings"] = true
-	ctx.Data["PageIsOrgSettingsRunners"] = true
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
-
-	actions_shared.RunnerDetails(ctx, tplSettingsRunnersEdit, page,
-		ctx.ParamsInt64(":runnerid"), ctx.Org.Organization.ID, 0,
-	)
-}
-
-// RunnersEditPost response for editing runner
-func RunnersEditPost(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("org.runners.edit")
-	ctx.Data["PageIsOrgSettings"] = true
-	ctx.Data["PageIsOrgSettingsRunners"] = true
-	actions_shared.RunnerDetailsEditPost(ctx, ctx.ParamsInt64(":runnerid"),
-		ctx.Org.Organization.ID, 0,
-		ctx.Org.OrgLink+"/settings/runners/"+url.PathEscape(ctx.Params(":runnerid")))
-}
-
-// RunnerDeletePost response for deleting runner
-func RunnerDeletePost(ctx *context.Context) {
-	actions_shared.RunnerDeletePost(ctx,
-		ctx.ParamsInt64(":runnerid"),
-		ctx.Org.OrgLink+"/settings/runners",
-		ctx.Org.OrgLink+"/settings/runners/"+url.PathEscape(ctx.Params(":runnerid")))
-}
diff --git a/routers/web/org/setting.go b/routers/web/org/setting.go
index db8fc728df..4111b13531 100644
--- a/routers/web/org/setting.go
+++ b/routers/web/org/setting.go
@@ -37,10 +37,6 @@ const (
 	tplSettingsHooks base.TplName = "org/settings/hooks"
 	// tplSettingsLabels template path for render labels settings
 	tplSettingsLabels base.TplName = "org/settings/labels"
-	// tplSettingsRunners template path for render runners settings
-	tplSettingsRunners base.TplName = "org/settings/runners"
-	// tplSettingsRunnersEdit template path for render runners edit settings
-	tplSettingsRunnersEdit base.TplName = "org/settings/runners_edit"
 )
 
