chore: code review changes from @shenlong-tanwen

fix: include port in baseURL
cleanly migrate the server URL value to a JSON array (ie coming from 1.135.0 app)
2025-12-14 00:30:47 -08:00 · 2025-06-24 09:18:11 -05:00 · 2025-06-24 09:17:42 -05:00 · 2025-06-23 17:55:41 -05:00 · 2025-06-23 17:44:51 -05:00 · 2025-06-23 17:41:55 -05:00
2373 changed files with 116384 additions and 221852 deletions
--- a/.devcontainer/mobile/container-compose-overrides.yml
+++ b/.devcontainer/mobile/container-compose-overrides.yml
@@ -11,7 +11,8 @@ services:
      - open_api_node_modules:/workspaces/immich/open-api/typescript-sdk/node_modules
      - server_node_modules:/workspaces/immich/server/node_modules
      - web_node_modules:/workspaces/immich/web/node_modules
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ${UPLOAD_LOCATION}/photos:/workspaces/immich/server/upload
      - ${UPLOAD_LOCATION}/photos/upload:/workspaces/immich/server/upload/upload
      - /etc/localtime:/etc/localtime:ro
  database:
--- a/.devcontainer/server/container-common.sh
+++ b/.devcontainer/server/container-common.sh
@@ -49,11 +49,10 @@ fix_permissions() {
    log "Fixing permissions for ${IMMICH_WORKSPACE}"
    run_cmd sudo find "${IMMICH_WORKSPACE}/server/upload" -not -path "${IMMICH_WORKSPACE}/server/upload/postgres/*" -not -path "${IMMICH_WORKSPACE}/server/upload/postgres" -exec chown node {} +
    # Change ownership for directories that exist
    for dir in "${IMMICH_WORKSPACE}/.vscode" \
        "${IMMICH_WORKSPACE}/server/upload" \
        "${IMMICH_WORKSPACE}/.pnpm-store" \
        "${IMMICH_WORKSPACE}/.github/node_modules" \
        "${IMMICH_WORKSPACE}/cli/node_modules" \
        "${IMMICH_WORKSPACE}/e2e/node_modules" \
        "${IMMICH_WORKSPACE}/open-api/typescript-sdk/node_modules" \
@@ -74,8 +73,10 @@ install_dependencies() {
    log "Installing dependencies"
    (
        cd "${IMMICH_WORKSPACE}" || exit 1
-        export CI=1 FROZEN=1 OFFLINE=1
+        run_cmd make install-server
-        run_cmd make setup-web-dev setup-server-dev
+        run_cmd make install-sdk
        run_cmd make build-sdk
        run_cmd make install-web
    )
    log ""
 }
--- a/.devcontainer/server/container-compose-overrides.yml
+++ b/.devcontainer/server/container-compose-overrides.yml
@@ -3,28 +3,25 @@ services:
    build:
      target: dev-container-server
    env_file: !reset []
    hostname: immich-dev
    environment:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
    volumes: !override
      - ..:/workspaces/immich
-      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
+      - cli_node_modules:/workspaces/immich/cli/node_modules
      - e2e_node_modules:/workspaces/immich/e2e/node_modules
      - open_api_node_modules:/workspaces/immich/open-api/typescript-sdk/node_modules
      - server_node_modules:/workspaces/immich/server/node_modules
      - web_node_modules:/workspaces/immich/web/node_modules
      - ${UPLOAD_LOCATION:-upload1-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/workspaces/immich/server/upload
      - ${UPLOAD_LOCATION:-upload2-devcontainer-volume}${UPLOAD_LOCATION:+/photos/upload}:/workspaces/immich/server/upload/upload
      - /etc/localtime:/etc/localtime:ro
-      - pnpm-store:/usr/src/app/.pnpm-store
+
      - server-node_modules:/usr/src/app/server/node_modules
      - web-node_modules:/usr/src/app/web/node_modules
      - github-node_modules:/usr/src/app/.github/node_modules
      - cli-node_modules:/usr/src/app/cli/node_modules
      - docs-node_modules:/usr/src/app/docs/node_modules
      - e2e-node_modules:/usr/src/app/e2e/node_modules
      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
      - app-node_modules:/usr/src/app/node_modules
      - sveltekit:/usr/src/app/web/.svelte-kit
      - coverage:/usr/src/app/web/coverage
  immich-web:
    env_file: !reset []
  immich-machine-learning:
    env_file: !reset []
  database:
    env_file: !reset []
    environment: !override
@@ -35,8 +32,17 @@ services:
      POSTGRES_HOST_AUTH_METHOD: md5
    volumes: 
      - ${UPLOAD_LOCATION:-postgres-devcontainer-volume}${UPLOAD_LOCATION:+/postgres}:/var/lib/postgresql/data
  redis:
    env_file: !reset []
 volumes:
-  upload-devcontainer-volume:
+  # Node modules for each service to avoid conflicts and ensure consistent dependencies
  cli_node_modules:
  e2e_node_modules:
  open_api_node_modules:
  server_node_modules:
  web_node_modules:
  upload1-devcontainer-volume:
  upload2-devcontainer-volume:
  postgres-devcontainer-volume:
--- a/.devcontainer/server/container-start-backend.sh
+++ b/.devcontainer/server/container-start-backend.sh
@@ -3,11 +3,6 @@
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh
 log "Preparing Immich Nest API Server"
 log ""
 export CI=1
 run_cmd pnpm --filter immich install
 log "Starting Nest API Server"
 log ""
 cd "${IMMICH_WORKSPACE}/server" || (
@@ -16,7 +11,7 @@ cd "${IMMICH_WORKSPACE}/server" || (
 )
 while true; do
-    run_cmd pnpm --filter immich exec nest start --debug "0.0.0.0:9230" --watch
+    run_cmd node ./node_modules/.bin/nest start --debug "0.0.0.0:9230" --watch
    log "Nest API Server crashed with exit code $?.  Respawning in 3s ..."
    sleep 3
 done
--- a/.devcontainer/server/container-start-frontend.sh
+++ b/.devcontainer/server/container-start-frontend.sh
@@ -3,13 +3,6 @@
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh
 export CI=1
 log "Preparing Immich Web Frontend"
 log ""
 run_cmd pnpm --filter @immich/sdk install
 run_cmd pnpm --filter @immich/sdk build
 run_cmd pnpm --filter immich-web install
 log "Starting Immich Web Frontend"
 log ""
 cd "${IMMICH_WORKSPACE}/web" || (
@@ -23,7 +16,7 @@ until curl --output /dev/null --silent --head --fail "http://127.0.0.1:${IMMICH_
 done
 while true; do
-    run_cmd pnpm --filter immich-web exec vite dev --host 0.0.0.0 --port "${DEV_PORT}"
+    run_cmd node ./node_modules/.bin/vite dev --host 0.0.0.0 --port "${DEV_PORT}"
    log "Web crashed with exit code $?.  Respawning in 3s ..."
    sleep 3
 done
--- a/.devcontainer/server/container-start.sh
+++ b/.devcontainer/server/container-start.sh
@@ -6,6 +6,9 @@ source /immich-devcontainer/container-common.sh
 log "Setting up Immich dev container..."
 fix_permissions
 log "Installing npm dependencies (node_modules)..."
 install_dependencies
 log "Setup complete, please wait while backend and frontend services automatically start"
 log
 log "If necessary, the services may be manually started using"
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,41 +1,33 @@
 .vscode/
 .github/
 .git/
 .env*
 *.log
 *.tmp
 *.temp
 **/Dockerfile
 **/node_modules/
 **/.pnpm-store/
 **/dist/
 **/coverage/
 **/build/
 design/
 docker/
 !docker/scripts
 docs/
 !docs/package.json
 !docs/package-lock.json
 e2e/
 !e2e/package.json
 !e2e/package-lock.json
 fastlane/
 machine-learning/
 misc/
 mobile/
-open-api/typescript-sdk/build/
+cli/coverage/
-!open-api/typescript-sdk/package.json
+cli/dist/
-!open-api/typescript-sdk/package-lock.json
+cli/node_modules/
 open-api/typescript-sdk/build/
 open-api/typescript-sdk/node_modules/
 server/coverage/
 server/node_modules/
 server/upload/
 server/src/queries
 server/dist/
 server/www/
 web/node_modules/
 web/coverage/
 web/.svelte-kit
 web/build/
 web/.env
--- a/.gitattributes
+++ b/.gitattributes
@@ -12,12 +12,6 @@ mobile/lib/**/*.drift.dart linguist-generated=true
 mobile/drift_schemas/main/drift_schema_*.json -diff -merge
 mobile/drift_schemas/main/drift_schema_*.json linguist-generated=true
 mobile/lib/infrastructure/repositories/db.repository.steps.dart -diff -merge
 mobile/lib/infrastructure/repositories/db.repository.steps.dart linguist-generated=true
 mobile/test/drift/main/generated/** -diff -merge
 mobile/test/drift/main/generated/** linguist-generated=true
 open-api/typescript-sdk/fetch-client.ts -diff -merge
 open-api/typescript-sdk/fetch-client.ts linguist-generated=true
--- a/.github/.nvmrc
+++ b/.github/.nvmrc
@@ -1 +1 @@
-22.19.0
+22.16.0
--- a/.github/.prettierignore
+++ b/.github/.prettierignore
@@ -1,4 +0,0 @@
 # Ignore files for PNPM, NPM and YARN
 pnpm-lock.yaml
 package-lock.json
 yarn.lock
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -64,11 +64,6 @@ body:
        - label: Web
        - label: Mobile
  - type: input
    attributes:
      label: Device make and model
      placeholder: Samsung S25 Android 16
  - type: textarea
    validations:
      required: true
--- a/.github/package-lock.json
+++ b/.github/package-lock.json
@@ -0,0 +1,28 @@
 {
  "name": ".github",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "devDependencies": {
        "prettier": "^3.5.3"
      }
    },
    "node_modules/prettier": {
      "version": "3.5.3",
      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.5.3.tgz",
      "integrity": "sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==",
      "dev": true,
      "license": "MIT",
      "bin": {
        "prettier": "bin/prettier.cjs"
      },
      "engines": {
        "node": ">=14"
      },
      "funding": {
        "url": "https://github.com/prettier/prettier?sponsor=1"
      }
    }
  }
 }
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -34,7 +34,3 @@ The `/api/something` endpoint is now `/api/something-else`
 - [ ] I have followed naming conventions/patterns in the surrounding code
 - [ ] All code in `src/services/` uses repositories implementations for database calls, filesystem operations, etc.
 - [ ] All code in `src/repositories/` is pretty basic/simple and does not have any immich specific logic (that belongs in `src/services/`)
 ## Please describe to which degree, if any, an LLM was used in creating this pull request.
 ...
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -32,18 +32,24 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
+      - name: Checkout code
-        id: check
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            mobile:
              - 'mobile/**'
-          force-filters: |
+            workflow:
              - '.github/workflows/build-mobile.yml'
-          force-events: 'workflow_call,workflow_dispatch'
+      - name: Check if we should force jobs to run
        id: should_force
        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"
  build-sign-android:
    name: Build and sign Android
@@ -51,56 +57,40 @@ jobs:
    permissions:
      contents: read
    # Skip when PR from a fork
-    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.pre-job.outputs.should_run == 'true' }}
-    runs-on: mich
+    runs-on: macos-14
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false
      - name: Create the Keystore
        env:
          KEY_JKS: ${{ secrets.KEY_JKS }}
        working-directory: ./mobile
        run: printf "%s" $KEY_JKS | base64 -d > android/key.jks
      - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: 'zulu'
          java-version: '17'
-
+          cache: 'gradle'
      - name: Restore Gradle Cache
        id: cache-gradle-restore
        uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
            ~/.android/sdk
            mobile/android/.gradle
            mobile/.dart_tool
          key: build-mobile-gradle-${{ runner.os }}-main
      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
+        uses: subosito/flutter-action@e938fdf56512cc96ef2f93601a5a40bde3801046 # v2.19.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
          cache: true
-      - name: Setup Android SDK
+      - name: Create the Keystore
-        uses: android-actions/setup-android@9fc6c4e9069bf8d3d10b2204b1fb8f6ef7065407 # v3.2.2
+        env:
-        with:
+          KEY_JKS: ${{ secrets.KEY_JKS }}
-          packages: ''
+        working-directory: ./mobile
        run: echo $KEY_JKS | base64 -d > android/key.jks
      - name: Get Packages
        working-directory: ./mobile
        run: flutter pub get
      - name: Generate translation file
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
+        run: make translation
        working-directory: ./mobile
      - name: Generate platform APIs
@@ -113,30 +103,12 @@ jobs:
          ALIAS: ${{ secrets.ALIAS }}
          ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
          ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
          IS_MAIN: ${{ github.ref == 'refs/heads/main' }}
        run: |
          if [[ $IS_MAIN == 'true' ]]; then
          flutter build apk --release
          flutter build apk --release --split-per-abi --target-platform android-arm,android-arm64,android-x64
          else
            flutter build apk --debug --split-per-abi --target-platform android-arm64
          fi
      - name: Publish Android Artifact
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: release-apk-signed
          path: mobile/build/app/outputs/flutter-apk/*.apk
      - name: Save Gradle Cache
        id: cache-gradle-save
        uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
        if: github.ref == 'refs/heads/main'
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
            ~/.android/sdk
            mobile/android/.gradle
            mobile/.dart_tool
          key: ${{ steps.cache-gradle-restore.outputs.cache-primary-key }}
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -19,7 +19,7 @@ jobs:
      actions: write
    steps:
      - name: Check out code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -29,28 +29,22 @@ jobs:
        working-directory: ./cli
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+      # Setup .npmrc file to publish to npm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
-          cache: 'pnpm'
+      - name: Prepare SDK
-          cache-dependency-path: '**/pnpm-lock.yaml'
+        run: npm ci --prefix ../open-api/typescript-sdk/
-
+      - name: Build SDK
-      - name: Setup typescript-sdk
+        run: npm run build --prefix ../open-api/typescript-sdk/
-        run: pnpm install && pnpm run build
+      - run: npm ci
-        working-directory: ./open-api/typescript-sdk
+      - run: npm run build
-
+      - run: npm publish
      - run: pnpm install --frozen-lockfile
      - run: pnpm build
      - run: pnpm publish
        if: ${{ github.event_name == 'release' }}
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -65,7 +59,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
@@ -73,10 +67,10 @@ jobs:
        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
@@ -91,7 +85,7 @@ jobs:
      - name: Generate docker image tags
        id: metadata
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        with:
          flavor: |
            latest=false
@@ -102,7 +96,7 @@ jobs:
            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
      - name: Build and push image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
        with:
          file: cli/Dockerfile
          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/close-duplicates.yml
+++ b/.github/workflows/close-duplicates.yml
@@ -1,107 +0,0 @@
 on:
  issues:
    types: [opened]
  discussion:
    types: [created]
 name: Close likely duplicates
 permissions: {}
 jobs:
  should_run:
    runs-on: ubuntu-latest
    outputs:
      should_run: ${{ steps.should_run.outputs.run }}
    steps:
      - id: should_run
        run: echo "run=${{ github.event_name == 'issues' || github.event.discussion.category.name == 'Feature Request' }}" >> $GITHUB_OUTPUT
  get_body:
    runs-on: ubuntu-latest
    needs: should_run
    if: ${{ needs.should_run.outputs.should_run == 'true' }}
    env:
      EVENT: ${{ toJSON(github.event) }}
    outputs:
      body: ${{ steps.get_body.outputs.body }}
    steps:
      - id: get_body
        run: |
          BODY=$(echo """$EVENT""" | jq -r '.issue // .discussion | .body' | base64 -w 0)
          echo "body=$BODY" >> $GITHUB_OUTPUT
  get_checkbox_json:
    runs-on: ubuntu-latest
    needs: [get_body, should_run]
    if: ${{ needs.should_run.outputs.should_run == 'true' }}
    container:
      image: ghcr.io/immich-app/mdq:main@sha256:d8ae47cf2e6cf4e2559bd57a60b73674fe44f897cba2c2bddff2987a05be10a4
    outputs:
      checked: ${{ steps.get_checkbox.outputs.checked }}
    steps:
      - id: get_checkbox
        env:
          BODY: ${{ needs.get_body.outputs.body }}
        run: |
          CHECKED=$(echo "$BODY" | base64 -d | /mdq --output json '# I have searched | - [?] Yes' | jq '.items[0].list[0].checked // false')
          echo "checked=$CHECKED" >> $GITHUB_OUTPUT
  close_and_comment:
    runs-on: ubuntu-latest
    needs: [get_checkbox_json, should_run]
    if: ${{ needs.should_run.outputs.should_run == 'true' && needs.get_checkbox_json.outputs.checked != 'true' }}
    permissions:
      issues: write
      discussions: write
    steps:
      - name: Close issue
        if: ${{ github.event_name == 'issues' }}
        env:
          GH_TOKEN: ${{ github.token }}
          NODE_ID: ${{ github.event.issue.node_id }}
        run: |
          gh api graphql \
            -f issueId="$NODE_ID" \
            -f body="This issue has automatically been closed as it is likely a duplicate. We get a lot of duplicate threads each day, which is why we ask you in the template to confirm that you searched for duplicates before opening one. If you're sure this is not a duplicate, please leave a comment and we will reopen the thread if necessary." \
            -f query='
              mutation CommentAndCloseIssue($issueId: ID!, $body: String!) {
                addComment(input: {
                  subjectId: $issueId, 
                  body: $body
                }) {
                  __typename
                }
                closeIssue(input: {
                  issueId: $issueId,
                  stateReason: DUPLICATE
                }) {
                  __typename
                }
              }'
      - name: Close discussion
        if: ${{ github.event_name == 'discussion' && github.event.discussion.category.name == 'Feature Request' }}
        env:
          GH_TOKEN: ${{ github.token }}
          NODE_ID: ${{ github.event.discussion.node_id }}
        run: |
          gh api graphql \
            -f discussionId="$NODE_ID" \
            -f body="This discussion has automatically been closed as it is likely a duplicate. We get a lot of duplicate threads each day, which is why we ask you in the template to confirm that you searched for duplicates before opening one. If you're sure this is not a duplicate, please leave a comment and we will reopen the thread if necessary." \
            -f query='
              mutation CommentAndCloseDiscussion($discussionId: ID!, $body: String!) {
                addDiscussionComment(input: {
                  discussionId: $discussionId,
                  body: $body
                }) {
                  __typename
                }
                closeDiscussion(input: {
                  discussionId: $discussionId,
                  reason: DUPLICATE
                }) {
                  __typename
                }
              }'
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -44,13 +44,13 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -63,7 +63,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -76,6 +76,6 @@ jobs:
      #   ./location_of_script_within_repo/buildscript.sh
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,11 +20,15 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
+      - name: Checkout code
-        id: check
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            server:
@@ -34,11 +38,14 @@ jobs:
              - 'i18n/**'
            machine-learning:
