update schema

drift logs
feat: drift store migration
2025-12-06 04:41:40 -08:00 · 2025-06-28 22:20:02 -05:00 · 2025-06-28 17:50:08 -05:00 · 2025-06-27 15:40:48 -05:00
2395 changed files with 120633 additions and 215638 deletions
--- a/.devcontainer/mobile/container-compose-overrides.yml
+++ b/.devcontainer/mobile/container-compose-overrides.yml
@@ -11,7 +11,8 @@ services:
      - open_api_node_modules:/workspaces/immich/open-api/typescript-sdk/node_modules
      - server_node_modules:/workspaces/immich/server/node_modules
      - web_node_modules:/workspaces/immich/web/node_modules
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ${UPLOAD_LOCATION}/photos:/workspaces/immich/server/upload
+      - ${UPLOAD_LOCATION}/photos/upload:/workspaces/immich/server/upload/upload
      - /etc/localtime:/etc/localtime:ro

  database:
--- a/.devcontainer/server/container-common.sh
+++ b/.devcontainer/server/container-common.sh
@@ -49,11 +49,10 @@ fix_permissions() {

    log "Fixing permissions for ${IMMICH_WORKSPACE}"

+    run_cmd sudo find "${IMMICH_WORKSPACE}/server/upload" -not -path "${IMMICH_WORKSPACE}/server/upload/postgres/*" -not -path "${IMMICH_WORKSPACE}/server/upload/postgres" -exec chown node {} +
+
    # Change ownership for directories that exist
    for dir in "${IMMICH_WORKSPACE}/.vscode" \
-        "${IMMICH_WORKSPACE}/server/upload" \
-        "${IMMICH_WORKSPACE}/.pnpm-store" \
-        "${IMMICH_WORKSPACE}/.github/node_modules" \
        "${IMMICH_WORKSPACE}/cli/node_modules" \
        "${IMMICH_WORKSPACE}/e2e/node_modules" \
        "${IMMICH_WORKSPACE}/open-api/typescript-sdk/node_modules" \
@@ -74,8 +73,10 @@ install_dependencies() {
    log "Installing dependencies"
    (
        cd "${IMMICH_WORKSPACE}" || exit 1
-        export CI=1 FROZEN=1 OFFLINE=1
-        run_cmd make setup-web-dev setup-server-dev
+        run_cmd make ci-server
+        run_cmd make ci-sdk
+        run_cmd make build-sdk
+        run_cmd make ci-web
    )
    log ""
 }
--- a/.devcontainer/server/container-compose-overrides.yml
+++ b/.devcontainer/server/container-compose-overrides.yml
@@ -8,23 +8,21 @@ services:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
    volumes: !override
      - ..:/workspaces/immich
-      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
+      - cli_node_modules:/workspaces/immich/cli/node_modules
+      - e2e_node_modules:/workspaces/immich/e2e/node_modules
+      - open_api_node_modules:/workspaces/immich/open-api/typescript-sdk/node_modules
+      - server_node_modules:/workspaces/immich/server/node_modules
+      - web_node_modules:/workspaces/immich/web/node_modules
+      - ${UPLOAD_LOCATION:-upload1-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/workspaces/immich/server/upload
+      - ${UPLOAD_LOCATION:-upload2-devcontainer-volume}${UPLOAD_LOCATION:+/photos/upload}:/workspaces/immich/server/upload/upload
      - /etc/localtime:/etc/localtime:ro
-      - pnpm-store:/usr/src/app/.pnpm-store
-      - server-node_modules:/usr/src/app/server/node_modules
-      - web-node_modules:/usr/src/app/web/node_modules
-      - github-node_modules:/usr/src/app/.github/node_modules
-      - cli-node_modules:/usr/src/app/cli/node_modules
-      - docs-node_modules:/usr/src/app/docs/node_modules
-      - e2e-node_modules:/usr/src/app/e2e/node_modules
-      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
-      - app-node_modules:/usr/src/app/node_modules
-      - sveltekit:/usr/src/app/web/.svelte-kit
-      - coverage:/usr/src/app/web/coverage
+
  immich-web:
    env_file: !reset []
+
  immich-machine-learning:
    env_file: !reset []
+    
  database:
    env_file: !reset []
    environment: !override
@@ -33,10 +31,19 @@ services:
      POSTGRES_DB: ${DB_DATABASE_NAME-immich}
      POSTGRES_INITDB_ARGS: '--data-checksums'
      POSTGRES_HOST_AUTH_METHOD: md5
-    volumes:
+    volumes: 
      - ${UPLOAD_LOCATION:-postgres-devcontainer-volume}${UPLOAD_LOCATION:+/postgres}:/var/lib/postgresql/data
+
  redis:
    env_file: !reset []
+
 volumes:
-  upload-devcontainer-volume:
+  # Node modules for each service to avoid conflicts and ensure consistent dependencies
+  cli_node_modules:
+  e2e_node_modules:
+  open_api_node_modules:
+  server_node_modules:
+  web_node_modules:
+  upload1-devcontainer-volume:
+  upload2-devcontainer-volume:
  postgres-devcontainer-volume:
--- a/.devcontainer/server/container-start-backend.sh
+++ b/.devcontainer/server/container-start-backend.sh
@@ -3,11 +3,6 @@
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh

-log "Preparing Immich Nest API Server"
-log ""
-export CI=1
-run_cmd pnpm --filter immich install
-
 log "Starting Nest API Server"
 log ""
 cd "${IMMICH_WORKSPACE}/server" || (
@@ -16,7 +11,7 @@ cd "${IMMICH_WORKSPACE}/server" || (
 )

 while true; do
-    run_cmd pnpm --filter immich exec nest start --debug "0.0.0.0:9230" --watch
+    run_cmd node ./node_modules/.bin/nest start --debug "0.0.0.0:9230" --watch
    log "Nest API Server crashed with exit code $?.  Respawning in 3s ..."
    sleep 3
 done
--- a/.devcontainer/server/container-start-frontend.sh
+++ b/.devcontainer/server/container-start-frontend.sh
@@ -3,13 +3,6 @@
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh

-export CI=1
-log "Preparing Immich Web Frontend"
-log ""
-run_cmd pnpm --filter @immich/sdk install
-run_cmd pnpm --filter @immich/sdk build
-run_cmd pnpm --filter immich-web install
-
 log "Starting Immich Web Frontend"
 log ""
 cd "${IMMICH_WORKSPACE}/web" || (
@@ -23,7 +16,7 @@ until curl --output /dev/null --silent --head --fail "http://127.0.0.1:${IMMICH_
 done

 while true; do
-    run_cmd pnpm --filter immich-web exec vite dev --host 0.0.0.0 --port "${DEV_PORT}"
+    run_cmd node ./node_modules/.bin/vite dev --host 0.0.0.0 --port "${DEV_PORT}"
    log "Web crashed with exit code $?.  Respawning in 3s ..."
    sleep 3
 done
--- a/.devcontainer/server/container-start.sh
+++ b/.devcontainer/server/container-start.sh
@@ -6,6 +6,9 @@ source /immich-devcontainer/container-common.sh
 log "Setting up Immich dev container..."
 fix_permissions

+log "Installing npm dependencies (node_modules)..."
+install_dependencies
+
 log "Setup complete, please wait while backend and frontend services automatically start"
 log
 log "If necessary, the services may be manually started using"
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,41 +1,37 @@
 .vscode/
 .github/
 .git/
-.env*
-*.log
-*.tmp
-*.temp
-
-**/Dockerfile
-**/node_modules/
-**/.pnpm-store/
-**/dist/
-**/coverage/
-**/build/

 design/
 docker/
 !docker/scripts
-
 docs/
 !docs/package.json
 !docs/package-lock.json
-
 e2e/
 !e2e/package.json
 !e2e/package-lock.json
-
 fastlane/
 machine-learning/
 misc/
 mobile/

-open-api/typescript-sdk/build/
-!open-api/typescript-sdk/package.json
-!open-api/typescript-sdk/package-lock.json
+cli/coverage/
+cli/dist/
+cli/node_modules/

+open-api/typescript-sdk/build/
+open-api/typescript-sdk/node_modules/
+
+server/coverage/
+server/node_modules/
 server/upload/
 server/src/queries
+server/dist/
 server/www/

+web/node_modules/
+web/coverage/
 web/.svelte-kit
+web/build/
+web/.env
--- a/.gitattributes
+++ b/.gitattributes
@@ -12,12 +12,6 @@ mobile/lib/**/*.drift.dart linguist-generated=true
 mobile/drift_schemas/main/drift_schema_*.json -diff -merge
 mobile/drift_schemas/main/drift_schema_*.json linguist-generated=true

-mobile/lib/infrastructure/repositories/db.repository.steps.dart -diff -merge
-mobile/lib/infrastructure/repositories/db.repository.steps.dart linguist-generated=true
-
-mobile/test/drift/main/generated/** -diff -merge
-mobile/test/drift/main/generated/** linguist-generated=true
-
 open-api/typescript-sdk/fetch-client.ts -diff -merge
 open-api/typescript-sdk/fetch-client.ts linguist-generated=true

--- a/.github/.nvmrc
+++ b/.github/.nvmrc
@@ -1 +1 @@
-22.19.0
+22.16.0
--- a/.github/.prettierignore
+++ b/.github/.prettierignore
@@ -1,4 +0,0 @@
-# Ignore files for PNPM, NPM and YARN
-pnpm-lock.yaml
-package-lock.json
-yarn.lock
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -64,11 +64,6 @@ body:
        - label: Web
        - label: Mobile

-  - type: input
-    attributes:
-      label: Device make and model
-      placeholder: Samsung S25 Android 16
-
  - type: textarea
    validations:
      required: true
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -6,6 +6,7 @@ cli:
 documentation:
  - changed-files:
      - any-glob-to-any-file:
+          - docs/blob/**
          - docs/docs/**
          - docs/src/**
          - docs/static/**
--- a/.github/package-lock.json
+++ b/.github/package-lock.json
@@ -0,0 +1,28 @@
+{
+  "name": ".github",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "devDependencies": {
+        "prettier": "^3.5.3"
+      }
+    },
+    "node_modules/prettier": {
+      "version": "3.5.3",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.5.3.tgz",
+      "integrity": "sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "prettier": "bin/prettier.cjs"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/prettier/prettier?sponsor=1"
+      }
+    }
+  }
+}
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -34,7 +34,3 @@ The `/api/something` endpoint is now `/api/something-else`
 - [ ] I have followed naming conventions/patterns in the surrounding code
 - [ ] All code in `src/services/` uses repositories implementations for database calls, filesystem operations, etc.
 - [ ] All code in `src/repositories/` is pretty basic/simple and does not have any immich specific logic (that belongs in `src/services/`)
-
-## Please describe to which degree, if any, an LLM was used in creating this pull request.
-
-...
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -32,18 +32,24 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            mobile:
              - 'mobile/**'
-          force-filters: |
-            - '.github/workflows/build-mobile.yml'
-          force-events: 'workflow_call,workflow_dispatch'
+            workflow:
+              - '.github/workflows/build-mobile.yml'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"

  build-sign-android:
    name: Build and sign Android
@@ -51,15 +57,21 @@ jobs:
    permissions:
      contents: read
    # Skip when PR from a fork
-    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.pre-job.outputs.should_run == 'true' }}
    runs-on: mich

    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false

+      - name: Install missing deps
+        run: |
+          sudo add-apt-repository ppa:rmescandon/yq
+          sudo apt-get update
+          sudo apt-get install -y yq xz-utils ninja-build zstd
+
      - name: Create the Keystore
        env:
          KEY_JKS: ${{ secrets.KEY_JKS }}
@@ -73,7 +85,7 @@ jobs:

      - name: Restore Gradle Cache
        id: cache-gradle-restore
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+        uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4
        with:
          path: |
            ~/.gradle/caches
@@ -84,7 +96,7 @@ jobs:
          key: build-mobile-gradle-${{ runner.os }}-main

      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
+        uses: subosito/flutter-action@395322a6cded4e9ed503aebd4cc1965625f8e59a # v2.20.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
@@ -100,7 +112,7 @@ jobs:
        run: flutter pub get

      - name: Generate translation file
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
+        run: make translation
        working-directory: ./mobile

      - name: Generate platform APIs
@@ -130,7 +142,7 @@ jobs:

      - name: Save Gradle Cache
        id: cache-gradle-save
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+        uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4
        if: github.ref == 'refs/heads/main'
        with:
          path: |
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -19,7 +19,7 @@ jobs:
      actions: write
    steps:
      - name: Check out code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -29,28 +29,25 @@ jobs:
        working-directory: ./cli

    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
-      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'

-      - name: Setup typescript-sdk
-        run: pnpm install && pnpm run build
-        working-directory: ./open-api/typescript-sdk
-
-      - run: pnpm install --frozen-lockfile
-      - run: pnpm build
-      - run: pnpm publish
+      - name: Prepare SDK
+        run: npm ci --prefix ../open-api/typescript-sdk/
+      - name: Build SDK
+        run: npm run build --prefix ../open-api/typescript-sdk/
+      - run: npm ci
+      - run: npm run build
+      - run: npm publish
        if: ${{ github.event_name == 'release' }}
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -65,7 +62,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

@@ -76,7 +73,7 @@ jobs:
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
@@ -91,7 +88,7 @@ jobs:

      - name: Generate docker image tags
        id: metadata
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        with:
          flavor: |
            latest=false
--- a/.github/workflows/close-duplicates.yml
+++ b/.github/workflows/close-duplicates.yml
@@ -1,107 +0,0 @@
-on:
-  issues:
-    types: [opened]
-  discussion:
-    types: [created]
-
-name: Close likely duplicates
-permissions: {}
-
-jobs:
-  should_run:
-    runs-on: ubuntu-latest
-    outputs:
-      should_run: ${{ steps.should_run.outputs.run }}
-    steps:
-      - id: should_run
-        run: echo "run=${{ github.event_name == 'issues' || github.event.discussion.category.name == 'Feature Request' }}" >> $GITHUB_OUTPUT
-
-  get_body:
-    runs-on: ubuntu-latest
-    needs: should_run
-    if: ${{ needs.should_run.outputs.should_run == 'true' }}
-    env:
-      EVENT: ${{ toJSON(github.event) }}
-    outputs:
-      body: ${{ steps.get_body.outputs.body }}
-    steps:
-      - id: get_body
-        run: |
-          BODY=$(echo """$EVENT""" | jq -r '.issue // .discussion | .body' | base64 -w 0)
-          echo "body=$BODY" >> $GITHUB_OUTPUT
-
-  get_checkbox_json:
-    runs-on: ubuntu-latest
-    needs: [get_body, should_run]
-    if: ${{ needs.should_run.outputs.should_run == 'true' }}
-    container:
-      image: ghcr.io/immich-app/mdq:main@sha256:d8ae47cf2e6cf4e2559bd57a60b73674fe44f897cba2c2bddff2987a05be10a4
-    outputs:
-      checked: ${{ steps.get_checkbox.outputs.checked }}
-    steps:
-      - id: get_checkbox
-        env:
-          BODY: ${{ needs.get_body.outputs.body }}
-        run: |
-          CHECKED=$(echo "$BODY" | base64 -d | /mdq --output json '# I have searched | - [?] Yes' | jq '.items[0].list[0].checked // false')
-          echo "checked=$CHECKED" >> $GITHUB_OUTPUT
-
-  close_and_comment:
-    runs-on: ubuntu-latest
-    needs: [get_checkbox_json, should_run]
-    if: ${{ needs.should_run.outputs.should_run == 'true' && needs.get_checkbox_json.outputs.checked != 'true' }}
-    permissions:
-      issues: write
-      discussions: write
-    steps:
-      - name: Close issue
-        if: ${{ github.event_name == 'issues' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.issue.node_id }}
-        run: |
-          gh api graphql \
-            -f issueId="$NODE_ID" \
-            -f body="This issue has automatically been closed as it is likely a duplicate. We get a lot of duplicate threads each day, which is why we ask you in the template to confirm that you searched for duplicates before opening one. If you're sure this is not a duplicate, please leave a comment and we will reopen the thread if necessary." \
-            -f query='
-              mutation CommentAndCloseIssue($issueId: ID!, $body: String!) {
-                addComment(input: {
-                  subjectId: $issueId, 
-                  body: $body
-                }) {
-                  __typename
-                }
-              
-                closeIssue(input: {
-                  issueId: $issueId,
-                  stateReason: DUPLICATE
-                }) {
-                  __typename
-                }
-              }'
-
-      - name: Close discussion
-        if: ${{ github.event_name == 'discussion' && github.event.discussion.category.name == 'Feature Request' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.discussion.node_id }}
-        run: |
-          gh api graphql \
-            -f discussionId="$NODE_ID" \
-            -f body="This discussion has automatically been closed as it is likely a duplicate. We get a lot of duplicate threads each day, which is why we ask you in the template to confirm that you searched for duplicates before opening one. If you're sure this is not a duplicate, please leave a comment and we will reopen the thread if necessary." \
-            -f query='
-              mutation CommentAndCloseDiscussion($discussionId: ID!, $body: String!) {
-                addDiscussionComment(input: {
-                  discussionId: $discussionId,
-                  body: $body
-                }) {
-                  __typename
-                }
-              
-                closeDiscussion(input: {
-                  discussionId: $discussionId,
-                  reason: DUPLICATE
-                }) {
-                  __typename
-                }
-              }'
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -44,13 +44,13 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -63,7 +63,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/autobuild@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -76,6 +76,6 @@ jobs:
      #   ./location_of_script_within_repo/buildscript.sh

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,11 +20,15 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            server:
@@ -34,11 +38,14 @@ jobs:
              - 'i18n/**'
            machine-learning:
              - 'machine-learning/**'
-          force-filters: |
-            - '.github/workflows/docker.yml'
-            - '.github/workflows/multi-runner-build.yml'
-            - '.github/actions/image-build'
-          force-events: 'workflow_dispatch,release'
+            workflow:
+              - '.github/workflows/docker.yml'
+              - '.github/workflows/multi-runner-build.yml'
+              - '.github/actions/image-build'
+
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"

  retag_ml:
    name: Re-Tag ML
@@ -46,14 +53,14 @@ jobs:
    permissions:
      contents: read
      packages: write
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == false && !github.event.pull_request.head.repo.fork }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -75,14 +82,14 @@ jobs:
    permissions:
      contents: read
      packages: write
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == false && !github.event.pull_request.head.repo.fork }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ['']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -101,7 +108,7 @@ jobs:
  machine-learning:
    name: Build and Push ML
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == true }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    strategy:
      fail-fast: false
      matrix:
@@ -124,7 +131,7 @@ jobs:
            tag-suffix: '-rocm'
            platforms: linux/amd64
            runner-mapping: '{"linux/amd64": "mich"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@094bfb927b8cd75b343abaac27b3241be0fccfe9 # multi-runner-build-workflow-0.1.0
    permissions:
      contents: read
      actions: read
@@ -146,8 +153,8 @@ jobs:
  server:
    name: Build and Push Server
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@094bfb927b8cd75b343abaac27b3241be0fccfe9 # multi-runner-build-workflow-0.1.0
    permissions:
      contents: read
      actions: read
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -18,28 +18,30 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.docs == 'true' ||  steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            docs:
              - 'docs/**'
-            open-api:
-              - 'open-api/immich-openapi-specs.json'
-          force-filters: |
-            - '.github/workflows/docs-build.yml'
-          force-events: 'release'
-          force-branches: 'main'
+            workflow:
+              - '.github/workflows/docs-build.yml'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'release' || github.ref_name == 'main' }}" >> "$GITHUB_OUTPUT"

  build:
    name: Docs Build
    needs: pre-job
    permissions:
      contents: read
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).docs == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -47,28 +49,25 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './docs/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'

-      - name: Run install
-        run: pnpm install
+      - name: Run npm install
+        run: npm ci

      - name: Check formatting
-        run: pnpm format
+        run: npm run format

      - name: Run build
-        run: pnpm build
+        run: npm run build

      - name: Upload build output
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -20,7 +20,7 @@ jobs:
        run: echo 'The triggering workflow did not succeed' && exit 1
      - name: Get artifact
        id: get-artifact
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
@@ -38,7 +38,7 @@ jobs:
            return { found: true, id: matchArtifact.id };
      - name: Determine deploy parameters
        id: parameters
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        with:
@@ -108,13 +108,13 @@ jobs:
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      - name: Load parameters
        id: parameters
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
        with:
@@ -125,7 +125,7 @@ jobs:
            core.setOutput("shouldDeploy", parameters.shouldDeploy);

      - name: Download artifact
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
        with:
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -16,27 +16,24 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: 'Checkout'
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true

-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'

      - name: Fix formatting
        run: make install-all && make format-all
@@ -48,7 +45,7 @@ jobs:
          message: 'chore: fix formatting'