 // Settings render the main settings page
diff --git a/routers/web/org/setting/runners.go b/routers/web/org/setting/runners.go
new file mode 100644
index 0000000000..c3c771036a
--- /dev/null
+++ b/routers/web/org/setting/runners.go
@@ -0,0 +1,12 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"code.gitea.io/gitea/modules/context"
+)
+
+func RedirectToDefaultSetting(ctx *context.Context) {
+	ctx.Redirect(ctx.Org.OrgLink + "/settings/actions/runners")
+}
diff --git a/routers/web/org/setting_secrets.go b/routers/web/org/setting_secrets.go
deleted file mode 100644
index 580a14015b..0000000000
--- a/routers/web/org/setting_secrets.go
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package org
-
-import (
-	"net/http"
-
-	"code.gitea.io/gitea/modules/base"
-	"code.gitea.io/gitea/modules/context"
-	shared "code.gitea.io/gitea/routers/web/shared/secrets"
-)
-
-const (
-	tplSettingsSecrets base.TplName = "org/settings/secrets"
-)
-
-// Secrets render organization secrets page
-func Secrets(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("secrets.secrets")
-	ctx.Data["PageIsOrgSettings"] = true
-	ctx.Data["PageIsOrgSettingsSecrets"] = true
-
-	shared.SetSecretsContext(ctx, ctx.ContextUser.ID, 0)
-	if ctx.Written() {
-		return
-	}
-
-	ctx.HTML(http.StatusOK, tplSettingsSecrets)
-}
-
-// SecretsPost add secrets
-func SecretsPost(ctx *context.Context) {
-	shared.PerformSecretsPost(
-		ctx,
-		ctx.ContextUser.ID,
-		0,
-		ctx.Org.OrgLink+"/settings/secrets",
-	)
-}
-
-// SecretsDelete delete secrets
-func SecretsDelete(ctx *context.Context) {
-	shared.PerformSecretsDelete(
-		ctx,
-		ctx.ContextUser.ID,
-		0,
-		ctx.Org.OrgLink+"/settings/secrets",
-	)
-}
diff --git a/routers/web/repo/runners.go b/routers/web/repo/runners.go
deleted file mode 100644
index d3dbff17fd..0000000000
--- a/routers/web/repo/runners.go
+++ /dev/null
@@ -1,76 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package repo
-
-import (
-	"net/url"
-
-	actions_model "code.gitea.io/gitea/models/actions"
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/context"
-	actions_shared "code.gitea.io/gitea/routers/web/shared/actions"
-)
-
-const (
-	tplRunners    = "repo/settings/runners"
-	tplRunnerEdit = "repo/settings/runner_edit"
-)
-
-// Runners render runners page
-func Runners(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("actions.runners")
-	ctx.Data["PageIsSettingsRunners"] = true
-
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
-
-	opts := actions_model.FindRunnerOptions{
-		ListOptions: db.ListOptions{
-			Page:     page,
-			PageSize: 100,
-		},
-		Sort:          ctx.Req.URL.Query().Get("sort"),
-		Filter:        ctx.Req.URL.Query().Get("q"),
-		RepoID:        ctx.Repo.Repository.ID,
-		WithAvailable: true,
-	}
-
-	actions_shared.RunnersList(ctx, tplRunners, opts)
-}
-
-func RunnersEdit(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("actions.runners")
-	ctx.Data["PageIsSettingsRunners"] = true
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
-
-	actions_shared.RunnerDetails(ctx, tplRunnerEdit, page,
-		ctx.ParamsInt64(":runnerid"), 0, ctx.Repo.Repository.ID,
-	)
-}
-
-func RunnersEditPost(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("actions.runners")
-	ctx.Data["PageIsSettingsRunners"] = true
-	actions_shared.RunnerDetailsEditPost(ctx, ctx.ParamsInt64(":runnerid"),
-		0, ctx.Repo.Repository.ID,
-		ctx.Repo.RepoLink+"/settings/runners/"+url.PathEscape(ctx.Params(":runnerid")))
-}
-
-func ResetRunnerRegistrationToken(ctx *context.Context) {
-	actions_shared.RunnerResetRegistrationToken(ctx,
-		0, ctx.Repo.Repository.ID,
-		ctx.Repo.RepoLink+"/settings/runners")
-}
-
-// RunnerDeletePost response for deleting runner
-func RunnerDeletePost(ctx *context.Context) {
-	actions_shared.RunnerDeletePost(ctx, ctx.ParamsInt64(":runnerid"),
-		ctx.Repo.RepoLink+"/settings/runners",
-		ctx.Repo.RepoLink+"/settings/runners/"+url.PathEscape(ctx.Params(":runnerid")))
-}
diff --git a/routers/web/repo/setting/runners.go b/routers/web/repo/setting/runners.go
new file mode 100644
index 0000000000..e8ad635826
--- /dev/null
+++ b/routers/web/repo/setting/runners.go
@@ -0,0 +1,167 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"errors"
+	"net/http"
+	"net/url"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/setting"
+	actions_shared "code.gitea.io/gitea/routers/web/shared/actions"
+)
+
+const (
+	// TODO: Separate secrets from runners when layout is ready
+	tplRepoRunners     base.TplName = "repo/settings/actions"
+	tplOrgRunners      base.TplName = "org/settings/actions"
+	tplAdminRunners    base.TplName = "admin/actions"
+	tplRepoRunnerEdit  base.TplName = "repo/settings/runner_edit"
+	tplOrgRunnerEdit   base.TplName = "org/settings/runners_edit"
+	tplAdminRunnerEdit base.TplName = "admin/runners/edit"
+)
+
+type runnersCtx struct {
+	OwnerID            int64
+	RepoID             int64
+	IsRepo             bool
+	IsOrg              bool
+	IsAdmin            bool
+	RunnersTemplate    base.TplName
+	RunnerEditTemplate base.TplName
+	RedirectLink       string
+}
+
+func getRunnersCtx(ctx *context.Context) (*runnersCtx, error) {
+	if ctx.Data["PageIsRepoSettings"] == true {
+		return &runnersCtx{
+			RepoID:             ctx.Repo.Repository.ID,
+			OwnerID:            0,
+			IsRepo:             true,
+			RunnersTemplate:    tplRepoRunners,
+			RunnerEditTemplate: tplRepoRunnerEdit,
+			RedirectLink:       ctx.Repo.RepoLink + "/settings/actions/runners/",
+		}, nil
+	}
+
+	if ctx.Data["PageIsOrgSettings"] == true {
+		return &runnersCtx{
+			RepoID:             0,
+			OwnerID:            ctx.Org.Organization.ID,
+			IsOrg:              true,
+			RunnersTemplate:    tplOrgRunners,
+			RunnerEditTemplate: tplOrgRunnerEdit,
+			RedirectLink:       ctx.Org.OrgLink + "/settings/actions/runners/",
+		}, nil
+	}
+
+	if ctx.Data["PageIsAdmin"] == true {
+		return &runnersCtx{
+			RepoID:             0,
+			OwnerID:            0,
+			IsAdmin:            true,
+			RunnersTemplate:    tplAdminRunners,
+			RunnerEditTemplate: tplAdminRunnerEdit,
+			RedirectLink:       setting.AppSubURL + "/admin/actions/runners/",
+		}, nil
+	}
+
+	return nil, errors.New("unable to set Runners context")
+}
+
+// Runners render settings/actions/runners page for repo level
+func Runners(ctx *context.Context) {
+	ctx.Data["PageIsSharedSettingsRunners"] = true
+	ctx.Data["Title"] = ctx.Tr("actions.actions")
+	ctx.Data["PageType"] = "runners"
+
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	page := ctx.FormInt("page")
+	if page <= 1 {
+		page = 1
+	}
+
+	opts := actions_model.FindRunnerOptions{
+		ListOptions: db.ListOptions{
+			Page:     page,
+			PageSize: 100,
+		},
+		Sort:   ctx.Req.URL.Query().Get("sort"),
+		Filter: ctx.Req.URL.Query().Get("q"),
+	}
+	if rCtx.IsRepo {
+		opts.RepoID = rCtx.RepoID
+		opts.WithAvailable = true
+	} else if rCtx.IsOrg {
+		opts.OwnerID = rCtx.OwnerID
+		opts.WithAvailable = true
+	}
+	actions_shared.RunnersList(ctx, opts)
+
+	ctx.HTML(http.StatusOK, rCtx.RunnersTemplate)
+}
+
+// RunnersEdit renders runner edit page for repository level
+func RunnersEdit(ctx *context.Context) {
+	ctx.Data["PageIsSharedSettingsRunners"] = true
+	ctx.Data["Title"] = ctx.Tr("actions.runners.edit_runner")
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	page := ctx.FormInt("page")
+	if page <= 1 {
+		page = 1
+	}
+
+	actions_shared.RunnerDetails(ctx, page,
+		ctx.ParamsInt64(":runnerid"), rCtx.OwnerID, rCtx.RepoID,
+	)
+	ctx.HTML(http.StatusOK, rCtx.RunnerEditTemplate)
+}
+
+func RunnersEditPost(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+	actions_shared.RunnerDetailsEditPost(ctx, ctx.ParamsInt64(":runnerid"),
+		rCtx.OwnerID, rCtx.RepoID,
+		rCtx.RedirectLink+url.PathEscape(ctx.Params(":runnerid")))
+}
+
+func ResetRunnerRegistrationToken(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+	actions_shared.RunnerResetRegistrationToken(ctx, rCtx.OwnerID, rCtx.RepoID, rCtx.RedirectLink)
+}
+
+// RunnerDeletePost response for deleting runner
+func RunnerDeletePost(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+	actions_shared.RunnerDeletePost(ctx, ctx.ParamsInt64(":runnerid"), rCtx.RedirectLink, rCtx.RedirectLink+url.PathEscape(ctx.Params(":runnerid")))
+}
+
+func RedirectToDefaultSetting(ctx *context.Context) {
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/actions/runners")
+}
diff --git a/routers/web/repo/setting/secrets.go b/routers/web/repo/setting/secrets.go
new file mode 100644
index 0000000000..444f16f86c
--- /dev/null
+++ b/routers/web/repo/setting/secrets.go
@@ -0,0 +1,115 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"errors"
+	"net/http"
+
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/setting"
+	shared "code.gitea.io/gitea/routers/web/shared/secrets"
+)
+
+const (
+	// TODO: Separate secrets from runners when layout is ready
+	tplRepoSecrets base.TplName = "repo/settings/actions"
+	tplOrgSecrets  base.TplName = "org/settings/actions"
+	tplUserSecrets base.TplName = "user/settings/actions"
+)
+
+type secretsCtx struct {
+	OwnerID         int64
+	RepoID          int64
+	IsRepo          bool
+	IsOrg           bool
+	IsUser          bool
+	SecretsTemplate base.TplName
+	RedirectLink    string
+}
+
+func getSecretsCtx(ctx *context.Context) (*secretsCtx, error) {
+	if ctx.Data["PageIsRepoSettings"] == true {
+		return &secretsCtx{
+			OwnerID:         0,
+			RepoID:          ctx.Repo.Repository.ID,
+			IsRepo:          true,
+			SecretsTemplate: tplRepoSecrets,
+			RedirectLink:    ctx.Repo.RepoLink + "/settings/actions/secrets",
+		}, nil
+	}
+
+	if ctx.Data["PageIsOrgSettings"] == true {
+		return &secretsCtx{
+			OwnerID:         ctx.ContextUser.ID,
+			RepoID:          0,
+			IsOrg:           true,
+			SecretsTemplate: tplOrgSecrets,
+			RedirectLink:    ctx.Org.OrgLink + "/settings/actions/secrets",
+		}, nil
+	}
+
+	if ctx.Data["PageIsUserSettings"] == true {
+		return &secretsCtx{
+			OwnerID:         ctx.Doer.ID,
+			RepoID:          0,
+			IsUser:          true,
+			SecretsTemplate: tplUserSecrets,
+			RedirectLink:    setting.AppSubURL + "/user/settings/actions/secrets",
+		}, nil
+	}
+
+	return nil, errors.New("unable to set Secrets context")
+}
+
+func Secrets(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("actions.actions")
+	ctx.Data["PageType"] = "secrets"
+	ctx.Data["PageIsSharedSettingsSecrets"] = true
+
+	sCtx, err := getSecretsCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getSecretsCtx", err)
+		return
+	}
+
+	if sCtx.IsRepo {
+		ctx.Data["DisableSSH"] = setting.SSH.Disabled
+	}
+
+	shared.SetSecretsContext(ctx, sCtx.OwnerID, sCtx.RepoID)
+	if ctx.Written() {
+		return
+	}
+	ctx.HTML(http.StatusOK, sCtx.SecretsTemplate)
+}
+
+func SecretsPost(ctx *context.Context) {
+	sCtx, err := getSecretsCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getSecretsCtx", err)
+		return
+	}
+	shared.PerformSecretsPost(
+		ctx,
+		sCtx.OwnerID,
+		sCtx.RepoID,
+		sCtx.RedirectLink,
+	)
+}
+
+func SecretsDelete(ctx *context.Context) {
+	sCtx, err := getSecretsCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getSecretsCtx", err)
+		return
+	}
+	shared.PerformSecretsDelete(
+		ctx,
+		sCtx.OwnerID,
+		sCtx.RepoID,
+		sCtx.RedirectLink,
+	)
+}
diff --git a/routers/web/repo/setting_secrets.go b/routers/web/repo/setting_secrets.go
deleted file mode 100644
index 57a4c470dd..0000000000
--- a/routers/web/repo/setting_secrets.go
+++ /dev/null
@@ -1,48 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package repo
-
-import (
-	"net/http"
-
-	"code.gitea.io/gitea/modules/base"
-	"code.gitea.io/gitea/modules/context"
-	"code.gitea.io/gitea/modules/setting"
-	shared "code.gitea.io/gitea/routers/web/shared/secrets"
-)
-
-const (
-	tplSecrets base.TplName = "repo/settings/secrets"
-)
-
-func Secrets(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("secrets.secrets")
-	ctx.Data["PageIsSettingsSecrets"] = true
-	ctx.Data["DisableSSH"] = setting.SSH.Disabled
-
-	shared.SetSecretsContext(ctx, 0, ctx.Repo.Repository.ID)
-	if ctx.Written() {
-		return
-	}
-
-	ctx.HTML(http.StatusOK, tplSecrets)
-}
-
-func SecretsPost(ctx *context.Context) {
-	shared.PerformSecretsPost(
-		ctx,
-		0,
-		ctx.Repo.Repository.ID,
-		ctx.Repo.RepoLink+"/settings/secrets",
-	)
-}
-
-func DeleteSecret(ctx *context.Context) {
-	shared.PerformSecretsDelete(
-		ctx,
-		0,
-		ctx.Repo.Repository.ID,
-		ctx.Repo.RepoLink+"/settings/secrets",
-	)
-}
diff --git a/routers/web/repo/webhook.go b/routers/web/repo/webhook.go
index f30588967e..a21b405c96 100644
--- a/routers/web/repo/webhook.go
+++ b/routers/web/repo/webhook.go
@@ -67,7 +67,7 @@ type ownerRepoCtx struct {
 