              - 'machine-learning/**'
-          force-filters: |
+            workflow:
              - '.github/workflows/docker.yml'
              - '.github/workflows/multi-runner-build.yml'
              - '.github/actions/image-build'
-          force-events: 'workflow_dispatch,release'
+
      - name: Check if we should force jobs to run
        id: should_force
        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"
  retag_ml:
    name: Re-Tag ML
@@ -46,14 +53,14 @@ jobs:
    permissions:
      contents: read
      packages: write
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == false && !github.event.pull_request.head.repo.fork }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -75,14 +82,14 @@ jobs:
    permissions:
      contents: read
      packages: write
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == false && !github.event.pull_request.head.repo.fork }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ['']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -101,7 +108,7 @@ jobs:
  machine-learning:
    name: Build and Push ML
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == true }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    strategy:
      fail-fast: false
      matrix:
@@ -124,7 +131,7 @@ jobs:
            tag-suffix: '-rocm'
            platforms: linux/amd64
            runner-mapping: '{"linux/amd64": "mich"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@094bfb927b8cd75b343abaac27b3241be0fccfe9 # multi-runner-build-workflow-0.1.0
    permissions:
      contents: read
      actions: read
@@ -146,8 +153,8 @@ jobs:
  server:
    name: Build and Push Server
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@094bfb927b8cd75b343abaac27b3241be0fccfe9 # multi-runner-build-workflow-0.1.0
    permissions:
      contents: read
      actions: read
@@ -170,7 +177,7 @@ jobs:
    runs-on: ubuntu-latest
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
+      - uses: immich-app/devtools/actions/success-check@6b81b1572e466f7f48ba3c823159ce3f4a4d66a6 # success-check-action-0.0.3
        with:
          needs: ${{ toJSON(needs) }}
@@ -181,6 +188,6 @@ jobs:
    runs-on: ubuntu-latest
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
+      - uses: immich-app/devtools/actions/success-check@6b81b1572e466f7f48ba3c823159ce3f4a4d66a6 # success-check-action-0.0.3
        with:
          needs: ${{ toJSON(needs) }}
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -18,28 +18,30 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.docs == 'true' ||  steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
+      - name: Checkout code
-        id: check
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            docs:
              - 'docs/**'
-            open-api:
+            workflow:
              - 'open-api/immich-openapi-specs.json'
          force-filters: |
              - '.github/workflows/docs-build.yml'
-          force-events: 'release'
+      - name: Check if we should force jobs to run
-          force-branches: 'main'
+        id: should_force
        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'release' || github.ref_name == 'main' }}" >> "$GITHUB_OUTPUT"
  build:
    name: Docs Build
    needs: pre-job
    permissions:
      contents: read
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).docs == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -47,28 +49,23 @@ jobs:
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './docs/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
-      - name: Run install
+      - name: Run npm install
-        run: pnpm install
+        run: npm ci
      - name: Check formatting
-        run: pnpm format
+        run: npm run format
      - name: Run build
-        run: pnpm build
+        run: npm run build
      - name: Upload build output
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -20,7 +20,7 @@ jobs:
        run: echo 'The triggering workflow did not succeed' && exit 1
      - name: Get artifact
        id: get-artifact
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
@@ -38,7 +38,7 @@ jobs:
            return { found: true, id: matchArtifact.id };
      - name: Determine deploy parameters
        id: parameters
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        with:
@@ -108,13 +108,13 @@ jobs:
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Load parameters
        id: parameters
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
        with:
@@ -125,7 +125,7 @@ jobs:
            core.setOutput("shouldDeploy", parameters.shouldDeploy);
      - name: Download artifact
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
        with:
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -16,27 +16,22 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: 'Checkout'
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Fix formatting
        run: make install-all && make format-all
@@ -48,7 +43,7 @@ jobs:
          message: 'chore: fix formatting'
      - name: Remove label
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        if: always()
        with:
          script: |
--- a/.github/workflows/merge-translations.yml
+++ b/.github/workflows/merge-translations.yml
@@ -1,112 +0,0 @@
 name: Merge translations
 on:
  workflow_dispatch:
  workflow_call:
    secrets:
      PUSH_O_MATIC_APP_ID:
        required: true
      PUSH_O_MATIC_APP_KEY:
        required: true
      WEBLATE_TOKEN:
        required: true
 permissions: {}
 env:
  WEBLATE_HOST: 'https://hosted.weblate.org'
  WEBLATE_COMPONENT: 'immich/immich'
 jobs:
  merge:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: Find translation PR
        id: find_pr
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
          PR=$(gh pr list --repo $GITHUB_REPOSITORY --author weblate --json number,mergeable)
          echo "$PR"
          PR_NUMBER=$(echo "$PR" | jq '
            if length == 1 then
              .[0].number
            else
              error("Expected exactly 1 entry, got \(length)")
            end
          ' 2>&1) || exit 1
          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT
          echo "Selected PR $PR_NUMBER"
          if ! echo "$PR" | jq -e '.[0].mergeable == "MERGEABLE"'; then
            echo "PR is not mergeable"
            exit 1
          fi
      - name: Generate a token
        id: generate_token
        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Lock weblate
        env:
          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
        run: |
          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=true
      - name: Commit translations
        env:
          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
        run: |
          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/repository/" -d operation=commit
          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/repository/" -d operation=push
      - name: Merge PR
        id: merge_pr
        env:
          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
        run: |
          set -euo pipefail
          REVIEW_ID=$(gh api -X POST "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" --field event='APPROVE' --field body='Automatically merging translations PR' \
            | jq '.id')
          echo "REVIEW_ID=$REVIEW_ID" >> $GITHUB_OUTPUT
          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --auto --squash
      - name: Wait for PR to merge
        env:
          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
          REVIEW_ID: ${{ steps.merge_pr.outputs.REVIEW_ID }}
        run: |
          # So we clean up no matter what
          set +e
          for i in {1..100}; do
            if gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json state | jq -e '.state == "MERGED"'; then
              echo "PR merged"
              exit 0
            else
              echo "PR not merged yet, waiting..."
              sleep 6
            fi
          done
          echo "PR did not merge in time"
          gh api -X PUT "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews/$REVIEW_ID/dismissals" --field message='Merge attempt timed out' --field event='DISMISS'
          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --disable-auto
          exit 1
      - name: Unlock weblate
        env:
          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
        run: |
          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=false
--- a/.github/workflows/org-pr-require-conventional-commit.yml
+++ b/.github/workflows/org-pr-require-conventional-commit.yml
@@ -1,12 +0,0 @@
 name: PR Conventional Commit
 on:
  pull_request:
    types: [opened, synchronize, reopened, edited]
 jobs:
  validate-pr-title:
    name: Validate PR Title (conventional commit)
    uses: immich-app/devtools/.github/workflows/shared-pr-require-conventional-commit.yml@main
    permissions:
      pull-requests: write
--- a/.github/workflows/org-zizmor.yml
+++ b/.github/workflows/org-zizmor.yml
@@ -1,15 +0,0 @@
 name: Zizmor
 on:
  pull_request:
  push:
    branches: [main]
 jobs:
  zizmor:
    name: Zizmor
    uses: immich-app/devtools/.github/workflows/shared-zizmor.yml@main
    permissions:
      actions: read
      contents: read
      security-events: write
--- a/.github/workflows/pr-label-validation.yml
+++ b/.github/workflows/pr-label-validation.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Require PR to have a changelog label
-        uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1
+        uses: mheap/github-action-required-labels@fb29a14a076b0f74099f6198f77750e8fc236016 # v5.5.0
        with:
          mode: exactly
          count: 1
--- a/.github/workflows/pr-require-conventional-commit.yml
+++ b/.github/workflows/pr-require-conventional-commit.yml
@@ -0,0 +1,19 @@
 name: PR Conventional Commit Validation
 on:
  pull_request:
    types: [opened, synchronize, reopened, edited]
 permissions: {}
 jobs:
  validate-pr-title:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: PR Conventional Commit Validation
        uses: ytanikin/PRConventionalCommits@b628c5a234cc32513014b7bfdd1e47b532124d98 # 1.3.0
        with:
          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
          add_label: 'false'
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -24,15 +24,6 @@ concurrency:
 permissions: {}
 jobs:
  merge_translations:
    uses: ./.github/workflows/merge-translations.yml
    permissions:
      pull-requests: write
    secrets:
      PUSH_O_MATIC_APP_ID: ${{ secrets.PUSH_O_MATIC_APP_ID }}
      PUSH_O_MATIC_APP_KEY: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
  bump_version:
    runs-on: ubuntu-latest
    outputs:
@@ -41,13 +32,13 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
@@ -55,16 +46,6 @@ jobs:
      - name: Install uv
        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Bump version
        env:
          SERVER_BUMP: ${{ inputs.serverBump }}
@@ -102,13 +83,13 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false
@@ -119,7 +100,7 @@ jobs:
          name: release-apk-signed
      - name: Create draft release
-        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2
        with:
          draft: true
          tag_name: ${{ env.IMMICH_VERSION }}
--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -20,11 +20,11 @@ jobs:
  remove-label:
    runs-on: ubuntu-latest
-    if: ${{ (github.event.action == 'closed' || github.event.pull_request.head.repo.fork) && contains(github.event.pull_request.labels.*.name, 'preview') }}
+    if: ${{ github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'preview') }}
    permissions:
      pull-requests: write
    steps:
-      - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            github.rest.issues.removeLabel({
@@ -33,15 +33,3 @@ jobs:
              repo: context.repo.repo,
              name: 'preview'
            })
      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        if: ${{ github.event.pull_request.head.repo.fork }}
        with:
          message-id: 'preview-status'
          message: 'PRs from forks cannot have preview environments.'
      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          message-id: 'preview-status'
          message: 'Preview environment has been removed.'
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -16,25 +16,20 @@ jobs:
      run:
        working-directory: ./open-api/typescript-sdk
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup pnpm
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      # Setup .npmrc file to publish to npm
      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './open-api/typescript-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Install deps
-        run: pnpm install --frozen-lockfile
+        run: npm ci
      - name: Build
-        run: pnpm build
+        run: npm run build
      - name: Publish
-        run: pnpm publish
+        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -17,59 +17,66 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
+      - name: Checkout code
-        id: check
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            mobile:
              - 'mobile/**'
-          force-filters: |
+            workflow:
              - '.github/workflows/static_analysis.yml'
-          force-events: 'workflow_dispatch,release'
+      - name: Check if we should force jobs to run
        id: should_force
        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"
  mobile-dart-analyze:
    name: Run Dart Code Analysis
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./mobile
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
+        uses: subosito/flutter-action@e938fdf56512cc96ef2f93601a5a40bde3801046 # v2.19.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
      - name: Install dependencies
        run: dart pub get
      - name: Install DCM
        uses: CQLabs/setup-dcm@8697ae0790c0852e964a6ef1d768d62a6675481a # v2.0.1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          version: auto
        working-directory: ./mobile
      - name: Install DCM
        run: |
          sudo apt-get update
          wget -qO- https://dcm.dev/pgp-key.public | sudo gpg --dearmor -o /usr/share/keyrings/dcm.gpg
          echo 'deb [signed-by=/usr/share/keyrings/dcm.gpg arch=amd64] https://dcm.dev/debian stable main' | sudo tee /etc/apt/sources.list.d/dart_stable.list
          sudo apt-get update
          sudo apt-get install dcm
      - name: Generate translation file
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
+        run: make translation
        working-directory: ./mobile
      - name: Run Build Runner
        run: make build
        working-directory: ./mobile
      - name: Generate platform API
        run: make pigeon
        working-directory: ./mobile
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
@@ -85,20 +92,49 @@ jobs:
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
-          echo "ERROR: Generated files not up to date! Run 'make build' and 'make pigeon' inside the mobile directory"
+          echo "ERROR: Generated files not up to date! Run make_build inside the mobile directory"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1
      - name: Run dart analyze
        run: dart analyze --fatal-infos
        working-directory: ./mobile
      - name: Run dart format
-        run: make format
+        run: dart format lib/ --set-exit-if-changed
        working-directory: ./mobile
-      # TODO: Re-enable after upgrading custom_lint
+      - name: Run dart custom_lint
-      # - name: Run dart custom_lint
+        run: dart run custom_lint
-      #   run: dart run custom_lint
+        working-directory: ./mobile
      # TODO: Use https://github.com/CQLabs/dcm-action
      - name: Run DCM
-        run: dcm analyze lib --fatal-style --fatal-warnings
+        run: dcm analyze lib
        working-directory: ./mobile
  zizmor:
    name: zizmor
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      contents: read
      actions: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Install the latest version of uv
        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
      - name: Run zizmor 🌈
        run: uvx zizmor --format=sarif . > results.sarif
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          sarif_file: results.sarif
          category: zizmor
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,21 +4,37 @@ on:
  pull_request:
  push:
    branches: [main]
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run_i18n: ${{ steps.found_paths.outputs.i18n == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_web: ${{ steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_cli: ${{ steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_e2e: ${{ steps.found_paths.outputs.e2e == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_mobile: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_e2e_web: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_e2e_server_cli: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.server == 'true' || steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_.github: ${{ steps.found_paths.outputs['.github'] == 'true' || steps.should_force.outputs.should_force == 'true' }} # redundant to have should_force but if someone changes the trigger then this won't have to be changed
    steps:
-      - name: Check what should run
+      - name: Checkout code
-        id: check
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            i18n:
@@ -38,225 +54,248 @@ jobs:
              - 'mobile/**'
            machine-learning:
              - 'machine-learning/**'
            workflow:
              - '.github/workflows/test.yml'
            .github:
              - '.github/**'
-          force-filters: |
+
-            - '.github/workflows/test.yml'
+      - name: Check if we should force jobs to run
-          force-events: 'workflow_dispatch'
+        id: should_force
        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"
  server-unit-tests:
    name: Test & Lint Server
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./server
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
+
-          cache-dependency-path: '**/pnpm-lock.yaml'
+      - name: Run npm install
-      - name: Run package manager install
+        run: npm ci
-        run: pnpm install
+
      - name: Run linter
-        run: pnpm lint
+        run: npm run lint
        if: ${{ !cancelled() }}
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
      - name: Run small tests & coverage
-        run: pnpm test
+        run: npm test
        if: ${{ !cancelled() }}
  cli-unit-tests:
    name: Unit Test CLI
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
-          cache: 'pnpm'
+
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Setup typescript-sdk
-        run: pnpm install && pnpm run build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
      - name: Install deps
-        run: pnpm install
+        run: npm ci
      - name: Run linter
-        run: pnpm lint
+        run: npm run lint
        if: ${{ !cancelled() }}
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
      - name: Run unit tests & coverage
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
  cli-unit-tests-win:
    name: Unit Test CLI (Windows)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: windows-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
-          cache: 'pnpm'