      - name: Remove label
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        if: always()
        with:
          script: |
--- a/.github/workflows/merge-translations.yml
+++ b/.github/workflows/merge-translations.yml
@@ -1,128 +0,0 @@
-name: Merge translations
-
-on:
-  workflow_dispatch:
-  workflow_call:
-    secrets:
-      PUSH_O_MATIC_APP_ID:
-        required: true
-      PUSH_O_MATIC_APP_KEY:
-        required: true
-      WEBLATE_TOKEN:
-        required: true
-    inputs:
-      skip:
-        description: 'Skip translations'
-        required: false
-        type: boolean
-
-permissions: {}
-
-env:
-  WEBLATE_HOST: 'https://hosted.weblate.org'
-  WEBLATE_COMPONENT: 'immich/immich'
-
-jobs:
-  merge:
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Find translation PR
-        id: find_pr
-        if: ${{ inputs.skip != true }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          set -euo pipefail
-
-          PR=$(gh pr list --repo $GITHUB_REPOSITORY --author weblate --json number,mergeable)
-          echo "$PR"
-
-          PR_NUMBER=$(echo "$PR" | jq '
-            if length == 1 then
-              .[0].number
-            else
-              error("Expected exactly 1 entry, got \(length)")
-            end
-          ' 2>&1) || exit 1
-
-          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT
-          echo "Selected PR $PR_NUMBER"
-
-          if ! echo "$PR" | jq -e '.[0].mergeable == "MERGEABLE"'; then
-            echo "PR is not mergeable"
-            exit 1
-          fi
-
-      - name: Generate a token
-        id: generate_token
-        if: ${{ inputs.skip != true }}
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Lock weblate
-        if: ${{ inputs.skip != true }}
-        env:
-          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-        run: |
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=true
-
-      - name: Commit translations
-        if: ${{ inputs.skip != true }}
-        env:
-          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-        run: |
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/repository/" -d operation=commit
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/repository/" -d operation=push
-
-      - name: Merge PR
-        id: merge_pr
-        if: ${{ inputs.skip != true }}
-        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
-        run: |
-          set -euo pipefail
-
-          REVIEW_ID=$(gh api -X POST "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" --field event='APPROVE' --field body='Automatically merging translations PR' \
-            | jq '.id')
-          echo "REVIEW_ID=$REVIEW_ID" >> $GITHUB_OUTPUT
-          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --auto --squash
-
-      - name: Wait for PR to merge
-        if: ${{ inputs.skip != true }}
-        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
-          REVIEW_ID: ${{ steps.merge_pr.outputs.REVIEW_ID }}
-        run: |
-          # So we clean up no matter what
-          set +e
-
-          for i in {1..100}; do
-            if gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json state | jq -e '.state == "MERGED"'; then
-              echo "PR merged"
-              exit 0
-            else
-              echo "PR not merged yet, waiting..."
-              sleep 6
-            fi
-          done
-          echo "PR did not merge in time"
-          gh api -X PUT "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews/$REVIEW_ID/dismissals" --field message='Merge attempt timed out' --field event='DISMISS'
-          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --disable-auto
-          exit 1
-
-      - name: Unlock weblate
-        if: ${{ inputs.skip != true }}
-        env:
-          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-        run: |
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=false
-
-      - name: Report success
-        run: |
-          echo "Workflow completed successfully (or was skipped)"
--- a/.github/workflows/org-pr-require-conventional-commit.yml
+++ b/.github/workflows/org-pr-require-conventional-commit.yml
@@ -1,12 +0,0 @@
-name: PR Conventional Commit
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, edited]
-
-jobs:
-  validate-pr-title:
-    name: Validate PR Title (conventional commit)
-    uses: immich-app/devtools/.github/workflows/shared-pr-require-conventional-commit.yml@main
-    permissions:
-      pull-requests: write
--- a/.github/workflows/org-zizmor.yml
+++ b/.github/workflows/org-zizmor.yml
@@ -1,15 +0,0 @@
-name: Zizmor
-
-on:
-  pull_request:
-  push:
-    branches: [main]
-
-jobs:
-  zizmor:
-    name: Zizmor
-    uses: immich-app/devtools/.github/workflows/shared-zizmor.yml@main
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
--- a/.github/workflows/pr-label-validation.yml
+++ b/.github/workflows/pr-label-validation.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Require PR to have a changelog label
-        uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1
+        uses: mheap/github-action-required-labels@fb29a14a076b0f74099f6198f77750e8fc236016 # v5.5.0
        with:
          mode: exactly
          count: 1
--- a/.github/workflows/pr-require-conventional-commit.yml
+++ b/.github/workflows/pr-require-conventional-commit.yml
@@ -0,0 +1,19 @@
+name: PR Conventional Commit Validation
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, edited]
+
+permissions: {}
+
+jobs:
+  validate-pr-title:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: PR Conventional Commit Validation
+        uses: ytanikin/PRConventionalCommits@b628c5a234cc32513014b7bfdd1e47b532124d98 # 1.3.0
+        with:
+          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
+          add_label: 'false'
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -10,17 +10,12 @@ on:
        type: choice
        options:
          - 'false'
-          - major
          - minor
          - patch
      mobileBump:
        description: 'Bump mobile build number'
        required: false
        type: boolean
-      skipTranslations:
-        description: 'Skip translations'
-        required: false
-        type: boolean

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-root
@@ -29,51 +24,28 @@ concurrency:
 permissions: {}

 jobs:
-  merge_translations:
-    uses: ./.github/workflows/merge-translations.yml
-    with:
-      skip: ${{ inputs.skipTranslations }}
-    permissions:
-      pull-requests: write
-    secrets:
-      PUSH_O_MATIC_APP_ID: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-      PUSH_O_MATIC_APP_KEY: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-      WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-
  bump_version:
    runs-on: ubuntu-latest
-    needs: [merge_translations]
    outputs:
      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
    permissions: {} # No job-level permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
-          ref: main

      - name: Install uv
        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2

-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
-      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-
      - name: Bump version
        env:
          SERVER_BUMP: ${{ inputs.serverBump }}
@@ -111,13 +83,13 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false
@@ -128,7 +100,7 @@ jobs:
          name: release-apk-signed

      - name: Create draft release
-        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
+        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
        with:
          draft: true
          tag_name: ${{ env.IMMICH_VERSION }}
--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -20,11 +20,11 @@ jobs:

  remove-label:
    runs-on: ubuntu-latest
-    if: ${{ (github.event.action == 'closed' || github.event.pull_request.head.repo.fork) && contains(github.event.pull_request.labels.*.name, 'preview') }}
+    if: ${{ github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'preview') }}
    permissions:
      pull-requests: write
    steps:
-      - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            github.rest.issues.removeLabel({
@@ -33,15 +33,3 @@ jobs:
              repo: context.repo.repo,
              name: 'preview'
            })
-
-      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
-        if: ${{ github.event.pull_request.head.repo.fork }}
-        with:
-          message-id: 'preview-status'
-          message: 'PRs from forks cannot have preview environments.'
-
-      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
-        if: ${{ !github.event.pull_request.head.repo.fork }}
-        with:
-          message-id: 'preview-status'
-          message: 'Preview environment has been removed.'
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -16,25 +16,22 @@ jobs:
      run:
        working-directory: ./open-api/typescript-sdk
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
      # Setup .npmrc file to publish to npm
      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './open-api/typescript-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
      - name: Install deps
-        run: pnpm install --frozen-lockfile
+        run: npm ci
      - name: Build
-        run: pnpm build
+        run: npm run build
      - name: Publish
-        run: pnpm publish
+        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -17,59 +17,66 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            mobile:
              - 'mobile/**'
-          force-filters: |
-            - '.github/workflows/static_analysis.yml'
-          force-events: 'workflow_dispatch,release'
+            workflow:
+              - '.github/workflows/static_analysis.yml'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"

  mobile-dart-analyze:
    name: Run Dart Code Analysis
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
-    defaults:
-      run:
-        working-directory: ./mobile
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
+        uses: subosito/flutter-action@395322a6cded4e9ed503aebd4cc1965625f8e59a # v2.20.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml

      - name: Install dependencies
        run: dart pub get
+        working-directory: ./mobile

      - name: Install DCM
-        uses: CQLabs/setup-dcm@8697ae0790c0852e964a6ef1d768d62a6675481a # v2.0.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          version: auto
-          working-directory: ./mobile
+        run: |
+          sudo apt-get update
+          wget -qO- https://dcm.dev/pgp-key.public | sudo gpg --dearmor -o /usr/share/keyrings/dcm.gpg
+          echo 'deb [signed-by=/usr/share/keyrings/dcm.gpg arch=amd64] https://dcm.dev/debian stable main' | sudo tee /etc/apt/sources.list.d/dart_stable.list
+          sudo apt-get update
+          sudo apt-get install dcm

      - name: Generate translation file
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
+        run: make translation
+        working-directory: ./mobile

      - name: Run Build Runner
        run: make build
+        working-directory: ./mobile

      - name: Generate platform API
        run: make pigeon
+        working-directory: ./mobile

      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
@@ -85,20 +92,49 @@ jobs:
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
-          echo "ERROR: Generated files not up to date! Run 'make build' and 'make pigeon' inside the mobile directory"
+          echo "ERROR: Generated files not up to date! Run make_build inside the mobile directory"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1

      - name: Run dart analyze
        run: dart analyze --fatal-infos
+        working-directory: ./mobile

      - name: Run dart format
-        run: make format
+        run: dart format lib/ --set-exit-if-changed
+        working-directory: ./mobile

-      # TODO: Re-enable after upgrading custom_lint
-      # - name: Run dart custom_lint
-      #   run: dart run custom_lint
+      - name: Run dart custom_lint
+        run: dart run custom_lint
+        working-directory: ./mobile

-      # TODO: Use https://github.com/CQLabs/dcm-action
      - name: Run DCM
        run: dcm analyze lib --fatal-style --fatal-warnings
+        working-directory: ./mobile
+
+  zizmor:
+    name: zizmor
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      contents: read
+      actions: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
+
+      - name: Run zizmor 🌈
+        run: uvx zizmor --format=sarif . > results.sarif
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+        with:
+          sarif_file: results.sarif
+          category: zizmor
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,21 +4,37 @@ on:
  pull_request:
  push:
    branches: [main]
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
+
 permissions: {}
+
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run_i18n: ${{ steps.found_paths.outputs.i18n == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_web: ${{ steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_cli: ${{ steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e: ${{ steps.found_paths.outputs.e2e == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_mobile: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e_web: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e_server_cli: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.server == 'true' || steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_.github: ${{ steps.found_paths.outputs['.github'] == 'true' || steps.should_force.outputs.should_force == 'true' }} # redundant to have should_force but if someone changes the trigger then this won't have to be changed
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            i18n:
@@ -38,225 +54,260 @@ jobs:
              - 'mobile/**'
            machine-learning:
              - 'machine-learning/**'
+            workflow:
+              - '.github/workflows/test.yml'
            .github:
              - '.github/**'
-          force-filters: |
-            - '.github/workflows/test.yml'
-          force-events: 'workflow_dispatch'
+
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"

  server-unit-tests:
    name: Test & Lint Server
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./server
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-      - name: Run package manager install
-        run: pnpm install
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
+      - name: Run npm install
+        run: npm ci
+
      - name: Run linter
-        run: pnpm lint
+        run: npm run lint
        if: ${{ !cancelled() }}
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
+
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
+
      - name: Run small tests & coverage
-        run: pnpm test
+        run: npm test
        if: ${{ !cancelled() }}
+
  cli-unit-tests:
    name: Unit Test CLI
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Setup typescript-sdk
-        run: pnpm install && pnpm run build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
+
      - name: Install deps
-        run: pnpm install
+        run: npm ci
+
      - name: Run linter
-        run: pnpm lint
+        run: npm run lint
        if: ${{ !cancelled() }}
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
+
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
+
      - name: Run unit tests & coverage
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
+
  cli-unit-tests-win:
    name: Unit Test CLI (Windows)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: windows-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
+
      - name: Install deps
-        run: pnpm install --frozen-lockfile
+        run: npm ci
+
      # Skip linter & formatter in Windows test.
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
+
      - name: Run unit tests & coverage
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
+
  web-lint:
    name: Lint Web
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: mich
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./web
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
-      - name: Run pnpm install
-        run: pnpm rebuild && pnpm install --frozen-lockfile
+
+      - name: Run npm install
+        run: npm ci
+
      - name: Run linter
-        run: pnpm lint:p
+        run: npm run lint:p
        if: ${{ !cancelled() }}
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
+
      - name: Run svelte checks
-        run: pnpm check:svelte
+        run: npm run check:svelte
        if: ${{ !cancelled() }}
+
  web-unit-tests:
    name: Test Web
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./web
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
+
      - name: Run npm install
-        run: pnpm install --frozen-lockfile
+        run: npm ci
+
      - name: Run tsc
-        run: pnpm check:typescript
+        run: npm run check:typescript
        if: ${{ !cancelled() }}
+
      - name: Run unit tests & coverage
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
+
  i18n-tests:
    name: Test i18n
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
+    if: ${{ needs.pre-job.outputs.should_run_i18n == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Install dependencies
-        run: pnpm --filter=immich-web install --frozen-lockfile
+        run: npm --prefix=web ci
+
      - name: Format
-        run: pnpm --filter=immich-web format:i18n
+        run: npm --prefix=web run format:i18n
+
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
        with:
          files: |
            i18n/**
+
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
@@ -265,77 +316,87 @@ jobs:
          echo "ERROR: i18n files not up to date!"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1
+
  e2e-tests-lint:
    name: End-to-End Lint
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./e2e
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
+
      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+        run: npm ci
        if: ${{ !cancelled() }}
+
      - name: Run linter
-        run: pnpm lint
+        run: npm run lint
        if: ${{ !cancelled() }}
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
+
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
+
  server-medium-tests:
    name: Medium Tests (Server)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./server
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-      - name: Run pnpm install
-        run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm install --frozen-lockfile
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
+      - name: Run npm install
+        run: npm ci
+
      - name: Run medium tests
-        run: pnpm test:medium
+        run: npm run test:medium
        if: ${{ !cancelled() }}
+
  e2e-tests-server-cli:
    name: End-to-End Tests (Server & CLI)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true || fromJSON(needs.pre-job.outputs.should_run).server == true || fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e_server_cli == 'true' }}
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
@@ -345,45 +406,47 @@ jobs:
    strategy:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
          submodules: 'recursive'
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
-      - name: Run setup web
-        run: pnpm install --frozen-lockfile && pnpm exec svelte-kit sync
-        working-directory: ./web
-        if: ${{ !cancelled() }}
+
      - name: Run setup cli
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./cli
        if: ${{ !cancelled() }}
+
      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+        run: npm ci
        if: ${{ !cancelled() }}
+
      - name: Docker build
        run: docker compose build
        if: ${{ !cancelled() }}
+
      - name: Run e2e tests (api & cli)
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
+
  e2e-tests-web:
    name: End-to-End Tests (Web)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true || fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e_web == 'true' }}
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
@@ -393,36 +456,42 @@ jobs:
    strategy:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
          submodules: 'recursive'
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
+
      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+        run: npm ci
        if: ${{ !cancelled() }}
+
      - name: Install Playwright Browsers
        run: npx playwright install chromium --only-shell
        if: ${{ !cancelled() }}
+
      - name: Docker build
        run: docker compose build
        if: ${{ !cancelled() }}
+
      - name: Run e2e tests (web)
        run: npx playwright test
        if: ${{ !cancelled() }}
+
  success-check-e2e:
    name: End-to-End Tests Success
    needs: [e2e-tests-server-cli, e2e-tests-web]
@@ -433,32 +502,37 @@ jobs:
      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
        with:
          needs: ${{ toJSON(needs) }}
+
  mobile-unit-tests:
    name: Unit Test Mobile
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ needs.pre-job.outputs.should_run_mobile == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
+
      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
+        uses: subosito/flutter-action@395322a6cded4e9ed503aebd4cc1965625f8e59a # v2.20.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
+
      - name: Generate translation file
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
+        run: make translation
        working-directory: ./mobile
+
      - name: Run tests
        working-directory: ./mobile
        run: flutter test -j 1
+
  ml-unit-tests:
    name: Unit Test ML
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == true }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -466,9 +540,10 @@ jobs:
      run:
        working-directory: ./machine-learning
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
+
      - name: Install uv
        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
@@ -491,48 +566,56 @@ jobs:
      - name: Run tests and coverage
        run: |
          uv run pytest --cov=immich_ml --cov-report term-missing
+
  github-files-formatting:
    name: .github Files Formatting
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run)['.github'] == true }}
+    if: ${{ needs.pre-job.outputs['should_run_.github'] == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./.github
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './.github/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-      - name: Run pnpm install
-        run: pnpm install --frozen-lockfile
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
+      - name: Run npm install
+        run: npm ci
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
+
  shellcheck:
    name: ShellCheck
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
+
      - name: Run ShellCheck
        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
        with:
          ignore_paths: >-
-            **/open-api/** **/openapi** **/node_modules/**
+            **/open-api/**
+            **/openapi**
+            **/node_modules/**
+
  generated-api-up-to-date:
    name: OpenAPI Clients
    runs-on: ubuntu-latest
@@ -540,24 +623,26 @@ jobs:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Install server dependencies
-        run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm --filter immich install --frozen-lockfile
+        run: npm --prefix=server ci
+
      - name: Build the app
-        run: pnpm --filter immich build
+        run: npm --prefix=server run build
+
      - name: Run API generation
-        run: ./bin/generate-open-api.sh
-        working-directory: open-api
+        run: make open-api
+
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
@@ -566,6 +651,7 @@ jobs:
            mobile/openapi
            open-api/typescript-sdk
            open-api/immich-openapi-specs.json
+
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
@@ -574,6 +660,7 @@ jobs:
          echo "ERROR: Generated files not up to date!"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1
+
  sql-schema-up-to-date:
    name: SQL Schema Checks
    runs-on: ubuntu-latest
@@ -581,42 +668,51 @@ jobs:
      contents: read
    services:
      postgres:
-        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3@sha256:da52bbead5d818adaa8077c8dcdaad0aaf93038c31ad8348b51f9f0ec1310a4d
+        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3@sha256:1f5583fe3397210a0fbc7f11b0cec18bacc4a99e3e8ea0548e9bd6bcf26ec37a
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
          POSTGRES_DB: immich
        options: >-
-          --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
        ports:
          - 5432:5432
    defaults:
      run:
        working-directory: ./server
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Install server dependencies
-        run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm install --frozen-lockfile
+        run: npm ci
+
      - name: Build the app
-        run: pnpm build
+        run: npm run build
+
      - name: Run existing migrations
-        run: pnpm migrations:run
+        run: npm run migrations:run
+
      - name: Test npm run schema:reset command works
-        run: pnpm schema:reset
+        run: npm run schema:reset
+
      - name: Generate new migrations
        continue-on-error: true
-        run: pnpm migrations:generate src/TestMigration
+        run: npm run migrations:generate src/TestMigration
+
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
@@ -632,16 +728,19 @@ jobs:
          echo "Changed files: ${CHANGED_FILES}"
          cat ./src/*-TestMigration.ts
          exit 1
+
      - name: Run SQL generation
-        run: pnpm sync:sql
+        run: npm run sync:sql
        env:
          DB_URL: postgres://postgres:postgres@localhost:5432/immich
+
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-sql-files
        with:
          files: |
            server/src/queries
+
      - name: Verify SQL files have not changed
        if: steps.verify-changed-sql-files.outputs.files_changed == 'true'
        env:
@@ -652,77 +751,77 @@ jobs:
          git diff
          exit 1