 // getOwnerRepoCtx determines whether this is a repo, owner, or admin (both default and system) context.
 func getOwnerRepoCtx(ctx *context.Context) (*ownerRepoCtx, error) {
-	if is, ok := ctx.Data["IsRepositoryWebhook"]; ok && is.(bool) {
+	if ctx.Data["PageIsRepoSettings"] == true {
 		return &ownerRepoCtx{
 			RepoID:      ctx.Repo.Repository.ID,
 			Link:        path.Join(ctx.Repo.RepoLink, "settings/hooks"),
@@ -76,7 +76,7 @@ func getOwnerRepoCtx(ctx *context.Context) (*ownerRepoCtx, error) {
 		}, nil
 	}
 
-	if is, ok := ctx.Data["IsOrganizationWebhook"]; ok && is.(bool) {
+	if ctx.Data["PageIsOrgSettings"] == true {
 		return &ownerRepoCtx{
 			OwnerID:     ctx.ContextUser.ID,
 			Link:        path.Join(ctx.Org.OrgLink, "settings/hooks"),
@@ -85,7 +85,7 @@ func getOwnerRepoCtx(ctx *context.Context) (*ownerRepoCtx, error) {
 		}, nil
 	}
 
-	if is, ok := ctx.Data["IsUserWebhook"]; ok && is.(bool) {
+	if ctx.Data["PageIsUserSettings"] == true {
 		return &ownerRepoCtx{
 			OwnerID:     ctx.Doer.ID,
 			Link:        path.Join(setting.AppSubURL, "/user/settings/hooks"),
@@ -94,7 +94,7 @@ func getOwnerRepoCtx(ctx *context.Context) (*ownerRepoCtx, error) {
 		}, nil
 	}
 