+
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
      - name: Install deps
-        run: pnpm install --frozen-lockfile
+        run: npm ci
      # Skip linter & formatter in Windows test.
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
      - name: Run unit tests & coverage
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
  web-lint:
    name: Lint Web
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: mich
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./web
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
-          cache: 'pnpm'
+
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
-      - name: Run pnpm install
+
-        run: pnpm rebuild && pnpm install --frozen-lockfile
+      - name: Run npm install
        run: npm ci
      - name: Run linter
-        run: pnpm lint:p
+        run: npm run lint:p
        if: ${{ !cancelled() }}
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
      - name: Run svelte checks
-        run: pnpm check:svelte
+        run: npm run check:svelte
        if: ${{ !cancelled() }}
  web-unit-tests:
    name: Test Web
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./web
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
-          cache: 'pnpm'
+
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
      - name: Run npm install
-        run: pnpm install --frozen-lockfile
+        run: npm ci
      - name: Run tsc
-        run: pnpm check:typescript
+        run: npm run check:typescript
        if: ${{ !cancelled() }}
      - name: Run unit tests & coverage
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
  i18n-tests:
    name: Test i18n
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
+    if: ${{ needs.pre-job.outputs.should_run_i18n == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
-          cache: 'pnpm'
+
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Install dependencies
-        run: pnpm --filter=immich-web install --frozen-lockfile
+        run: npm --prefix=web ci
      - name: Format
-        run: pnpm --filter=immich-web format:i18n
+        run: npm --prefix=web run format:i18n
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
        with:
          files: |
            i18n/**
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
@@ -265,77 +304,83 @@ jobs:
          echo "ERROR: i18n files not up to date!"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1
  e2e-tests-lint:
    name: End-to-End Lint
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./e2e
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
-          cache: 'pnpm'
+
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+        run: npm ci
        if: ${{ !cancelled() }}
      - name: Run linter
-        run: pnpm lint
+        run: npm run lint
        if: ${{ !cancelled() }}
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
  server-medium-tests:
    name: Medium Tests (Server)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./server
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
+
-          cache-dependency-path: '**/pnpm-lock.yaml'
+      - name: Run npm install
-      - name: Run pnpm install
+        run: npm ci
-        run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm install --frozen-lockfile
+
      - name: Run medium tests
-        run: pnpm test:medium
+        run: npm run test:medium
        if: ${{ !cancelled() }}
  e2e-tests-server-cli:
    name: End-to-End Tests (Server & CLI)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true || fromJSON(needs.pre-job.outputs.should_run).server == true || fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e_server_cli == 'true' }}
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
@@ -345,45 +390,45 @@ jobs:
    strategy:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
          submodules: 'recursive'
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
-          cache: 'pnpm'
+
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
-      - name: Run setup web
+
        run: pnpm install --frozen-lockfile && pnpm exec svelte-kit sync
        working-directory: ./web
        if: ${{ !cancelled() }}
      - name: Run setup cli
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./cli
        if: ${{ !cancelled() }}
      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+        run: npm ci
        if: ${{ !cancelled() }}
      - name: Docker build
        run: docker compose build
        if: ${{ !cancelled() }}
      - name: Run e2e tests (api & cli)
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
  e2e-tests-web:
    name: End-to-End Tests (Web)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true || fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e_web == 'true' }}
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
@@ -393,36 +438,40 @@ jobs:
    strategy:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
          submodules: 'recursive'
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
-          cache: 'pnpm'
+
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+        run: npm ci
        if: ${{ !cancelled() }}
      - name: Install Playwright Browsers
        run: npx playwright install chromium --only-shell
        if: ${{ !cancelled() }}
      - name: Docker build
        run: docker compose build
        if: ${{ !cancelled() }}
      - name: Run e2e tests (web)
        run: npx playwright test
        if: ${{ !cancelled() }}
  success-check-e2e:
    name: End-to-End Tests Success
    needs: [e2e-tests-server-cli, e2e-tests-web]
@@ -430,35 +479,40 @@ jobs:
    runs-on: ubuntu-latest
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
+      - uses: immich-app/devtools/actions/success-check@6b81b1572e466f7f48ba3c823159ce3f4a4d66a6 # success-check-action-0.0.3
        with:
          needs: ${{ toJSON(needs) }}
  mobile-unit-tests:
    name: Unit Test Mobile
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ needs.pre-job.outputs.should_run_mobile == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
+        uses: subosito/flutter-action@e938fdf56512cc96ef2f93601a5a40bde3801046 # v2.19.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
      - name: Generate translation file
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
+        run: make translation
        working-directory: ./mobile
      - name: Run tests
        working-directory: ./mobile
        run: flutter test -j 1
  ml-unit-tests:
    name: Unit Test ML
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == true }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -466,9 +520,10 @@ jobs:
      run:
        working-directory: ./machine-learning
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Install uv
        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
@@ -491,48 +546,54 @@ jobs:
      - name: Run tests and coverage
        run: |
          uv run pytest --cov=immich_ml --cov-report term-missing
  github-files-formatting:
    name: .github Files Formatting
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run)['.github'] == true }}
+    if: ${{ needs.pre-job.outputs['should_run_.github'] == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./.github
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './.github/.nvmrc'
-          cache: 'pnpm'
+
-          cache-dependency-path: '**/pnpm-lock.yaml'
+      - name: Run npm install
-      - name: Run pnpm install
+        run: npm ci
-        run: pnpm install --frozen-lockfile
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
  shellcheck:
    name: ShellCheck
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Run ShellCheck
-        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
+        uses: ludeeus/action-shellcheck@master
        with:
          ignore_paths: >-
-            **/open-api/** **/openapi** **/node_modules/**
+            **/open-api/**
            **/openapi**
            **/node_modules/**
  generated-api-up-to-date:
    name: OpenAPI Clients
    runs-on: ubuntu-latest
@@ -540,24 +601,24 @@ jobs:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
+
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Install server dependencies
-        run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm --filter immich install --frozen-lockfile
+        run: npm --prefix=server ci
      - name: Build the app
-        run: pnpm --filter immich build
+        run: npm --prefix=server run build
      - name: Run API generation
-        run: ./bin/generate-open-api.sh
+        run: make open-api
-        working-directory: open-api
+
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
@@ -566,6 +627,7 @@ jobs:
            mobile/openapi
            open-api/typescript-sdk
            open-api/immich-openapi-specs.json
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
@@ -574,6 +636,7 @@ jobs:
          echo "ERROR: Generated files not up to date!"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1
  sql-schema-up-to-date:
    name: SQL Schema Checks
    runs-on: ubuntu-latest
@@ -581,42 +644,49 @@ jobs:
      contents: read
    services:
      postgres:
-        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3@sha256:da52bbead5d818adaa8077c8dcdaad0aaf93038c31ad8348b51f9f0ec1310a4d
+        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
          POSTGRES_DB: immich
        options: >-
-          --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 5432:5432
    defaults:
      run:
        working-directory: ./server
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
+
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
+
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Install server dependencies
-        run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm install --frozen-lockfile
+        run: npm ci
      - name: Build the app
-        run: pnpm build
+        run: npm run build
      - name: Run existing migrations
-        run: pnpm migrations:run
+        run: npm run migrations:run
      - name: Test npm run schema:reset command works
-        run: pnpm schema:reset
+        run: npm run schema:reset
      - name: Generate new migrations
        continue-on-error: true
-        run: pnpm migrations:generate src/TestMigration
+        run: npm run migrations:generate src/TestMigration
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
@@ -632,16 +702,19 @@ jobs:
          echo "Changed files: ${CHANGED_FILES}"
          cat ./src/*-TestMigration.ts
          exit 1
      - name: Run SQL generation
-        run: pnpm sync:sql
+        run: npm run sync:sql
        env:
          DB_URL: postgres://postgres:postgres@localhost:5432/immich
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-sql-files
        with:
          files: |
            server/src/queries
      - name: Verify SQL files have not changed
        if: steps.verify-changed-sql-files.outputs.files_changed == 'true'
        env:
@@ -652,77 +725,77 @@ jobs:
          git diff
          exit 1
-# mobile-integration-tests:
+  # mobile-integration-tests:
-#   name: Run mobile end-to-end integration tests
+  #   name: Run mobile end-to-end integration tests
-#   runs-on: macos-latest
+  #   runs-on: macos-latest
-#   steps:
+  #   steps:
-#     - uses: actions/checkout@v4
+  #     - uses: actions/checkout@v4
-#     - uses: actions/setup-java@v3
+  #     - uses: actions/setup-java@v3
-#       with:
+  #       with:
-#         distribution: 'zulu'
+  #         distribution: 'zulu'
-#         java-version: '12.x'
+  #         java-version: '12.x'
-#         cache: 'gradle'
+  #         cache: 'gradle'
-#     - name: Cache android SDK
+  #     - name: Cache android SDK
-#       uses: actions/cache@v3
+  #       uses: actions/cache@v3
-#       id: android-sdk
+  #       id: android-sdk
-#       with:
+  #       with:
-#         key: android-sdk
+  #         key: android-sdk
-#         path: |
+  #         path: |
-#           /usr/local/lib/android/
+  #           /usr/local/lib/android/
-#           ~/.android
+  #           ~/.android
-#     - name: Cache Gradle
+  #     - name: Cache Gradle
-#       uses: actions/cache@v3
+  #       uses: actions/cache@v3
-#       with:
+  #       with:
-#         path: |
+  #         path: |
-#           ./mobile/build/
+  #           ./mobile/build/
-#           ./mobile/android/.gradle/
+  #           ./mobile/android/.gradle/
-#         key: ${{ runner.os }}-flutter-${{ hashFiles('**/*.gradle*', 'pubspec.lock') }}
+  #         key: ${{ runner.os }}-flutter-${{ hashFiles('**/*.gradle*', 'pubspec.lock') }}
-#     - name: Setup Android SDK
+  #     - name: Setup Android SDK
-#       if: steps.android-sdk.outputs.cache-hit != 'true'
+  #       if: steps.android-sdk.outputs.cache-hit != 'true'
-#       uses: android-actions/setup-android@v2
+  #       uses: android-actions/setup-android@v2
-#     - name: AVD cache
+  #     - name: AVD cache
-#       uses: actions/cache@v3
+  #       uses: actions/cache@v3
-#       id: avd-cache
+  #       id: avd-cache
-#       with:
+  #       with:
-#         path: |
+  #         path: |
-#           ~/.android/avd/*
+  #           ~/.android/avd/*
-#           ~/.android/adb*
+  #           ~/.android/adb*
-#         key: avd-29
+  #         key: avd-29
-#     - name: create AVD and generate snapshot for caching
+  #     - name: create AVD and generate snapshot for caching
-#       if: steps.avd-cache.outputs.cache-hit != 'true'
+  #       if: steps.avd-cache.outputs.cache-hit != 'true'
-#       uses: reactivecircus/android-emulator-runner@v2.27.0
+  #       uses: reactivecircus/android-emulator-runner@v2.27.0
-#       with:
+  #       with:
-#         working-directory: ./mobile
+  #         working-directory: ./mobile
-#         cores: 2
+  #         cores: 2
-#         api-level: 29
+  #         api-level: 29
-#         arch: x86_64
+  #         arch: x86_64
-#         profile: pixel
+  #         profile: pixel
-#         target: default
+  #         target: default
-#         force-avd-creation: false
+  #         force-avd-creation: false
-#         emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
+  #         emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
-#         disable-animations: false
+  #         disable-animations: false
-#         script: echo "Generated AVD snapshot for caching."
+  #         script: echo "Generated AVD snapshot for caching."
-#     - name: Setup Flutter SDK
+  #     - name: Setup Flutter SDK
-#       uses: subosito/flutter-action@v2
+  #       uses: subosito/flutter-action@v2
-#       with:
+  #       with:
-#         channel: 'stable'
+  #         channel: 'stable'
-#         flutter-version: '3.7.3'
+  #         flutter-version: '3.7.3'
-#         cache: true
+  #         cache: true
-#     - name: Run integration tests
+  #     - name: Run integration tests
-#       uses: Wandalen/wretry.action@master
+  #       uses: Wandalen/wretry.action@master
-#       with:
+  #       with:
-#         action: reactivecircus/android-emulator-runner@v2.27.0
+  #         action: reactivecircus/android-emulator-runner@v2.27.0
-#         with: |
+  #         with: |
-#           working-directory: ./mobile
+  #           working-directory: ./mobile
-#           cores: 2
+  #           cores: 2
-#           api-level: 29
+  #           api-level: 29
-#           arch: x86_64
+  #           arch: x86_64
-#           profile: pixel
+  #           profile: pixel
-#           target: default
+  #           target: default
-#           force-avd-creation: false
+  #           force-avd-creation: false
-#           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
+  #           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
-#           disable-animations: true
+  #           disable-animations: true
-#           script: |
+  #           script: |
-#             flutter pub get
+  #             flutter pub get
-#             flutter test integration_test
+  #             flutter test integration_test
-#         attempt_limit: 3
+  #         attempt_limit: 3
--- a/.github/workflows/weblate-lock.yml
+++ b/.github/workflows/weblate-lock.yml
@@ -3,52 +3,48 @@ name: Weblate checks
 on:
  pull_request:
    branches: [main]
    types:
      - opened
      - synchronize
      - ready_for_review
      - auto_merge_enabled
      - auto_merge_disabled
 permissions: {}
 env:
  BOT_NAME: immich-push-o-matic
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.i18n == 'true' && github.head_ref != 'chore/translations'}}
    steps:
-      - name: Check what should run
+      - name: Checkout code
-        id: check
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            i18n:
              - 'i18n/!(en)**\.json'
          exclude-branches: 'chore/translations'
          skip-force-logic: 'true'
  enforce-lock:
    name: Check Weblate Lock
    needs: [pre-job]
    runs-on: ubuntu-latest
    permissions: {}
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    steps:
-      - name: Bot review status
+      - name: Check weblate lock
        env:
          PR_NUMBER: ${{ github.event.pull_request.number || github.event.pull_request_review.pull_request.number }}
          GH_TOKEN: ${{ github.token }}
        run: |
-          # Then check for APPROVED by the bot, if absent fail
+          if [[ "false" = $(curl https://hosted.weblate.org/api/components/immich/immich/lock/ | jq .locked) ]]; then
-          gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json reviews | jq -e '.reviews | map(select(.author.login == env.BOT_NAME and .state == "APPROVED")) | length > 0' \
+            exit 1
-            || (echo "The push-o-matic bot has not approved this PR yet" && exit 1)
+          fi
-
+      - name: Find Pull Request
        uses: juliangruber/find-pull-request-action@48b6133aa6c826f267ebd33aa2d29470f9d9e7d0 # v1.9.0
        id: find-pr
        with:
          branch: chore/translations
      - name: Fail if existing weblate PR
        if: ${{ steps.find-pr.outputs.number }}
        run: exit 1
  success-check-lock:
    name: Weblate Lock Check Success
    needs: [enforce-lock]
@@ -56,6 +52,6 @@ jobs:
    permissions: {}
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
+      - uses: immich-app/devtools/actions/success-check@6b81b1572e466f7f48ba3c823159ce3f4a4d66a6 # success-check-action-0.0.3
        with:
          needs: ${{ toJSON(needs) }}