-# mobile-integration-tests:
-#   name: Run mobile end-to-end integration tests
-#   runs-on: macos-latest
-#   steps:
-#     - uses: actions/checkout@v4
-#     - uses: actions/setup-java@v3
-#       with:
-#         distribution: 'zulu'
-#         java-version: '12.x'
-#         cache: 'gradle'
-#     - name: Cache android SDK
-#       uses: actions/cache@v3
-#       id: android-sdk
-#       with:
-#         key: android-sdk
-#         path: |
-#           /usr/local/lib/android/
-#           ~/.android
-#     - name: Cache Gradle
-#       uses: actions/cache@v3
-#       with:
-#         path: |
-#           ./mobile/build/
-#           ./mobile/android/.gradle/
-#         key: ${{ runner.os }}-flutter-${{ hashFiles('**/*.gradle*', 'pubspec.lock') }}
-#     - name: Setup Android SDK
-#       if: steps.android-sdk.outputs.cache-hit != 'true'
-#       uses: android-actions/setup-android@v2
-#     - name: AVD cache
-#       uses: actions/cache@v3
-#       id: avd-cache
-#       with:
-#         path: |
-#           ~/.android/avd/*
-#           ~/.android/adb*
-#         key: avd-29
-#     - name: create AVD and generate snapshot for caching
-#       if: steps.avd-cache.outputs.cache-hit != 'true'
-#       uses: reactivecircus/android-emulator-runner@v2.27.0
-#       with:
-#         working-directory: ./mobile
-#         cores: 2
-#         api-level: 29
-#         arch: x86_64
-#         profile: pixel
-#         target: default
-#         force-avd-creation: false
-#         emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
-#         disable-animations: false
-#         script: echo "Generated AVD snapshot for caching."
-#     - name: Setup Flutter SDK
-#       uses: subosito/flutter-action@v2
-#       with:
-#         channel: 'stable'
-#         flutter-version: '3.7.3'
-#         cache: true
-#     - name: Run integration tests
-#       uses: Wandalen/wretry.action@master
-#       with:
-#         action: reactivecircus/android-emulator-runner@v2.27.0
-#         with: |
-#           working-directory: ./mobile
-#           cores: 2
-#           api-level: 29
-#           arch: x86_64
-#           profile: pixel
-#           target: default
-#           force-avd-creation: false
-#           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
-#           disable-animations: true
-#           script: |
-#             flutter pub get
-#             flutter test integration_test
-#         attempt_limit: 3
+  # mobile-integration-tests:
+  #   name: Run mobile end-to-end integration tests
+  #   runs-on: macos-latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #     - uses: actions/setup-java@v3
+  #       with:
+  #         distribution: 'zulu'
+  #         java-version: '12.x'
+  #         cache: 'gradle'
+  #     - name: Cache android SDK
+  #       uses: actions/cache@v3
+  #       id: android-sdk
+  #       with:
+  #         key: android-sdk
+  #         path: |
+  #           /usr/local/lib/android/
+  #           ~/.android
+  #     - name: Cache Gradle
+  #       uses: actions/cache@v3
+  #       with:
+  #         path: |
+  #           ./mobile/build/
+  #           ./mobile/android/.gradle/
+  #         key: ${{ runner.os }}-flutter-${{ hashFiles('**/*.gradle*', 'pubspec.lock') }}
+  #     - name: Setup Android SDK
+  #       if: steps.android-sdk.outputs.cache-hit != 'true'
+  #       uses: android-actions/setup-android@v2
+  #     - name: AVD cache
+  #       uses: actions/cache@v3
+  #       id: avd-cache
+  #       with:
+  #         path: |
+  #           ~/.android/avd/*
+  #           ~/.android/adb*
+  #         key: avd-29
+  #     - name: create AVD and generate snapshot for caching
+  #       if: steps.avd-cache.outputs.cache-hit != 'true'
+  #       uses: reactivecircus/android-emulator-runner@v2.27.0
+  #       with:
+  #         working-directory: ./mobile
+  #         cores: 2
+  #         api-level: 29
+  #         arch: x86_64
+  #         profile: pixel
+  #         target: default
+  #         force-avd-creation: false
+  #         emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
+  #         disable-animations: false
+  #         script: echo "Generated AVD snapshot for caching."
+  #     - name: Setup Flutter SDK
+  #       uses: subosito/flutter-action@v2
+  #       with:
+  #         channel: 'stable'
+  #         flutter-version: '3.7.3'
+  #         cache: true
+  #     - name: Run integration tests
+  #       uses: Wandalen/wretry.action@master
+  #       with:
+  #         action: reactivecircus/android-emulator-runner@v2.27.0
+  #         with: |
+  #           working-directory: ./mobile
+  #           cores: 2
+  #           api-level: 29
+  #           arch: x86_64
+  #           profile: pixel
+  #           target: default
+  #           force-avd-creation: false
+  #           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
+  #           disable-animations: true
+  #           script: |
+  #             flutter pub get
+  #             flutter test integration_test
+  #         attempt_limit: 3
--- a/.github/workflows/weblate-lock.yml
+++ b/.github/workflows/weblate-lock.yml
@@ -3,52 +3,48 @@ name: Weblate checks
 on:
  pull_request:
    branches: [main]
-    types:
-      - opened
-      - synchronize
-      - ready_for_review
-      - auto_merge_enabled
-      - auto_merge_disabled

 permissions: {}

-env:
-  BOT_NAME: immich-push-o-matic
-
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.i18n == 'true' && github.head_ref != 'chore/translations'}}
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            i18n:
              - 'i18n/!(en)**\.json'
-          exclude-branches: 'chore/translations'
-          skip-force-logic: 'true'

  enforce-lock:
    name: Check Weblate Lock
    needs: [pre-job]
    runs-on: ubuntu-latest
    permissions: {}
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    steps:
-      - name: Bot review status
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number || github.event.pull_request_review.pull_request.number }}
-          GH_TOKEN: ${{ github.token }}
+      - name: Check weblate lock
        run: |
-          # Then check for APPROVED by the bot, if absent fail
-          gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json reviews | jq -e '.reviews | map(select(.author.login == env.BOT_NAME and .state == "APPROVED")) | length > 0' \
-            || (echo "The push-o-matic bot has not approved this PR yet" && exit 1)
-
+          if [[ "false" = $(curl https://hosted.weblate.org/api/components/immich/immich/lock/ | jq .locked) ]]; then
+            exit 1
+          fi
+      - name: Find Pull Request
+        uses: juliangruber/find-pull-request-action@48b6133aa6c826f267ebd33aa2d29470f9d9e7d0 # v1.9.0
+        id: find-pr
+        with:
+          branch: chore/translations
+      - name: Fail if existing weblate PR
+        if: ${{ steps.find-pr.outputs.number }}
+        run: exit 1
  success-check-lock:
    name: Weblate Lock Check Success
    needs: [enforce-lock]
--- a/.gitignore
+++ b/.gitignore
@@ -18,13 +18,9 @@ mobile/libisar.dylib
 mobile/openapi/test
 mobile/openapi/doc
 mobile/openapi/.openapi-generator/FILES
-mobile/ios/build

 open-api/typescript-sdk/build
 mobile/android/fastlane/report.xml
 mobile/ios/fastlane/report.xml

 vite.config.js.timestamp-*
-.pnpm-store
-.devcontainer/library
-.devcontainer/.env*
--- a/.pnpmfile.cjs
+++ b/.pnpmfile.cjs
@@ -1,18 +0,0 @@
-module.exports = {
-  hooks: {
-    readPackage: (pkg) => {
-      if (!pkg.name) {
-        return pkg;
-      }
-      if (pkg.name === "exiftool-vendored") {
-        if (pkg.optionalDependencies["exiftool-vendored.pl"]) {
-          // make exiftool-vendored.pl a regular dependency
-          pkg.dependencies["exiftool-vendored.pl"] =
-            pkg.optionalDependencies["exiftool-vendored.pl"];
-          delete pkg.optionalDependencies["exiftool-vendored.pl"];
-        }
-      }
-      return pkg;
-    },
-  },
-};
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -7,7 +7,7 @@
      "restart": true,
      "port": 9231,
      "name": "Immich API Server",
-      "remoteRoot": "/usr/src/app/server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    },
    {
@@ -16,7 +16,7 @@
      "restart": true,
      "port": 9230,
      "name": "Immich Workers",
-      "remoteRoot": "/usr/src/app/server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    }
  ]
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -56,8 +56,7 @@
  "explorer.fileNesting.enabled": true,
  "explorer.fileNesting.patterns": {
    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
-    "*.ts": "${capture}.spec.ts,${capture}.mock.ts",
-    "package.json": "package-lock.json, yarn.lock, pnpm-lock.yaml, bun.lockb, bun.lock, pnpm-workspace.yaml, .pnpmfile.cjs"
+    "*.ts": "${capture}.spec.ts,${capture}.mock.ts"
  },
  "svelte.enable-ts-plugin": true,
  "typescript.preferences.importModuleSpecifier": "non-relative"
--- a/2
+++ b/2
@@ -1,7 +1,5 @@
 /.github/ @bo0tzz
 /docker/ @bo0tzz
 /server/ @danieldietzler
-/web/ @danieldietzler
 /machine-learning/ @mertalev
 /e2e/ @danieldietzler
-/mobile/ @shenlong-tanwen
--- a/120
+++ b/120
@@ -1,36 +1,27 @@
 dev:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans || make dev-down

 dev-down:
 	docker compose -f ./docker/docker-compose.dev.yml down --remove-orphans

 dev-update:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans

 dev-scale:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --scale immich-server=3 --remove-orphans
-
-dev-docs:
-	npm --prefix docs run start
+	docker compose -f ./docker/docker-compose.dev.yml up --build -V  --scale immich-server=3 --remove-orphans

 .PHONY: e2e
 e2e:
-	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --remove-orphans
-
-e2e-update:
-	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
-
-e2e-down:
-	docker compose -f ./e2e/docker-compose.yml down --remove-orphans
+	docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans

 prod:
-	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
+	docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans

 prod-down:
 	docker compose -f ./docker/docker-compose.prod.yml down --remove-orphans

 prod-scale:
-	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
+	docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans

 .PHONY: open-api
 open-api:
@@ -43,7 +34,7 @@ open-api-typescript:
 	cd ./open-api && bash ./bin/generate-open-api.sh typescript

 sql:
-	pnpm --filter immich run sync:sql
+	npm --prefix server run sync:sql

 attach-server:
 	docker exec -it docker_immich-server_1 sh
@@ -51,59 +42,33 @@ attach-server:
 renovate:
  LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset

-# Directories that need to be created for volumes or build output
-VOLUME_DIRS = \
-	./.pnpm-store \
-	./web/.svelte-kit \
-	./web/node_modules \
-	./web/coverage \
-	./e2e/node_modules \
-	./docs/node_modules \
-	./server/node_modules \
-	./open-api/typescript-sdk/node_modules \
-	./.github/node_modules \
-	./node_modules \
-	./cli/node_modules
-
-# Include .env file if it exists
-include docker/.env
-
 MODULES = e2e server web cli sdk docs .github

-# directory to package name mapping function
-#   cli     = @immich/cli
-#   docs    = documentation
-#   e2e     = immich-e2e
-#   open-api/typescript-sdk = @immich/sdk
-#   server  = immich
-#   web     = immich-web
-map-package = $(subst sdk,@immich/sdk,$(subst cli,@immich/cli,$(subst docs,documentation,$(subst e2e,immich-e2e,$(subst server,immich,$(subst web,immich-web,$1))))))
-
 audit-%:
-	pnpm --filter $(call map-package,$*) audit fix
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) audit fix
 install-%:
-	pnpm --filter $(call map-package,$*) install $(if $(FROZEN),--frozen-lockfile) $(if $(OFFLINE),--offline)
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) i
+ci-%:
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) ci
 build-cli: build-sdk
 build-web: build-sdk
 build-%: install-%
-	pnpm --filter $(call map-package,$*) run build
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run build
 format-%:
-	pnpm --filter $(call map-package,$*) run format:fix
+	npm --prefix $* run format:fix
 lint-%:
-	pnpm --filter $(call map-package,$*) run lint:fix
-lint-web:
-	pnpm --filter $(call map-package,$*) run lint:p
+	npm --prefix $* run lint:fix
 check-%:
-	pnpm --filter $(call map-package,$*) run check
+	npm --prefix $* run check
 check-web:
-	pnpm --filter immich-web run check:typescript
-	pnpm --filter immich-web run check:svelte
+	npm --prefix web run check:typescript
+	npm --prefix web run check:svelte
 test-%:
-	pnpm --filter $(call map-package,$*) run test
+	npm --prefix $* run test
 test-e2e:
 	docker compose -f ./e2e/docker-compose.yml build
-	pnpm --filter immich-e2e run test
-	pnpm --filter immich-e2e run test:web
+	npm --prefix e2e run test
+	npm --prefix e2e run test:web
 test-medium:
 	docker run \
    --rm \
@@ -113,39 +78,24 @@ test-medium:
    -v ./server/tsconfig.json:/usr/src/app/tsconfig.json \
    -e NODE_ENV=development \
    immich-server:latest \
-    -c "pnpm test:medium -- --run"
+    -c "npm ci && npm run test:medium -- --run"
 test-medium-dev:
-	docker exec -it immich_server /bin/sh -c "pnpm run test:medium"
+	docker exec -it immich_server /bin/sh -c "npm run test:medium"

-install-all:
-	pnpm -r --filter '!documentation' install
-
-build-all: $(foreach M,$(filter-out e2e docs .github,$(MODULES)),build-$M) ;
-
-check-all:
-	pnpm -r --filter '!documentation' run "/^(check|check\:svelte|check\:typescript)$/"
-lint-all:
-	pnpm -r --filter '!documentation' run lint:fix
-format-all:
-	pnpm -r --filter '!documentation' run format:fix
-audit-all:
-	pnpm -r --filter '!documentation' audit fix
-hygiene-all: audit-all
-	pnpm -r --filter '!documentation' run "/(format:fix|check|check:svelte|check:typescript|sql)/"
-
-test-all:
-	pnpm -r --filter '!documentation' run "/^test/"
+build-all: $(foreach M,$(filter-out e2e .github,$(MODULES)),build-$M) ;
+install-all: $(foreach M,$(MODULES),install-$M) ;  
+ci-all: $(foreach M,$(filter-out .github,$(MODULES)),ci-$M) ;
+check-all: $(foreach M,$(filter-out sdk cli docs .github,$(MODULES)),check-$M) ;
+lint-all: $(foreach M,$(filter-out sdk docs .github,$(MODULES)),lint-$M) ;
+format-all: $(foreach M,$(filter-out sdk,$(MODULES)),format-$M) ;
+audit-all:  $(foreach M,$(MODULES),audit-$M) ;
+hygiene-all: lint-all format-all check-all sql audit-all;
+test-all: $(foreach M,$(filter-out sdk docs .github,$(MODULES)),test-$M) ;

 clean:
-	find . -name "node_modules" -type d -prune -exec rm -rf {} +
+	find . -name "node_modules" -type d -prune -exec rm -rf '{}' +
 	find . -name "dist" -type d -prune -exec rm -rf '{}' +
 	find . -name "build" -type d -prune -exec rm -rf '{}' +
-	find . -name ".svelte-kit" -type d -prune -exec rm -rf '{}' +
-	find . -name "coverage" -type d -prune -exec rm -rf '{}' +
-	find . -name ".pnpm-store" -type d -prune -exec rm -rf '{}' +
-	command -v docker >/dev/null 2>&1 && docker compose -f ./docker/docker-compose.dev.yml down -v --remove-orphans || true
-	command -v docker >/dev/null 2>&1 && docker compose -f ./e2e/docker-compose.yml down -v --remove-orphans || true
-
-
-setup-server-dev: install-server
-setup-web-dev: install-sdk build-sdk install-web
+	find . -name "svelte-kit" -type d -prune -exec rm -rf '{}' +
+	docker compose -f ./docker/docker-compose.dev.yml rm -v -f || true
+	docker compose -f ./e2e/docker-compose.yml rm -v -f || true
--- a/cli/.nvmrc
+++ b/cli/.nvmrc
@@ -1 +1 @@
-22.19.0
+22.16.0
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -1,14 +1,19 @@
 FROM node:22.16.0-alpine3.20@sha256:2289fb1fba0f4633b08ec47b94a89c7e20b829fc5679f9b7b298eaa2f1ed8b7e AS core

+WORKDIR /usr/src/open-api/typescript-sdk
+COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
+RUN npm ci
+COPY open-api/typescript-sdk/ ./
+RUN npm run build
+
 WORKDIR /usr/src/app
-COPY package* pnpm* .pnpmfile.cjs ./
-COPY ./cli ./cli/
-COPY ./open-api/typescript-sdk ./open-api/typescript-sdk/
-RUN corepack enable pnpm && \
-  pnpm install --filter @immich/sdk --filter @immich/cli --frozen-lockfile && \
-  pnpm --filter @immich/sdk build && \
-  pnpm --filter @immich/cli build
+
+COPY cli/package.json cli/package-lock.json ./
+RUN npm ci
+
+COPY cli .
+RUN npm run build

 WORKDIR /import

-ENTRYPOINT ["node", "/usr/src/app/cli/dist"]
+ENTRYPOINT ["node", "/usr/src/app/dist"]
--- a/cli/bin/immich
+++ b/cli/bin/immich
@@ -1,2 +0,0 @@
-#!/usr/bin/env node
-import '../dist/index.js';
--- a/cli/package-lock.json
+++ b/cli/package-lock.json
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,11 +1,11 @@
 {
  "name": "@immich/cli",
-  "version": "2.2.92",
+  "version": "2.2.72",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
  "bin": {
-    "immich": "./bin/immich"
+    "immich": "dist/index.js"
  },
  "license": "GNU Affero General Public License version 3",
  "keywords": [
@@ -13,6 +13,7 @@
    "cli"
  ],
  "devDependencies": {
+    "@eslint/eslintrc": "^3.1.0",
    "@eslint/js": "^9.8.0",
    "@immich/sdk": "file:../open-api/typescript-sdk",
    "@types/byte-size": "^8.1.0",
@@ -20,22 +21,22 @@
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^22.18.1",
+    "@types/node": "^22.15.32",
    "@vitest/coverage-v8": "^3.0.0",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
    "commander": "^12.0.0",
    "eslint": "^9.14.0",
-    "eslint-config-prettier": "^10.1.8",
+    "eslint-config-prettier": "^10.0.0",
    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^60.0.0",
+    "eslint-plugin-unicorn": "^59.0.0",
    "globals": "^16.0.0",
    "mock-fs": "^5.2.0",
    "prettier": "^3.2.5",
    "prettier-plugin-organize-imports": "^4.0.0",
    "typescript": "^5.3.3",
    "typescript-eslint": "^8.28.0",
-    "vite": "^7.0.0",
+    "vite": "^6.0.0",
    "vite-tsconfig-paths": "^5.0.0",
    "vitest": "^3.0.0",
    "vitest-fetch-mock": "^0.4.0",
@@ -68,6 +69,6 @@
    "micromatch": "^4.0.8"
  },
  "volta": {
-    "node": "22.19.0"
+    "node": "22.16.0"
  }
 }
--- a/deployment/.env
+++ b/deployment/.env
@@ -1,4 +0,0 @@
-export CLOUDFLARE_ACCOUNT_ID="op://tf/cloudflare/account_id"
-export CLOUDFLARE_API_TOKEN="op://tf/cloudflare/api_token"
-export TF_STATE_POSTGRES_CONN_STR="op://tf/tf_state/postgres_conn_str"
-export TF_VAR_env=$ENVIRONMENT
--- a/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.

 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.5"
-  constraints = "4.52.5"
+  version     = "4.52.0"
+  constraints = "4.52.0"
  hashes = [
-    "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=",
-    "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=",
-    "h1:4vZVOpKeEQZsF2VrARRZFeL37Ed/gD4rRMtfnvWQres=",
-    "h1:BZOsTF83QPKXTAaYqxPKzdl1KRjk/L2qbPpFjM0w28A=",
-    "h1:CDuC+HXLvc1z6wkCRsSDcc/+QENIHEtssYshiWg3opA=",
-    "h1:DE+YFzLnqSe79pI2R4idRGx5QzLdrA7RXvngTkGfZ30=",
-    "h1:DfaJwH3Ml4yrRbdAY4AcDVy0QTQk5T3A622TXzS/u2E=",
-    "h1:EIDXP0W3kgIv2pecrFmqtK/DnlqkyckzBzhxKaXU+4A=",
-    "h1:EV4kYyaOnwGA0bh/3hU6Ezqnt1PFDxopH7i85e48IzY=",
-    "h1:M0iXabfzamU+MPDi0G9XACpbacFKMakmM+Z9HZ8HrsM=",
-    "h1:YWmCbGF/KbsrUzcYVBLscwLizidbp95TDQa0N2qpmVo=",
-    "h1:cxPcCB5gbrpUO1+IXkQYs1YTY50/0IlApCzGea0cwuQ=",
-    "h1:g6DldikTV2HXUu9uoeNY5FuLufgaYWF4ufgZg7wq62s=",
-    "h1:oi/Hrx9pwoQ+Z52CBC+rrowVH387EIj0qvnxQgDeI+0=",
-    "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b",
-    "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a",
-    "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7",
-    "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238",
-    "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b",
-    "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072",
-    "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661",
-    "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c",
+    "h1:2BEJyXJtYC4B4nda/WCYUmuJYDaYk88F8t1pwPzr0iQ=",
+    "h1:4IASk5SESeWKQ7JU0+M7KApuF5mZyklvwMXPBabim3c=",
+    "h1:5ImZxxALSnWfH/4EXw/wFirSmk5Tr0ACmcysy51AafE=",
+    "h1:6TJ3dxLSin4ZKBJLsZDn95H2ZYnGm8S7GGHvvXuuMQU=",
+    "h1:IzTUjg9kQ4N3qizP9CjYLeHwjsuGgtxwXvfUQWyOLcA=",
+    "h1:NTaOQfYINA0YTG/V1/9+SYtgX1it63+cBugj4WK4FWc=",
+    "h1:PXH48LuJn329sCfMXprdMDk51EZaWFyajVvS03qhQLs=",
+    "h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
+    "h1:ShXZ2ZjBvm3thfoPPzPT8+OhyismnydQVkUAfI8X12w=",
+    "h1:WQ9hu0Wge2msBbODfottCSKgu8oKUrw4Opz+fDPVVHk=",
+    "h1:Z5yXML2DE0uH9UU+M0ut9JMQAORcwVZz1CxBHzeBmao=",
+    "h1:jqI2qKknpleS3JDSplyGYHMu0u9K/tor1ZOjFwDgEMk=",
+    "h1:kgfutDh14Q5nw4eg6qGFamFxIiY8Ae0FPKRBLDOzpcI=",
+    "h1:zCAO7GZmfYhWb+i6TfqlqhMeDyPZWGio2IzEzAh3YTs=",
+    "zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
+    "zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
+    "zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
+    "zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
+    "zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
+    "zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
+    "zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
+    "zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54",
-    "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852",
-    "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0",
-    "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5",
-    "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036",
-    "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803",
+    "zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
+    "zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
+    "zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
+    "zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
+    "zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
+    "zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
  ]
 }
--- a/deployment/modules/cloudflare/docs-release/config.tf
+++ b/deployment/modules/cloudflare/docs-release/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.52.5"
+      version = "4.52.0"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs-release/domain.tf
+++ b/deployment/modules/cloudflare/docs-release/domain.tf
@@ -1,11 +1,11 @@
 resource "cloudflare_pages_domain" "immich_app_release_domain" {
  account_id   = var.cloudflare_account_id
  project_name = data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_name
-  domain       = "docs.immich.app"
+  domain       = "immich.app"
 }

 resource "cloudflare_record" "immich_app_release_domain" {
-  name = "docs.immich.app"
+  name = "immich.app"
  proxied = true
  ttl = 1
  type = "CNAME"
--- a/deployment/modules/cloudflare/docs/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.