-	if ctx.Doer.IsAdmin {
+	if ctx.Data["PageIsAdmin"] == true {
 		return &ownerRepoCtx{
 			IsAdmin:         true,
 			IsSystemWebhook: ctx.Params(":configType") == "system-hooks",
diff --git a/routers/web/shared/actions/runners.go b/routers/web/shared/actions/runners.go
index 2c3614cbbc..9a50da2b49 100644
--- a/routers/web/shared/actions/runners.go
+++ b/routers/web/shared/actions/runners.go
@@ -10,7 +10,6 @@ import (
 
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/util"
@@ -18,8 +17,8 @@ import (
 	"code.gitea.io/gitea/services/forms"
 )
 
-// RunnersList render common runners list page
-func RunnersList(ctx *context.Context, tplName base.TplName, opts actions_model.FindRunnerOptions) {
+// RunnersList prepares data for runners list
+func RunnersList(ctx *context.Context, opts actions_model.FindRunnerOptions) {
 	count, err := actions_model.CountRunners(ctx, opts)
 	if err != nil {
 		ctx.ServerError("CountRunners", err)
@@ -58,13 +57,12 @@ func RunnersList(ctx *context.Context, tplName base.TplName, opts actions_model.
 	ctx.Data["RunnerRepoID"] = opts.RepoID
 
 	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
-	ctx.Data["Page"] = pager
 
-	ctx.HTML(http.StatusOK, tplName)
+	ctx.Data["Page"] = pager
 }
 
-// RunnerDetails render runner details page
-func RunnerDetails(ctx *context.Context, tplName base.TplName, page int, runnerID, ownerID, repoID int64) {
+// RunnerDetails prepares data for runners edit page
+func RunnerDetails(ctx *context.Context, page int, runnerID, ownerID, repoID int64) {
 	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
 	if err != nil {
 		ctx.ServerError("GetRunnerByID", err)
@@ -111,8 +109,6 @@ func RunnerDetails(ctx *context.Context, tplName base.TplName, page int, runnerI
 	ctx.Data["Tasks"] = tasks
 	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
 	ctx.Data["Page"] = pager
-
-	ctx.HTML(http.StatusOK, tplName)
 }
 
 // RunnerDetailsEditPost response for edit runner details
diff --git a/routers/web/user/setting/secrets.go b/routers/web/user/setting/secrets.go
index 2314f3694f..eb09477bdb 100644
--- a/routers/web/user/setting/secrets.go
+++ b/routers/web/user/setting/secrets.go
@@ -4,44 +4,10 @@
 package setting
 
 import (
-	"net/http"
-
-	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/setting"
-	shared "code.gitea.io/gitea/routers/web/shared/secrets"
 )
 
-const (
-	tplSettingsSecrets base.TplName = "user/settings/secrets"
-)
-
-func Secrets(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("secrets.secrets")
-	ctx.Data["PageIsSettingsSecrets"] = true
-
-	shared.SetSecretsContext(ctx, ctx.Doer.ID, 0)
-	if ctx.Written() {
-		return
-	}
-
-	ctx.HTML(http.StatusOK, tplSettingsSecrets)
-}
-
-func SecretsPost(ctx *context.Context) {
-	shared.PerformSecretsPost(
-		ctx,
-		ctx.Doer.ID,
-		0,
-		setting.AppSubURL+"/user/settings/secrets",
-	)
-}
-
-func SecretsDelete(ctx *context.Context) {
-	shared.PerformSecretsDelete(
-		ctx,
-		ctx.Doer.ID,
-		0,
-		setting.AppSubURL+"/user/settings/secrets",
-	)
+func RedirectToDefaultSetting(ctx *context.Context) {
+	ctx.Redirect(setting.AppSubURL + "/user/settings/actions/secrets")
 }
diff --git a/routers/web/web.go b/routers/web/web.go
index 746b098bda..a4ef96ecbe 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -30,8 +30,10 @@ import (
 	"code.gitea.io/gitea/routers/web/healthcheck"
 	"code.gitea.io/gitea/routers/web/misc"
 	"code.gitea.io/gitea/routers/web/org"
+	org_setting "code.gitea.io/gitea/routers/web/org/setting"
 	"code.gitea.io/gitea/routers/web/repo"
 	"code.gitea.io/gitea/routers/web/repo/actions"
+	repo_setting "code.gitea.io/gitea/routers/web/repo/setting"
 	"code.gitea.io/gitea/routers/web/user"
 	user_setting "code.gitea.io/gitea/routers/web/user/setting"
 	"code.gitea.io/gitea/routers/web/user/setting/security"
@@ -93,6 +95,14 @@ func buildAuthGroup() *auth_service.Group {
 	return group
 }
 
+func ctxDataSet(args ...any) func(ctx *context.Context) {
+	return func(ctx *context.Context) {
+		for i := 0; i < len(args); i += 2 {
+			ctx.Data[args[i].(string)] = args[i+1]
+		}
+	}
+}
+
 // Routes returns all web routes
 func Routes(ctx gocontext.Context) *web.Route {
 	routes := web.NewRoute()
@@ -282,6 +292,24 @@ func registerRoutes(m *web.Route) {
 		m.Post("/packagist/{id}", web.Bind(forms.NewPackagistHookForm{}), repo.PackagistHooksEditPost)
 	}
 