--- a/.gitignore
+++ b/.gitignore
@@ -18,13 +18,9 @@ mobile/libisar.dylib
 mobile/openapi/test
 mobile/openapi/doc
 mobile/openapi/.openapi-generator/FILES
 mobile/ios/build
 open-api/typescript-sdk/build
 mobile/android/fastlane/report.xml
 mobile/ios/fastlane/report.xml
 vite.config.js.timestamp-*
 .pnpm-store
 .devcontainer/library
 .devcontainer/.env*
--- a/.pnpmfile.cjs
+++ b/.pnpmfile.cjs
@@ -1,18 +0,0 @@
 module.exports = {
  hooks: {
    readPackage: (pkg) => {
      if (!pkg.name) {
        return pkg;
      }
      if (pkg.name === "exiftool-vendored") {
        if (pkg.optionalDependencies["exiftool-vendored.pl"]) {
          // make exiftool-vendored.pl a regular dependency
          pkg.dependencies["exiftool-vendored.pl"] =
            pkg.optionalDependencies["exiftool-vendored.pl"];
          delete pkg.optionalDependencies["exiftool-vendored.pl"];
        }
      }
      return pkg;
    },
  },
 };
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -7,7 +7,7 @@
      "restart": true,
      "port": 9231,
      "name": "Immich API Server",
-      "remoteRoot": "/usr/src/app/server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    },
    {
@@ -16,7 +16,7 @@
      "restart": true,
      "port": 9230,
      "name": "Immich Workers",
-      "remoteRoot": "/usr/src/app/server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    }
  ]
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -56,8 +56,7 @@
  "explorer.fileNesting.enabled": true,
  "explorer.fileNesting.patterns": {
    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
-    "*.ts": "${capture}.spec.ts,${capture}.mock.ts",
+    "*.ts": "${capture}.spec.ts,${capture}.mock.ts"
    "package.json": "package-lock.json, yarn.lock, pnpm-lock.yaml, bun.lockb, bun.lock, pnpm-workspace.yaml, .pnpmfile.cjs"
  },
  "svelte.enable-ts-plugin": true,
  "typescript.preferences.importModuleSpecifier": "non-relative"
--- a/2
+++ b/2
@@ -1,7 +1,5 @@
 /.github/ @bo0tzz
 /docker/ @bo0tzz
 /server/ @danieldietzler
 /web/ @danieldietzler
 /machine-learning/ @mertalev
 /e2e/ @danieldietzler
 /mobile/ @shenlong-tanwen
--- a/117
+++ b/117
@@ -1,36 +1,27 @@
 dev:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans || make dev-down
 dev-down:
 	docker compose -f ./docker/docker-compose.dev.yml down --remove-orphans
 dev-update:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans
 dev-scale:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --scale immich-server=3 --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --build -V  --scale immich-server=3 --remove-orphans
 dev-docs:
 	npm --prefix docs run start
 .PHONY: e2e
 e2e:
-	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --remove-orphans
+	docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
 e2e-update:
 	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
 e2e-down:
 	docker compose -f ./e2e/docker-compose.yml down --remove-orphans
 prod:
-	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
+	docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
 prod-down:
 	docker compose -f ./docker/docker-compose.prod.yml down --remove-orphans
 prod-scale:
-	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
+	docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
 .PHONY: open-api
 open-api:
@@ -43,7 +34,7 @@ open-api-typescript:
 	cd ./open-api && bash ./bin/generate-open-api.sh typescript
 sql:
-	pnpm --filter immich run sync:sql
+	npm --prefix server run sync:sql
 attach-server:
 	docker exec -it docker_immich-server_1 sh
@@ -51,59 +42,31 @@ attach-server:
 renovate:
  LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset
 # Directories that need to be created for volumes or build output
 VOLUME_DIRS = \
 	./.pnpm-store \
 	./web/.svelte-kit \
 	./web/node_modules \
 	./web/coverage \
 	./e2e/node_modules \
 	./docs/node_modules \
 	./server/node_modules \
 	./open-api/typescript-sdk/node_modules \
 	./.github/node_modules \
 	./node_modules \
 	./cli/node_modules
 # Include .env file if it exists
 -include docker/.env
 MODULES = e2e server web cli sdk docs .github
 # directory to package name mapping function
 #   cli     = @immich/cli
 #   docs    = documentation
 #   e2e     = immich-e2e
 #   open-api/typescript-sdk = @immich/sdk
 #   server  = immich
 #   web     = immich-web
 map-package = $(subst sdk,@immich/sdk,$(subst cli,@immich/cli,$(subst docs,documentation,$(subst e2e,immich-e2e,$(subst server,immich,$(subst web,immich-web,$1))))))
 audit-%:
-	pnpm --filter $(call map-package,$*) audit fix
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) audit fix
 install-%:
-	pnpm --filter $(call map-package,$*) install $(if $(FROZEN),--frozen-lockfile) $(if $(OFFLINE),--offline)
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) i
 build-cli: build-sdk
 build-web: build-sdk
 build-%: install-%
-	pnpm --filter $(call map-package,$*) run build
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run build
 format-%:
-	pnpm --filter $(call map-package,$*) run format:fix
+	npm --prefix $* run format:fix
 lint-%:
-	pnpm --filter $(call map-package,$*) run lint:fix
+	npm --prefix $* run lint:fix
 lint-web:
 	pnpm --filter $(call map-package,$*) run lint:p
 check-%:
-	pnpm --filter $(call map-package,$*) run check
+	npm --prefix $* run check
 check-web:
-	pnpm --filter immich-web run check:typescript
+	npm --prefix web run check:typescript
-	pnpm --filter immich-web run check:svelte
+	npm --prefix web run check:svelte
 test-%:
-	pnpm --filter $(call map-package,$*) run test
+	npm --prefix $* run test
 test-e2e:
 	docker compose -f ./e2e/docker-compose.yml build
-	pnpm --filter immich-e2e run test
+	npm --prefix e2e run test
-	pnpm --filter immich-e2e run test:web
+	npm --prefix e2e run test:web
 test-medium:
 	docker run \
    --rm \
@@ -113,39 +76,23 @@ test-medium:
    -v ./server/tsconfig.json:/usr/src/app/tsconfig.json \
    -e NODE_ENV=development \
    immich-server:latest \
-    -c "pnpm test:medium -- --run"
+    -c "npm ci && npm run test:medium -- --run"
 test-medium-dev:
-	docker exec -it immich_server /bin/sh -c "pnpm run test:medium"
+	docker exec -it immich_server /bin/sh -c "npm run test:medium"
-install-all:
+build-all: $(foreach M,$(filter-out e2e .github,$(MODULES)),build-$M) ;
-	pnpm -r --filter '!documentation' install
+install-all: $(foreach M,$(MODULES),install-$M) ;
-
+check-all: $(foreach M,$(filter-out sdk cli docs .github,$(MODULES)),check-$M) ;
-build-all: $(foreach M,$(filter-out e2e docs .github,$(MODULES)),build-$M) ;
+lint-all: $(foreach M,$(filter-out sdk docs .github,$(MODULES)),lint-$M) ;
-
+format-all: $(foreach M,$(filter-out sdk,$(MODULES)),format-$M) ;
-check-all:
+audit-all:  $(foreach M,$(MODULES),audit-$M) ;
-	pnpm -r --filter '!documentation' run "/^(check|check\:svelte|check\:typescript)$/"
+hygiene-all: lint-all format-all check-all sql audit-all;
-lint-all:
+test-all: $(foreach M,$(filter-out sdk docs .github,$(MODULES)),test-$M) ;
 	pnpm -r --filter '!documentation' run lint:fix
 format-all:
 	pnpm -r --filter '!documentation' run format:fix
 audit-all:
 	pnpm -r --filter '!documentation' audit fix
 hygiene-all: audit-all
 	pnpm -r --filter '!documentation' run "/(format:fix|check|check:svelte|check:typescript|sql)/"
 test-all:
 	pnpm -r --filter '!documentation' run "/^test/"
 clean:
-	find . -name "node_modules" -type d -prune -exec rm -rf {} +
+	find . -name "node_modules" -type d -prune -exec rm -rf '{}' +
 	find . -name "dist" -type d -prune -exec rm -rf '{}' +
 	find . -name "build" -type d -prune -exec rm -rf '{}' +
-	find . -name ".svelte-kit" -type d -prune -exec rm -rf '{}' +
+	find . -name "svelte-kit" -type d -prune -exec rm -rf '{}' +
-	find . -name "coverage" -type d -prune -exec rm -rf '{}' +
+	docker compose -f ./docker/docker-compose.dev.yml rm -v -f || true
-	find . -name ".pnpm-store" -type d -prune -exec rm -rf '{}' +
+	docker compose -f ./e2e/docker-compose.yml rm -v -f || true
 	command -v docker >/dev/null 2>&1 && docker compose -f ./docker/docker-compose.dev.yml down -v --remove-orphans || true
 	command -v docker >/dev/null 2>&1 && docker compose -f ./e2e/docker-compose.yml down -v --remove-orphans || true
 setup-server-dev: install-server
 setup-web-dev: install-sdk build-sdk install-web
--- a/cli/.nvmrc
+++ b/cli/.nvmrc
@@ -1 +1 @@
-22.19.0
+22.16.0
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -1,14 +1,19 @@
 FROM node:22.16.0-alpine3.20@sha256:2289fb1fba0f4633b08ec47b94a89c7e20b829fc5679f9b7b298eaa2f1ed8b7e AS core
 WORKDIR /usr/src/open-api/typescript-sdk
 COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
 RUN npm ci
 COPY open-api/typescript-sdk/ ./
 RUN npm run build
 WORKDIR /usr/src/app
-COPY package* pnpm* .pnpmfile.cjs ./
+
-COPY ./cli ./cli/
+COPY cli/package.json cli/package-lock.json ./
-COPY ./open-api/typescript-sdk ./open-api/typescript-sdk/
+RUN npm ci
-RUN corepack enable pnpm && \
+
-  pnpm install --filter @immich/sdk --filter @immich/cli --frozen-lockfile && \
+COPY cli .
-  pnpm --filter @immich/sdk build && \
+RUN npm run build
  pnpm --filter @immich/cli build
 WORKDIR /import
-ENTRYPOINT ["node", "/usr/src/app/cli/dist"]
+ENTRYPOINT ["node", "/usr/src/app/dist"]
--- a/cli/bin/immich
+++ b/cli/bin/immich
@@ -1,2 +0,0 @@
 #!/usr/bin/env node
 import '../dist/index.js';
--- a/cli/package-lock.json
+++ b/cli/package-lock.json
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,11 +1,11 @@
 {
  "name": "@immich/cli",
-  "version": "2.2.90",
+  "version": "2.2.72",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
  "bin": {
-    "immich": "./bin/immich"
+    "immich": "dist/index.js"
  },
  "license": "GNU Affero General Public License version 3",
  "keywords": [
@@ -13,6 +13,7 @@
    "cli"
  ],
  "devDependencies": {
    "@eslint/eslintrc": "^3.1.0",
    "@eslint/js": "^9.8.0",
    "@immich/sdk": "file:../open-api/typescript-sdk",
    "@types/byte-size": "^8.1.0",
@@ -20,22 +21,22 @@
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^22.18.1",
+    "@types/node": "^22.15.31",
    "@vitest/coverage-v8": "^3.0.0",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
    "commander": "^12.0.0",
    "eslint": "^9.14.0",
-    "eslint-config-prettier": "^10.1.8",
+    "eslint-config-prettier": "^10.0.0",
    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^60.0.0",
+    "eslint-plugin-unicorn": "^59.0.0",
    "globals": "^16.0.0",
    "mock-fs": "^5.2.0",
    "prettier": "^3.2.5",
    "prettier-plugin-organize-imports": "^4.0.0",
    "typescript": "^5.3.3",
    "typescript-eslint": "^8.28.0",
-    "vite": "^7.0.0",
+    "vite": "^6.0.0",
    "vite-tsconfig-paths": "^5.0.0",
    "vitest": "^3.0.0",
    "vitest-fetch-mock": "^0.4.0",
@@ -68,6 +69,6 @@
    "micromatch": "^4.0.8"
  },
  "volta": {
-    "node": "22.19.0"
+    "node": "22.16.0"
  }
 }
--- a/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.5"
+  version     = "4.52.0"
-  constraints = "4.52.5"
+  constraints = "4.52.0"
  hashes = [
-    "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=",
+    "h1:2BEJyXJtYC4B4nda/WCYUmuJYDaYk88F8t1pwPzr0iQ=",
-    "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=",
+    "h1:4IASk5SESeWKQ7JU0+M7KApuF5mZyklvwMXPBabim3c=",
-    "h1:4vZVOpKeEQZsF2VrARRZFeL37Ed/gD4rRMtfnvWQres=",
+    "h1:5ImZxxALSnWfH/4EXw/wFirSmk5Tr0ACmcysy51AafE=",
-    "h1:BZOsTF83QPKXTAaYqxPKzdl1KRjk/L2qbPpFjM0w28A=",
+    "h1:6TJ3dxLSin4ZKBJLsZDn95H2ZYnGm8S7GGHvvXuuMQU=",
-    "h1:CDuC+HXLvc1z6wkCRsSDcc/+QENIHEtssYshiWg3opA=",
+    "h1:IzTUjg9kQ4N3qizP9CjYLeHwjsuGgtxwXvfUQWyOLcA=",
-    "h1:DE+YFzLnqSe79pI2R4idRGx5QzLdrA7RXvngTkGfZ30=",
+    "h1:NTaOQfYINA0YTG/V1/9+SYtgX1it63+cBugj4WK4FWc=",
-    "h1:DfaJwH3Ml4yrRbdAY4AcDVy0QTQk5T3A622TXzS/u2E=",
+    "h1:PXH48LuJn329sCfMXprdMDk51EZaWFyajVvS03qhQLs=",
-    "h1:EIDXP0W3kgIv2pecrFmqtK/DnlqkyckzBzhxKaXU+4A=",
+    "h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
-    "h1:EV4kYyaOnwGA0bh/3hU6Ezqnt1PFDxopH7i85e48IzY=",
+    "h1:ShXZ2ZjBvm3thfoPPzPT8+OhyismnydQVkUAfI8X12w=",
-    "h1:M0iXabfzamU+MPDi0G9XACpbacFKMakmM+Z9HZ8HrsM=",
+    "h1:WQ9hu0Wge2msBbODfottCSKgu8oKUrw4Opz+fDPVVHk=",
-    "h1:YWmCbGF/KbsrUzcYVBLscwLizidbp95TDQa0N2qpmVo=",
+    "h1:Z5yXML2DE0uH9UU+M0ut9JMQAORcwVZz1CxBHzeBmao=",
-    "h1:cxPcCB5gbrpUO1+IXkQYs1YTY50/0IlApCzGea0cwuQ=",
+    "h1:jqI2qKknpleS3JDSplyGYHMu0u9K/tor1ZOjFwDgEMk=",
-    "h1:g6DldikTV2HXUu9uoeNY5FuLufgaYWF4ufgZg7wq62s=",
+    "h1:kgfutDh14Q5nw4eg6qGFamFxIiY8Ae0FPKRBLDOzpcI=",
-    "h1:oi/Hrx9pwoQ+Z52CBC+rrowVH387EIj0qvnxQgDeI+0=",
+    "h1:zCAO7GZmfYhWb+i6TfqlqhMeDyPZWGio2IzEzAh3YTs=",
-    "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b",
+    "zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
-    "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a",
+    "zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
-    "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7",
+    "zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
-    "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238",
+    "zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
-    "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b",
+    "zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
-    "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072",
+    "zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
-    "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661",
+    "zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
-    "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c",
+    "zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54",
+    "zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
-    "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852",
+    "zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
-    "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0",
+    "zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
-    "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5",
+    "zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
-    "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036",
+    "zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
-    "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803",
+    "zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
  ]
 }
--- a/deployment/modules/cloudflare/docs-release/config.tf
+++ b/deployment/modules/cloudflare/docs-release/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.52.5"
+      version = "4.52.0"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.5"
+  version     = "4.52.0"
-  constraints = "4.52.5"
+  constraints = "4.52.0"
  hashes = [
-    "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=",
+    "h1:2BEJyXJtYC4B4nda/WCYUmuJYDaYk88F8t1pwPzr0iQ=",
-    "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=",
+    "h1:4IASk5SESeWKQ7JU0+M7KApuF5mZyklvwMXPBabim3c=",
-    "h1:4vZVOpKeEQZsF2VrARRZFeL37Ed/gD4rRMtfnvWQres=",
+    "h1:5ImZxxALSnWfH/4EXw/wFirSmk5Tr0ACmcysy51AafE=",
-    "h1:BZOsTF83QPKXTAaYqxPKzdl1KRjk/L2qbPpFjM0w28A=",
+    "h1:6TJ3dxLSin4ZKBJLsZDn95H2ZYnGm8S7GGHvvXuuMQU=",
-    "h1:CDuC+HXLvc1z6wkCRsSDcc/+QENIHEtssYshiWg3opA=",
+    "h1:IzTUjg9kQ4N3qizP9CjYLeHwjsuGgtxwXvfUQWyOLcA=",
-    "h1:DE+YFzLnqSe79pI2R4idRGx5QzLdrA7RXvngTkGfZ30=",
+    "h1:NTaOQfYINA0YTG/V1/9+SYtgX1it63+cBugj4WK4FWc=",
-    "h1:DfaJwH3Ml4yrRbdAY4AcDVy0QTQk5T3A622TXzS/u2E=",
+    "h1:PXH48LuJn329sCfMXprdMDk51EZaWFyajVvS03qhQLs=",
-    "h1:EIDXP0W3kgIv2pecrFmqtK/DnlqkyckzBzhxKaXU+4A=",
+    "h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
-    "h1:EV4kYyaOnwGA0bh/3hU6Ezqnt1PFDxopH7i85e48IzY=",
+    "h1:ShXZ2ZjBvm3thfoPPzPT8+OhyismnydQVkUAfI8X12w=",
-    "h1:M0iXabfzamU+MPDi0G9XACpbacFKMakmM+Z9HZ8HrsM=",
+    "h1:WQ9hu0Wge2msBbODfottCSKgu8oKUrw4Opz+fDPVVHk=",
-    "h1:YWmCbGF/KbsrUzcYVBLscwLizidbp95TDQa0N2qpmVo=",
+    "h1:Z5yXML2DE0uH9UU+M0ut9JMQAORcwVZz1CxBHzeBmao=",
-    "h1:cxPcCB5gbrpUO1+IXkQYs1YTY50/0IlApCzGea0cwuQ=",
+    "h1:jqI2qKknpleS3JDSplyGYHMu0u9K/tor1ZOjFwDgEMk=",
-    "h1:g6DldikTV2HXUu9uoeNY5FuLufgaYWF4ufgZg7wq62s=",
+    "h1:kgfutDh14Q5nw4eg6qGFamFxIiY8Ae0FPKRBLDOzpcI=",
-    "h1:oi/Hrx9pwoQ+Z52CBC+rrowVH387EIj0qvnxQgDeI+0=",
+    "h1:zCAO7GZmfYhWb+i6TfqlqhMeDyPZWGio2IzEzAh3YTs=",
-    "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b",
+    "zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
-    "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a",
+    "zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
-    "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7",
+    "zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
-    "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238",
+    "zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
-    "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b",
+    "zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
-    "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072",
+    "zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
-    "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661",
+    "zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
-    "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c",
+    "zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54",
+    "zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
-    "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852",
+    "zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
-    "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0",
+    "zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
-    "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5",
+    "zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
-    "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036",
+    "zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
-    "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803",
+    "zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
  ]
 }
--- a/deployment/modules/cloudflare/docs/config.tf
+++ b/deployment/modules/cloudflare/docs/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.52.5"
+      version = "4.52.0"
    }
  }
 }
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -16,31 +16,23 @@ name: immich-dev
 services:
  immich-server:
    container_name: immich_server
-    command: ['immich-dev']
+    command: ['/usr/src/app/bin/immich-dev']
    image: immich-server-dev:latest
    # extends:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    build:
      context: ../