 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.5"
-  constraints = "4.52.5"
+  version     = "4.52.0"
+  constraints = "4.52.0"
  hashes = [
-    "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=",
-    "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=",
-    "h1:4vZVOpKeEQZsF2VrARRZFeL37Ed/gD4rRMtfnvWQres=",
-    "h1:BZOsTF83QPKXTAaYqxPKzdl1KRjk/L2qbPpFjM0w28A=",
-    "h1:CDuC+HXLvc1z6wkCRsSDcc/+QENIHEtssYshiWg3opA=",
-    "h1:DE+YFzLnqSe79pI2R4idRGx5QzLdrA7RXvngTkGfZ30=",
-    "h1:DfaJwH3Ml4yrRbdAY4AcDVy0QTQk5T3A622TXzS/u2E=",
-    "h1:EIDXP0W3kgIv2pecrFmqtK/DnlqkyckzBzhxKaXU+4A=",
-    "h1:EV4kYyaOnwGA0bh/3hU6Ezqnt1PFDxopH7i85e48IzY=",
-    "h1:M0iXabfzamU+MPDi0G9XACpbacFKMakmM+Z9HZ8HrsM=",
-    "h1:YWmCbGF/KbsrUzcYVBLscwLizidbp95TDQa0N2qpmVo=",
-    "h1:cxPcCB5gbrpUO1+IXkQYs1YTY50/0IlApCzGea0cwuQ=",
-    "h1:g6DldikTV2HXUu9uoeNY5FuLufgaYWF4ufgZg7wq62s=",
-    "h1:oi/Hrx9pwoQ+Z52CBC+rrowVH387EIj0qvnxQgDeI+0=",
-    "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b",
-    "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a",
-    "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7",
-    "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238",
-    "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b",
-    "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072",
-    "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661",
-    "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c",
+    "h1:2BEJyXJtYC4B4nda/WCYUmuJYDaYk88F8t1pwPzr0iQ=",
+    "h1:4IASk5SESeWKQ7JU0+M7KApuF5mZyklvwMXPBabim3c=",
+    "h1:5ImZxxALSnWfH/4EXw/wFirSmk5Tr0ACmcysy51AafE=",
+    "h1:6TJ3dxLSin4ZKBJLsZDn95H2ZYnGm8S7GGHvvXuuMQU=",
+    "h1:IzTUjg9kQ4N3qizP9CjYLeHwjsuGgtxwXvfUQWyOLcA=",
+    "h1:NTaOQfYINA0YTG/V1/9+SYtgX1it63+cBugj4WK4FWc=",
+    "h1:PXH48LuJn329sCfMXprdMDk51EZaWFyajVvS03qhQLs=",
+    "h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
+    "h1:ShXZ2ZjBvm3thfoPPzPT8+OhyismnydQVkUAfI8X12w=",
+    "h1:WQ9hu0Wge2msBbODfottCSKgu8oKUrw4Opz+fDPVVHk=",
+    "h1:Z5yXML2DE0uH9UU+M0ut9JMQAORcwVZz1CxBHzeBmao=",
+    "h1:jqI2qKknpleS3JDSplyGYHMu0u9K/tor1ZOjFwDgEMk=",
+    "h1:kgfutDh14Q5nw4eg6qGFamFxIiY8Ae0FPKRBLDOzpcI=",
+    "h1:zCAO7GZmfYhWb+i6TfqlqhMeDyPZWGio2IzEzAh3YTs=",
+    "zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
+    "zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
+    "zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
+    "zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
+    "zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
+    "zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
+    "zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
+    "zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54",
-    "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852",
-    "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0",
-    "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5",
-    "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036",
-    "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803",
+    "zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
+    "zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
+    "zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
+    "zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
+    "zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
+    "zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
  ]
 }
--- a/deployment/modules/cloudflare/docs/config.tf
+++ b/deployment/modules/cloudflare/docs/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.52.5"
+      version = "4.52.0"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs/domain.tf
+++ b/deployment/modules/cloudflare/docs/domain.tf
@@ -1,11 +1,11 @@
 resource "cloudflare_pages_domain" "immich_app_branch_domain" {
  account_id   = var.cloudflare_account_id
  project_name = local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_name : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_name
-  domain       = "docs.${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
+  domain       = "${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
 }

 resource "cloudflare_record" "immich_app_branch_subdomain" {
-  name    = "docs.${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
+  name    = "${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
  proxied = true
  ttl     = 1
  type    = "CNAME"
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -16,31 +16,23 @@ name: immich-dev
 services:
  immich-server:
    container_name: immich_server
-    command: ['immich-dev']
+    command: ['/usr/src/app/bin/immich-dev']
    image: immich-server-dev:latest
    # extends:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    build:
      context: ../
-      dockerfile: server/Dockerfile.dev
+      dockerfile: server/Dockerfile
      target: dev
    restart: unless-stopped
    volumes:
-      - ..:/usr/src/app
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ../server:/usr/src/app
+      - ../open-api:/usr/src/open-api
+      - ${UPLOAD_LOCATION}/photos:/usr/src/app/upload
+      - ${UPLOAD_LOCATION}/photos/upload:/usr/src/app/upload/upload
+      - /usr/src/app/node_modules
      - /etc/localtime:/etc/localtime:ro
-      - pnpm-store:/usr/src/app/.pnpm-store
-      - server-node_modules:/usr/src/app/server/node_modules
-      - web-node_modules:/usr/src/app/web/node_modules
-      - github-node_modules:/usr/src/app/.github/node_modules
-      - cli-node_modules:/usr/src/app/cli/node_modules
-      - docs-node_modules:/usr/src/app/docs/node_modules
-      - e2e-node_modules:/usr/src/app/e2e/node_modules
-      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
-      - app-node_modules:/usr/src/app/node_modules
-      - sveltekit:/usr/src/app/web/.svelte-kit
-      - coverage:/usr/src/app/web/coverage
    env_file:
      - .env
    environment:
@@ -66,47 +58,37 @@ services:
      - 9231:9231
      - 2283:2283
    depends_on:
-      redis:
-        condition: service_started
-      database:
-        condition: service_started
+      - redis
+      - database
    healthcheck:
      disable: false

  immich-web:
    container_name: immich_web
    image: immich-web-dev:latest
+    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
+    # user: 0:0
    build:
-      context: ../
-      dockerfile: server/Dockerfile.dev
-      target: dev
-    command: ['immich-web']
+      context: ../web
+    command: ['/usr/src/app/bin/immich-web']
    env_file:
      - .env
    ports:
      - 3000:3000
      - 24678:24678
    volumes:
-      - ..:/usr/src/app
-      - pnpm-store:/usr/src/app/.pnpm-store
-      - server-node_modules:/usr/src/app/server/node_modules
-      - web-node_modules:/usr/src/app/web/node_modules
-      - github-node_modules:/usr/src/app/.github/node_modules
-      - cli-node_modules:/usr/src/app/cli/node_modules
-      - docs-node_modules:/usr/src/app/docs/node_modules
-      - e2e-node_modules:/usr/src/app/e2e/node_modules
-      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
-      - app-node_modules:/usr/src/app/node_modules
-      - sveltekit:/usr/src/app/web/.svelte-kit
-      - coverage:/usr/src/app/web/coverage
+      - ../web:/usr/src/app
+      - ../i18n:/usr/src/i18n
+      - ../open-api/:/usr/src/open-api/
+      # - ../../ui:/usr/ui
+      - /usr/src/app/node_modules
    ulimits:
      nofile:
        soft: 1048576
        hard: 1048576
    restart: unless-stopped
    depends_on:
-      immich-server:
-        condition: service_started
+      - immich-server

  immich-machine-learning:
    container_name: immich_machine_learning
@@ -134,13 +116,13 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
    healthcheck:
      test: redis-cli ping || exit 1

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:5f6a838e4e44c8e0e019d0ebfe3ee8952b69afc2809b2c25f7b0119641978e91
    env_file:
      - .env
    environment:
@@ -178,14 +160,3 @@ volumes:
  model-cache:
  prometheus-data:
  grafana-data:
-  pnpm-store:
-  server-node_modules:
-  web-node_modules:
-  github-node_modules:
-  cli-node_modules:
-  docs-node_modules:
-  e2e-node_modules:
-  sdk-node_modules:
-  app-node_modules:
-  sveltekit:
-  coverage:
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -20,7 +20,7 @@ services:
      context: ../
      dockerfile: server/Dockerfile
    volumes:
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ${UPLOAD_LOCATION}/photos:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -56,14 +56,14 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:5f6a838e4e44c8e0e019d0ebfe3ee8952b69afc2809b2c25f7b0119641978e91
    env_file:
      - .env
    environment:
@@ -83,7 +83,7 @@ services:
    container_name: immich_prometheus
    ports:
      - 9090:9090
-    image: prom/prometheus@sha256:63805ebb8d2b3920190daf1cb14a60871b16fd38bed42b857a3182bc621f4996
+    image: prom/prometheus@sha256:9abc6cf6aea7710d163dbb28d8eeb7dc5baef01e38fa4cd146a406dd9f07f70d
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
@@ -95,7 +95,7 @@ services:
    command: ['./run.sh', '-disable-reporting']
    ports:
      - 3000:3000
-    image: grafana/grafana:12.1.1-ubuntu@sha256:d1da838234ff2de93e0065ee1bf0e66d38f948dcc5d718c25fa6237e14b4424a
+    image: grafana/grafana:12.0.2-ubuntu@sha256:0512d81cdeaaff0e370a9aa66027b465d1f1f04379c3a9c801a905fabbdbc7a5
    volumes:
      - grafana-data:/var/lib/grafana

--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -18,7 +18,7 @@ services:
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -49,14 +49,14 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:5f6a838e4e44c8e0e019d0ebfe3ee8952b69afc2809b2c25f7b0119641978e91
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
--- a/docker/scripts/get-cpus.sh
+++ b/docker/scripts/get-cpus.sh
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -18,6 +18,4 @@
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
-yarn.lock
-
-/static/openapi.json
+yarn.lock
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-22.19.0
+22.16.0
--- a/docs/README.md
+++ b/docs/README.md
@@ -5,13 +5,13 @@ This website is built using [Docusaurus](https://docusaurus.io/), a modern stati
 ### Installation

 ```
-$ pnpm install
+$ npm install
 ```

 ### Local Development

 ```
-$ pnpm run start
+$ npm run start
 ```

 This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
@@ -19,7 +19,7 @@ This command starts a local development server and opens up a browser window. Mo
 ### Build

 ```
-$ pnpm run build
+$ npm run build
 ```

 This command generates static content into the `build` directory and can be served using any static contents hosting service.
@@ -29,13 +29,13 @@ This command generates static content into the `build` directory and can be serv
 Using SSH:

 ```
-$ USE_SSH=true pnpm run deploy
+$ USE_SSH=true npm run deploy
 ```

 Not using SSH:

 ```
-$ GIT_USER=<Your GitHub username> pnpm run deploy
+$ GIT_USER=<Your GitHub username> npm run deploy
 ```