+	addSettingsSecretsRoutes := func() {
+		m.Group("/secrets", func() {
+			m.Get("", repo_setting.Secrets)
+			m.Post("", web.Bind(forms.AddSecretForm{}), repo_setting.SecretsPost)
+			m.Post("/delete", repo_setting.SecretsDelete)
+		})
+	}
+
+	addSettingsRunnersRoutes := func() {
+		m.Group("/runners", func() {
+			m.Get("", repo_setting.Runners)
+			m.Combo("/{runnerid}").Get(repo_setting.RunnersEdit).
+				Post(web.Bind(forms.EditRunnerForm{}), repo_setting.RunnersEditPost)
+			m.Post("/{runnerid}/delete", repo_setting.RunnerDeletePost)
+			m.Get("/reset_registration_token", repo_setting.ResetRunnerRegistrationToken)
+		})
+	}
+
 	// FIXME: not all routes need go through same middleware.
 	// Especially some AJAX requests, we can reduce middleware number to improve performance.
 	// Routers.
@@ -441,11 +469,12 @@ func registerRoutes(m *web.Route) {
 			})
 			m.Post("/chef/regenerate_keypair", user_setting.RegenerateChefKeyPair)
 		}, packagesEnabled)
-		m.Group("/secrets", func() {
-			m.Get("", user_setting.Secrets)
-			m.Post("", web.Bind(forms.AddSecretForm{}), user_setting.SecretsPost)
-			m.Post("/delete", user_setting.SecretsDelete)
-		})
+
+		m.Group("/actions", func() {
+			m.Get("", user_setting.RedirectToDefaultSetting)
+			addSettingsSecretsRoutes()
+		}, actions.MustEnableActions)
+
 		m.Get("/organization", user_setting.Organization)
 		m.Get("/repos", user_setting.Repos)
 		m.Post("/repos/unadopted", user_setting.AdoptOrDeleteRepository)
@@ -459,14 +488,8 @@ func registerRoutes(m *web.Route) {
 				m.Post("/replay/{uuid}", repo.ReplayWebhook)
 			})
 			addWebhookEditRoutes()
-		}, webhooksEnabled, func(ctx *context.Context) {
-			ctx.Data["IsUserWebhook"] = true
-		})
-	}, reqSignIn, func(ctx *context.Context) {
-		ctx.Data["PageIsUserSettings"] = true
-		ctx.Data["AllThemes"] = setting.UI.Themes
-		ctx.Data["EnablePackages"] = setting.Packages.Enabled
-	})
+		}, webhooksEnabled)
+	}, reqSignIn, ctxDataSet("PageIsUserSettings", true, "AllThemes", setting.UI.Themes, "EnablePackages", setting.Packages.Enabled))
 
 	m.Group("/user", func() {
 		// r.Get("/feeds", binding.Bind(auth.FeedsForm{}), user.Feeds)
@@ -591,16 +614,11 @@ func registerRoutes(m *web.Route) {
 			}
 		})
 
-		m.Group("/runners", func() {
-			m.Get("", admin.Runners)
-			m.Get("/reset_registration_token", admin.ResetRunnerRegistrationToken)
-			m.Combo("/{runnerid}").Get(admin.EditRunner).Post(web.Bind(forms.EditRunnerForm{}), admin.EditRunnerPost)
-			m.Post("/{runnerid}/delete", admin.DeleteRunnerPost)
-		}, actions.MustEnableActions)
-	}, func(ctx *context.Context) {
-		ctx.Data["EnableOAuth2"] = setting.OAuth2.Enable
-		ctx.Data["EnablePackages"] = setting.Packages.Enabled
-	}, adminReq)
+		m.Group("/actions", func() {
+			m.Get("", admin.RedirectToDefaultSetting)
+			addSettingsRunnersRoutes()
+		})
+	}, adminReq, ctxDataSet("EnableOAuth2", setting.OAuth2.Enable, "EnablePackages", setting.Packages.Enabled))
 	// ***** END: Admin *****
 
 	m.Group("", func() {
@@ -724,9 +742,7 @@ func registerRoutes(m *web.Route) {
 						m.Post("/replay/{uuid}", repo.ReplayWebhook)
 					})
 					addWebhookEditRoutes()
-				}, webhooksEnabled, func(ctx *context.Context) {
-					ctx.Data["IsOrganizationWebhook"] = true
-				})
+				}, webhooksEnabled)
 
 				m.Group("/labels", func() {
 					m.Get("", org.RetrieveLabels, org.Labels)
@@ -736,20 +752,12 @@ func registerRoutes(m *web.Route) {
 					m.Post("/initialize", web.Bind(forms.InitializeLabelsForm{}), org.InitializeLabels)
 				})
 
-				m.Group("/runners", func() {
-					m.Get("", org.Runners)
-					m.Combo("/{runnerid}").Get(org.RunnersEdit).
-						Post(web.Bind(forms.EditRunnerForm{}), org.RunnersEditPost)
-					m.Post("/{runnerid}/delete", org.RunnerDeletePost)
-					m.Get("/reset_registration_token", org.ResetRunnerRegistrationToken)
+				m.Group("/actions", func() {
+					m.Get("", org_setting.RedirectToDefaultSetting)
+					addSettingsRunnersRoutes()
+					addSettingsSecretsRoutes()
 				}, actions.MustEnableActions)
 
-				m.Group("/secrets", func() {
-					m.Get("", org.Secrets)
-					m.Post("", web.Bind(forms.AddSecretForm{}), org.SecretsPost)
-					m.Post("/delete", org.SecretsDelete)
-				})
-
 				m.RouteMethods("/delete", "GET,POST", org.SettingsDelete)
 
 				m.Group("/packages", func() {
@@ -770,10 +778,7 @@ func registerRoutes(m *web.Route) {
 						m.Post("/rebuild", org.RebuildCargoIndex)
 					})
 				}, packagesEnabled)
-			}, func(ctx *context.Context) {
-				ctx.Data["EnableOAuth2"] = setting.OAuth2.Enable
-				ctx.Data["EnablePackages"] = setting.Packages.Enabled
-			})
+			}, ctxDataSet("EnableOAuth2", setting.OAuth2.Enable, "EnablePackages", setting.Packages.Enabled, "PageIsOrgSettings", true))
 		}, context.OrgAssignment(true, true))
 	}, reqSignIn)
 	// ***** END: Organization *****
@@ -907,9 +912,7 @@ func registerRoutes(m *web.Route) {
 					m.Post("/replay/{uuid}", repo.ReplayWebhook)
 				})
 				addWebhookEditRoutes()
-			}, webhooksEnabled, func(ctx *context.Context) {
-				ctx.Data["IsRepositoryWebhook"] = true
-			})
+			}, webhooksEnabled)
 
 			m.Group("/keys", func() {
 				m.Combo("").Get(repo.DeployKeys).
@@ -917,12 +920,6 @@ func registerRoutes(m *web.Route) {
 				m.Post("/delete", repo.DeleteDeployKey)
 			})
 