-      dockerfile: server/Dockerfile.dev
+      dockerfile: server/Dockerfile
      target: dev
    restart: unless-stopped
    volumes:
-      - ..:/usr/src/app
+      - ../server:/usr/src/app
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ../open-api:/usr/src/open-api
      - ${UPLOAD_LOCATION}/photos:/usr/src/app/upload
      - ${UPLOAD_LOCATION}/photos/upload:/usr/src/app/upload/upload
      - /usr/src/app/node_modules
      - /etc/localtime:/etc/localtime:ro
      - pnpm-store:/usr/src/app/.pnpm-store
      - server-node_modules:/usr/src/app/server/node_modules
      - web-node_modules:/usr/src/app/web/node_modules
      - github-node_modules:/usr/src/app/.github/node_modules
      - cli-node_modules:/usr/src/app/cli/node_modules
      - docs-node_modules:/usr/src/app/docs/node_modules
      - e2e-node_modules:/usr/src/app/e2e/node_modules
      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
      - app-node_modules:/usr/src/app/node_modules
      - sveltekit:/usr/src/app/web/.svelte-kit
      - coverage:/usr/src/app/web/coverage
    env_file:
      - .env
    environment:
@@ -66,47 +58,37 @@ services:
      - 9231:9231
      - 2283:2283
    depends_on:
-      redis:
+      - redis
-        condition: service_started
+      - database
      database:
        condition: service_started
    healthcheck:
      disable: false
  immich-web:
    container_name: immich_web
    image: immich-web-dev:latest
    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
    # user: 0:0
    build:
-      context: ../
+      context: ../web
-      dockerfile: server/Dockerfile.dev
+    command: ['/usr/src/app/bin/immich-web']
      target: dev
    command: ['immich-web']
    env_file:
      - .env
    ports:
      - 3000:3000
      - 24678:24678
    volumes:
-      - ..:/usr/src/app
+      - ../web:/usr/src/app
-      - pnpm-store:/usr/src/app/.pnpm-store
+      - ../i18n:/usr/src/i18n
-      - server-node_modules:/usr/src/app/server/node_modules
+      - ../open-api/:/usr/src/open-api/
-      - web-node_modules:/usr/src/app/web/node_modules
+      # - ../../ui:/usr/ui
-      - github-node_modules:/usr/src/app/.github/node_modules
+      - /usr/src/app/node_modules
      - cli-node_modules:/usr/src/app/cli/node_modules
      - docs-node_modules:/usr/src/app/docs/node_modules
      - e2e-node_modules:/usr/src/app/e2e/node_modules
      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
      - app-node_modules:/usr/src/app/node_modules
      - sveltekit:/usr/src/app/web/.svelte-kit
      - coverage:/usr/src/app/web/coverage
    ulimits:
      nofile:
        soft: 1048576
        hard: 1048576
    restart: unless-stopped
    depends_on:
-      immich-server:
+      - immich-server
        condition: service_started
  immich-machine-learning:
    container_name: immich_machine_learning
@@ -134,13 +116,13 @@ services:
  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
    healthcheck:
      test: redis-cli ping || exit 1
  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
    env_file:
      - .env
    environment:
@@ -152,7 +134,6 @@ services:
      - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
    ports:
      - 5432:5432
    shm_size: 128mb
  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
  # immich-prometheus:
  #   container_name: immich_prometheus
@@ -178,14 +159,3 @@ volumes:
  model-cache:
  prometheus-data:
  grafana-data:
  pnpm-store:
  server-node_modules:
  web-node_modules:
  github-node_modules:
  cli-node_modules:
  docs-node_modules:
  e2e-node_modules:
  sdk-node_modules:
  app-node_modules:
  sveltekit:
  coverage:
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -20,7 +20,7 @@ services:
      context: ../
      dockerfile: server/Dockerfile
    volumes:
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ${UPLOAD_LOCATION}/photos:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -56,14 +56,14 @@ services:
  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
    env_file:
      - .env
    environment:
@@ -75,7 +75,6 @@ services:
      - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
    ports:
      - 5432:5432
    shm_size: 128mb
    restart: always
  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
@@ -83,7 +82,7 @@ services:
    container_name: immich_prometheus
    ports:
      - 9090:9090
-    image: prom/prometheus@sha256:63805ebb8d2b3920190daf1cb14a60871b16fd38bed42b857a3182bc621f4996
+    image: prom/prometheus@sha256:9abc6cf6aea7710d163dbb28d8eeb7dc5baef01e38fa4cd146a406dd9f07f70d
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
@@ -95,7 +94,7 @@ services:
    command: ['./run.sh', '-disable-reporting']
    ports:
      - 3000:3000
-    image: grafana/grafana:12.1.1-ubuntu@sha256:d1da838234ff2de93e0065ee1bf0e66d38f948dcc5d718c25fa6237e14b4424a
+    image: grafana/grafana:12.0.1-ubuntu@sha256:65575bb9c761335e2ff30e364f21d38632e3b2e75f5f81d83cc92f44b9bbc055
    volumes:
      - grafana-data:/var/lib/grafana
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -18,7 +18,7 @@ services:
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -49,14 +49,14 @@ services:
  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
@@ -67,7 +67,6 @@ services:
    volumes:
      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
    shm_size: 128mb
    restart: always
 volumes:
--- a/docker/scripts/get-cpus.sh
+++ b/docker/scripts/get-cpus.sh
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -19,5 +19,3 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 yarn.lock
 /static/openapi.json
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-22.19.0
+22.16.0
--- a/docs/README.md
+++ b/docs/README.md
@@ -5,13 +5,13 @@ This website is built using [Docusaurus](https://docusaurus.io/), a modern stati
 ### Installation
 ```
-$ pnpm install
+$ npm install
 ```
 ### Local Development
 ```
-$ pnpm run start
+$ npm run start
 ```
 This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
@@ -19,7 +19,7 @@ This command starts a local development server and opens up a browser window. Mo
 ### Build
 ```
-$ pnpm run build
+$ npm run build
 ```
 This command generates static content into the `build` directory and can be served using any static contents hosting service.
@@ -29,13 +29,13 @@ This command generates static content into the `build` directory and can be serv
 Using SSH:
 ```
-$ USE_SSH=true pnpm run deploy
+$ USE_SSH=true npm run deploy
 ```
 Not using SSH:
 ```
-$ GIT_USER=<Your GitHub username> pnpm run deploy
+$ GIT_USER=<Your GitHub username> npm run deploy
 ```
 If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the `gh-pages` branch.
--- a/docs/docs/FAQ.mdx
+++ b/docs/docs/FAQ.mdx
@@ -1,31 +1,5 @@
 # FAQ
 ## Commercial Guidelines
 ### Are you open to commercial partnerships and collaborations?
 We are working to commercialize Immich and we'd love for you to help us by making Immich better. FUTO is dedicated to developing sustainable models for developing open source software for our customers. We want our customers to be delighted by the products our engineers deliver, and we want our engineers to be paid when they succeed.
 If you wish to use Immich in a commercial product not owned by FUTO, we have the following requirements:
 - Plugin Integrations: Integrations for other platforms are typically approved, provided proper notification is given.
 - Reseller Partnerships: Must adhere to the guidelines outlined below regarding trademark usage, and proper representation.
 - Strategic Collaborations: We welcome discussions about mutually beneficial partnerships that enhance the value proposition for both organizations.
 ### What are your guidelines for resellers and trademark usage?
 For organizations seeking to resell Immich, we have established the following guidelines to protect our brand integrity and ensure proper representation.
 - We request that resellers do not display our trademarks on their websites or marketing materials. If such usage is discovered, we will contact you to request removal.
 - Do not misrepresent your reseller site or services as being officially affiliated with or endorsed by Immich or our development team.
 - For small resellers who wish to contribute financially to Immich's development, we recommend directing your customers to purchase licenses directy from us rather than attempting to broker revenue-sharing arrangements. We ask that you refrain from misrepresenting reseller activities as directly supporting our development work.
 When in doubt or if you have an edge case scenario, we encourage you to contact us directly via email to discuss the use of our trademark. We can provide clear guidance on what is acceptable and what is not. You can reach out at: questions@immich.app
 ## User
 ### How can I reset the admin password?
@@ -206,7 +180,7 @@ services:
 ...
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
 +     - originals:/usr/src/app/originals
 ...
@@ -516,7 +490,7 @@ You can also scan the Postgres database file structure for errors:
 <details>
 <summary>Scan for file structure errors</summary>
 ```bash
-docker exec -it immich_postgres pg_amcheck --username=<DB_USERNAME> --heapallindexed --parent-check --rootdescend --progress --all --install-missing
+docker exec -it immich_postgres pg_amcheck --username=postgres --heapallindexed --parent-check --rootdescend --progress --all --install-missing
 ```
 A normal result will end something like this and return with an exit code of `0`:
--- a/docs/docs/administration/backup-and-restore.md
+++ b/docs/docs/administration/backup-and-restore.md
@@ -57,7 +57,7 @@ Then please follow the steps in the following section for restoring the database
  <TabItem value="Linux system" label="Linux system" default>
 ```bash title='Backup'
-docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME> | gzip > "/path/to/backup/dump.sql.gz"
+docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres | gzip > "/path/to/backup/dump.sql.gz"
 ```
 ```bash title='Restore'
@@ -79,7 +79,7 @@ docker compose up -d            # Start remainder of Immich apps
  <TabItem value="Windows system (PowerShell)" label="Windows system (PowerShell)">
 ```powershell title='Backup'
-[System.IO.File]::WriteAllLines("C:\absolute\path\to\backup\dump.sql", (docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME>))
+[System.IO.File]::WriteAllLines("C:\absolute\path\to\backup\dump.sql", (docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres))
 ```
 ```powershell title='Restore'
@@ -150,10 +150,12 @@ for more info read the [release notes](https://github.com/immich-app/immich/rele
  - Preview images (small thumbnails and large previews) for each asset and thumbnails for recognized faces.
  - Stored in `UPLOAD_LOCATION/thumbs/<userID>`.
 - **Encoded Assets:**
  - Videos that have been re-encoded from the original for wider compatibility. The original is not removed.
  - Stored in `UPLOAD_LOCATION/encoded-video/<userID>`.
 - **Postgres**
  - The Immich database containing all the information to allow the system to function properly.  
    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
  - Stored in `DB_DATA_LOCATION`.
@@ -199,6 +201,7 @@ When you turn off the storage template engine, it will leave the assets in `UPLO
  - Temporarily located in `UPLOAD_LOCATION/upload/<userID>`.
  - Transferred to `UPLOAD_LOCATION/library/<userID>` upon successful upload.
 - **Postgres**
  - The Immich database containing all the information to allow the system to function properly.  
    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
  - Stored in `DB_DATA_LOCATION`.
--- a/docs/docs/administration/img/admin-nightly-tasks.webp
+++ b/docs/docs/administration/img/admin-nightly-tasks.webp
--- a/docs/docs/administration/jobs-workers.md
+++ b/docs/docs/administration/jobs-workers.md
@@ -46,12 +46,6 @@ services:
 When a new asset is uploaded it kicks off a series of jobs, which include metadata extraction, thumbnail generation, machine learning tasks, and storage template migration, if enabled. To view the status of a job navigate to the Administration -> Jobs page.
 Additionally, some jobs run on a schedule, which is every night at midnight. This schedule, with the exception of [External Libraries](/docs/features/libraries) scanning, cannot be changed.
 <img src={require('./img/admin-jobs.webp').default} width="60%" title="Admin jobs" />
 Additionally, some jobs (such as memories generation) run on a schedule, which is every night at midnight by default. To change when they run or enable/disable a job navigate to System Settings -> [Nightly Tasks Settings](https://my.immich.app/admin/system-settings?isOpen=nightly-tasks).
 <img src={require('./img/admin-nightly-tasks.webp').default} width="60%" title="Admin nightly tasks" />
 :::note
 Some jobs ([External Libraries](/docs/features/libraries) scanning, Database Dump) are configured in their own sections in System Settings.
 :::
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -10,7 +10,7 @@ Unable to set `app.immich:///oauth-callback` as a valid redirect URI? See [Mobil
 Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an identity layer built on top of OAuth2. OIDC is supported by most identity providers, including:
- [Authentik](https://integrations.goauthentik.io/media/immich/)
+- [Authentik](https://goauthentik.io/integrations/sources/oauth/#openid-connect)
 - [Authelia](https://www.authelia.com/integration/openid-connect/immich/)
 - [Okta](https://www.okta.com/openid-connect/)
 - [Google](https://developers.google.com/identity/openid-connect/openid-connect)
@@ -20,6 +20,7 @@ Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an i
 Before enabling OAuth in Immich, a new client application needs to be configured in the 3rd-party authentication server. While the specifics of this setup vary from provider to provider, the general approach should be the same.
 1. Create a new (Client) Application
   1. The **Provider** type should be `OpenID Connect` or `OAuth2`
   2. The **Client type** should be `Confidential`
   3. The **Application** type should be `Web`
@@ -28,6 +29,7 @@ Before enabling OAuth in Immich, a new client application needs to be configured
 2. Configure Redirect URIs/Origins
   The **Sign-in redirect URIs** should include:
   - `app.immich:///oauth-callback` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
   - `http://DOMAIN:PORT/auth/login` - for logging in with OAuth from the Web Client
   - `http://DOMAIN:PORT/user-settings` - for manually linking OAuth in the Web Client
@@ -35,17 +37,21 @@ Before enabling OAuth in Immich, a new client application needs to be configured
   Redirect URIs should contain all the domains you will be using to access Immich. Some examples include:
   Mobile
   - `app.immich:///oauth-callback` (You **MUST** include this for iOS and Android mobile apps to work properly)
   Localhost
   - `http://localhost:2283/auth/login`
   - `http://localhost:2283/user-settings`
   Local IP
   - `http://192.168.0.200:2283/auth/login`
   - `http://192.168.0.200:2283/user-settings`
   Hostname
   - `https://immich.example.com/auth/login`
   - `https://immich.example.com/user-settings`
@@ -62,9 +68,8 @@ Once you have a new OAuth client application configured, Immich can be configure
 | Scope                                                | string  | openid email profile | Full list of scopes to send with the request (space delimited)                      |
 | Signing Algorithm                                    | string  | RS256                | The algorithm used to sign the id token (examples: RS256, HS256)                    |
 | Storage Label Claim                                  | string  | preferred_username   | Claim mapping for the user's storage label**¹**                                     |
 | Role Claim                                           | string  | immich_role          | Claim mapping for the user's role. (should return "user" or "admin")**¹**           |
 | Storage Quota Claim                                  | string  | immich_quota         | Claim mapping for the user's storage**¹**                                           |
-| Default Storage Quota (GiB)                          | number  | 0                    | Default quota for user without storage quota claim (empty for unlimited quota)      |
+| Default Storage Quota (GiB)                          | number  | 0                    | Default quota for user without storage quota claim (Enter 0 for unlimited quota)    |
 | Button Text                                          | string  | Login with OAuth     | Text for the OAuth button on the web                                                |
 | Auto Register                                        | boolean | true                 | When true, will automatically register a user the first time they sign in           |
 | [Auto Launch](#auto-launch)                          | boolean | false                | When true, will skip the login page and automatically start the OAuth login process |
@@ -88,7 +93,7 @@ The `.well-known/openid-configuration` part of the url is optional and will be a
 ## Auto Launch
 When Auto Launch is enabled, the login page will automatically redirect the user to the OAuth authorization url, to login with OAuth. To access the login screen again, use the browser's back button, or navigate directly to `/auth/login?autoLaunch=0`.
-Auto Launch can also be enabled on a per-request basis by navigating to `/auth/login?autoLaunch=1`, this can be useful in situations where Immich is called from e.g. Nextcloud using the _External sites_ app and the _oidc_ app so as to enable users to directly interact with a logged-in instance of Immich.
+Auto Launch can also be enabled on a per-request basis by navigating to `/auth/login?authLaunch=1`, this can be useful in situations where Immich is called from e.g. Nextcloud using the _External sites_ app and the _oidc_ app so as to enable users to directly interact with a logged-in instance of Immich.
 ## Mobile Redirect URI
@@ -106,89 +111,6 @@ Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to
 ## Example Configuration
 <details>
 <summary>Authelia Example</summary>
 ### Authelia Example
 Here's an example of OAuth configured for Authelia:
 This assumes there exist an attribute `immichquota` in the user schema, which is used to set the user's storage quota in Immich.
 The configuration concerning the quota is optional.