 If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the `gh-pages` branch.
--- a/docs/blog/2022/11-10/release-1.36.mdx
+++ b/docs/blog/2022/11-10/release-1.36.mdx
@@ -0,0 +1,110 @@
+---
+slug: release-1-36
+title: Release v1.36.0
+authors: [alextran]
+tags: [release]
+date: 2022-11-10
+---
+
+Hello everyone, it is my pleasure to deliver the new release of Immich to you. The team has been working hard to bring you the new features and improvements. This release includes some big features that the community has been asking since the beginning of Immich. We hope you will enjoy it.
+
+Some notable features are:
+
+- OAuth integration
+- LivePhoto support on iOS
+- User config system
+
+<!--truncate-->
+
+## LivePhoto iOS Support 🎉
+
+LivePhoto on iOS is now supported in Immich.
+
+The motion part will now be uploaded and can be played on the mobile app and the web.
+
+:::caution
+
+- The server and the app has to be on version **1.36.x** for the application to work correctly.
+- Previous uploaded photos will not be updated automatically, you will have to remove and reupload them if you want to keep the LivePhoto functionality.
+
+:::
+
+<img
+  src="https://media.giphy.com/media/fTrGceZd7t1ewi8ESc/giphy.gif"
+  width="100%"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+  title="LivePhoto playback on the web"
+/>
+
+## OAuth Integration 🎉
+
+I want to borrow this chance to express my gratitude to [@EnricoBilla](https://github.com/EnricoBilla), who has been the trailblazer for this feature since the beginning days of Immich. His PR has sparked ideas, suggestions, and discussion among the team member on how to integrate this feature successfully into the app. Thank you so much for your work and your time.
+
+OAuth is now integrated into the system. Please follow the guide [here](https://immich.app/docs/usage/oauth) to set up your OAuth integration
+
+After setting up the correct environment variables in the `.env` file, as shown below
+
+| Key                 | Type    | Default              | Description                                                               |
+| ------------------- | ------- | -------------------- | ------------------------------------------------------------------------- |
+| OAUTH_ENABLED       | boolean | false                | Enable/disable OAuth2                                                     |
+| OAUTH_ISSUER_URL    | URL     | (required)           | Required. Self-discovery URL for client                                   |
+| OAUTH_CLIENT_ID     | string  | (required)           | Required. Client ID                                                       |
+| OAUTH_CLIENT_SECRET | string  | (required)           | Required. Client Secret                                                   |
+| OAUTH_SCOPE         | string  | openid email profile | Full list of scopes to send with the request (space delimited)            |
+| OAUTH_AUTO_REGISTER | boolean | true                 | When true, will automatically register a user the first time they sign in |
+| OAUTH_BUTTON_TEXT   | string  | Login with OAuth     | Text for the OAuth button on the web                                      |
+
+```bash title="Authentik Example"
+OAUTH_ENABLED=true
+OAUTH_ISSUER_URL=http://10.1.15.216:9000/application/o/immich-test/
+OAUTH_CLIENT_ID=30596v8f78a4b6a97d5985c3076b6b4c4d12ddc33
+OAUTH_CLIENT_SECRET=50f1eafdec353b95b1c638db390db4ab67ef035a51212dbec2f56175e2eb272b5d572c099176e6fe116ecf47ffdd544bgdb9e2edc588307ee0339d25eeccd88
+OAUTH_BUTTON_TEXT=Login with Authentik
+```
+
+The web will have the option to sign in with OAuth.
+
+<img
+  src="https://user-images.githubusercontent.com/27055614/202923726-f43fa148-47f5-4182-8f29-b0b87e4586fa.png"
+  width="50%"
+  title="Web Sign in with OAuth"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+/>
+
+The mobile app will check if the server has OAuth enabled before displaying the OAuth
+sign-in button.
+
+<img
+  src="https://media.giphy.com/media/3iy3SaNkVYtlkEiw06/giphy.gif"
+  title="Mobile sign in with OAuth"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+/>
+
+## Support
+
+<img
+  src="https://media.giphy.com/media/LStqgGESXW8XnuCv5y/giphy.gif"
+  width="300"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+  title="Support the project"
+/>
+
+If you find the project helpful and it helps you in some ways, you can support the project [one time](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502) or [monthly](https://github.com/sponsors/alextran1502) from GitHub Sponsor
+
+It is a great way to let me know that you want me to continue developing and working on this project for years to come.
+
+## Details
+
+For more details, please check out the [release note](https://github.com/immich-app/immich/releases/tag/v1.36.0_55-dev)
--- a/docs/blog/2023/06-24/update.mdx
+++ b/docs/blog/2023/06-24/update.mdx
@@ -0,0 +1,103 @@
+---
+title: Immich Update - June 2023
+authors: [alextran]
+tags: [update]
+---
+
+Hello everybody, Alex here!
+
+I am back with another update on Immich. It has been only a month since my last update (May 18th, 2023), but it seems forever. I think the rapid releases of Immich and the amount of work make the perspective of time change in Immich’s world. We have some exciting updates that I think you will like.
+
+Before going into detail, on behalf of the core team, I would like to thank all of you for loving Immich and contributing to the project. Thank you for helping me make Immich an enjoyable alternative solution to Google Photos so that you have complete control of your data and privacy. I know we are still young and have a lot of work to do, but I am confident we will get there with help from the community. I appreciate all of you from the bottom of my heart!
+
+<!--truncate-->
+
+And now, to the exciting part, what is new in Immich’s world?
+
+- Initial support for existing gallery.
+- Memory feature.
+- Support XMP sidecar.
+- Support more raw formats.
+- Justified layout for web timeline and blurred thumbnail hash.
+- Mechanism to host machine learning on a completely different machine.
+
+## Support for existing gallery
+
+I know this is the most controversial feature when it comes to Immich’s way of ingesting photos and videos. For many users, having to upload photos and videos to Immich is simply not working. We listen, discuss, and digest this feature internally more than you imagine because it is not a simple feature to tackle while keeping the performance and the user experience at the top level, which is Immich’s primary goal.
+
+Thankfully, we have many great contributors and developers that want to make this come true. So we came up with an initial implementation of this feature in the form of a supporting read-only gallery.
+
+To be concise, Immich can now read in the gallery files, register the path into the database, and then generate necessary files and put them through Immich’s machine learning pipeline so you can use all the goodness of Immich without the need to upload them. Since this is the initial implementation, some actions/behavior are not yet supported, and we aim to build toward them in future releases, namely:
+
+- Assets are not automatically synced and must instead be manually synced with the CLI tool.
+- Only new files that are added to the gallery will be detected.
+- Deleted and moved files will not be detected.
+
+## Memory feature
+
+This is considered a fun feature that the team and I wanted to build for so long, but we had to put it off because of the refactoring of the code base. The code base is now in a good enough form to circle back and add more exciting features.
+
+This memory feature is very much similar to GPhotos' implementation of “x years since…”. We are aiming to add more categories of memories in the future, such as “Spotlight of the day” or “Day of the Week highlights”
+
+<iframe
+  width="560"
+  height="315"
+  src="https://www.youtube.com/embed/j5XZKvViPew"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+This feature is now available on the web and will be ported to the mobile app in the near future.
+
+## Support XMP Sidecar
+
+Immich can now import/upload XMP sidecars from the CLI and use the information as the metadata of assets.
+
+## Support more raw formats.
+
+With the recent updates on the dependencies of Immich, we are now extending and hardening support for multiple raw formats. So users with DSLR or mirrorless cameras can now upload their original files to Immich and have them displayed in high-quality thumbnails on the web and mobile view.
+
+## Justified layout for web timeline and blurred thumbnail hash
+
+This is an aesthetic improvement in user experience when browsing the timeline. Photos and videos are now displayed correctly with perspective orientation, making the browsing experience more pleasurable.
+
+To further improve the browsing experience, we now added a blur hash to the thumbnail, so the transition is more natural with a dreamy fade in effect, similar to how our brain goes from faded to vivid memory
+
+<iframe
+  width="560"
+  height="315"
+  src="https://www.youtube.com/embed/b95FLmGHRFc"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+## Hosting machine learning container on a different machine
+
+With more capabilities Immich is building toward, machine learning will get more powerful and therefore require more resources to run effectively. However, we understand that users might not have the best server resources where they host the Immich instance. Therefore, we changed how machine learning interacts and receives the photos and videos to run through its inference pipeline.
+
+The machine learning container is now a headless system that can run on any machine. As long as your Immich instance can communicate with the system running the machine learning container, it can send the files and receive the required information to make Immich powerful in terms of searching and intelligence. This helps you to utilize a more powerful machine in your home/infrastructure to perform the CPU-intensive tasks while letting Immich only handle the I/O operations for a pleasant and smooth experience.
+
+---
+
+So, those are the highlights for the team and the community after a busy month. There are a lot more changes and improvements. I encourage you to read some release notes, starting from version [v1.57.0](https://github.com/immich-app/immich/releases/tag/v1.57.0) to now.
+
+Thank you, and I am asking for your support for the project. I hope to be a full-time maintainer of Immich one day to dedicate myself to the project as my life works for the community and my family. You can find the support channels below:
+
+- Monthly donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502)
+- One-time donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502)
+- [Liberapay](https://liberapay.com/alex.tran1502/)
+- [buymeacoffee](https://www.buymeacoffee.com/altran1502)
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
+- Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.
+
+Join our friendly [Discord](https://discord.immich.app) to talk and discuss Immich, tech, or anything
+
+Cheer!
+
+Until next time!
+
+Alex
--- a/docs/blog/2023/07-29/images/web-shortcuts-panel.png
+++ b/docs/blog/2023/07-29/images/web-shortcuts-panel.png
--- a/docs/blog/2023/07-29/update.mdx
+++ b/docs/blog/2023/07-29/update.mdx
@@ -0,0 +1,151 @@
+---
+title: Immich Update - July 2023
+authors: [alextran]
+tags: [update, v1.64.0-v1.71.0]
+---
+
+Hello, Immich fans, another month, another milestone. We hope you are staying cool and safe in this scorching hot summer across the globe.
+
+Immich recently got some good recognition when getting to the front page of HackerNews, which helped to let more people know about the project's existence. The project will help more and more people find a solution to control the privacy of their most precious moments. And with the gain in popularity and recognition, we have gotten new users and more questions from the community than ever.
+
+I want to express my gratitude to all the contributors and the community who have been tremendously helpful to new users' questions and provided technical support.
+
+Below are the highlights of new features we added to the application over the past month, along with countless bug fixes and improvements across the board, from developer experience to resource optimization and UI/UX improvement. I hope you find these topics as exciting as I am.
+
+## Highlights
+
+- Memories feature.
+- Facial recognition improvements.
+- Improvements on multi selection behavior on the web.
+- Shortcuts for common actions on the web.
+- Support viewer for 360-panorama photos.
+
+<!--truncate-->
+
+---
+
+### Memories feature
+
+We've added the memory feature on the mobile app, so you can reminisce about your past memories.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/c7OTl-RqNRE"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+### Facial recognition improvements
+
+Over the past few releases, we have added many UI improvements to the facial recognition feature to help you manage the recognized people better. Some of the highlights:
+
+#### Choose a new feature photo for a person.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/PmJp8DmSh1U"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+#### Hide and show faces.
+
+You can now select irrelevant faces to hide them. The hidden faces won’t be displayed in search results and the people section in the info panel.
+
+#### Merge faces.
+
+This is useful when you have multiple faces of the same person in your photos, and you want to merge them into one.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/-Xskhw-vpc4"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+We also added a nifty mechanism that when naming a face, similar names will prompt you a merge face option for the convenience.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/XzE6wficbl4"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+### Improvements on multi selection behavior on the web
+
+We have added a new multi selection behavior on the web to help you select multiple items easier. You can now select a range of photos and videos by holding the `Shift` key.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/e_SiuHpVnmM"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+### Shortcuts for common actions on the web.
+
+Some of us only navigate the world and the web with a keyboard (looking at you, Vim and Emacs users). So it would take away the sacred weapon of choice to require many clicks to perform repetitive actions. So we added quick shortcuts for the following action on the web.
+
+<img
+  src={require('./images/web-shortcuts-panel.png').default}
+  width="100%"
+  style={{ borderRadius: '25px' }}
+  alt="Dot Env Example"
+/>
+
+### Support viewer for 360-panorama photos.
+
+Photos with the EXIF property of `ProjectionType` will now have a special viewer on the web to view all the angles of the panorama.
+
+The thumbnail of the 360 degrees panoramas will have a special icon on the top right of the thumbnail
+
+<img
+  src="https://github.com/immich-app/immich/assets/61410067/728ca1b0-375c-4631-8081-a609843e702f"
+  width="50%"
+  style={{ borderRadius: '25px' }}
+  alt="Dot Env Example"
+/>
+
+Panorama in the detail view
+
+<img
+  src="https://github.com/immich-app/immich/assets/61410067/3c89dac4-395d-45fa-9bc5-98a6248fd476"
+  width="50%"
+  style={{ borderRadius: '25px' }}
+  alt="Dot Env Example"
+/>
+
+---
+
+Thank you, and I am asking for your support for the project. I hope to be a full-time maintainer of Immich one day to dedicate myself to the project as my life's work for the community and my family. You can find the support channels below:
+
+- Monthly donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502)
+- One-time donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502)
+- [Liberapay](https://liberapay.com/alex.tran1502/)
+- [buymeacoffee](https://www.buymeacoffee.com/altran1502)
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
+- Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.
+
+Join our friendly [Discord](https://discord.immich.app) to talk and discuss Immich, tech, or anything
+
+Cheer!
+
+Until next time!
+
+Alex
--- a/docs/blog/2023/2023-recap.mdx
+++ b/docs/blog/2023/2023-recap.mdx
@@ -0,0 +1,71 @@
+---
+title: Immich Recap 2023
+authors: [alextran]
+tags: [update, recap-2023]
+date: 2023-12-30T00:00
+---
+
+Hi everyone,
+
+Alex from Immich here.
+
+We are entering the last few weeks of 2023, and it has been quite a year for Immich. The project has grown so much in terms of users, developers, features, maturity, and the community around it. When I started working on Immich, it was simply a challenge for myself and an opportunity to learn new technologies, crafting something fun and useful for my wife during my free time to satisfy my urge to build and create things. I never thought it would become so popular and help so many people. At the end of the day, all we have is memory. I am proud that the team and I have created something to make storing and viewing those precious memories easier without restrictions and without sacrificing our privacy. As the year closes, here’s a recap of everything the project accomplished in 2023.
+
+# Milestones
+
+- Public shared links
+- Favorites page
+- Immich turned 1
+- Material Design 3 on the mobile app
+- Auto-link LivePhotos server-side
+- iOS background backup
+- Explore page
+- CLIP search
+- Search by metadata
+- Responsive web app
+- Archive page
+- Asset descriptions
+- 10,000 stars on GitHub
+- Manage auth devices
+- Map view
+- Facial recognition, clustering, searching, renaming, and person management
+- Partner sharing and unifying timeline between partners' users
+- Custom storage label
+- XMP sidecar reading
+- RAW file formats
+- Justified layout on the web
+- Memories
+- Multi-select via SHIFT
+- Android Motion Photos
+- 360° Photos
+- Album description
+- Album performance improvements (time buckets)
+- Video hardware transcoding
+- Slideshow mode on the web
+- Configuration file
+- External libraries
+- Trash page
+- Custom theme
+- Asset Stacking
+- 20,000 stars on GitHub
+- Shared album activity and comments
+- CLI v2
+- Down to 5 containers (from 8)
+
+# Fun Statistics
+
+- We have gone from the release version `1.41.0` to `1.90.0` at the time of writing. On average, we see a release every 7 days.
+- According to GitHub's metrics, the `immich-server` container image has been pulled almost _4 million_ times.
+- According to mobile app store metrics, we have 22,000 installations on Android and 6700 installation units on iOS (opt-in only).
+- Immich is making around $1200/month on average from donations. (Thank you all so much!)
+- We were guests on two podcasts:
+  - [Self-hosted](https://selfhosted.show/110)
+  - [The Vergecast](https://www.theverge.com/23938533/self-hosting-local-first-software-vergecast)
+- There are over 4,500 members on the Discord server.
+- We have over 22,000 stars on the main GitHub repository, gaining 15,000 stars since January 2023.
+
+Diving into the next year, the team will continue to build on the foundation we have laid out over the past year, implementing more advanced features for searching, organizing, and sharing between users. Bugs will continue to be squashed and conquered. “Shit Alex wrote'' code will continue to be replaced by beautiful, clean code from Jason, Zack, Boet, Daniel, Osorin, Mert, Fynn, Marty, Martin, and Jonathan. The team has my eternal gratitude for creating a welcoming environment for new contributors, helping, teaching, and learning from each other. I’ve realized that hardly a day has gone by where the team hasn’t been in communication about Immich related topics over the past year.
+
+My long-term goal is to help hone Immich into a diamond in the FOSS space, where the UI, UX, development experiences, documentation, and quality are at a high standard while remaining free for everybody to use.
+
+I hope you enjoy Immich and have a happy and peaceful holiday.
--- a/docs/blog/2024/immich-core-team-goes-fulltime.mdx
+++ b/docs/blog/2024/immich-core-team-goes-fulltime.mdx
@@ -0,0 +1,75 @@
+---
+title: The Immich core team goes full-time
+authors: [alextran]
+tags: [update, announcement, FUTO]
+date: 2024-05-01T00:00
+---
+
+**Immich is joining [FUTO](https://futo.org/)!**
+
+Since the beginning of this adventure, my goal has always been to create a better world for my children. Memories are priceless, and privacy should not be a luxury. However, building quality open source has its challenges. Over the past two years, it has taken significant dedication, time, and effort.
+
+Recently, a company in Austin, Texas, called FUTO contacted the team. FUTO strives to develop quality and sustainable open software. They build software alternatives that focus on giving control to users. From their mission statement:
+
+“Computers should belong to you, the people. We develop and fund technology to give them back.”
+
+FUTO loved Immich and wanted to see if we’d consider working with them to take the project to the next level. In short, FUTO offered to:
+
+- Pay the core team to work on Immich full-time
+- Let us keep full autonomy about the project’s direction and leadership
+- Continue to license Immich under AGPL
+- Keep Immich’s development direction with no paywalled features
+- Keep Immich “built for the people” (no ads, data mining/selling, or alternative motives)
+- Provide us with financial, technical, legal, and administrative support
+
+After careful deliberation, the team decided that FUTO’s vision closely aligns with our own: to build a better future by providing a polished, performant, and privacy-preserving open-source software solution for photo and video management delivered in a sustainable way.
+
+Immich’s future has never looked brighter, and we look forward to realizing our vision for Immich as part of FUTO.
+
+If you have more questions, we’ll host a Q&A live stream on May 9th at 3PM UTC (10AM CST). [You can ask questions here](https://www.live-ask.com/event/01HWP2SB99A1K8EXFBDKZ5Z9CF), and the stream will be live [here on our YouTube channel](https://youtube.com/live/cwz2iZwYpgg).
+
+Cheers,
+
+The Immich Team
+
+---
+
+## FAQs
+
+### What is FUTO?
+
+[https://futo.org/what-is-futo/](https://futo.org/what-is-futo/)
+
+### Will the license change?
+
+No. Immich will continue to be licensed under AGPL without a CLA.
+
+### Will Immich continue to be free?
+
+Yes. The Immich source code will remain freely available under the AGPL license.
+
+### Is Immich getting VC funding?
+
+No. Venture capital implies investment in a business, often with the expectation of a future payout (exit plan). Immich is neither a business that can be acquired nor comes with a money-making exit plan.
+
+### I am currently supporting Immich through GitHub sponsors. What will happen to my donation?
+
+Effective immediately, all donations to the Immich organization will be canceled. In the future, we will offer an optional, modest payment option instead. Thank you to everyone who donated to help us get this far!
+
+### How is funding sustainable?
+
+Immich and FUTO believe a sustainable future requires a model that does not rely on users-as-a-product. To this end, FUTO advocates that users pay for good, open software. In keeping with this model, we will adopt a purchase price. This means we no longer accept donations, but — _without limiting features for those who do not pay_ — we will soon allow you to purchase Immich through a modest payment. We encourage you to pay for the high-quality software you use to foster a healthy software culture where developers build great applications without hidden motives for their users.
+
+### When does this change take effect?
+
+This change takes effect immediately.
+
+### What will change?
+
+The following things will change as Immich joins FUTO:
+
+- The brand, logo, and other Immich trademarks will be transferred to FUTO.
+- We will stop all donations to the project.
+- The core team can now dedicate our full attention to Immich
+- Before the end of the year, we plan to have a roadmap for what it will take to get Immich to a stable release.
+- Bugs will be squashed, and features will be delivered faster.
--- a/docs/blog/2024/immich-licensing.mdx
+++ b/docs/blog/2024/immich-licensing.mdx
@@ -0,0 +1,91 @@
+---
+title: Licensing announcement - Purchase a license to support Immich
+authors: [alextran]
+tags: [update, announcement, FUTO]
+date: 2024-07-18T00:00
+---
+
+Hello everybody,
+
+Firstly, on behalf of the Immich team, I'd like to thank everybody for your continuous support of Immich since the very first day! Your contributions, encouragement, and community engagement have helped bring Immich to its current state. The team and I are forever grateful for that.
+
+Since our [last announcement of the core team joining FUTO to work on Immich full-time](https://immich.app/blog/2024/immich-core-team-goes-fulltime), one of the goals of our new position is to foster a healthy relationship between the developers and the users. We believe that this enables us to create great software, establish transparent policies and build trust.
+
+We want to build a great software application that brings value to you and your loved ones' lives. We are not using you as a product, i.e., selling or tracking your data. We are not putting annoying ads into our software. We respect your privacy. We want to be compensated for the hard work we put in to build Immich for you.
+
+With those notes, we have enabled a way for you to financially support the continued development of Immich, ensuring the software can move forward and will be maintained, by offering a lifetime license of the software. We think if you like and use software, you should pay for it, but _we're never going to force anyone to pay or try to limit Immich for those who don't._
+
+There are two types of license that you can choose to purchase: **Server License** and **Individual License**.
+
+### Server License
+
+This is a lifetime license costing **$99.99**. The license is applied to the whole server. You and all users that use your server are licensed.
+
+### Individual License
+
+This is a lifetime license costing **$24.99**. The license is applied to a single user, and can be used on any server they choose to connect to.
+
+<img
+  width="837"
+  alt="license-social-gh"
+  src="https://github.com/user-attachments/assets/241932ed-ef3b-44ec-a9e2-ee80754e0cca"
+/>
+
+You can purchase the license on [our page - https://buy.immich.app](https://buy.immich.app).
+
+Starting with release `v1.109.0` you can purchase and enter your purchased license key directly in the app.
+
+<img
+  width="1414"
+  alt="license-page-gh"
+  src="https://github.com/user-attachments/assets/364fc32a-f6ef-4594-9fea-28d5a26ad77c"
+/>
+
+## Thank you
+
+Thank you again for your support, this will help create a strong foundation and stability for the Immich team to continue developing and maintaining the project that you love to use.
+
+<p align="center">
+  <img
+    src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExbjY2eWc5Y2F0ZW56MmR4aWE0dDhzZXlidXRmYWZyajl1bWZidXZpcyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/87CKDqErVfMqY/giphy.gif"
+    width="550"
+    title="SUPPORT THE PROJECT!"
+  />
+</p>
+
+<br />
+<br />
+
+Cheers! 🎉
+
+Immich team
+
+# FAQ
+
+### 1. Where can I purchase a license?
+
+There are several places where you can purchase the license from
+
+- [https://buy.immich.app](https://buy.immich.app)
+- [https://pay.futo.org](https://pay.futo.org/)
+- or directly from the app.
+
+### 2. Do I need both _Individual License_ and _Server License_?
+
+No,
+
+If you are the admin and the sole user, or your instance has less than a total of 4 users, you can buy the **Individual License** for each user.
+
+If your instance has more than 4 users, it is more cost-effective to buy the **Server License**, which will license all the users on your instance.
+
+### 3. What do I do if I don't pay?
+
+You can continue using Immich without any restriction.
+
+### 4. Will there be any paywalled features?
+
+No, there will never be any paywalled features.
+
+### 5. Where can I get support regarding payment issues?
+
+You can email us with your `orderId` and your email address `billing@futo.org` or on our Discord server.
--- a/docs/blog/2024/update-july-2024.mdx
+++ b/docs/blog/2024/update-july-2024.mdx
@@ -0,0 +1,78 @@
+---
+title: Immich Update - July 2024
+authors: [alextran]
+date: 2024-07-01T00:00
+tags: [update, v1.106.0]
+---
+
+Hello everybody! Alex from Immich here and I am back with another development progress update for the project.
+
+Summer has returned once again, and the night sky is filled with stars, thank you for **38_000 shining stars** you have sent to our [GitHub repo](https://github.com/immich-app/immich)! Since the last announcement several core contributors have started full time. Everything is going great with development, PRs get merged with _brrrrrrr_ rate, conversation exchange between team members is on a new high, we met and are working with the great engineers at FUTO. The spirit is high and we have a lot of things brewing that we think you will like.
+
+Let's go over some of the updates we had since the last post.
+
+### Container consolidation
+
+Reduced the number of total containers from 5 to 4 by making the microservices thread get spawned directly in the server container. Woohoo, remember when Immich had 7 containers?
+
+### Email notifications
+
+![smtp](https://github.com/immich-app/immich/assets/27055614/949cba85-d3f1-4cd3-b246-a6f5fb5d3ae8)
+
+We added email notifications to the app with SMTP settings that you can configure for the following events
+
+- A new account is created for you.
+- You are added to a shared album.
+- New media is added to an album.
+
+### Versioned docs
+
+You can now jump back into the past or take a peek at the unreleased version of the documentation by selecting the version on the website.
+
+![version-doc](https://github.com/immich-app/immich/assets/27055614/6d22898a-5093-41ad-b416-4573d7ce6e03)
+
+### Similarity deduplication
+
+With more machine learning and CLIP magic, we now have similarity deduplication built into the application where it will search for closely similar images and let you decide what to do with them; i.e keep or trash.
+
+![similarity-deduplication](https://github.com/immich-app/immich/assets/27055614/3cac8478-fbf7-47ea-acb6-0146901dc67e)
+
+### Permanent URL for asset on the web
+
+The detail view for an asset now has a permanent URL so you can easily share them with your loved ones.
+
+### Web app translations
+
+We now have a public Weblate project which the community can use to translate the webapp to their native languages. We are planning to port the mobile app translation to this platform as well. If you would like to contribute, you can take a look [here](https://hosted.weblate.org/projects/immich/immich/). We're already close to 50% translations -- we really appreciate everyone contributing to that!
+
+![web-translation](https://github.com/immich-app/immich/assets/27055614/363df2ed-656c-4584-bd82-0708a693c5bc)
+
+### Read-only/Editor mode on shared album
+
+As the owner of the album, you can choose if the shared user can edit the album or to only view the content of the album without any modification.
+
+![read-only-album](https://github.com/immich-app/immich/assets/27055614/c6f66375-b869-495a-9a86-3e87b316d109)
+
+### Better video thumbnails
+
+Immich now tries to find a descriptive video thumbnail instead of simply using the first frame. No more black images for thumbnails!
+
+### Public Roadmap
+
+We now have a [public roadmap](https://immich.app/roadmap), giving you a high-level overview of things the team is working on. The first goal of this roadmap is to bring Immich to a stable release, which is expected sometime later this year. Some of the highlights include
+
+- Auto stacking - Auto stacking of burst photos
+- Basic editor - Basic photo editing capabilities
+- Workflows - Automate tasks with workflows
+- Fine grained access controls - Granular access controls for users and api keys
+- Better background backups - Rework background backups to be more reliable
+- Private/locked photos - Private assets with extra protections
+
+Beyond the items in the roadmap, we have _many many_ more ideas for Immich. The team and I hope that you are enjoying the application, find it helpful in your life and we have nothing but the intention of building out great software for you all!
+
+Have an amazing Summer or Winter for those in the southern hemisphere! :D
+
+Until next time,
+
+Cheers!
+Alex
--- a/docs/blog/authors.yml
+++ b/docs/blog/authors.yml
@@ -0,0 +1,5 @@
+alextran:
+  name: Alex Tran
+  title: Maintainer of Immich
+  url: https://github.com/alextran1502
+  image_url: https://github.com/alextran1502.png
--- a/docs/docs/FAQ.mdx
+++ b/docs/docs/FAQ.mdx
@@ -1,40 +1,14 @@
 # FAQ

-## Commercial Guidelines
-
-### Are you open to commercial partnerships and collaborations?
-
-We are working to commercialize Immich and we'd love for you to help us by making Immich better. FUTO is dedicated to developing sustainable models for developing open source software for our customers. We want our customers to be delighted by the products our engineers deliver, and we want our engineers to be paid when they succeed.
-
-If you wish to use Immich in a commercial product not owned by FUTO, we have the following requirements:
-
- Plugin Integrations: Integrations for other platforms are typically approved, provided proper notification is given.
-
- Reseller Partnerships: Must adhere to the guidelines outlined below regarding trademark usage, and proper representation.
-
- Strategic Collaborations: We welcome discussions about mutually beneficial partnerships that enhance the value proposition for both organizations.
-
-### What are your guidelines for resellers and trademark usage?
-
-For organizations seeking to resell Immich, we have established the following guidelines to protect our brand integrity and ensure proper representation.
-
- We request that resellers do not display our trademarks on their websites or marketing materials. If such usage is discovered, we will contact you to request removal.
-
- Do not misrepresent your reseller site or services as being officially affiliated with or endorsed by Immich or our development team.
-
- For small resellers who wish to contribute financially to Immich's development, we recommend directing your customers to purchase licenses directy from us rather than attempting to broker revenue-sharing arrangements. We ask that you refrain from misrepresenting reseller activities as directly supporting our development work.
-
-When in doubt or if you have an edge case scenario, we encourage you to contact us directly via email to discuss the use of our trademark. We can provide clear guidance on what is acceptable and what is not. You can reach out at: questions@immich.app
-
 ## User

 ### How can I reset the admin password?

-The admin password can be reset by running the [reset-admin-password](/administration/server-commands.md) command on the immich-server.
+The admin password can be reset by running the [reset-admin-password](/docs/administration/server-commands.md) command on the immich-server.

 ### How can I see a list of all users in Immich?

-You can see the list of all users by running [list-users](/administration/server-commands.md) Command on the Immich-server.
+You can see the list of all users by running [list-users](/docs/administration/server-commands.md) Command on the Immich-server.

 ---

@@ -106,20 +80,20 @@ However, Immich will delete original files that have been trashed when the trash

 When Storage Template is off (default) Immich saves the file names in a random string (also known as random UUIDs) to prevent duplicate file names.
 To retrieve the original file names, you must enable the Storage Template and then run the STORAGE TEMPLATE MIGRATION job.
-It is recommended to read about [Storage Template](/administration/storage-template) before activation.
+It is recommended to read about [Storage Template](https://immich.app/docs/administration/storage-template) before activation.

 ### Can I add my existing photo library?

-Yes, with an [External Library](/features/libraries.md).
+Yes, with an [External Library](/docs/features/libraries.md).

-### What happens to existing files after I choose a new [Storage Template](/administration/storage-template.mdx)?
+### What happens to existing files after I choose a new [Storage Template](/docs/administration/storage-template.mdx)?

-Template changes will only apply to _new_ assets. To retroactively apply the template to previously uploaded assets, run the Storage Migration Job, available on the [Jobs](/administration/jobs-workers/#jobs) page.
+Template changes will only apply to _new_ assets. To retroactively apply the template to previously uploaded assets, run the Storage Migration Job, available on the [Jobs](/docs/administration/jobs-workers/#jobs) page.

 ### Why are only photos and not videos being uploaded to Immich?

 This often happens when using a reverse proxy in front of Immich.
-Make sure to [set your reverse proxy](/administration/reverse-proxy/) to allow large requests.
+Make sure to [set your reverse proxy](/docs/administration/reverse-proxy/) to allow large requests.
 Also, check the disk space of your reverse proxy.
 In some cases, proxies cache requests to disk before passing them on, and if disk space runs out, the request fails.

@@ -139,7 +113,7 @@ You can _archive_ them.

 ### How can I backup data from Immich?

-See [Backup and Restore](/administration/backup-and-restore.md).
+See [Backup and Restore](/docs/administration/backup-and-restore.md).