-			m.Group("/secrets", func() {
-				m.Get("", repo.Secrets)
-				m.Post("", web.Bind(forms.AddSecretForm{}), repo.SecretsPost)
-				m.Post("/delete", repo.DeleteSecret)
-			})
-
 			m.Group("/lfs", func() {
 				m.Get("/", repo.LFSFiles)
 				m.Get("/show/{oid}", repo.LFSFileGet)
@@ -936,18 +933,12 @@ func registerRoutes(m *web.Route) {
 					m.Post("/{lid}/unlock", repo.LFSUnlock)
 				})
 			})
-
-			m.Group("/runners", func() {
-				m.Get("", repo.Runners)
-				m.Combo("/{runnerid}").Get(repo.RunnersEdit).
-					Post(web.Bind(forms.EditRunnerForm{}), repo.RunnersEditPost)
-				m.Post("/{runnerid}/delete", repo.RunnerDeletePost)
-				m.Get("/reset_registration_token", repo.ResetRunnerRegistrationToken)
+			m.Group("/actions", func() {
+				m.Get("", repo_setting.RedirectToDefaultSetting)
+				addSettingsRunnersRoutes()
+				addSettingsSecretsRoutes()
 			}, actions.MustEnableActions)
-		}, func(ctx *context.Context) {
-			ctx.Data["PageIsSettings"] = true
-			ctx.Data["LFSStartServer"] = setting.LFS.StartServer
-		})
+		}, ctxDataSet("PageIsRepoSettings", true, "LFSStartServer", setting.LFS.StartServer))
 	}, reqSignIn, context.RepoAssignment, context.UnitTypes(), reqRepoAdmin, context.RepoRef())
 
 	m.Post("/{username}/{reponame}/action/{action}", reqSignIn, context.RepoAssignment, context.UnitTypes(), repo.Action)
@@ -1098,9 +1089,8 @@ func registerRoutes(m *web.Route) {
 			m.Get("", repo.TagsList)
 			m.Get(".rss", feedEnabled, repo.TagsListFeedRSS)
 			m.Get(".atom", feedEnabled, repo.TagsListFeedAtom)
-		}, func(ctx *context.Context) {
-			ctx.Data["EnableFeed"] = setting.Other.EnableFeed
-		}, repo.MustBeNotEmpty, reqRepoCodeReader, context.RepoRefByType(context.RepoRefTag, true))
+		}, ctxDataSet("EnableFeed", setting.Other.EnableFeed),
+			repo.MustBeNotEmpty, reqRepoCodeReader, context.RepoRefByType(context.RepoRefTag, true))
 		m.Post("/tags/delete", repo.DeleteTag, reqSignIn,
 			repo.MustBeNotEmpty, context.RepoMustNotBeArchived(), reqRepoCodeWriter, context.RepoRef())
 	}, reqSignIn, context.RepoAssignment, context.UnitTypes())
@@ -1113,9 +1103,8 @@ func registerRoutes(m *web.Route) {
 			m.Get("/latest", repo.LatestRelease)
 			m.Get(".rss", feedEnabled, repo.ReleasesFeedRSS)
 			m.Get(".atom", feedEnabled, repo.ReleasesFeedAtom)
-		}, func(ctx *context.Context) {
-			ctx.Data["EnableFeed"] = setting.Other.EnableFeed
-		}, repo.MustBeNotEmpty, reqRepoReleaseReader, context.RepoRefByType(context.RepoRefTag, true))
+		}, ctxDataSet("EnableFeed", setting.Other.EnableFeed),
+			repo.MustBeNotEmpty, reqRepoReleaseReader, context.RepoRefByType(context.RepoRefTag, true))
 		m.Get("/releases/attachments/{uuid}", repo.GetAttachment, repo.MustBeNotEmpty, reqRepoReleaseReader)
 		m.Group("/releases", func() {
 			m.Get("/new", repo.NewRelease)
diff --git a/services/auth/middleware.go b/services/auth/middleware.go
index b96810f17f..abeafed9cb 100644
--- a/services/auth/middleware.go
+++ b/services/auth/middleware.go
@@ -236,7 +236,6 @@ func VerifyAuthWithOptionsAPI(options *VerifyOptions) func(ctx *context.APIConte
 				})
 				return
 			}
-			ctx.Data["PageIsAdmin"] = true
 		}
 	}
 }
diff --git a/templates/admin/runners/base.tmpl b/templates/admin/actions.tmpl
similarity index 77%
rename from templates/admin/runners/base.tmpl
rename to templates/admin/actions.tmpl
index 36495b6a0b..9640e0fd1f 100644
--- a/templates/admin/runners/base.tmpl
+++ b/templates/admin/actions.tmpl
@@ -1,5 +1,7 @@
-{{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin runners")}}
+{{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin actions")}}
 	<div class="admin-setting-content">
+	{{if eq .PageType "runners"}}
 		{{template "shared/actions/runner_list" .}}
+	{{end}}
 	</div>
 {{template "admin/layout_footer" .}}
diff --git a/templates/admin/navbar.tmpl b/templates/admin/navbar.tmpl
index e8eb54e58d..51a93bacd7 100644
--- a/templates/admin/navbar.tmpl
+++ b/templates/admin/navbar.tmpl
@@ -35,9 +35,14 @@
 			</a>
 		{{end}}
 		{{if .EnableActions}}
-		<a class="{{if .PageIsAdminRunners}}active {{end}}item" href="{{AppSubUrl}}/admin/runners">
-			{{.locale.Tr "actions.runners"}}
-		</a>
+		<div class="item">
+			{{.locale.Tr "actions.actions"}}
+			<div class="menu">
+				<a class="{{if .PageIsSharedSettingsRunners}}active {{end}}item" href="{{AppSubUrl}}/admin/actions/runners">
+					{{.locale.Tr "actions.runners"}}
+				</a>
+			</div>
+		</div>
 		{{end}}
 		<a class="{{if .PageIsAdminConfig}}active {{end}}item" href="{{AppSubUrl}}/admin/config">
 			{{.locale.Tr "admin.config"}}
diff --git a/templates/org/settings/runners.tmpl b/templates/org/settings/actions.tmpl
similarity index 55%
rename from templates/org/settings/runners.tmpl
rename to templates/org/settings/actions.tmpl
index 86cb1bcd78..b3b24e0517 100644
--- a/templates/org/settings/runners.tmpl
+++ b/templates/org/settings/actions.tmpl
@@ -1,5 +1,9 @@
-{{template "org/settings/layout_head" (dict "ctxData" . "pageClass" "organization settings runners")}}
+{{template "org/settings/layout_head" (dict "ctxData" . "pageClass" "organization settings actions")}}
 	<div class="org-setting-content">
+	{{if eq .PageType "runners"}}
 		{{template "shared/actions/runner_list" .}}
+	{{else if eq .PageType "secrets"}}
+		{{template "shared/secrets/add_list" .}}
+	{{end}}
 	</div>
 {{template "org/settings/layout_footer" .}}
diff --git a/templates/org/settings/navbar.tmpl b/templates/org/settings/navbar.tmpl
index 7380deff77..fcce43f914 100644
--- a/templates/org/settings/navbar.tmpl
+++ b/templates/org/settings/navbar.tmpl
@@ -12,9 +12,6 @@
 		<a class="{{if .PageIsOrgSettingsLabels}}active {{end}}item" href="{{.OrgLink}}/settings/labels">
 			{{.locale.Tr "repo.labels"}}
 		</a>
-		<a class="{{if .PageIsOrgSettingsSecrets}}active {{end}}item" href="{{.OrgLink}}/settings/secrets">
-			{{.locale.Tr "secrets.secrets"}}
-		</a>
 		{{if .EnableOAuth2}}
 		<a class="{{if .PageIsSettingsApplications}}active {{end}}item" href="{{.OrgLink}}/settings/applications">
 			{{.locale.Tr "settings.applications"}}
@@ -26,9 +23,17 @@
 		</a>
 		{{end}}
 		{{if .EnableActions}}
-		<a class="{{if .PageIsOrgSettingsRunners}}active {{end}}item" href="{{.OrgLink}}/settings/runners">
-			{{.locale.Tr "actions.runners"}}
-		</a>
+		<div class="item">
+			{{.locale.Tr "actions.actions"}}
+			<div class="menu">
+				<a class="{{if .PageIsSharedSettingsRunners}}active {{end}}item" href="{{.OrgLink}}/settings/actions/runners">
+					{{.locale.Tr "actions.runners"}}
+				</a>
+				<a class="{{if .PageIsSharedSettingsSecrets}}active {{end}}item" href="{{.OrgLink}}/settings/actions/secrets">
+					{{.locale.Tr "secrets.secrets"}}
+				</a>
+			</div>
+		</div>
 		{{end}}
 		<a class="{{if .PageIsSettingsDelete}}active {{end}}item" href="{{.OrgLink}}/settings/delete">
 			{{.locale.Tr "org.settings.delete"}}
diff --git a/templates/org/settings/secrets.tmpl b/templates/org/settings/secrets.tmpl
deleted file mode 100644
index 68ce415f41..0000000000
--- a/templates/org/settings/secrets.tmpl
+++ /dev/null
@@ -1,5 +0,0 @@
-{{template "org/settings/layout_head" (dict "ctxData" . "pageClass" "organization settings secrets")}}
-			<div class="org-setting-content">
-				{{template "shared/secrets/add_list" .}}
-			</div>
-{{template "org/settings/layout_footer" .}}
diff --git a/templates/repo/header.tmpl b/templates/repo/header.tmpl
index 8a6833f499..9b3b2ce794 100644
--- a/templates/repo/header.tmpl
+++ b/templates/repo/header.tmpl
@@ -237,7 +237,7 @@
 