 ```yaml
 authentication_backend:
  ldap:
    # The LDAP server configuration goes here.
    # See: https://www.authelia.com/c/ldap
    attributes:
      extra:
        immichquota: # The attribute name from LDAP
          name: 'immich_quota'
          multi_valued: false
          value_type: 'integer'
 identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    claims_policies:
      immich_policy:
        custom_claims:
          immich_quota:
            attribute: 'immich_quota'
    scopes:
      immich_scope:
        claims:
          - 'immich_quota'
    clients:
      - client_id: 'immich'
        client_name: 'Immich'
        # https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-a-client-identifier-or-client-secret
        client_secret: $pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'
        public: false
        require_pkce: false
        redirect_uris:
          - 'https://example.immich.app/auth/login'
          - 'https://example.immich.app/user-settings'
          - 'app.immich:///oauth-callback'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
          - 'immich_scope'
        claims_policy: 'immich_policy'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
        id_token_signed_response_alg: 'RS256'
        userinfo_signed_response_alg: 'RS256'
        token_endpoint_auth_method: 'client_secret_post'
 ```
 Configuration of OAuth in Immich System Settings
 | Setting                            | Value                                                               |
 | ---------------------------------- | ------------------------------------------------------------------- |
 | Issuer URL                         | `https://example.immich.app/.well-known/openid-configuration`       |
 | Client ID                          | immich                                                              |
 | Client Secret                      | 0v89FXkQOWO\***\*\*\*\*\***\*\*\***\*\*\*\*\***mprbvXD549HH6s1iw... |
 | Token Endpoint Auth Method         | client_secret_post                                                  |
 | Scope                              | openid email profile immich_scope                                   |
 | ID Token Signed Response Algorithm | RS256                                                               |
 | Userinfo Signed Response Algorithm | RS256                                                               |
 | Storage Label Claim                | uid                                                                 |
 | Storage Quota Claim                | immich_quota                                                        |
 | Default Storage Quota (GiB)        | 0 (empty for unlimited quota)                                       |
 | Button Text                        | Sign in with Authelia (optional)                                    |
 | Auto Register                      | Enabled (optional)                                                  |
 | Auto Launch                        | Enabled (optional)                                                  |
 | Mobile Redirect URI Override       | Disable                                                             |
 | Mobile Redirect URI                |                                                                     |
 </details>
 <details>
 <summary>Authentik Example</summary>
@@ -211,7 +133,7 @@ Configuration of OAuth in Immich System Settings
 | Signing Algorithm            | RS256                                                                              |
 | Storage Label Claim          | preferred_username                                                                 |
 | Storage Quota Claim          | immich_quota                                                                       |
-| Default Storage Quota (GiB)  | 0 (empty for unlimited quota)                                                      |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                          |
 | Button Text                  | Sign in with Authentik (optional)                                                  |
 | Auto Register                | Enabled (optional)                                                                 |
 | Auto Launch                  | Enabled (optional)                                                                 |
@@ -242,7 +164,7 @@ Configuration of OAuth in Immich System Settings
 | Signing Algorithm            | RS256                                                                        |
 | Storage Label Claim          | preferred_username                                                           |
 | Storage Quota Claim          | immich_quota                                                                 |
-| Default Storage Quota (GiB)  | 0 (empty for unlimited quota)                                                |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                    |
 | Button Text                  | Sign in with Google (optional)                                               |
 | Auto Register                | Enabled (optional)                                                           |
 | Auto Launch                  | Enabled                                                                      |
--- a/docs/docs/administration/reverse-proxy.md
+++ b/docs/docs/administration/reverse-proxy.md
@@ -2,6 +2,10 @@
 Users can deploy a custom reverse proxy that forwards requests to Immich. This way, the reverse proxy can handle TLS termination, load balancing, or other advanced features. All reverse proxies between Immich and the user must forward all headers and set the `Host`, `X-Real-IP`, `X-Forwarded-Proto` and `X-Forwarded-For` headers to their appropriate values. Additionally, your reverse proxy should allow for big enough uploads. By following these practices, you ensure that all custom reverse proxies are fully compatible with Immich.
 :::note
 The Repair page can take a long time to load. To avoid server timeouts or errors, we recommend specifying a timeout of at least 10 minutes on your proxy server.
 :::
 :::caution
 Immich does not support being served on a sub-path such as `location /immich {`. It has to be served on the root path of a (sub)domain.
 :::
--- a/docs/docs/administration/server-commands.md
+++ b/docs/docs/administration/server-commands.md
@@ -3,7 +3,7 @@
 The `immich-server` docker image comes preinstalled with an administrative CLI (`immich-admin`) that supports the following commands:
 | Command                  | Description                           |
-| ------------------------ | ------------------------------------------------------------- |
+| ------------------------ | ------------------------------------- |
 | `help`                   | Display help                          |
 | `reset-admin-password`   | Reset the password for the admin user |
 | `disable-password-login` | Disable password login                |
@@ -12,7 +12,6 @@ The `immich-server` docker image comes preinstalled with an administrative CLI (
 | `disable-oauth-login`    | Disable OAuth login                   |
 | `list-users`             | List Immich users                     |
 | `version`                | Print Immich version                  |
 | `change-media-location`  | Change database file paths to align with a new media location |
 ## How to run a command
@@ -89,21 +88,3 @@ Print Immich Version
 immich-admin version
 v1.129.0
 ```
 Change media location
 ```
 immich-admin change-media-location
 ? Enter the previous value of IMMICH_MEDIA_LOCATION: /data
 ? Enter the new value of IMMICH_MEDIA_LOCATION: /my-data
 ...
  Previous value: /data
  Current value:  /my-data
  Changing database paths from "/data/*" to "/my-data/*"
 ? Do you want to proceed? [Y/n] y
 Database file paths updated successfully! 🎉
 ...
 ```
--- a/docs/docs/developer/database-migrations.md
+++ b/docs/docs/developer/database-migrations.md
@@ -5,7 +5,7 @@ After making any changes in the `server/src/schema`, a database migration need t
 1. Run the command
 ```bash
-pnpm run migrations:generate <migration-name>
+npm run migrations:generate <migration-name>
 ```
 2. Check if the migration file makes sense.
--- a/docs/docs/developer/devcontainers.md
+++ b/docs/docs/developer/devcontainers.md
@@ -7,7 +7,7 @@ sidebar_position: 3
 Dev Containers provide a consistent, reproducible development environment using Docker containers. With a single click, you can get started with an Immich development environment on Mac, Linux, Windows, or in the cloud using GitHub Codespaces.
-Get started fast!
+[![Open in VSCode Containers](https://img.shields.io/static/v1?label=VSCode%20DevContainer&message=Immich&color=blue)](https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/immich-app/immich/)
 [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/immich-app/immich/)
@@ -71,7 +71,7 @@ cd immich
 The immich dev containers read environment variables from your shell environment, not from `.env` files. This allows them to work in cloud environments without pre-configuration.
-:::important Configuration
+:::important Required Configuration
 When running locally, and if you want to create (or use an existing) DB and/or photo storage folder, you must set the `UPLOAD_LOCATION` variable in your shell environment before launching the Dev Container. This determines where uploaded files are stored and also where the DB stores it data.
 ```bash
@@ -88,10 +88,6 @@ source ~/.bashrc
 ### Step 3: Launch the Dev Container
 :::tip
 Immich development makes extensive use of specialized [base images](https://github.com/immich-app/base-images) for its docker-compose based development. For this reason, you won't be able to use VSCode's **_Clone Repository in a Container Volume_** command.
 :::
 #### Using VS Code UI:
 1. Open the cloned repository in VS Code
@@ -203,11 +199,13 @@ To use your SSH key for commit signing, see the [GitHub guide on SSH commit sign
 When the Dev Container starts, it automatically:
 1. **Runs post-create script** (`container-server-post-create.sh`):
   - Adjusts file permissions for the `node` user
-   - Installs dependencies: `pnpm install` in all packages
+   - Installs dependencies: `npm install` in all packages
-   - Builds TypeScript SDK: `pnpm run build` in `open-api/typescript-sdk`
+   - Builds TypeScript SDK: `npm run build` in `open-api/typescript-sdk`
 2. **Starts development servers** via VS Code tasks:
   - `Immich API Server (Nest)` - API server with hot-reloading on port 2283
   - `Immich Web Server (Vite)` - Web frontend with hot-reloading on port 3000
   - Both servers watch for file changes and recompile automatically
@@ -243,7 +241,7 @@ To connect the mobile app to your Dev Container:
 - **Server code** (`/server`): Changes trigger automatic restart
 - **Web code** (`/web`): Changes trigger hot module replacement
- **Database migrations**: Run `pnpm run sync:sql` in the server directory
+- **Database migrations**: Run `npm run sync:sql` in the server directory
 - **API changes**: Regenerate TypeScript SDK with `make open-api`
 ## Testing
@@ -273,19 +271,19 @@ make test-medium-dev    # End-to-end tests
 ```bash
 # Server tests
 cd /workspaces/immich/server
-pnpm test                # Run all tests
+npm test                # Run all tests
-pnpm run test:watch     # Watch mode
+npm run test:watch     # Watch mode
-pnpm run test:cov       # Coverage report
+npm run test:cov       # Coverage report
 # Web tests
 cd /workspaces/immich/web
-pnpm test               # Run all tests
+npm test               # Run all tests
-pnpm run test:watch     # Watch mode
+npm run test:watch     # Watch mode
 # E2E tests
 cd /workspaces/immich/e2e
-pnpm run test           # Run API tests
+npm run test           # Run API tests
-pnpm run test:web       # Run web UI tests
+npm run test:web       # Run web UI tests
 ```
 ### Code Quality Commands
@@ -337,12 +335,14 @@ make install-all      # Install all dependencies
 The Dev Container is pre-configured for debugging:
 1. **API Server Debugging**:
   - Set breakpoints in VS Code
   - Press `F5` or use "Run and Debug" panel
   - Select "Attach to Server" configuration
   - Debug port: 9231
 2. **Worker Debugging**:
   - Use "Attach to Workers" configuration
   - Debug port: 9230
@@ -428,6 +428,7 @@ While the Dev Container focuses on server and web development, you can connect m
   ```
 2. **Configure mobile app**:
   - Server URL: `http://YOUR_IP:2283/api`
   - Ensure firewall allows port 2283
--- a/docs/docs/developer/pr-checklist.md
+++ b/docs/docs/developer/pr-checklist.md
@@ -8,47 +8,34 @@ When contributing code through a pull request, please check the following:
 ## Web Checks
- [ ] `pnpm run lint` (linting via ESLint)
+- [ ] `npm run lint` (linting via ESLint)
- [ ] `pnpm run format` (formatting via Prettier)
+- [ ] `npm run format` (formatting via Prettier)
- [ ] `pnpm run check:svelte` (Type checking via SvelteKit)
+- [ ] `npm run check:svelte` (Type checking via SvelteKit)
- [ ] `pnpm run check:typescript` (check typescript)
+- [ ] `npm run check:typescript` (check typescript)
- [ ] `pnpm test` (unit tests)
+- [ ] `npm test` (unit tests)
 ## Documentation
- [ ] `pnpm run format` (formatting via Prettier)
+- [ ] `npm run format` (formatting via Prettier)
 - [ ] Update the `_redirects` file if you have renamed a page or removed it from the documentation.
 :::tip AIO
-Run all web checks with `pnpm run check:all`
+Run all web checks with `npm run check:all`
 :::
 ## Server Checks
- [ ] `pnpm run lint` (linting via ESLint)
+- [ ] `npm run lint` (linting via ESLint)
- [ ] `pnpm run format` (formatting via Prettier)
+- [ ] `npm run format` (formatting via Prettier)
- [ ] `pnpm run check` (Type checking via `tsc`)
+- [ ] `npm run check` (Type checking via `tsc`)
- [ ] `pnpm test` (unit tests)
+- [ ] `npm test` (unit tests)
 :::tip AIO
-Run all server checks with `pnpm run check:all`
+Run all server checks with `npm run check:all`
 :::
 :::info Auto Fix
-You can use `pnpm run __:fix` to potentially correct some issues automatically for `pnpm run format` and `lint`.
+You can use `npm run __:fix` to potentially correct some issues automatically for `npm run format` and `lint`.
 :::
 ## Mobile Checks
 The following commands must be executed from within the mobile app directory of the codebase.
 - [ ] `make build` (auto-generate files using build_runner)
 - [ ] `make analyze` (static analysis via Dart Analyzer and DCM)
 - [ ] `make format` (formatting via Dart Formatter)
 - [ ] `make test` (unit tests)
 :::info Auto Fix
 You can use `dart fix --apply` and `dcm fix lib` to potentially correct some issues automatically for `make analyze`.
 :::
 ## OpenAPI
--- a/docs/docs/developer/setup.md
+++ b/docs/docs/developer/setup.md
@@ -54,20 +54,20 @@ You can access the web from `http://your-machine-ip:3000` or `http://localhost:3
 If you only want to do web development connected to an existing, remote backend, follow these steps:
-1. Build the Immich SDK - `cd open-api/typescript-sdk && pnpm i && pnpm run build && cd -`
+1. Build the Immich SDK - `cd open-api/typescript-sdk && npm i && npm run build && cd -`
 2. Enter the web directory - `cd web/`
-3. Install web dependencies - `pnpm i`
+3. Install web dependencies - `npm i`
 4. Start the web development server
 ```bash
-IMMICH_SERVER_URL=https://demo.immich.app/ pnpm run dev
+IMMICH_SERVER_URL=https://demo.immich.app/ npm run dev
 ```
 If you're using PowerShell on Windows you may need to set the env var separately like so:
 ```powershell
 $env:IMMICH_SERVER_URL = "https://demo.immich.app/"
-pnpm run dev
+npm run dev
 ```
 #### `@immich/ui`
@@ -75,12 +75,12 @@ pnpm run dev
 To see local changes to `@immich/ui` in Immich, do the following:
 1. Install `@immich/ui` as a sibling to `immich/`, for example `/home/user/immich` and `/home/user/ui`
-2. Build the `@immich/ui` project via `pnpm run build`
+2. Build the `@immich/ui` project via `npm run build`
 3. Uncomment the corresponding volume in web service of the `docker/docker-compose.dev.yaml` file (`../../ui:/usr/ui`)
 4. Uncomment the corresponding alias in the `web/vite.config.js` file (`'@immich/ui': path.resolve(\_\_dirname, '../../ui')`)
 5. Uncomment the import statement in `web/src/app.css` file `@import '/usr/ui/dist/theme/default.css';` and comment out `@import '@immich/ui/theme/default.css';`
 6. Start up the stack via `make dev`
-7. After making changes in `@immich/ui`, rebuild it (`pnpm run build`)
+7. After making changes in `@immich/ui`, rebuild it (`npm run build`)
 ### Mobile app
--- a/docs/docs/developer/testing.md
+++ b/docs/docs/developer/testing.md
@@ -4,8 +4,8 @@
 ### Unit tests
-Unit are run by calling `pnpm run test` from the `server/` directory.
+Unit are run by calling `npm run test` from the `server/` directory.
-You need to run `pnpm install` (in `server/`) before _once_.
+You need to run `npm install` (in `server/`) before _once_.
 ### End to end tests
@@ -17,14 +17,14 @@ make e2e
 Before you can run the tests, you need to run the following commands _once_:
- `pnpm install` (in `e2e/`)
+- `npm install` (in `e2e/`)
 - `make open-api` (in the project root `/`)
 Once the test environment is running, the e2e tests can be run via:
 ```bash
 cd e2e/
-pnpm test
+npm test
 ```
 The tests check various things including:
--- a/docs/docs/features/folder-view.md
+++ b/docs/docs/features/folder-view.md
@@ -2,7 +2,7 @@
 Folder view provides an additional view besides the timeline that is similar to a file explorer. It allows you to navigate through the folders and files in the library. This feature is handy for a highly curated and customized external library or a nicely configured storage template.
-You can enable this feature under [`Account Settings > Features > Folders`](https://my.immich.app/user-settings?isOpen=feature+folders)
+You can enable this feature under [`Account Settings > Features > Folder View`](https://my.immich.app/user-settings?isOpen=feature+folders)
 ## Enable folder view
--- a/docs/docs/features/img/xmp-sidecars.webp
+++ b/docs/docs/features/img/xmp-sidecars.webp
--- a/docs/docs/features/libraries.md
+++ b/docs/docs/features/libraries.md
@@ -33,7 +33,7 @@ Sometimes, an external library will not scan correctly. This can happen if Immic
 - Are the permissions set correctly?
 - Make sure you are using forward slashes (`/`) and not backward slashes.
-To validate that Immich can reach your external library, start a shell inside the container. Run `docker exec -it immich_server bash` to a bash shell. If your import path is `/mnt/photos`, check it with `ls /mnt/photos`. If you are using a dedicated microservices container, make sure to add the same mount point and check for availability within the microservices container as well.
+To validate that Immich can reach your external library, start a shell inside the container. Run `docker exec -it immich_server bash` to a bash shell. If your import path is `/data/import/photos`, check it with `ls /data/import/photos`. Do the same check for the same in any microservices containers.
 ### Exclusion Patterns
@@ -56,9 +56,9 @@ Internally, Immich uses the [glob](https://www.npmjs.com/package/glob) package t
 ### Automatic watching (EXPERIMENTAL)
-This feature is considered experimental and for advanced users only. If enabled, it will allow automatic watching of the filesystem which means new assets are automatically imported to Immich without needing to rescan.
+This feature - currently hidden in the config file - is considered experimental and for advanced users only. If enabled, it will allow automatic watching of the filesystem which means new assets are automatically imported to Immich without needing to rescan.
-If your photos are on a network drive, automatic file watching likely won't work. In that case, you will have to rely on a [periodic library refresh](#set-custom-scan-interval) to pull in your changes.
+If your photos are on a network drive, automatic file watching likely won't work. In that case, you will have to rely on a periodic library refresh to pull in your changes.
 #### Troubleshooting
@@ -72,9 +72,7 @@ In rare cases, the library watcher can hang, preventing Immich from starting up.
 ### Nightly job
-There is an automatic scan job that is scheduled to run once a day. Its schedule is configurable, see [Set Custom Scan Interval](#set-custom-scan-interval).
+There is an automatic scan job that is scheduled to run once a day. This job also cleans up any libraries stuck in deletion. It is possible to trigger the cleanup by clicking "Scan all libraries" in the library management page.
 This job also cleans up any libraries stuck in deletion. It is possible to trigger the cleanup by clicking "Scan all libraries" in the library management page.