 ### Does Immich support reading existing face tag metadata?

@@ -206,7 +180,7 @@ services:
 ...
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
 +     - originals:/usr/src/app/originals
 ...
@@ -225,7 +199,7 @@ volumes:

 ### Can I keep my existing album structure while importing assets into Immich?

-Yes, by using the [Immich CLI](/features/command-line-interface) along with the `--album` flag.
+Yes, by using the [Immich CLI](/docs/features/command-line-interface) along with the `--album` flag.

 ### Is there a way to reorder photos within an album?

@@ -266,7 +240,7 @@ Immich uses CLIP models. An ML model converts each image to an "embedding", whic

 ### How does facial recognition work?

-See [How Facial Recognition Works](/features/facial-recognition#how-facial-recognition-works) for details.
+See [How Facial Recognition Works](/docs/features/facial-recognition#how-facial-recognition-works) for details.

 ### How can I disable machine learning?

@@ -288,7 +262,7 @@ No, this is not supported. Only models listed in the [Hugging Face][huggingface]

 ### I want to be able to search in other languages besides English. How can I do that?

-You can change to a multilingual CLIP model. See [here](/features/searching#clip-models) for instructions.
+You can change to a multilingual CLIP model. See [here](/docs/features/searching#clip-models) for instructions.

 ### Does Immich support Facial Recognition for videos?

@@ -299,7 +273,7 @@ Scanning the entire video for faces may be implemented in the future.

 No.
 :::tip
-You can use [Smart Search](/features/searching.md) for this to some extent. For example, if you have a Golden Retriever and a Chihuahua, type these words in the smart search and watch the results.
+You can use [Smart Search](/docs/features/searching.md) for this to some extent. For example, if you have a Golden Retriever and a Chihuahua, type these words in the smart search and watch the results.
 :::

 ### I'm getting a lot of "faces" that aren't faces, what can I do?
@@ -329,7 +303,7 @@ ls clip/ facial-recognition/

 ### Why is Immich slow on low-memory systems like the Raspberry Pi?

-Immich optionally uses transcoding and machine learning for several features. However, it can be too heavy to run on a Raspberry Pi. You can [mitigate](/FAQ#can-i-lower-cpu-and-ram-usage) this or host Immich's machine-learning container on a [more powerful system](/guides/remote-machine-learning), or [disable](/FAQ#how-can-i-disable-machine-learning) machine learning entirely.
+Immich optionally uses transcoding and machine learning for several features. However, it can be too heavy to run on a Raspberry Pi. You can [mitigate](/docs/FAQ#can-i-lower-cpu-and-ram-usage) this or host Immich's machine-learning container on a [more powerful system](/docs/guides/remote-machine-learning), or [disable](/docs/FAQ#how-can-i-disable-machine-learning) machine learning entirely.

 ### Can I lower CPU and RAM usage?

@@ -339,9 +313,9 @@ The initial backup is the most intensive due to the number of jobs running. The
 - Under Settings > Transcoding Settings > Threads, set the number of threads to a low number like 1 or 2.
 - Under Settings > Machine Learning Settings > Facial Recognition > Model Name, you can change the facial recognition model to `buffalo_s` instead of `buffalo_l`. The former is a smaller and faster model, albeit not as good.
  - For facial recognition on new images to work properly, You must re-run the Face Detection job for all images after this.
- At the container level, you can [set resource constraints](/FAQ#can-i-limit-cpu-and-ram-usage) to lower usage further.
+- At the container level, you can [set resource constraints](/docs/FAQ#can-i-limit-cpu-and-ram-usage) to lower usage further.
  - It's recommended to only apply these constraints _after_ taking some of the measures here for best performance.
- If these changes are not enough, see [above](/FAQ#how-can-i-disable-machine-learning) for instructions on how to disable machine learning.
+- If these changes are not enough, see [above](/docs/FAQ#how-can-i-disable-machine-learning) for instructions on how to disable machine learning.

 ### Can I limit CPU and RAM usage?

@@ -383,7 +357,7 @@ Do not exaggerate with the job concurrency because you're probably thoroughly ov

 ### My server shows Server Status Offline | Version Unknown. What can I do?

-You need to [enable WebSockets](/administration/reverse-proxy/) on your reverse proxy.
+You need to [enable WebSockets](/docs/administration/reverse-proxy/) on your reverse proxy.

 ---

@@ -391,7 +365,7 @@ You need to [enable WebSockets](/administration/reverse-proxy/) on your reverse

 ### How can I see Immich logs?

-Immich components are typically deployed using docker. To see logs for deployed docker containers, you can use the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/), specifically the `docker logs` command. For examples, see [Docker Help](/guides/docker-help.md).
+Immich components are typically deployed using docker. To see logs for deployed docker containers, you can use the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/), specifically the `docker logs` command. For examples, see [Docker Help](/docs/guides/docker-help.md).

 ### How can I reduce the log verbosity of Redis?

@@ -435,7 +409,7 @@ cap_drop:
 Data for Immich comes in two forms:

 1. **Metadata** stored in a Postgres database, stored in the `DB_DATA_LOCATION` folder (previously `pg_data` Docker volume).
-2. **Files** (originals, thumbs, profile, etc.), stored in the `UPLOAD_LOCATION` folder, more [info](/administration/backup-and-restore#asset-types-and-storage-locations).
+2. **Files** (originals, thumbs, profile, etc.), stored in the `UPLOAD_LOCATION` folder, more [info](/docs/administration/backup-and-restore#asset-types-and-storage-locations).

 :::warning
 This will destroy your database and reset your instance, meaning that you start from scratch.
@@ -473,7 +447,7 @@ If it mentions SIGILL (note the lack of a K) or error code 132, it most likely m
 ### Why am I getting database ownership errors?

 If you get database errors such as `FATAL:  data directory "/var/lib/postgresql/data" has wrong ownership` upon database startup, this is likely due to an issue with your filesystem.
-NTFS and ex/FAT/32 filesystems are not supported. See [here](/install/requirements#special-requirements-for-windows-users) for more details.
+NTFS and ex/FAT/32 filesystems are not supported. See [here](/docs/install/requirements#special-requirements-for-windows-users) for more details.

 ### How can I verify the integrity of my database?

--- a/docs/docs/administration/backup-and-restore.md
+++ b/docs/docs/administration/backup-and-restore.md
@@ -3,7 +3,7 @@
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';

-A [3-2-1 backup strategy](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) is recommended to protect your data. You should keep copies of your uploaded photos/videos as well as the Immich database for a comprehensive backup solution. This page provides an overview on how to backup the database and the location of user-uploaded pictures and videos. A template bash script that can be run as a cron job is provided [here](/guides/template-backup-script.md)
+A [3-2-1 backup strategy](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) is recommended to protect your data. You should keep copies of your uploaded photos/videos as well as the Immich database for a comprehensive backup solution. This page provides an overview on how to backup the database and the location of user-uploaded pictures and videos. A template bash script that can be run as a cron job is provided [here](/docs/guides/template-backup-script.md)

 :::danger
 The instructions on this page show you how to prepare your Immich instance to be backed up, and which files to take a backup of. You still need to take care of using an actual backup tool to make a backup yourself.
@@ -150,17 +150,19 @@ for more info read the [release notes](https://github.com/immich-app/immich/rele
  - Preview images (small thumbnails and large previews) for each asset and thumbnails for recognized faces.
  - Stored in `UPLOAD_LOCATION/thumbs/<userID>`.
 - **Encoded Assets:**
+
  - Videos that have been re-encoded from the original for wider compatibility. The original is not removed.
  - Stored in `UPLOAD_LOCATION/encoded-video/<userID>`.

 - **Postgres**
+
  - The Immich database containing all the information to allow the system to function properly.  
    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
  - Stored in `DB_DATA_LOCATION`.

  :::danger
  A backup of this folder does not constitute a backup of your database!
-  Follow the instructions listed [here](/administration/backup-and-restore#database) to learn how to perform a proper backup.
+  Follow the instructions listed [here](/docs/administration/backup-and-restore#database) to learn how to perform a proper backup.
  :::

 </TabItem>
@@ -199,13 +201,14 @@ When you turn off the storage template engine, it will leave the assets in `UPLO
  - Temporarily located in `UPLOAD_LOCATION/upload/<userID>`.
  - Transferred to `UPLOAD_LOCATION/library/<userID>` upon successful upload.
 - **Postgres**
+
  - The Immich database containing all the information to allow the system to function properly.  
    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
  - Stored in `DB_DATA_LOCATION`.

  :::danger
  A backup of this folder does not constitute a backup of your database!
-  Follow the instructions listed [here](/administration/backup-and-restore#database) to learn how to perform a proper backup.
+  Follow the instructions listed [here](/docs/administration/backup-and-restore#database) to learn how to perform a proper backup.
  :::

 </TabItem>
--- a/docs/docs/administration/email-notification.mdx
+++ b/docs/docs/administration/email-notification.mdx
@@ -12,7 +12,7 @@ You can access the settings panel from the web at `Administration -> Settings ->

 Under Email, enter the required details to connect with an SMTP server.

-You can use [this guide](/guides/smtp-gmail) to use Gmail's SMTP server.
+You can use [this guide](/docs/guides/smtp-gmail) to use Gmail's SMTP server.

 ## User's notifications settings

--- a/docs/docs/administration/img/admin-nightly-tasks.webp
+++ b/docs/docs/administration/img/admin-nightly-tasks.webp
--- a/docs/docs/administration/jobs-workers.md
+++ b/docs/docs/administration/jobs-workers.md
@@ -11,7 +11,7 @@ The `immich-server` container contains multiple workers:

 ## Split workers

-If you prefer to throttle or distribute the workers, you can do this using the [environment variables](/install/environment-variables) to specify which container should pick up which tasks.
+If you prefer to throttle or distribute the workers, you can do this using the [environment variables](/docs/install/environment-variables) to specify which container should pick up which tasks.

 For example, for a simple setup with one container for the Web/API and one for all other microservices, you can do the following:

@@ -46,12 +46,6 @@ services:

 When a new asset is uploaded it kicks off a series of jobs, which include metadata extraction, thumbnail generation, machine learning tasks, and storage template migration, if enabled. To view the status of a job navigate to the Administration -> Jobs page.

+Additionally, some jobs run on a schedule, which is every night at midnight. This schedule, with the exception of [External Libraries](/docs/features/libraries) scanning, cannot be changed.
+
 <img src={require('./img/admin-jobs.webp').default} width="60%" title="Admin jobs" />
-
-Additionally, some jobs (such as memories generation) run on a schedule, which is every night at midnight by default. To change when they run or enable/disable a job navigate to System Settings -> [Nightly Tasks Settings](https://my.immich.app/admin/system-settings?isOpen=nightly-tasks).
-
-<img src={require('./img/admin-nightly-tasks.webp').default} width="60%" title="Admin nightly tasks" />
-
-:::note
-Some jobs ([External Libraries](/features/libraries) scanning, Database Dump) are configured in their own sections in System Settings.
-:::
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -10,7 +10,7 @@ Unable to set `app.immich:///oauth-callback` as a valid redirect URI? See [Mobil

 Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an identity layer built on top of OAuth2. OIDC is supported by most identity providers, including:

- [Authentik](https://integrations.goauthentik.io/media/immich/)
+- [Authentik](https://goauthentik.io/integrations/sources/oauth/#openid-connect)
 - [Authelia](https://www.authelia.com/integration/openid-connect/immich/)
 - [Okta](https://www.okta.com/openid-connect/)
 - [Google](https://developers.google.com/identity/openid-connect/openid-connect)
@@ -20,6 +20,7 @@ Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an i
 Before enabling OAuth in Immich, a new client application needs to be configured in the 3rd-party authentication server. While the specifics of this setup vary from provider to provider, the general approach should be the same.

 1. Create a new (Client) Application
+
   1. The **Provider** type should be `OpenID Connect` or `OAuth2`
   2. The **Client type** should be `Confidential`
   3. The **Application** type should be `Web`
@@ -28,24 +29,29 @@ Before enabling OAuth in Immich, a new client application needs to be configured
 2. Configure Redirect URIs/Origins

   The **Sign-in redirect URIs** should include:
-   - `app.immich:///oauth-callback` - for logging in with OAuth from the [Mobile App](/features/mobile-app.mdx)
+
+   - `app.immich:///oauth-callback` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
   - `http://DOMAIN:PORT/auth/login` - for logging in with OAuth from the Web Client
   - `http://DOMAIN:PORT/user-settings` - for manually linking OAuth in the Web Client

   Redirect URIs should contain all the domains you will be using to access Immich. Some examples include:

   Mobile
+
   - `app.immich:///oauth-callback` (You **MUST** include this for iOS and Android mobile apps to work properly)

   Localhost
+
   - `http://localhost:2283/auth/login`
   - `http://localhost:2283/user-settings`

   Local IP
+
   - `http://192.168.0.200:2283/auth/login`
   - `http://192.168.0.200:2283/user-settings`

   Hostname
+
   - `https://immich.example.com/auth/login`
   - `https://immich.example.com/user-settings`

@@ -62,9 +68,8 @@ Once you have a new OAuth client application configured, Immich can be configure
 | Scope                                                | string  | openid email profile | Full list of scopes to send with the request (space delimited)                      |
 | Signing Algorithm                                    | string  | RS256                | The algorithm used to sign the id token (examples: RS256, HS256)                    |
 | Storage Label Claim                                  | string  | preferred_username   | Claim mapping for the user's storage label**¹**                                     |
-| Role Claim                                           | string  | immich_role          | Claim mapping for the user's role. (should return "user" or "admin")**¹**           |
 | Storage Quota Claim                                  | string  | immich_quota         | Claim mapping for the user's storage**¹**                                           |
-| Default Storage Quota (GiB)                          | number  | 0                    | Default quota for user without storage quota claim (empty for unlimited quota)      |
+| Default Storage Quota (GiB)                          | number  | 0                    | Default quota for user without storage quota claim (Enter 0 for unlimited quota)    |
 | Button Text                                          | string  | Login with OAuth     | Text for the OAuth button on the web                                                |
 | Auto Register                                        | boolean | true                 | When true, will automatically register a user the first time they sign in           |
 | [Auto Launch](#auto-launch)                          | boolean | false                | When true, will skip the login page and automatically start the OAuth login process |
@@ -88,7 +93,7 @@ The `.well-known/openid-configuration` part of the url is optional and will be a
 ## Auto Launch

 When Auto Launch is enabled, the login page will automatically redirect the user to the OAuth authorization url, to login with OAuth. To access the login screen again, use the browser's back button, or navigate directly to `/auth/login?autoLaunch=0`.
-Auto Launch can also be enabled on a per-request basis by navigating to `/auth/login?autoLaunch=1`, this can be useful in situations where Immich is called from e.g. Nextcloud using the _External sites_ app and the _oidc_ app so as to enable users to directly interact with a logged-in instance of Immich.
+Auto Launch can also be enabled on a per-request basis by navigating to `/auth/login?authLaunch=1`, this can be useful in situations where Immich is called from e.g. Nextcloud using the _External sites_ app and the _oidc_ app so as to enable users to directly interact with a logged-in instance of Immich.

 ## Mobile Redirect URI

@@ -98,7 +103,7 @@ The redirect URI for the mobile app is `app.immich:///oauth-callback`, which is
 2. Whitelist the new endpoint as a valid redirect URI with your provider.
 3. Specify the new endpoint as the `Mobile Redirect URI Override`, in the OAuth settings.

-With these steps in place, you should be able to use OAuth from the [Mobile App](/features/mobile-app.mdx) without a custom scheme redirect URI.
+With these steps in place, you should be able to use OAuth from the [Mobile App](/docs/features/mobile-app.mdx) without a custom scheme redirect URI.

 :::info
 Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to forward requests to `app.immich:///oauth-callback`, and can be used for step 1.
@@ -106,89 +111,6 @@ Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to

 ## Example Configuration

-<details>
-<summary>Authelia Example</summary>
-
-### Authelia Example
-
-Here's an example of OAuth configured for Authelia:
-
-This assumes there exist an attribute `immichquota` in the user schema, which is used to set the user's storage quota in Immich.
-The configuration concerning the quota is optional.
-
-```yaml
-authentication_backend:
-  ldap:
-    # The LDAP server configuration goes here.
-    # See: https://www.authelia.com/c/ldap
-    attributes:
-      extra:
-        immichquota: # The attribute name from LDAP
-          name: 'immich_quota'
-          multi_valued: false
-          value_type: 'integer'
-identity_providers:
-  oidc:
-    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
-    ## See: https://www.authelia.com/c/oidc
-    claims_policies:
-      immich_policy:
-        custom_claims:
-          immich_quota:
-            attribute: 'immich_quota'
-    scopes:
-      immich_scope:
-        claims:
-          - 'immich_quota'
-
-    clients:
-      - client_id: 'immich'
-        client_name: 'Immich'
-        # https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-a-client-identifier-or-client-secret
-        client_secret: $pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'
-        public: false
-        require_pkce: false
-        redirect_uris:
-          - 'https://example.immich.app/auth/login'
-          - 'https://example.immich.app/user-settings'
-          - 'app.immich:///oauth-callback'
-        scopes:
-          - 'openid'
-          - 'profile'
-          - 'email'
-          - 'immich_scope'
-        claims_policy: 'immich_policy'
-        response_types:
-          - 'code'
-        grant_types:
-          - 'authorization_code'
-        id_token_signed_response_alg: 'RS256'
-        userinfo_signed_response_alg: 'RS256'
-        token_endpoint_auth_method: 'client_secret_post'
-```
-
-Configuration of OAuth in Immich System Settings
-
-| Setting                            | Value                                                               |
-| ---------------------------------- | ------------------------------------------------------------------- |
-| Issuer URL                         | `https://example.immich.app/.well-known/openid-configuration`       |
-| Client ID                          | immich                                                              |
-| Client Secret                      | 0v89FXkQOWO\***\*\*\*\*\***\*\*\***\*\*\*\*\***mprbvXD549HH6s1iw... |
-| Token Endpoint Auth Method         | client_secret_post                                                  |
-| Scope                              | openid email profile immich_scope                                   |
-| ID Token Signed Response Algorithm | RS256                                                               |
-| Userinfo Signed Response Algorithm | RS256                                                               |
-| Storage Label Claim                | uid                                                                 |
-| Storage Quota Claim                | immich_quota                                                        |
-| Default Storage Quota (GiB)        | 0 (empty for unlimited quota)                                       |
-| Button Text                        | Sign in with Authelia (optional)                                    |
-| Auto Register                      | Enabled (optional)                                                  |
-| Auto Launch                        | Enabled (optional)                                                  |
-| Mobile Redirect URI Override       | Disable                                                             |
-| Mobile Redirect URI                |                                                                     |
-
-</details>
-
 <details>
 <summary>Authentik Example</summary>

@@ -211,7 +133,7 @@ Configuration of OAuth in Immich System Settings
 | Signing Algorithm            | RS256                                                                              |
 | Storage Label Claim          | preferred_username                                                                 |
 | Storage Quota Claim          | immich_quota                                                                       |
-| Default Storage Quota (GiB)  | 0 (empty for unlimited quota)                                                      |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                          |
 | Button Text                  | Sign in with Authentik (optional)                                                  |
 | Auto Register                | Enabled (optional)                                                                 |
 | Auto Launch                  | Enabled (optional)                                                                 |
@@ -242,7 +164,7 @@ Configuration of OAuth in Immich System Settings
 | Signing Algorithm            | RS256                                                                        |
 | Storage Label Claim          | preferred_username                                                           |
 | Storage Quota Claim          | immich_quota                                                                 |
-| Default Storage Quota (GiB)  | 0 (empty for unlimited quota)                                                |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                    |
 | Button Text                  | Sign in with Google (optional)                                               |
 | Auto Register                | Enabled (optional)                                                           |
 | Auto Launch                  | Enabled                                                                      |
--- a/docs/docs/administration/reverse-proxy.md
+++ b/docs/docs/administration/reverse-proxy.md
@@ -2,6 +2,10 @@

 Users can deploy a custom reverse proxy that forwards requests to Immich. This way, the reverse proxy can handle TLS termination, load balancing, or other advanced features. All reverse proxies between Immich and the user must forward all headers and set the `Host`, `X-Real-IP`, `X-Forwarded-Proto` and `X-Forwarded-For` headers to their appropriate values. Additionally, your reverse proxy should allow for big enough uploads. By following these practices, you ensure that all custom reverse proxies are fully compatible with Immich.

+:::note
+The Repair page can take a long time to load. To avoid server timeouts or errors, we recommend specifying a timeout of at least 10 minutes on your proxy server.
+:::
+
 :::caution
 Immich does not support being served on a sub-path such as `location /immich {`. It has to be served on the root path of a (sub)domain.
 :::
--- a/docs/docs/administration/server-commands.md
+++ b/docs/docs/administration/server-commands.md
@@ -2,21 +2,20 @@

 The `immich-server` docker image comes preinstalled with an administrative CLI (`immich-admin`) that supports the following commands:

-| Command                  | Description                                                   |
-| ------------------------ | ------------------------------------------------------------- |
-| `help`                   | Display help                                                  |
-| `reset-admin-password`   | Reset the password for the admin user                         |
-| `disable-password-login` | Disable password login                                        |
-| `enable-password-login`  | Enable password login                                         |
-| `enable-oauth-login`     | Enable OAuth login                                            |
-| `disable-oauth-login`    | Disable OAuth login                                           |
-| `list-users`             | List Immich users                                             |
-| `version`                | Print Immich version                                          |
-| `change-media-location`  | Change database file paths to align with a new media location |
+| Command                  | Description                           |
+| ------------------------ | ------------------------------------- |
+| `help`                   | Display help                          |
+| `reset-admin-password`   | Reset the password for the admin user |
+| `disable-password-login` | Disable password login                |
+| `enable-password-login`  | Enable password login                 |
+| `enable-oauth-login`     | Enable OAuth login                    |
+| `disable-oauth-login`    | Disable OAuth login                   |
+| `list-users`             | List Immich users                     |
+| `version`                | Print Immich version                  |

 ## How to run a command

-To run a command, [connect](/guides/docker-help.md#attach-to-a-container) to the `immich_server` container and then execute the command via `immich-admin <command>`.
+To run a command, [connect](/docs/guides/docker-help.md#attach-to-a-container) to the `immich_server` container and then execute the command via `immich-admin <command>`.