 				{{if .Permission.IsAdmin}}
 					<div class="right menu">
-						<a class="{{if .PageIsSettings}}active {{end}}item" href="{{.RepoLink}}/settings">
+						<a class="{{if .PageIsRepoSettings}}active {{end}}item" href="{{.RepoLink}}/settings">
 							{{svg "octicon-tools"}} {{.locale.Tr "repo.settings"}}
 						</a>
 					</div>
@@ -246,7 +246,7 @@
 		{{else if .Permission.IsAdmin}}
 			<div class="ui tabular stackable menu navbar">
 				<div class="right menu">
-					<a class="{{if .PageIsSettings}}active {{end}}item" href="{{.RepoLink}}/settings">
+					<a class="{{if .PageIsRepoSettings}}active {{end}}item" href="{{.RepoLink}}/settings">
 						{{svg "octicon-tools"}} {{.locale.Tr "repo.settings"}}
 					</a>
 				</div>
diff --git a/templates/repo/settings/actions.tmpl b/templates/repo/settings/actions.tmpl
new file mode 100644
index 0000000000..72944234a3
--- /dev/null
+++ b/templates/repo/settings/actions.tmpl
@@ -0,0 +1,9 @@
+{{template "repo/settings/layout_head" (dict "ctxData" . "pageClass" "repository settings actions")}}
+	<div class="repo-setting-content">
+		{{if eq .PageType "runners"}}
+			{{template "shared/actions/runner_list" .}}
+		{{else if eq .PageType "secrets"}}
+			{{template "shared/secrets/add_list" .}}
+		{{end}}
+	</div>
+{{template "repo/settings/layout_footer" .}}
diff --git a/templates/repo/settings/nav.tmpl b/templates/repo/settings/nav.tmpl
index 3156d9b159..4a88d69adf 100644
--- a/templates/repo/settings/nav.tmpl
+++ b/templates/repo/settings/nav.tmpl
@@ -13,7 +13,7 @@
 				<li {{if .PageIsSettingsGitHooks}}class="current"{{end}}><a href="{{.RepoLink}}/settings/hooks/git">{{.locale.Tr "repo.settings.githooks"}}</a></li>
 			{{end}}
 			<li {{if .PageIsSettingsKeys}}class="current"{{end}}><a href="{{.RepoLink}}/settings/keys">{{.locale.Tr "repo.settings.deploy_keys"}}</a></li>
-			<li {{if .PageIsSettingsSecrets}}class="current"{{end}}><a href="{{.RepoLink}}/settings/secrets">{{.locale.Tr "secrets.secrets"}}</a></li>
+			<li {{if .PageIsSharedSettingsSecrets}}class="current"{{end}}><a href="{{.RepoLink}}/settings/secrets">{{.locale.Tr "secrets.secrets"}}</a></li>
 		</ul>
 	</div>
 </div>
diff --git a/templates/repo/settings/navbar.tmpl b/templates/repo/settings/navbar.tmpl
index 081d0c474e..b1beda7c94 100644
--- a/templates/repo/settings/navbar.tmpl
+++ b/templates/repo/settings/navbar.tmpl
@@ -28,18 +28,23 @@
 		<a class="{{if .PageIsSettingsKeys}}active {{end}}item" href="{{.RepoLink}}/settings/keys">
 			{{.locale.Tr "repo.settings.deploy_keys"}}
 		</a>
-		<a class="{{if .PageIsSettingsSecrets}}active {{end}}item" href="{{.RepoLink}}/settings/secrets">
-			{{.locale.Tr "secrets.secrets"}}
-		</a>
 		{{if .LFSStartServer}}
 			<a class="{{if .PageIsSettingsLFS}}active {{end}}item" href="{{.RepoLink}}/settings/lfs">
 				{{.locale.Tr "repo.settings.lfs"}}
 			</a>
 		{{end}}
 		{{if and .EnableActions (not .UnitActionsGlobalDisabled) (.Permission.CanRead $.UnitTypeActions)}}
-			<a class="{{if .PageIsSettingsRunners}}active {{end}}item" href="{{.RepoLink}}/settings/runners">
-				{{.locale.Tr "actions.runners"}}
-			</a>
+		<div class="item">
+			{{.locale.Tr "actions.actions"}}
+			<div class="menu">
+				<a class="{{if .PageIsSharedSettingsRunners}}active {{end}}item" href="{{.RepoLink}}/settings/actions/runners">
+					{{.locale.Tr "actions.runners"}}
+				</a>
+				<a class="{{if .PageIsSharedSettingsSecrets}}active {{end}}item" href="{{.RepoLink}}/settings/actions/secrets">
+					{{.locale.Tr "secrets.secrets"}}
+				</a>
+			</div>
+		</div>
 		{{end}}
 	</div>
 </div>
diff --git a/templates/repo/settings/runners.tmpl b/templates/repo/settings/runners.tmpl
deleted file mode 100644
index ab3ad40400..0000000000
--- a/templates/repo/settings/runners.tmpl
+++ /dev/null
@@ -1,5 +0,0 @@
-{{template "repo/settings/layout_head" (dict "ctxData" . "pageClass" "repository settings runners")}}
-	<div class="repo-setting-content">
-		{{template "shared/actions/runner_list" .}}
-	</div>
-{{template "repo/settings/layout_footer" .}}
diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index e56ace8fc6..e743c16f95 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -1,5 +1,5 @@
 <h4 class="ui top attached header">
-	{{.locale.Tr "secrets.secrets"}}
+	{{.locale.Tr "secrets.management"}}
 	<div class="ui right">
 		<button class="ui primary tiny show-panel button" data-panel="#add-secret-panel">{{.locale.Tr "secrets.creation"}}</button>
 	</div>
diff --git a/templates/user/settings/secrets.tmpl b/templates/user/settings/actions.tmpl
similarity index 73%
rename from templates/user/settings/secrets.tmpl
rename to templates/user/settings/actions.tmpl
index a831453f2a..4d56523587 100644
--- a/templates/user/settings/secrets.tmpl
+++ b/templates/user/settings/actions.tmpl
@@ -1,6 +1,8 @@
-{{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings secrets")}}
+{{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings actions")}}
 	<div class="user-setting-content">
+	{{if eq .PageType "secrets"}}
 		{{template "shared/secrets/add_list" .}}
+	{{end}}
 	</div>
 