 ## Usage
@@ -93,7 +91,7 @@ The `immich-server` container will need access to the gallery. Modify your docke
 ```diff title="docker-compose.yml"
  immich-server:
    volumes:
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
 +     - /mnt/nas/christmas-trip:/mnt/media/christmas-trip:ro
 +     - /home/user/old-pics:/mnt/media/old-pics:ro
 +     - /mnt/media/videos:/mnt/media/videos:ro
@@ -114,7 +112,7 @@ _Remember to run `docker compose up -d` to register the changes. Make sure you c
 These actions must be performed by the Immich administrator.
- Click on your avatar in the upper right corner
+- Click on your avatar on the upper right corner
 - Click on Administration -> External Libraries
 - Click on Create an external library…
 - Select which user owns the library, this can not be changed later
@@ -161,7 +159,9 @@ Within seconds, the assets from the old-pics and videos folders should show up i
 Folder view provides an additional view besides the timeline that is similar to a file explorer. It allows you to navigate through the folders and files in the library. This feature is handy for a highly curated and customized external library or a nicely configured storage template.
-You can enable this feature under [`Account Settings > Features > Folders`](https://my.immich.app/user-settings?isOpen=feature+folders)
+You can enable this feature under [`Account Settings > Features > Folder View`](https://my.immich.app/user-settings?isOpen=feature+folders)
 The UI is currently only available for the web; mobile will come in a subsequent release.
 <img src={require('./img/folder-view-1.webp').default} width="100%" title='Folder-view' />
@@ -171,7 +171,7 @@ You can enable this feature under [`Account Settings > Features > Folders`](http
 Only an admin can do this.
 :::
-You can define a custom interval for the trigger external library rescan under Administration -> Settings -> External Library.  
+You can define a custom interval for the trigger external library rescan under Administration -> Settings -> Library.  
 You can set the scanning interval using the preset or cron format. For more information you can refer to [Crontab Guru](https://crontab.guru/).
 <img src={require('./img/library-custom-scan-interval.webp').default} width="75%" title='Set custom scan interval for external library' />
--- a/docs/docs/features/mobile-app.mdx
+++ b/docs/docs/features/mobile-app.mdx
@@ -88,9 +88,9 @@ It will only reflect files you add.
 :::
 If the same asset is in more than one album it will only sync to the first album it's in, after that it won't sync again even if the user clicks sync albums manually.
-To overcome this limitation, the files must be removed from the ignore list by
+To overcome this limitation, the files must be removed from the blacklist by
 App settings -> Advanced -> Duplicate Assets -> Clear
 :::info
-Cleaning duplicate assets from the list will cause all the previously uploaded duplicate files to be re-uploaded, the files will not actually be uploaded and will be rejected on the server side (due to duplication) but will be synchronized to the album and at the end will be added to the ignore list again at the end of the synchronization.
+Cleaning duplicate assets from the list will cause all the previously uploaded duplicate files to be re-uploaded, the files will not actually be uploaded and will be rejected on the server side (due to duplication) but will be synchronized to the album and at the end will be added to the black list again at the end of the synchronization.
 :::
--- a/docs/docs/features/monitoring.md
+++ b/docs/docs/features/monitoring.md
@@ -66,7 +66,7 @@ The provided file is just a starting point. There are a ton of ways to configure
 After bringing down the containers with `docker compose down` and back up with `docker compose up -d`, a Prometheus instance will now collect metrics from the immich server and microservices containers. Note that we didn't need to expose any new ports for these containers - the communication is handled in the internal Docker network.
 :::note
-To see exactly what metrics are made available, you can additionally add `8081:8081` (API metrics) and `8082:8082` (microservices metrics) to the immich_server container's ports.
+To see exactly what metrics are made available, you can additionally add `8081:8081` to the server container's ports and `8082:8082` to the microservices container's ports.
 Visiting the `/metrics` endpoint for these services will show the same raw data that Prometheus collects.
 To configure these ports see [`IMMICH_API_METRICS_PORT` & `IMMICH_MICROSERVICES_METRICS_PORT`](/docs/install/environment-variables/#general).
 :::
--- a/docs/docs/features/supported-formats.md
+++ b/docs/docs/features/supported-formats.md
@@ -16,7 +16,7 @@ For the full list, refer to the [Immich source code](https://github.com/immich-a
 | `HEIC`      | `.heic`                       | :white_check_mark: |                 |
 | `HEIF`      | `.heif`                       | :white_check_mark: |                 |
 | `JPEG 2000` | `.jp2`                        | :white_check_mark: |                 |
-| `JPEG`      | `.jpeg` `.jpg` `.jpe` `.insp` | :white_check_mark: |                 |
+| `JPEG`      | `.webp` `.jpg` `.jpe` `.insp` | :white_check_mark: |                 |
 | `JPEG XL`   | `.jxl`                        | :white_check_mark: |                 |
 | `PNG`       | `.png`                        | :white_check_mark: |                 |
 | `PSD`       | `.psd`                        | :white_check_mark: | Adobe Photoshop |
--- a/docs/docs/features/tags.md
+++ b/docs/docs/features/tags.md
@@ -1,6 +1,6 @@
 # Tags
-Immich supports hierarchical tags, with the ability to read existing tags from the XMP `TagsList` field and IPTC `Keywords` field. Any changes to tags made through Immich are also written back to a [sidecar](/docs/features/xmp-sidecars) file. You can re-run the metadata extraction jobs for all assets to import your existing tags.
+Immich supports hierarchical tags, with the ability to read existing tags from the `TagList` and `Keywords` EXIF properties. Any changes to tags made through Immich are also written back to a [sidecar](/docs/features/xmp-sidecars) file. You can re-run the metadata extraction jobs for all assets to import your existing tags.
 ## Enable tags feature
--- a/docs/docs/features/xmp-sidecars.md
+++ b/docs/docs/features/xmp-sidecars.md
@@ -1,68 +1,13 @@
 # XMP Sidecars
-Immich supports XMP sidecar files — external `.xmp` files that store metadata for an image or video in XML format. During the metadata extraction job Immich will read & import metadata from `.xmp` files, and during the Sidecar Write job it will _write_ metadata back to `.xmp`.
+Immich can ingest XMP sidecars on file upload (via the CLI) as well as detect new sidecars that are placed in the filesystem for existing images.
-:::tip
+<img src={require('./img/xmp-sidecars.webp').default} title='XMP sidecars' />
 Tools like Lightroom, Darktable, digiKam and other applications can also be configured to write changes to `.xmp` files, in order to avoid modifying the original file.
 :::
-## Metadata Fields
+XMP sidecars are external XML files that contain metadata related to media files. Many applications read and write these files either exclusively or in addition to the metadata written to image files. They can be a powerful tool for editing and storing metadata of a media file without modifying the media file itself. When Immich receives or detects an XMP sidecar for a media file, it will attempt to extract the metadata from both the sidecar as well as the media file. It will prioritize the metadata for fields in the sidecar but will fall back and use the metadata in the media file if necessary.
-Immich does not support _all_ metadata fields. Below is a table showing what fields Immich can _read_ and _write_. It's important to note that writes do not replace the entire file contents, but are merged together with any existing fields.
+When importing files via the CLI bulk uploader or parsing photo metadata for external libraries, Immich will automatically detect XMP sidecar files as files that exist next to the original media file. Immich will look files that have the same name as the photo, but with the `.xmp` file extension. The same name can either include the photo's file extension or without the photo's file extension. For example, for a photo named `PXL_20230401_203352928.MP.jpg`, Immich will look for an XMP file named either `PXL_20230401_203352928.MP.jpg.xmp` or `PXL_20230401_203352928.MP.xmp`. If both `PXL_20230401_203352928.MP.jpg.xmp` and `PXL_20230401_203352928.MP.xmp` are present, Immich will prefer `PXL_20230401_203352928.MP.jpg.xmp`.
-:::info
+There are 2 administrator jobs associated with sidecar files: `SYNC` and `DISCOVER`. The sync job will re-scan all media with existing sidecar files and queue them for a metadata refresh. This is a great use case when third-party applications are used to modify the metadata of media. The discover job will attempt to scan the filesystem for new sidecar files for all media that does not currently have a sidecar file associated with it.
 Immich automatically queues a Sidecar Write job after editing the description, rating, or updating tags.
 :::
-| Metadata        | Immich writes to XMP                             | Immich reads from XMP                                                                                                                                                                                                                          |
+<img src={require('./img/sidecar-jobs.webp').default} title='Sidecar Administrator Jobs' />
 | --------------- | ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | **Description** | `dc:description`, `tiff:ImageDescription`        | `dc:description`, `tiff:ImageDescription`                                                                                                                                                                                                      |
 | **Rating**      | `xmp:Rating`                                     | `xmp:Rating`                                                                                                                                                                                                                                   |
 | **DateTime**    | `exif:DateTimeOriginal`, `photoshop:DateCreated` | In prioritized order:<br/>`exif:SubSecDateTimeOriginal`<br/>`exif:DateTimeOriginal`<br/>`xmp:SubSecCreateDate`<br/>`xmp:CreateDate`<br/>`xmp:CreationDate`<br/>`xmp:MediaCreateDate`<br/>`xmp:SubSecMediaCreateDate`<br/>`xmp:DateTimeCreated` |
 | **Location**    | `exif:GPSLatitude`, `exif:GPSLongitude`          | `exif:GPSLatitude`, `exif:GPSLongitude`                                                                                                                                                                                                        |
 | **Tags**        | `digiKam:TagsList`                               | In prioritized order: <br/>`digiKam:TagsList`<br/>`lr:HierarchicalSubject`<br/>`IPTC:Keywords`                                                                                                                                                 |
 :::note
 All other fields (e.g. `Creator`, `Source`, IPTC, Lightroom edits) remain in the `.xmp` file and are **not searchable** in Immich.
 :::
 ## File Naming Rules
 A sidecar must share the base name of the media file:
 - ✅ `IMG_0001.jpg.xmp` ← preferred
 - ✅ `IMG_0001.xmp` ← fallback
 - ❌ `myphoto_meta.xmp` ← not recognized
 If both `.jpg.xmp` and `.xmp` are present, Immich uses the **`.jpg.xmp`** file.
 ## CLI Support
 1. **Detect** – Immich looks for a `.xmp` file placed next to each media file during upload.
 2. **Copy** – Both the media and the sidecar file are copied into Immich’s internal library folder.  
   The sidecar is renamed to match the internal filename template, e.g.:  
   `upload/library/<user>/YYYY/YYYY-MM-DD/IMG_0001.jpg`  
   `upload/library/<user>/YYYY/YYYY-MM-DD/IMG_0001.jpg.xmp`
 3. **Extract** – Selected metadata (title, description, date, rating, tags) is parsed from the sidecar and saved to the database.
 4. **Write-back** – If you later update tags, rating, or description in the web UI, Immich will update **both** the database _and_ the copied `.xmp` file to stay in sync.
 ## External Library (Mounted Folder) Support
 1. **Detect** – The `DISCOVER` job automatically associates `.xmp` files that sit next to existing media files in your mounted folder. No files are moved or renamed.
 2. **Extract** – Immich reads and saves the same metadata fields from the sidecar to the database.
 3. **Write-back** – If Immich has **write access** to the mount, any future metadata edits (e.g., rating or tags) are also written back to the original `.xmp` file on disk.
 :::danger
 If the mount is **read-only**, Immich cannot update either the sidecar **or** the database — **metadata edits will silently fail** with no warning see issue [#10538](https://github.com/immich-app/immich/issues/10538) for more details.
 :::
 ## Admin Jobs
 Immich provides two admin jobs for managing sidecars:
 | Job        | What it does                                                                                      |
 | ---------- | ------------------------------------------------------------------------------------------------- |
 | `DISCOVER` | Finds new `.xmp` files next to media that don’t already have one linked                           |
 | `SYNC`     | Re-reads existing `.xmp` files and refreshes metadata in the database (e.g. after external edits) |
 ![Sidecar Admin Jobs](./img/sidecar-jobs.webp)
--- a/docs/docs/guides/custom-locations.md
+++ b/docs/docs/guides/custom-locations.md
@@ -27,11 +27,11 @@ After defining the locations of these files, we will edit the `docker-compose.ym
 services:
  immich-server:
      volumes:
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
-+     - ${THUMB_LOCATION}:/data/thumbs
+     - ${THUMB_LOCATION}:/usr/src/app/upload/thumbs
-+     - ${ENCODED_VIDEO_LOCATION}:/data/encoded-video
+     - ${ENCODED_VIDEO_LOCATION}:/usr/src/app/upload/encoded-video
-+     - ${PROFILE_LOCATION}:/data/profile
+     - ${PROFILE_LOCATION}:/usr/src/app/upload/profile
-+     - ${BACKUP_LOCATION}:/data/backups
+     - ${BACKUP_LOCATION}:/usr/src/app/upload/backups
      - /etc/localtime:/etc/localtime:ro
 ```
@@ -44,7 +44,7 @@ docker compose up -d
 :::note
 Because of the underlying properties of docker bind mounts, it is not recommended to mount the `upload/` and `library/` folders as separate bind mounts if they are on the same device.
-For this reason, we mount the HDD or the network storage (NAS) to `/data` and then mount the folders we want to access under that folder.
+For this reason, we mount the HDD or the network storage (NAS) to `/usr/src/app/upload` and then mount the folders we want to access under that folder.
 The `thumbs/` folder contains both the small thumbnails displayed in the timeline and the larger previews shown when clicking into an image. These cannot be separated.
--- a/docs/docs/guides/database-queries.md
+++ b/docs/docs/guides/database-queries.md
@@ -12,131 +12,105 @@ Run `docker exec -it immich_postgres psql --dbname=<DB_DATABASE_NAME> --username
 ## Assets
 ### Name
 :::note
 The `"originalFileName"` column is the name of the file at time of upload, including the extension.
 :::
 ```sql title="Find by original filename"
-SELECT * FROM "asset" WHERE "originalFileName" = 'PXL_20230903_232542848.jpg';
+SELECT * FROM "assets" WHERE "originalFileName" = 'PXL_20230903_232542848.jpg';
-SELECT * FROM "asset" WHERE "originalFileName" LIKE 'PXL_%'; -- all files starting with PXL_
+SELECT * FROM "assets" WHERE "originalFileName" LIKE 'PXL_%'; -- all files starting with PXL_
-SELECT * FROM "asset" WHERE "originalFileName" LIKE '%_2023_%'; -- all files with _2023_ in the middle
+SELECT * FROM "assets" WHERE "originalFileName" LIKE '%_2023_%'; -- all files with _2023_ in the middle
 ```
 ```sql title="Find by path"
-SELECT * FROM "asset" WHERE "originalPath" = 'upload/library/admin/2023/2023-09-03/PXL_2023.jpg';
+SELECT * FROM "assets" WHERE "originalPath" = 'upload/library/admin/2023/2023-09-03/PXL_2023.jpg';
-SELECT * FROM "asset" WHERE "originalPath" LIKE 'upload/library/admin/2023/%';
+SELECT * FROM "assets" WHERE "originalPath" LIKE 'upload/library/admin/2023/%';
 ```
 ### ID
 ```sql title="Find by ID"
-SELECT * FROM "asset" WHERE "id" = '9f94e60f-65b6-47b7-ae44-a4df7b57f0e9';
+SELECT * FROM "assets" WHERE "id" = '9f94e60f-65b6-47b7-ae44-a4df7b57f0e9';
 ```
 ```sql title="Find by partial ID"
-SELECT * FROM "asset" WHERE "id"::text LIKE '%ab431d3a%';
+SELECT * FROM "assets" WHERE "id"::text LIKE '%ab431d3a%';
 ```
 ### Checksum
 :::note
 You can calculate the checksum for a particular file by using the command `sha1sum <filename>`.