 ## Examples

@@ -89,21 +88,3 @@ Print Immich Version
 immich-admin version
 v1.129.0
 ```
-
-Change media location
-
-```
-immich-admin change-media-location
-? Enter the previous value of IMMICH_MEDIA_LOCATION: /data
-? Enter the new value of IMMICH_MEDIA_LOCATION: /my-data
-...
-  Previous value: /data
-  Current value:  /my-data
-
-  Changing database paths from "/data/*" to "/my-data/*"
-
-? Do you want to proceed? [Y/n] y
-
-Database file paths updated successfully! 🎉
-...
-```
--- a/docs/docs/administration/system-settings.md
+++ b/docs/docs/administration/system-settings.md
@@ -12,14 +12,14 @@ Manage password, OAuth, and other authentication settings

 ### OAuth Authentication

-Immich supports OAuth Authentication. Read more about this feature and its configuration [here](/administration/oauth).
+Immich supports OAuth Authentication. Read more about this feature and its configuration [here](/docs/administration/oauth).

 ### Password Authentication

-The administrator can choose to disable login with username and password for the entire instance. This means that **no one**, including the system administrator, will be able to log using this method. If [OAuth Authentication](/administration/oauth) is also disabled, no users will be able to login using **any** method. Changing this setting does not affect existing sessions, just new login attempts.
+The administrator can choose to disable login with username and password for the entire instance. This means that **no one**, including the system administrator, will be able to log using this method. If [OAuth Authentication](/docs/administration/oauth) is also disabled, no users will be able to login using **any** method. Changing this setting does not affect existing sessions, just new login attempts.

 :::tip
-You can always use the [Server CLI](/administration/server-commands) to re-enable password login.
+You can always use the [Server CLI](/docs/administration/server-commands) to re-enable password login.
 :::

 ## Image Settings (thumbnails and previews)
@@ -108,7 +108,7 @@ If more than one URL is provided, each server will be attempted one-at-a-time un

 ### Smart Search

-The [smart search](/features/searching) settings allow you to change the [CLIP model](https://openai.com/research/clip). Larger models will typically provide [more accurate search results](https://github.com/immich-app/immich/discussions/11862) but consume more processing power and RAM. When [changing the CLIP model](/FAQ#can-i-use-a-custom-clip-model) it is mandatory to re-run the Smart Search job on all images to fully apply the change.
+The [smart search](/docs/features/searching) settings allow you to change the [CLIP model](https://openai.com/research/clip). Larger models will typically provide [more accurate search results](https://github.com/immich-app/immich/discussions/11862) but consume more processing power and RAM. When [changing the CLIP model](/docs/FAQ#can-i-use-a-custom-clip-model) it is mandatory to re-run the Smart Search job on all images to fully apply the change.

 :::info Internet connection
 Changing models requires a connection to the Internet to download the model.
@@ -132,7 +132,7 @@ Editable settings:
 - **Max Recognition Distance**
 - **Min Recognized Faces**

-You can learn more about these options on the [Facial Recognition page](/features/facial-recognition#how-face-detection-works)
+You can learn more about these options on the [Facial Recognition page](/docs/features/facial-recognition#how-face-detection-works)

 :::info
 When changing the values in Min Detection Score, Max Recognition Distance, and Min Recognized Faces.
@@ -154,15 +154,15 @@ The map can be adjusted via [OpenMapTiles](https://openmaptiles.org/styles/) for

 ### Reverse Geocoding Settings

-Immich supports [Reverse Geocoding](/features/reverse-geocoding) using data from the [GeoNames](https://www.geonames.org/) geographical database.
+Immich supports [Reverse Geocoding](/docs/features/reverse-geocoding) using data from the [GeoNames](https://www.geonames.org/) geographical database.

 ## Notification Settings

-SMTP server setup, for user creation notifications, new albums, etc. More information can be found [here](/administration/email-notification)
+SMTP server setup, for user creation notifications, new albums, etc. More information can be found [here](/docs/administration/email-notification)

 ## Notification Templates

-Override the default notifications text with notification templates. More information can be found [here](/administration/email-notification)
+Override the default notifications text with notification templates. More information can be found [here](/docs/administration/email-notification)

 ## Server Settings

@@ -176,7 +176,7 @@ The administrator can set a custom message on the login screen (the message will

 ## Storage Template

-Immich supports a custom [Storage Template](/administration/storage-template). Learn more about this feature and its configuration [here](/administration/storage-template).
+Immich supports a custom [Storage Template](/docs/administration/storage-template). Learn more about this feature and its configuration [here](/docs/administration/storage-template).

 ## Theme Settings

--- a/docs/docs/developer/architecture.mdx
+++ b/docs/docs/developer/architecture.mdx
@@ -44,7 +44,7 @@ The web app is a [TypeScript](https://www.typescriptlang.org/) project that uses

 ### CLI

-The Immich CLI is an [npm](https://www.npmjs.com/) package that lets users control their Immich instance from the command line. It uses the API to perform various tasks, especially uploading assets. See the [CLI documentation](/features/command-line-interface.md) for more information.
+The Immich CLI is an [npm](https://www.npmjs.com/) package that lets users control their Immich instance from the command line. It uses the API to perform various tasks, especially uploading assets. See the [CLI documentation](/docs/features/command-line-interface.md) for more information.

 ## Server

@@ -83,11 +83,11 @@ Immich uses a [worker](https://github.com/immich-app/immich/blob/main/server/src
 - Smart Search
 - Facial Recognition
 - Storage Template Migration
- Sidecar (see [XMP Sidecars](/features/xmp-sidecars.md))
+- Sidecar (see [XMP Sidecars](/docs/features/xmp-sidecars.md))
 - Background jobs (file deletion, user deletion)

 :::info
-This list closely matches what is available on the [Administration > Jobs](/administration/jobs-workers/#jobs) page, which provides some remote queue management capabilities.
+This list closely matches what is available on the [Administration > Jobs](/docs/administration/jobs-workers/#jobs) page, which provides some remote queue management capabilities.
 :::

 ### Machine Learning
--- a/docs/docs/developer/database-migrations.md
+++ b/docs/docs/developer/database-migrations.md
@@ -5,7 +5,7 @@ After making any changes in the `server/src/schema`, a database migration need t
 1. Run the command

 ```bash
-pnpm run migrations:generate <migration-name>
+npm run migrations:generate <migration-name>
 ```

 2. Check if the migration file makes sense.
--- a/docs/docs/developer/devcontainers.md
+++ b/docs/docs/developer/devcontainers.md
@@ -7,7 +7,7 @@ sidebar_position: 3

 Dev Containers provide a consistent, reproducible development environment using Docker containers. With a single click, you can get started with an Immich development environment on Mac, Linux, Windows, or in the cloud using GitHub Codespaces.

-Get started fast!
+[![Open in VSCode Containers](https://img.shields.io/static/v1?label=VSCode%20DevContainer&message=Immich&color=blue)](https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/immich-app/immich/)

 [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/immich-app/immich/)

@@ -71,7 +71,7 @@ cd immich

 The immich dev containers read environment variables from your shell environment, not from `.env` files. This allows them to work in cloud environments without pre-configuration.

-:::important Configuration
+:::important Required Configuration
 When running locally, and if you want to create (or use an existing) DB and/or photo storage folder, you must set the `UPLOAD_LOCATION` variable in your shell environment before launching the Dev Container. This determines where uploaded files are stored and also where the DB stores it data.

 ```bash
@@ -88,10 +88,6 @@ source ~/.bashrc

 ### Step 3: Launch the Dev Container

-:::tip
-Immich development makes extensive use of specialized [base images](https://github.com/immich-app/base-images) for its docker-compose based development. For this reason, you won't be able to use VSCode's **_Clone Repository in a Container Volume_** command.
-:::
-
 #### Using VS Code UI:

 1. Open the cloned repository in VS Code
@@ -203,11 +199,13 @@ To use your SSH key for commit signing, see the [GitHub guide on SSH commit sign
 When the Dev Container starts, it automatically:

 1. **Runs post-create script** (`container-server-post-create.sh`):
+
   - Adjusts file permissions for the `node` user
-   - Installs dependencies: `pnpm install` in all packages
-   - Builds TypeScript SDK: `pnpm run build` in `open-api/typescript-sdk`
+   - Installs dependencies: `npm install` in all packages
+   - Builds TypeScript SDK: `npm run build` in `open-api/typescript-sdk`

 2. **Starts development servers** via VS Code tasks:
+
   - `Immich API Server (Nest)` - API server with hot-reloading on port 2283
   - `Immich Web Server (Vite)` - Web frontend with hot-reloading on port 3000
   - Both servers watch for file changes and recompile automatically
@@ -243,7 +241,7 @@ To connect the mobile app to your Dev Container:

 - **Server code** (`/server`): Changes trigger automatic restart
 - **Web code** (`/web`): Changes trigger hot module replacement
- **Database migrations**: Run `pnpm run sync:sql` in the server directory
+- **Database migrations**: Run `npm run sync:sql` in the server directory
 - **API changes**: Regenerate TypeScript SDK with `make open-api`

 ## Testing
@@ -273,19 +271,19 @@ make test-medium-dev    # End-to-end tests
 ```bash
 # Server tests
 cd /workspaces/immich/server
-pnpm test                # Run all tests
-pnpm run test:watch     # Watch mode
-pnpm run test:cov       # Coverage report
+npm test                # Run all tests
+npm run test:watch     # Watch mode
+npm run test:cov       # Coverage report

 # Web tests
 cd /workspaces/immich/web
-pnpm test               # Run all tests
-pnpm run test:watch     # Watch mode
+npm test               # Run all tests
+npm run test:watch     # Watch mode

 # E2E tests
 cd /workspaces/immich/e2e
-pnpm run test           # Run API tests
-pnpm run test:web       # Run web UI tests
+npm run test           # Run API tests
+npm run test:web       # Run web UI tests
 ```

 ### Code Quality Commands
@@ -337,12 +335,14 @@ make install-all      # Install all dependencies
 The Dev Container is pre-configured for debugging:

 1. **API Server Debugging**:
+
   - Set breakpoints in VS Code
   - Press `F5` or use "Run and Debug" panel
   - Select "Attach to Server" configuration
   - Debug port: 9231

 2. **Worker Debugging**:
+
   - Use "Attach to Workers" configuration
   - Debug port: 9230

@@ -428,10 +428,11 @@ While the Dev Container focuses on server and web development, you can connect m
   ```

 2. **Configure mobile app**:
+
   - Server URL: `http://YOUR_IP:2283/api`
   - Ensure firewall allows port 2283

-3. **For full mobile development**, see the [mobile development guide](/developer/setup) which covers:
+3. **For full mobile development**, see the [mobile development guide](/docs/developer/setup) which covers:
   - Flutter setup
   - Running on simulators/devices
   - Mobile-specific debugging
@@ -474,7 +475,7 @@ Recommended minimums:

 ## Next Steps

- Read the [architecture overview](/developer/architecture)
- Learn about [database migrations](/developer/database-migrations)
- Explore [API documentation](https://api.immich.app/)
+- Read the [architecture overview](/docs/developer/architecture)
+- Learn about [database migrations](/docs/developer/database-migrations)
+- Explore [API documentation](/docs/api)
 - Join `#immich` on [Discord](https://discord.immich.app)
--- a/docs/docs/developer/open-api.md
+++ b/docs/docs/developer/open-api.md
@@ -1,6 +1,6 @@
 # OpenAPI

-Immich uses the [OpenAPI](https://swagger.io/specification/) standard to generate API documentation. To view the published docs see [here](https://api.immich.app/).
+Immich uses the [OpenAPI](https://swagger.io/specification/) standard to generate API documentation. To view the published docs see [here](/docs/api).

 ## Generator

--- a/docs/docs/developer/pr-checklist.md
+++ b/docs/docs/developer/pr-checklist.md
@@ -8,53 +8,40 @@ When contributing code through a pull request, please check the following:

 ## Web Checks

- [ ] `pnpm run lint` (linting via ESLint)
- [ ] `pnpm run format` (formatting via Prettier)
- [ ] `pnpm run check:svelte` (Type checking via SvelteKit)
- [ ] `pnpm run check:typescript` (check typescript)
- [ ] `pnpm test` (unit tests)
+- [ ] `npm run lint` (linting via ESLint)
+- [ ] `npm run format` (formatting via Prettier)
+- [ ] `npm run check:svelte` (Type checking via SvelteKit)
+- [ ] `npm run check:typescript` (check typescript)
+- [ ] `npm test` (unit tests)

 ## Documentation

- [ ] `pnpm run format` (formatting via Prettier)
+- [ ] `npm run format` (formatting via Prettier)
 - [ ] Update the `_redirects` file if you have renamed a page or removed it from the documentation.

 :::tip AIO
-Run all web checks with `pnpm run check:all`
+Run all web checks with `npm run check:all`
 :::

 ## Server Checks

- [ ] `pnpm run lint` (linting via ESLint)
- [ ] `pnpm run format` (formatting via Prettier)
- [ ] `pnpm run check` (Type checking via `tsc`)
- [ ] `pnpm test` (unit tests)
+- [ ] `npm run lint` (linting via ESLint)
+- [ ] `npm run format` (formatting via Prettier)
+- [ ] `npm run check` (Type checking via `tsc`)
+- [ ] `npm test` (unit tests)

 :::tip AIO
-Run all server checks with `pnpm run check:all`
+Run all server checks with `npm run check:all`
 :::

 :::info Auto Fix
-You can use `pnpm run __:fix` to potentially correct some issues automatically for `pnpm run format` and `lint`.
-:::
-
-## Mobile Checks
-
-The following commands must be executed from within the mobile app directory of the codebase.
-
- [ ] `make build` (auto-generate files using build_runner)
- [ ] `make analyze` (static analysis via Dart Analyzer and DCM)
- [ ] `make format` (formatting via Dart Formatter)
- [ ] `make test` (unit tests)
-
-:::info Auto Fix
-You can use `dart fix --apply` and `dcm fix lib` to potentially correct some issues automatically for `make analyze`.
+You can use `npm run __:fix` to potentially correct some issues automatically for `npm run format` and `lint`.
 :::

 ## OpenAPI

-The OpenAPI client libraries need to be regenerated whenever there are changes to the `immich-openapi-specs.json` file. Note that you should not modify this file directly as it is auto-generated. See [OpenAPI](/developer/open-api.md) for more details.
+The OpenAPI client libraries need to be regenerated whenever there are changes to the `immich-openapi-specs.json` file. Note that you should not modify this file directly as it is auto-generated. See [OpenAPI](/docs/developer/open-api.md) for more details.

 ## Database Migrations

-A database migration needs to be generated whenever there are changes to `server/src/infra/src/entities`. See [Database Migration](/developer/database-migrations.md) for more details.
+A database migration needs to be generated whenever there are changes to `server/src/infra/src/entities`. See [Database Migration](/docs/developer/database-migrations.md) for more details.
--- a/docs/docs/developer/setup.md
+++ b/docs/docs/developer/setup.md
@@ -54,20 +54,20 @@ You can access the web from `http://your-machine-ip:3000` or `http://localhost:3

 If you only want to do web development connected to an existing, remote backend, follow these steps:

-1. Build the Immich SDK - `cd open-api/typescript-sdk && pnpm i && pnpm run build && cd -`
+1. Build the Immich SDK - `cd open-api/typescript-sdk && npm i && npm run build && cd -`
 2. Enter the web directory - `cd web/`
-3. Install web dependencies - `pnpm i`
+3. Install web dependencies - `npm i`
 4. Start the web development server

 ```bash
-IMMICH_SERVER_URL=https://demo.immich.app/ pnpm run dev
+IMMICH_SERVER_URL=https://demo.immich.app/ npm run dev
 ```

 If you're using PowerShell on Windows you may need to set the env var separately like so:

 ```powershell
 $env:IMMICH_SERVER_URL = "https://demo.immich.app/"
-pnpm run dev
+npm run dev
 ```

 #### `@immich/ui`
@@ -75,12 +75,12 @@ pnpm run dev
 To see local changes to `@immich/ui` in Immich, do the following:

 1. Install `@immich/ui` as a sibling to `immich/`, for example `/home/user/immich` and `/home/user/ui`
-2. Build the `@immich/ui` project via `pnpm run build`
+2. Build the `@immich/ui` project via `npm run build`
 3. Uncomment the corresponding volume in web service of the `docker/docker-compose.dev.yaml` file (`../../ui:/usr/ui`)
 4. Uncomment the corresponding alias in the `web/vite.config.js` file (`'@immich/ui': path.resolve(\_\_dirname, '../../ui')`)
 5. Uncomment the import statement in `web/src/app.css` file `@import '/usr/ui/dist/theme/default.css';` and comment out `@import '@immich/ui/theme/default.css';`
 6. Start up the stack via `make dev`
-7. After making changes in `@immich/ui`, rebuild it (`pnpm run build`)
+7. After making changes in `@immich/ui`, rebuild it (`npm run build`)

 ### Mobile app

--- a/docs/docs/developer/testing.md
+++ b/docs/docs/developer/testing.md
@@ -4,8 +4,8 @@

 ### Unit tests

-Unit are run by calling `pnpm run test` from the `server/` directory.
-You need to run `pnpm install` (in `server/`) before _once_.
+Unit are run by calling `npm run test` from the `server/` directory.
+You need to run `npm install` (in `server/`) before _once_.

 ### End to end tests

@@ -17,14 +17,14 @@ make e2e

 Before you can run the tests, you need to run the following commands _once_:

- `pnpm install` (in `e2e/`)
+- `npm install` (in `e2e/`)
 - `make open-api` (in the project root `/`)

 Once the test environment is running, the e2e tests can be run via:

 ```bash
 cd e2e/
-pnpm test
+npm test
 ```

 The tests check various things including:
--- a/docs/docs/features/automatic-backup.md
+++ b/docs/docs/features/automatic-backup.md
@@ -16,7 +16,7 @@ If foreground backup is enabled: whenever the app is opened or resumed, it will

 ## Background backup

-This feature is intended for everyday use. For initial bulk uploading, please use the foreground upload feature. For more information on why background upload is not working as expected, please refer to the [FAQ](/FAQ#why-does-foreground-backup-stop-when-i-navigate-away-from-the-app-shouldnt-it-transfer-the-job-to-background-backup).
+This feature is intended for everyday use. For initial bulk uploading, please use the foreground upload feature. For more information on why background upload is not working as expected, please refer to the [FAQ](/docs/FAQ#why-does-foreground-backup-stop-when-i-navigate-away-from-the-app-shouldnt-it-transfer-the-job-to-background-backup).

 If background backup is enabled. The app will periodically check if there are any new photos or videos in the selected album(s) to be uploaded to the server. If there are, it will upload them to the cloud in the background.

--- a/docs/docs/features/facial-recognition.md
+++ b/docs/docs/features/facial-recognition.md
@@ -70,7 +70,7 @@ Navigating to Administration > Settings > Machine Learning Settings > Facial Rec
 :::tip
 It's better to only tweak the parameters here than to set them to something very different unless you're ready to test a variety of options. If you do need to set a parameter to a strict setting, relaxing other settings can be a good option to compensate, and vice versa.

-You can learn how the tune the result in this [Guide](/guides/better-facial-clusters)
+You can learn how the tune the result in this [Guide](/docs/guides/better-facial-clusters)
 :::

 ### Facial recognition model
--- a/docs/docs/features/folder-view.md
+++ b/docs/docs/features/folder-view.md
@@ -2,7 +2,7 @@

 Folder view provides an additional view besides the timeline that is similar to a file explorer. It allows you to navigate through the folders and files in the library. This feature is handy for a highly curated and customized external library or a nicely configured storage template.

-You can enable this feature under [`Account Settings > Features > Folders`](https://my.immich.app/user-settings?isOpen=feature+folders)
+You can enable this feature under [`Account Settings > Features > Folder View`](https://my.immich.app/user-settings?isOpen=feature+folders)

 ## Enable folder view

--- a/docs/docs/features/img/xmp-sidecars.webp
+++ b/docs/docs/features/img/xmp-sidecars.webp
--- a/docs/docs/features/libraries.md
+++ b/docs/docs/features/libraries.md
@@ -33,7 +33,7 @@ Sometimes, an external library will not scan correctly. This can happen if Immic
 - Are the permissions set correctly?
 - Make sure you are using forward slashes (`/`) and not backward slashes.

-To validate that Immich can reach your external library, start a shell inside the container. Run `docker exec -it immich_server bash` to a bash shell. If your import path is `/mnt/photos`, check it with `ls /mnt/photos`. If you are using a dedicated microservices container, make sure to add the same mount point and check for availability within the microservices container as well.
+To validate that Immich can reach your external library, start a shell inside the container. Run `docker exec -it immich_server bash` to a bash shell. If your import path is `/data/import/photos`, check it with `ls /data/import/photos`. Do the same check for the same in any microservices containers.

 ### Exclusion Patterns

@@ -56,9 +56,9 @@ Internally, Immich uses the [glob](https://www.npmjs.com/package/glob) package t

 ### Automatic watching (EXPERIMENTAL)

-This feature is considered experimental and for advanced users only. If enabled, it will allow automatic watching of the filesystem which means new assets are automatically imported to Immich without needing to rescan.
+This feature - currently hidden in the config file - is considered experimental and for advanced users only. If enabled, it will allow automatic watching of the filesystem which means new assets are automatically imported to Immich without needing to rescan.

-If your photos are on a network drive, automatic file watching likely won't work. In that case, you will have to rely on a [periodic library refresh](#set-custom-scan-interval) to pull in your changes.
+If your photos are on a network drive, automatic file watching likely won't work. In that case, you will have to rely on a periodic library refresh to pull in your changes.

 #### Troubleshooting

@@ -72,9 +72,7 @@ In rare cases, the library watcher can hang, preventing Immich from starting up.

 ### Nightly job

-There is an automatic scan job that is scheduled to run once a day. Its schedule is configurable, see [Set Custom Scan Interval](#set-custom-scan-interval).
-
-This job also cleans up any libraries stuck in deletion. It is possible to trigger the cleanup by clicking "Scan all libraries" in the library management page.
+There is an automatic scan job that is scheduled to run once a day. This job also cleans up any libraries stuck in deletion. It is possible to trigger the cleanup by clicking "Scan all libraries" in the library management page.

 ## Usage

@@ -93,7 +91,7 @@ The `immich-server` container will need access to the gallery. Modify your docke
 ```diff title="docker-compose.yml"
  immich-server:
    volumes:
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
 +     - /mnt/nas/christmas-trip:/mnt/media/christmas-trip:ro
 +     - /home/user/old-pics:/mnt/media/old-pics:ro
 +     - /mnt/media/videos:/mnt/media/videos:ro
@@ -103,7 +101,7 @@ The `immich-server` container will need access to the gallery. Modify your docke

 :::tip
 The `ro` flag at the end only gives read-only access to the volumes.
-This will disallow the images from being deleted in the web UI, or adding metadata to the library ([XMP sidecars](/features/xmp-sidecars)).
+This will disallow the images from being deleted in the web UI, or adding metadata to the library ([XMP sidecars](/docs/features/xmp-sidecars)).
 :::

 :::info
@@ -114,7 +112,7 @@ _Remember to run `docker compose up -d` to register the changes. Make sure you c

 These actions must be performed by the Immich administrator.