 {{template "user/settings/layout_footer" .}}
diff --git a/templates/user/settings/navbar.tmpl b/templates/user/settings/navbar.tmpl
index 27ec73c34f..b79308419b 100644
--- a/templates/user/settings/navbar.tmpl
+++ b/templates/user/settings/navbar.tmpl
@@ -19,9 +19,16 @@
 		<a class="{{if .PageIsSettingsKeys}}active {{end}}item" href="{{AppSubUrl}}/user/settings/keys">
 			{{.locale.Tr "settings.ssh_gpg_keys"}}
 		</a>
-		<a class="{{if .PageIsSettingsSecrets}}active {{end}}item" href="{{AppSubUrl}}/user/settings/secrets">
-			{{.locale.Tr "secrets.secrets"}}
-		</a>
+		{{if .EnableActions}}
+		<div class="item">
+			{{.locale.Tr "actions.actions"}}
+			<div class="menu">
+				<a class="{{if .PageIsSharedSettingsSecrets}}active {{end}}item" href="{{AppSubUrl}}/user/settings/actions/secrets">
+					{{.locale.Tr "secrets.secrets"}}
+				</a>
+			</div>
+		</div>
+		{{end}}
 		{{if .EnablePackages}}
 		<a class="{{if .PageIsSettingsPackages}}active {{end}}item" href="{{AppSubUrl}}/user/settings/packages">
 			{{.locale.Tr "packages.title"}}
diff --git a/web_src/css/base.css b/web_src/css/base.css
index dc7942e8a2..c7ea0e47c8 100644
--- a/web_src/css/base.css
+++ b/web_src/css/base.css
@@ -830,6 +830,21 @@ a.label,
   color: var(--color-text-light-3);
 }
 
+/* sub menu of vertical menu */
+.ui.vertical.menu .item .menu .item {
+  color: var(--color-text-light-2);
+  text-indent: 16px;
+}
+
+.ui.vertical.menu .item .menu .item:hover,
+.ui.vertical.menu .item .menu a.item:hover {
+  color: var(--color-text-light-1);
+}
+
+.ui.vertical.menu .item .menu .active.item {
+  color: var(--color-text);
+}
+
 /* slightly more contrast for filters on issue list */
 .ui.ui.menu .dropdown.item.disabled {
   color: var(--color-text-light-2);
diff --git a/web_src/css/repository.css b/web_src/css/repository.css
index 80e2e1cb8b..8b25775bb4 100644
--- a/web_src/css/repository.css
+++ b/web_src/css/repository.css
@@ -2444,7 +2444,7 @@
 
 .settings.webhooks .list > .item:not(:first-child),
 .settings.githooks .list > .item:not(:first-child),
-.settings.runners .list > .item:not(:first-child) {
+.settings.actions .list > .item:not(:first-child) {
   padding: 0.25rem 1rem;
   margin: 12px -1rem -1rem;
 }