 :::
 ```sql title="Find by checksum (SHA-1)"
-SELECT encode("checksum", 'hex') FROM "asset";
+SELECT encode("checksum", 'hex') FROM "assets";
-SELECT * FROM "asset" WHERE "checksum" = decode('69de19c87658c4c15d9cacb9967b8e033bf74dd1', 'hex');
+SELECT * FROM "assets" WHERE "checksum" = decode('69de19c87658c4c15d9cacb9967b8e033bf74dd1', 'hex');
-SELECT * FROM "asset" WHERE "checksum" = '\x69de19c87658c4c15d9cacb9967b8e033bf74dd1'; -- alternate notation
+SELECT * FROM "assets" WHERE "checksum" = '\x69de19c87658c4c15d9cacb9967b8e033bf74dd1'; -- alternate notation
 ```
 ```sql title="Find duplicate assets with identical checksum (SHA-1) (excluding trashed files)"
-SELECT T1."checksum", array_agg(T2."id") ids FROM "asset" T1
+SELECT T1."checksum", array_agg(T2."id") ids FROM "assets" T1
-  INNER JOIN "asset" T2 ON T1."checksum" = T2."checksum" AND T1."id" != T2."id" AND T2."deletedAt" IS NULL
+  INNER JOIN "assets" T2 ON T1."checksum" = T2."checksum" AND T1."id" != T2."id" AND T2."deletedAt" IS NULL
  WHERE T1."deletedAt" IS NULL GROUP BY T1."checksum";
 ```
 ### Metadata
 ```sql title="Live photos"
-SELECT * FROM "asset" WHERE "livePhotoVideoId" IS NOT NULL;
+SELECT * FROM "assets" WHERE "livePhotoVideoId" IS NOT NULL;
 ```
 ```sql title="By description"
-SELECT "asset".*, "asset_exif"."description" FROM "asset_exif"
+SELECT "assets".*, "exif"."description" FROM "exif"
-  JOIN "asset" ON "asset"."id" = "asset_exif"."assetId"
+  JOIN "assets" ON "assets"."id" = "exif"."assetId"
-  WHERE TRIM("asset_exif"."description") <> ''; -- all files with a description
+  WHERE TRIM("exif"."description") <> ''; -- all files with a description
-SELECT "asset".*, "asset_exif"."description" FROM "asset_exif"
+SELECT "assets".*, "exif"."description" FROM "exif"
-  JOIN "asset" ON "asset"."id" = "asset_exif"."assetId"
+  JOIN "assets" ON "assets"."id" = "exif"."assetId"
-  WHERE "asset_exif"."description" ILIKE '%string to match%'; -- search by string
+  WHERE "exif"."description" ILIKE '%string to match%'; -- search by string
 ```
 ```sql title="Without metadata"
-SELECT "asset".* FROM "asset_exif"
+SELECT "assets".* FROM "exif"
-  LEFT JOIN "asset" ON "asset"."id" = "asset_exif"."assetId"
+  LEFT JOIN "assets" ON "assets"."id" = "exif"."assetId"
-  WHERE "asset_exif"."assetId" IS NULL;
+  WHERE "exif"."assetId" IS NULL;
 ```
 ```sql title="size < 100,000 bytes, smallest to largest"
-SELECT * FROM "asset"
+SELECT * FROM "assets"
-  JOIN "asset_exif" ON "asset"."id" = "asset_exif"."assetId"
+  JOIN "exif" ON "assets"."id" = "exif"."assetId"
-  WHERE "asset_exif"."fileSizeInByte" < 100000
+  WHERE "exif"."fileSizeInByte" < 100000
-  ORDER BY "asset_exif"."fileSizeInByte" ASC;
+  ORDER BY "exif"."fileSizeInByte" ASC;
 ```
-### Type
+```sql title="Without thumbnails"
 SELECT * FROM "assets" WHERE "assets"."previewPath" IS NULL OR "assets"."thumbnailPath" IS NULL;
 ```
 ```sql title="By type"
-SELECT * FROM "asset" WHERE "asset"."type" = 'VIDEO';
+SELECT * FROM "assets" WHERE "assets"."type" = 'VIDEO';
-SELECT * FROM "asset" WHERE "asset"."type" = 'IMAGE';
+SELECT * FROM "assets" WHERE "assets"."type" = 'IMAGE';
 ```
 ```sql title="Count by type"
-SELECT "asset"."type", COUNT(*) FROM "asset" GROUP BY "asset"."type";
+SELECT "assets"."type", COUNT(*) FROM "assets" GROUP BY "assets"."type";
 ```
 ```sql title="Count by type (per user)"
-SELECT "user"."email", "asset"."type", COUNT(*) FROM "asset"
+SELECT "users"."email", "assets"."type", COUNT(*) FROM "assets"
-  JOIN "user" ON "asset"."ownerId" = "user"."id"
+  JOIN "users" ON "assets"."ownerId" = "users"."id"
-  GROUP BY "asset"."type", "user"."email" ORDER BY "user"."email";
+  GROUP BY "assets"."type", "users"."email" ORDER BY "users"."email";
 ```
-## Tags
+```sql title="Failed file movements"
-
+SELECT * FROM "move_history";
 ```sql title="Count by tag"
 SELECT "t"."value" AS "tag_name", COUNT(*) AS "number_assets" FROM "tag" "t"
  JOIN "tag_asset" "ta" ON "t"."id" = "ta"."tagsId" JOIN "asset" "a" ON "ta"."assetsId" = "a"."id"
  WHERE "a"."visibility" != 'hidden'
  GROUP BY "t"."value" ORDER BY "number_assets" DESC;
 ```
 ```sql title="Count by tag (per user)"
 SELECT "t"."value" AS "tag_name", "u"."email" as "user_email", COUNT(*) AS "number_assets" FROM "tag" "t"
  JOIN "tag_asset" "ta" ON "t"."id" = "ta"."tagsId" JOIN "asset" "a" ON "ta"."assetsId" = "a"."id" JOIN "user" "u" ON "a"."ownerId" = "u"."id"
  WHERE "a"."visibility" != 'hidden'
  GROUP BY "t"."value", "u"."email" ORDER BY "number_assets" DESC;
 ```
 ## Users
 ```sql title="List all users"
-SELECT * FROM "user";
+SELECT * FROM "users";
 ```
 ```sql title="Get owner info from asset ID"
-SELECT "user".* FROM "user" JOIN "asset" ON "user"."id" = "asset"."ownerId" WHERE "asset"."id" = 'fa310b01-2f26-4b7a-9042-d578226e021f';
+SELECT "users".* FROM "users" JOIN "assets" ON "users"."id" = "assets"."ownerId" WHERE "assets"."id" = 'fa310b01-2f26-4b7a-9042-d578226e021f';
 ```
-## Persons
+## System Config
 ```sql title="Delete person and unset it for the faces it was associated with"
 DELETE FROM "person" WHERE "name" = 'PersonNameHere';
 ```
 ## System
 ### Config
 ```sql title="Custom settings"
 SELECT "key", "value" FROM "system_metadata" WHERE "key" = 'system-config';
@@ -144,17 +118,10 @@ SELECT "key", "value" FROM "system_metadata" WHERE "key" = 'system-config';
 (Only used when not using the [config file](/docs/install/config-file))
-### File properties
+## Persons
-```sql title="Without thumbnails"
+```sql title="Delete person and unset it for the faces it was associated with"
-SELECT * FROM "asset"
+DELETE FROM "person" WHERE "name" = 'PersonNameHere';
 WHERE (NOT EXISTS (SELECT 1 FROM "asset_file" WHERE "asset"."id" = "asset_file"."assetId" AND "asset_file"."type" = 'thumbnail')
    OR NOT EXISTS (SELECT 1 FROM "asset_file" WHERE "asset"."id" = "asset_file"."assetId" AND "asset_file"."type" = 'preview'))
 AND "asset"."visibility" = 'timeline';
 ```
 ```sql title="Failed file movements"
 SELECT * FROM "move_history";
 ```
 ## Postgres internal
--- a/docs/docs/guides/external-library.md
+++ b/docs/docs/guides/external-library.md
@@ -12,7 +12,7 @@ If you want Immich to be able to delete the images in the external library or ad
 ```diff
 immich-server:
    volumes:
-        - ${UPLOAD_LOCATION}:/data
+        - ${UPLOAD_LOCATION}:/usr/src/app/upload
 +       - /home/user/photos1:/home/user/photos1:ro
 +       - /mnt/photos2:/mnt/photos2:ro # you can delete this line if you only have one mount point, or you can add more lines if you have more than two
 ```
@@ -41,7 +41,7 @@ In the Immich web UI:
 - Click Add path
  <img src={require('./img/add-path-button.webp').default} width="50%" title="Add Path button" />
- Enter **/home/user/photos1** as the path and click Add
+- Enter **/usr/src/app/external** as the path and click Add
  <img src={require('./img/add-path-field.webp').default} width="50%" title="Add Path field" />
 - Save the new path
--- a/docs/docs/guides/template-backup-script.md
+++ b/docs/docs/guides/template-backup-script.md
@@ -52,9 +52,9 @@ REMOTE_BACKUP_PATH="/path/to/remote/backup/directory"
 ### Local
 # Backup Immich database
-docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME> > "$UPLOAD_LOCATION"/database-backup/immich-database.sql
+docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres > "$UPLOAD_LOCATION"/database-backup/immich-database.sql
 # For deduplicating backup programs such as Borg or Restic, compressing the content can increase backup size by making it harder to deduplicate. If you are using a different program or still prefer to compress, you can use the following command instead:
-# docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME> | /usr/bin/gzip --rsyncable > "$UPLOAD_LOCATION"/database-backup/immich-database.sql.gz
+# docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres | /usr/bin/gzip --rsyncable > "$UPLOAD_LOCATION"/database-backup/immich-database.sql.gz
 ### Append to local Borg repository
 borg create "$BACKUP_PATH/immich-borg::{now}" "$UPLOAD_LOCATION" --exclude "$UPLOAD_LOCATION"/thumbs/ --exclude "$UPLOAD_LOCATION"/encoded-video/
--- a/docs/docs/install/environment-variables.md
+++ b/docs/docs/install/environment-variables.md
@@ -34,7 +34,7 @@ These environment variables are used by the `docker-compose.yml` file and do **N
 | `TZ`                                | Timezone                                                                                  |        <sup>\*1</sup>        | server                   | microservices      |
 | `IMMICH_ENV`                        | Environment (production, development)                                                     |         `production`         | server, machine learning | api, microservices |
 | `IMMICH_LOG_LEVEL`                  | Log level (verbose, debug, log, warn, error)                                              |            `log`             | server, machine learning | api, microservices |
-| `IMMICH_MEDIA_LOCATION`             | Media location inside the container ⚠️**You probably shouldn't set this**<sup>\*2</sup>⚠️ |           `/data`            | server                   | api, microservices |
+| `IMMICH_MEDIA_LOCATION`             | Media location inside the container ⚠️**You probably shouldn't set this**<sup>\*2</sup>⚠️ |   `./upload`<sup>\*3</sup>   | server                   | api, microservices |
 | `IMMICH_CONFIG_FILE`                | Path to config file                                                                       |                              | server                   | api, microservices |
 | `NO_COLOR`                          | Set to `true` to disable color-coded log output                                           |           `false`            | server, machine learning |                    |
 | `CPU_CORES`                         | Number of cores available to the Immich server                                            | auto-detected CPU core count | server                   |                    |
@@ -49,6 +49,9 @@ These environment variables are used by the `docker-compose.yml` file and do **N
 \*2: This path is where the Immich code looks for the files, which is internal to the docker container. Setting it to a path on your host will certainly break things, you should use the `UPLOAD_LOCATION` variable instead.
 \*3: With the default `WORKDIR` of `/usr/src/app`, this path will resolve to `/usr/src/app/upload`.
 It only needs to be set if the Immich deployment method is changing.
 ## Workers
 | Variable                 | Description                                                                                          | Default | Containers |
@@ -70,7 +73,7 @@ Information on the current workers can be found [here](/docs/administration/jobs
 ## Database
 | Variable                            | Description                                                                  |  Default   | Containers                     |
-| :---------------------------------- | :------------------------------------------------------------------------------------- | :--------: | :----------------------------- |
+| :---------------------------------- | :--------------------------------------------------------------------------- | :--------: | :----------------------------- |
 | `DB_URL`                            | Database URL                                                                 |            | server                         |
 | `DB_HOSTNAME`                       | Database host                                                                | `database` | server                         |
 | `DB_PORT`                           | Database port                                                                |   `5432`   | server                         |
@@ -80,14 +83,11 @@ Information on the current workers can be found [here](/docs/administration/jobs
 | `DB_SSL_MODE`                       | Database SSL mode                                                            |            | server                         |
 | `DB_VECTOR_EXTENSION`<sup>\*2</sup> | Database vector extension (one of [`vectorchord`, `pgvector`, `pgvecto.rs`]) |            | server                         |
 | `DB_SKIP_MIGRATIONS`                | Whether to skip running migrations on startup (one of [`true`, `false`])     |  `false`   | server                         |
 | `DB_STORAGE_TYPE`                   | Optimize concurrent IO on SSDs or sequential IO on HDDs ([`SSD`, `HDD`])<sup>\*3</sup> |   `SSD`    | server                         |
 \*1: The values of `DB_USERNAME`, `DB_PASSWORD`, and `DB_DATABASE_NAME` are passed to the Postgres container as the variables `POSTGRES_USER`, `POSTGRES_PASSWORD`, and `POSTGRES_DB` in `docker-compose.yml`.
 \*2: If not provided, the appropriate extension to use is auto-detected at startup by introspecting the database. When multiple extensions are installed, the order of preference is VectorChord, pgvecto.rs, pgvector.
 \*3: Uses either [`postgresql.ssd.conf`](https://github.com/immich-app/base-images/blob/main/postgres/postgresql.ssd.conf) or [`postgresql.hdd.conf`](https://github.com/immich-app/base-images/blob/main/postgres/postgresql.hdd.conf) which mainly controls the Postgres `effective_io_concurrency` setting to allow for concurrenct IO on SSDs and sequential IO on HDDs.
 :::info
 All `DB_` variables must be provided to all Immich workers, including `api` and `microservices`.
@@ -199,11 +199,12 @@ Additional machine learning parameters can be tuned from the admin UI.
 | `IMMICH_TELEMETRY_INCLUDE` | Collect these telemetries. List of `host`, `api`, `io`, `repo`, `job`. Note: You can also specify `all` to enable all |         | server     | api, microservices |
 | `IMMICH_TELEMETRY_EXCLUDE` | Do not collect these telemetries. List of `host`, `api`, `io`, `repo`, `job`                                          |         | server     | api, microservices |
-## Secrets
+## Docker Secrets
-The following variables support reading from files, either via [Systemd Credentials][systemd-creds] or [Docker secrets][docker-secrets] for additional security.
+The following variables support the use of [Docker secrets][docker-secrets] for additional security.
-To use any of these, either set `CREDENTIALS_DIRECTORY` to a directory that contains files whose name is the “regular variable” name, and whose content is the secret. If using Docker Secrets, setting `CREDENTIALS_DIRECTORY=/run/secrets` will cause all secrets present to be used. Alternatively, replace the regular variable with the equivalent `_FILE` environment variable as below. The value of the `_FILE` variable should be set to the path of a file containing the variable value.
+To use any of these, replace the regular environment variable with the equivalent `_FILE` environment variable. The value of
 the `_FILE` variable should be set to the path of a file containing the variable value.
 | Regular Variable   | Equivalent Docker Secrets '\_FILE' Variable |
 | :----------------- | :------------------------------------------ |
@@ -225,4 +226,3 @@ to use a Docker secret for the password in the Redis container.
 [docker-secrets-docs]: https://github.com/docker-library/docs/tree/master/postgres#docker-secrets
 [docker-secrets]: https://docs.docker.com/engine/swarm/secrets/
 [ioredis]: https://ioredis.readthedocs.io/en/latest/README/#connect-to-redis
 [systemd-creds]: https://systemd.io/CREDENTIALS/
--- a/docs/docs/install/img/truenas/truenas00.webp
+++ b/docs/docs/install/img/truenas/truenas00.webp
--- a/docs/docs/install/img/truenas/truenas04.webp
+++ b/docs/docs/install/img/truenas/truenas04.webp
--- a/docs/docs/install/img/truenas/truenas06.webp
+++ b/docs/docs/install/img/truenas/truenas06.webp
--- a/docs/docs/install/img/truenas/truenas07.webp
+++ b/docs/docs/install/img/truenas/truenas07.webp
--- a/docs/docs/install/img/truenas/truenas08.webp
+++ b/docs/docs/install/img/truenas/truenas08.webp
--- a/docs/docs/install/img/truenas/truenas09.webp
+++ b/docs/docs/install/img/truenas/truenas09.webp
--- a/docs/docs/install/img/truenas/truenas10.webp
+++ b/docs/docs/install/img/truenas/truenas10.webp
--- a/docs/docs/install/img/truenas/truenas01.webp
+++ b/docs/docs/install/img/truenas/truenas01.webp
--- a/docs/docs/install/img/truenas/truenas02.webp
+++ b/docs/docs/install/img/truenas/truenas02.webp
--- a/docs/docs/install/img/truenas/truenas03.webp
+++ b/docs/docs/install/img/truenas/truenas03.webp
--- a/docs/docs/install/img/truenas/truenas12.webp
+++ b/docs/docs/install/img/truenas/truenas12.webp
--- a/docs/docs/install/img/truenas05.webp
+++ b/docs/docs/install/img/truenas05.webp
--- a/docs/docs/install/img/truenas06.webp
+++ b/docs/docs/install/img/truenas06.webp
--- a/docs/docs/install/img/truenas07.webp
+++ b/docs/docs/install/img/truenas07.webp
--- a/docs/docs/install/img/truenas08.webp
+++ b/docs/docs/install/img/truenas08.webp
--- a/docs/docs/install/img/truenas/truenas11.webp
+++ b/docs/docs/install/img/truenas/truenas11.webp
--- a/docs/docs/install/img/truenas10.webp
+++ b/docs/docs/install/img/truenas10.webp
--- a/docs/docs/install/img/truenas/truenas05.webp
+++ b/docs/docs/install/img/truenas/truenas05.webp
--- a/docs/docs/install/img/truenas12.webp
+++ b/docs/docs/install/img/truenas12.webp
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
bwees	97329d488b	chore: code review changes from @shenlong-tanwen	2025-06-24 09:18:11 -05:00
bwees	c6cd4dce78	fix: include port in baseURL	2025-06-24 09:17:42 -05:00
bwees	0a90f490f2	cleanly migrate the server URL value to a JSON array (ie coming from 1.135.0 app)	2025-06-23 17:55:41 -05:00
bwees	88e008c4c2	fix: remove duplicate endpoints	2025-06-23 17:44:51 -05:00
bwees	99a9914da2	feat: ios widget supports alternate server URLs	2025-06-23 17:41:55 -05:00
		`@@ -1,2 +0,0 @@`
			`#!/usr/bin/env node`
			`import '../dist/index.js';`