- Click on your avatar in the upper right corner
+- Click on your avatar on the upper right corner
 - Click on Administration -> External Libraries
 - Click on Create an external library…
 - Select which user owns the library, this can not be changed later
@@ -161,7 +159,9 @@ Within seconds, the assets from the old-pics and videos folders should show up i

 Folder view provides an additional view besides the timeline that is similar to a file explorer. It allows you to navigate through the folders and files in the library. This feature is handy for a highly curated and customized external library or a nicely configured storage template.

-You can enable this feature under [`Account Settings > Features > Folders`](https://my.immich.app/user-settings?isOpen=feature+folders)
+You can enable this feature under [`Account Settings > Features > Folder View`](https://my.immich.app/user-settings?isOpen=feature+folders)
+
+The UI is currently only available for the web; mobile will come in a subsequent release.

 <img src={require('./img/folder-view-1.webp').default} width="100%" title='Folder-view' />

@@ -171,7 +171,7 @@ You can enable this feature under [`Account Settings > Features > Folders`](http
 Only an admin can do this.
 :::

-You can define a custom interval for the trigger external library rescan under Administration -> Settings -> External Library.  
+You can define a custom interval for the trigger external library rescan under Administration -> Settings -> Library.  
 You can set the scanning interval using the preset or cron format. For more information you can refer to [Crontab Guru](https://crontab.guru/).

 <img src={require('./img/library-custom-scan-interval.webp').default} width="75%" title='Set custom scan interval for external library' />
--- a/docs/docs/features/ml-hardware-acceleration.md
+++ b/docs/docs/features/ml-hardware-acceleration.md
@@ -35,7 +35,7 @@ You do not need to redo any machine learning jobs after enabling hardware accele
  - Where and how you can get this file depends on device and vendor, but typically, the device vendor also supplies these
  - The `hwaccel.ml.yml` file assumes the path to it is `/usr/lib/libmali.so`, so update accordingly if it is elsewhere
  - The `hwaccel.ml.yml` file assumes an additional file `/lib/firmware/mali_csffw.bin`, so update accordingly if your device's driver does not require this file
- Optional: Configure your `.env` file, see [environment variables](/install/environment-variables) for ARM NN specific settings
+- Optional: Configure your `.env` file, see [environment variables](/docs/install/environment-variables) for ARM NN specific settings
  - In particular, the `MACHINE_LEARNING_ANN_FP16_TURBO` can significantly improve performance at the cost of very slightly lower accuracy

 #### CUDA
@@ -49,7 +49,7 @@ You do not need to redo any machine learning jobs after enabling hardware accele

 - The GPU must be supported by ROCm. If it isn't officially supported, you can attempt to use the `HSA_OVERRIDE_GFX_VERSION` environmental variable: `HSA_OVERRIDE_GFX_VERSION=<a supported version, e.g. 10.3.0>`. If this doesn't work, you might need to also set `HSA_USE_SVM=0`.
 - The ROCm image is quite large and requires at least 35GiB of free disk space. However, pulling later updates to the service through Docker will generally only amount to a few hundred megabytes as the rest will be cached.
- This backend is new and may experience some issues. For example, GPU power consumption can be higher than usual after running inference, even if the machine learning service is idle. In this case, it will only go back to normal after being idle for 5 minutes (configurable with the [MACHINE_LEARNING_MODEL_TTL](/install/environment-variables) setting).
+- This backend is new and may experience some issues. For example, GPU power consumption can be higher than usual after running inference, even if the machine learning service is idle. In this case, it will only go back to normal after being idle for 5 minutes (configurable with the [MACHINE_LEARNING_MODEL_TTL](/docs/install/environment-variables) setting).

 #### OpenVINO

@@ -64,7 +64,7 @@ You do not need to redo any machine learning jobs after enabling hardware accele
  - This is usually pre-installed on the device vendor's Linux images
 - RKNPU driver V0.9.8 or later must be available in the host server
  - You may confirm this by running `cat /sys/kernel/debug/rknpu/version` to check the version
- Optional: Configure your `.env` file, see [environment variables](/install/environment-variables) for RKNN specific settings
+- Optional: Configure your `.env` file, see [environment variables](/docs/install/environment-variables) for RKNN specific settings
  - In particular, setting `MACHINE_LEARNING_RKNN_THREADS` to 2 or 3 can _dramatically_ improve performance for RK3576 and RK3588 compared to the default of 1, at the expense of multiplying the amount of RAM each model uses by that amount.

 ## Setup
--- a/docs/docs/features/mobile-app.mdx
+++ b/docs/docs/features/mobile-app.mdx
@@ -28,7 +28,7 @@ The beta release channel allows users to test upcoming changes before they are o
 <MobileAppBackup />

 :::info
-You can enable automatic backup on supported devices. For more information see [Automatic Backup](/features/automatic-backup.md).
+You can enable automatic backup on supported devices. For more information see [Automatic Backup](/docs/features/automatic-backup.md).
 :::

 ## Sync only selected photos
@@ -75,7 +75,7 @@ You can sync or mirror an album from your phone to the Immich server on your acc

 - **User-Specific Sync:** Album synchronization is unique to each server user and does not sync between different users or partners.

- **Mobile-Only Feature:** Album synchronization is currently only available on mobile. For similar options on a computer, refer to [Libraries](/features/libraries) for further details.
+- **Mobile-Only Feature:** Album synchronization is currently only available on mobile. For similar options on a computer, refer to [Libraries](/docs/features/libraries) for further details.

 ### Synchronizing albums from the past

@@ -88,9 +88,9 @@ It will only reflect files you add.
 :::

 If the same asset is in more than one album it will only sync to the first album it's in, after that it won't sync again even if the user clicks sync albums manually.
-To overcome this limitation, the files must be removed from the ignore list by
+To overcome this limitation, the files must be removed from the blacklist by
 App settings -> Advanced -> Duplicate Assets -> Clear

 :::info
-Cleaning duplicate assets from the list will cause all the previously uploaded duplicate files to be re-uploaded, the files will not actually be uploaded and will be rejected on the server side (due to duplication) but will be synchronized to the album and at the end will be added to the ignore list again at the end of the synchronization.
+Cleaning duplicate assets from the list will cause all the previously uploaded duplicate files to be re-uploaded, the files will not actually be uploaded and will be rejected on the server side (due to duplication) but will be synchronized to the album and at the end will be added to the black list again at the end of the synchronization.
 :::
--- a/docs/docs/features/monitoring.md
+++ b/docs/docs/features/monitoring.md
@@ -28,7 +28,7 @@ The metrics in immich are grouped into API (endpoint calls and response times),
 Immich will not expose an endpoint for metrics by default. To enable this endpoint, you can add the `IMMICH_TELEMETRY_INCLUDE=all` environmental variable to your `.env` file. Note that only the server container currently use this variable.

 :::tip
-`IMMICH_TELEMETRY_INCLUDE=all` enables all metrics. For a more granular configuration you can enumerate the telemetry metrics that should be included as a comma separated list (e.g. `IMMICH_TELEMETRY_INCLUDE=repo,api`). Alternatively, you can also exclude specific metrics with `IMMICH_TELEMETRY_EXCLUDE`. For more information refer to the [environment section](/install/environment-variables.md#prometheus).
+`IMMICH_TELEMETRY_INCLUDE=all` enables all metrics. For a more granular configuration you can enumerate the telemetry metrics that should be included as a comma separated list (e.g. `IMMICH_TELEMETRY_INCLUDE=repo,api`). Alternatively, you can also exclude specific metrics with `IMMICH_TELEMETRY_EXCLUDE`. For more information refer to the [environment section](/docs/install/environment-variables.md#prometheus).
 :::

 The next step is to configure a new or existing Prometheus instance to scrape this endpoint. The following steps assume that you do not have an existing Prometheus instance, but the steps will be similar either way.
@@ -66,9 +66,9 @@ The provided file is just a starting point. There are a ton of ways to configure
 After bringing down the containers with `docker compose down` and back up with `docker compose up -d`, a Prometheus instance will now collect metrics from the immich server and microservices containers. Note that we didn't need to expose any new ports for these containers - the communication is handled in the internal Docker network.

 :::note
-To see exactly what metrics are made available, you can additionally add `8081:8081` (API metrics) and `8082:8082` (microservices metrics) to the immich_server container's ports.
+To see exactly what metrics are made available, you can additionally add `8081:8081` to the server container's ports and `8082:8082` to the microservices container's ports.
 Visiting the `/metrics` endpoint for these services will show the same raw data that Prometheus collects.
-To configure these ports see [`IMMICH_API_METRICS_PORT` & `IMMICH_MICROSERVICES_METRICS_PORT`](/install/environment-variables/#general).
+To configure these ports see [`IMMICH_API_METRICS_PORT` & `IMMICH_MICROSERVICES_METRICS_PORT`](/docs/install/environment-variables/#general).
 :::

 ### Usage
--- a/docs/docs/features/reverse-geocoding.md
+++ b/docs/docs/features/reverse-geocoding.md
@@ -8,7 +8,7 @@ During Exif Extraction, assets with latitudes and longitudes are reverse geocode

 ## Usage

-Data from a reverse geocode is displayed in the image details, and used in [Smart Search](/features/searching.md).
+Data from a reverse geocode is displayed in the image details, and used in [Smart Search](/docs/features/searching.md).

 <img src={require('./img/reverse-geocoding-mobile3.webp').default} width='33%' title='Reverse Geocoding' />
 <img src={require('./img/reverse-geocoding-mobile1.webp').default} width='33%' title='Reverse Geocoding' />
--- a/docs/docs/features/sharing.md
+++ b/docs/docs/features/sharing.md
@@ -24,7 +24,7 @@ After creating an album, you can access the sharing options by clicking on the s

 Partner sharing allows you to share your _entire_ library with other users of your choice. They can then view your library and download the assets.

-You can read this guide to learn more about [partner sharing](/features/partner-sharing).
+You can read this guide to learn more about [partner sharing](/docs/features/partner-sharing).

 ## Public sharing

--- a/docs/docs/features/supported-formats.md
+++ b/docs/docs/features/supported-formats.md
@@ -16,7 +16,7 @@ For the full list, refer to the [Immich source code](https://github.com/immich-a
 | `HEIC`      | `.heic`                       | :white_check_mark: |                 |
 | `HEIF`      | `.heif`                       | :white_check_mark: |                 |
 | `JPEG 2000` | `.jp2`                        | :white_check_mark: |                 |
-| `JPEG`      | `.jpeg` `.jpg` `.jpe` `.insp` | :white_check_mark: |                 |
+| `JPEG`      | `.webp` `.jpg` `.jpe` `.insp` | :white_check_mark: |                 |
 | `JPEG XL`   | `.jxl`                        | :white_check_mark: |                 |
 | `PNG`       | `.png`                        | :white_check_mark: |                 |
 | `PSD`       | `.psd`                        | :white_check_mark: | Adobe Photoshop |
--- a/docs/docs/features/tags.md
+++ b/docs/docs/features/tags.md
@@ -1,6 +1,6 @@
 # Tags

-Immich supports hierarchical tags, with the ability to read existing tags from the XMP `TagsList` field and IPTC `Keywords` field. Any changes to tags made through Immich are also written back to a [sidecar](/features/xmp-sidecars) file. You can re-run the metadata extraction jobs for all assets to import your existing tags.
+Immich supports hierarchical tags, with the ability to read existing tags from the `TagList` and `Keywords` EXIF properties. Any changes to tags made through Immich are also written back to a [sidecar](/docs/features/xmp-sidecars) file. You can re-run the metadata extraction jobs for all assets to import your existing tags.

 ## Enable tags feature

--- a/docs/docs/features/user-settings.md
+++ b/docs/docs/features/user-settings.md
@@ -15,9 +15,9 @@ You can access the [user settings](https://my.immich.app/user-settings) by click
 ---

 :::tip Reset Password
-The admin can reset a user password through the [User Management](/administration/user-management.mdx) screen.
+The admin can reset a user password through the [User Management](/docs/administration/user-management.mdx) screen.
 :::

 :::tip Reset Admin Password
-The admin password can be reset using a [Server Command](/administration/server-commands.md)
+The admin password can be reset using a [Server Command](/docs/administration/server-commands.md)
 :::
--- a/docs/docs/features/xmp-sidecars.md
+++ b/docs/docs/features/xmp-sidecars.md
@@ -1,68 +1,13 @@
 # XMP Sidecars

-Immich supports XMP sidecar files — external `.xmp` files that store metadata for an image or video in XML format. During the metadata extraction job Immich will read & import metadata from `.xmp` files, and during the Sidecar Write job it will _write_ metadata back to `.xmp`.
+Immich can ingest XMP sidecars on file upload (via the CLI) as well as detect new sidecars that are placed in the filesystem for existing images.

-:::tip
-Tools like Lightroom, Darktable, digiKam and other applications can also be configured to write changes to `.xmp` files, in order to avoid modifying the original file.
-:::
+<img src={require('./img/xmp-sidecars.webp').default} title='XMP sidecars' />

-## Metadata Fields
+XMP sidecars are external XML files that contain metadata related to media files. Many applications read and write these files either exclusively or in addition to the metadata written to image files. They can be a powerful tool for editing and storing metadata of a media file without modifying the media file itself. When Immich receives or detects an XMP sidecar for a media file, it will attempt to extract the metadata from both the sidecar as well as the media file. It will prioritize the metadata for fields in the sidecar but will fall back and use the metadata in the media file if necessary.

-Immich does not support _all_ metadata fields. Below is a table showing what fields Immich can _read_ and _write_. It's important to note that writes do not replace the entire file contents, but are merged together with any existing fields.
+When importing files via the CLI bulk uploader or parsing photo metadata for external libraries, Immich will automatically detect XMP sidecar files as files that exist next to the original media file. Immich will look files that have the same name as the photo, but with the `.xmp` file extension. The same name can either include the photo's file extension or without the photo's file extension. For example, for a photo named `PXL_20230401_203352928.MP.jpg`, Immich will look for an XMP file named either `PXL_20230401_203352928.MP.jpg.xmp` or `PXL_20230401_203352928.MP.xmp`. If both `PXL_20230401_203352928.MP.jpg.xmp` and `PXL_20230401_203352928.MP.xmp` are present, Immich will prefer `PXL_20230401_203352928.MP.jpg.xmp`.

-:::info
-Immich automatically queues a Sidecar Write job after editing the description, rating, or updating tags.
-:::
+There are 2 administrator jobs associated with sidecar files: `SYNC` and `DISCOVER`. The sync job will re-scan all media with existing sidecar files and queue them for a metadata refresh. This is a great use case when third-party applications are used to modify the metadata of media. The discover job will attempt to scan the filesystem for new sidecar files for all media that does not currently have a sidecar file associated with it.

-| Metadata        | Immich writes to XMP                             | Immich reads from XMP                                                                                                                                                                                                                          |
-| --------------- | ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Description** | `dc:description`, `tiff:ImageDescription`        | `dc:description`, `tiff:ImageDescription`                                                                                                                                                                                                      |
-| **Rating**      | `xmp:Rating`                                     | `xmp:Rating`                                                                                                                                                                                                                                   |
-| **DateTime**    | `exif:DateTimeOriginal`, `photoshop:DateCreated` | In prioritized order:<br/>`exif:SubSecDateTimeOriginal`<br/>`exif:DateTimeOriginal`<br/>`xmp:SubSecCreateDate`<br/>`xmp:CreateDate`<br/>`xmp:CreationDate`<br/>`xmp:MediaCreateDate`<br/>`xmp:SubSecMediaCreateDate`<br/>`xmp:DateTimeCreated` |
-| **Location**    | `exif:GPSLatitude`, `exif:GPSLongitude`          | `exif:GPSLatitude`, `exif:GPSLongitude`                                                                                                                                                                                                        |
-| **Tags**        | `digiKam:TagsList`                               | In prioritized order: <br/>`digiKam:TagsList`<br/>`lr:HierarchicalSubject`<br/>`IPTC:Keywords`                                                                                                                                                 |
-
-:::note
-All other fields (e.g. `Creator`, `Source`, IPTC, Lightroom edits) remain in the `.xmp` file and are **not searchable** in Immich.
-:::
-
-## File Naming Rules
-
-A sidecar must share the base name of the media file:
-
- ✅ `IMG_0001.jpg.xmp` ← preferred
- ✅ `IMG_0001.xmp` ← fallback
- ❌ `myphoto_meta.xmp` ← not recognized
-
-If both `.jpg.xmp` and `.xmp` are present, Immich uses the **`.jpg.xmp`** file.
-
-## CLI Support
-
-1. **Detect** – Immich looks for a `.xmp` file placed next to each media file during upload.
-2. **Copy** – Both the media and the sidecar file are copied into Immich’s internal library folder.  
-   The sidecar is renamed to match the internal filename template, e.g.:  
-   `upload/library/<user>/YYYY/YYYY-MM-DD/IMG_0001.jpg`  
-   `upload/library/<user>/YYYY/YYYY-MM-DD/IMG_0001.jpg.xmp`
-3. **Extract** – Selected metadata (title, description, date, rating, tags) is parsed from the sidecar and saved to the database.
-4. **Write-back** – If you later update tags, rating, or description in the web UI, Immich will update **both** the database _and_ the copied `.xmp` file to stay in sync.
-
-## External Library (Mounted Folder) Support
-
-1. **Detect** – The `DISCOVER` job automatically associates `.xmp` files that sit next to existing media files in your mounted folder. No files are moved or renamed.
-2. **Extract** – Immich reads and saves the same metadata fields from the sidecar to the database.
-3. **Write-back** – If Immich has **write access** to the mount, any future metadata edits (e.g., rating or tags) are also written back to the original `.xmp` file on disk.
-
-:::danger
-If the mount is **read-only**, Immich cannot update either the sidecar **or** the database — **metadata edits will silently fail** with no warning see issue [#10538](https://github.com/immich-app/immich/issues/10538) for more details.
-:::
-
-## Admin Jobs
-
-Immich provides two admin jobs for managing sidecars:
-
-| Job        | What it does                                                                                      |
-| ---------- | ------------------------------------------------------------------------------------------------- |
-| `DISCOVER` | Finds new `.xmp` files next to media that don’t already have one linked                           |
-| `SYNC`     | Re-reads existing `.xmp` files and refreshes metadata in the database (e.g. after external edits) |
-
-![Sidecar Admin Jobs](./img/sidecar-jobs.webp)
+<img src={require('./img/sidecar-jobs.webp').default} title='Sidecar Administrator Jobs' />
--- a/docs/docs/guides/better-facial-clusters.md
+++ b/docs/docs/guides/better-facial-clusters.md
@@ -10,7 +10,7 @@ This guide explains how to optimize facial recognition in systems with large ima

 - **Best Suited For:** Large image libraries after importing a significant number of images.
 - **Warning:** This method deletes all previously assigned names.
- **Tip:** **Always take a [backup](/administration/backup-and-restore#database) before proceeding!**
+- **Tip:** **Always take a [backup](/docs/administration/backup-and-restore#database) before proceeding!**

 ---

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Alex Tran	b24637ba74	update schema	2025-06-28 22:20:02 -05:00
Alex Tran	d54def39ca	drift logs	2025-06-28 17:50:08 -05:00
Alex Tran	f0c9163364	feat: drift store migration	2025-06-27 15:40:48 -05:00
@@ -1 +1 @@
 .19.0
 .16.0