feat: add RC fastlane lanes and wire build-mobile workflow

.devcontainer/server/container-compose-overrides.yml

@@ -15,8 +15,8 @@ services:
     volumes:
       - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
       - /etc/localtime:/etc/localtime:ro
-      - build_cache:/buildcache
-      - ../packages/plugin-core:/build/plugins/immich-plugin-core
+      - pnpm_store_server:/buildcache/pnpm-store
+      - ../packages/plugins:/build/corePlugin
   immich-web:
     env_file: !reset []
   immich-machine-learning:

.devcontainer/server/container-start-frontend.sh

@@ -8,8 +8,6 @@ log "Preparing Immich Web Frontend"
 log ""
 run_cmd pnpm --filter @immich/sdk install
 run_cmd pnpm --filter @immich/sdk build
-run_cmd pnpm --filter @immich/plugin-sdk install
-run_cmd pnpm --filter @immich/plugin-sdk build
 run_cmd pnpm --filter immich-web install
 
 log "Starting Immich Web Frontend"

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: ['https://buy.immich.app', 'https://immich.store']

.github/workflows/build-mobile.yml

@@ -7,7 +7,7 @@ on:
         required: false
         type: string
       environment:
-        description: 'Target environment'
+        description: 'Target environment (development, rc, or production)'
         required: true
         default: 'development'
         type: string
@@ -51,7 +51,7 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -79,7 +79,7 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -91,10 +91,9 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
-          working_directory: ./mobile
 
       - name: Create the Keystore
         if: ${{ !github.event.pull_request.head.repo.fork }}
@@ -117,6 +116,7 @@ jobs:
             ~/.gradle/wrapper
             ~/.android/sdk
             mobile/android/.gradle
+            mobile/.dart_tool
           key: build-mobile-gradle-${{ runner.os }}-main
 
       - name: Setup Android SDK
@@ -160,14 +160,14 @@ jobs:
 
       - name: Comment APK download link on PR
         if: ${{ github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork }}
-        uses: immich-app/devtools/actions/sticky-comment@0135acd12ad9f3369b94a2aa3c0ae8c835a4e926 # sticky-comment-action-v1.0.0
+        uses: mshick/add-pr-comment@8e4927817251f1ff60c001f04568532b38e0b4a0 # v3.11.0
         env:
           HEAD_SHA: ${{ github.event.pull_request.head.sha }}
           APK_URL: ${{ steps.upload-apk.outputs.artifact-url }}
         with:
-          id: mobile-android-apk
-          token: ${{ steps.token.outputs.token }}
-          body: |
+          github-token: ${{ steps.token.outputs.token }}
+          message-id: 'mobile-android-apk'
+          message: |
             📱 **Android release APK (universal)** — `${{ env.HEAD_SHA }}`
 
             Download: ${{ env.APK_URL }}
@@ -189,6 +189,7 @@ jobs:
             ~/.gradle/wrapper
             ~/.android/sdk
             mobile/android/.gradle
+            mobile/.dart_tool
           key: ${{ steps.cache-gradle-restore.outputs.cache-primary-key }}
 
   build-sign-ios:
@@ -202,7 +203,7 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -217,10 +218,9 @@ jobs:
           persist-credentials: false
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
-          working_directory: ./mobile
 
       - name: Install Flutter dependencies
         working-directory: ./mobile
@@ -232,12 +232,8 @@ jobs:
       - name: Generate platform APIs
         run: mise //mobile:codegen:pigeon
 
-      - name: Resolve iOS Swift Packages
-        working-directory: ./mobile
-        run: flutter build ios --config-only --no-codesign
-
       - name: Setup Ruby
-        uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
+        uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
         with:
           ruby-version: '3.3'
           bundler-cache: true
@@ -294,6 +290,7 @@ jobs:
           APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
           APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
           ENVIRONMENT: ${{ inputs.environment || 'development' }}
+          BUNDLE_ID_SUFFIX: ${{ inputs.environment == 'production' && '' || 'development' }}
           GITHUB_REF: ${{ github.ref }}
           FASTLANE_XCODEBUILD_SETTINGS_TIMEOUT: 120
           FASTLANE_XCODEBUILD_SETTINGS_RETRIES: 6
@@ -301,10 +298,12 @@ jobs:
         run: |
           # Only upload to TestFlight on main branch
           if [[ "$GITHUB_REF" == "refs/heads/main" ]]; then
-            if [[ "$ENVIRONMENT" == "development" ]]; then
-              bundle exec fastlane gha_testflight_dev
-            else
+            if [[ "$ENVIRONMENT" == "rc" ]]; then
+              bundle exec fastlane gha_testflight_rc
+            elif [[ "$ENVIRONMENT" == "production" ]]; then
               bundle exec fastlane gha_release_prod
+            elif [[ "$ENVIRONMENT" == "development" ]]; then
+              bundle exec fastlane gha_testflight_dev
             fi
           else
             # Build only, no TestFlight upload for non-main branches

.github/workflows/cache-cleanup.yml

@@ -19,7 +19,7 @@ jobs:
       actions: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

.github/workflows/check-openapi.yml

@@ -4,7 +4,6 @@ on:
   pull_request:
     paths:
       - 'open-api/**'
-      - 'mobile/lib/utils/openapi_patching.dart'
       - '.github/workflows/check-openapi.yml'
 
 concurrency:
@@ -25,41 +24,8 @@ jobs:
           persist-credentials: false
 
       - name: Check for breaking API changes
-        uses: oasdiff/oasdiff-action/breaking@50e6a3413e5aa9c3ae4d8393c34745be44288b46 # v0.0.48
+        uses: oasdiff/oasdiff-action/breaking@26ccb332c67a45ca649de9faf60552ef1b8260d9 # v0.0.46
         with:
           base: https://raw.githubusercontent.com/${{ github.repository }}/main/open-api/immich-openapi-specs.json
           revision: open-api/immich-openapi-specs.json
           fail-on: ERR
-
-  check-mobile-patches:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
-        with:
-          github_token: ${{ github.token }}
-          working_directory: ./mobile
-
-      - name: Get packages
-        working-directory: ./mobile
-        run: flutter pub get
-
-      - name: Fetch base spec from main
-        run: |
-          curl -fsSL \
-            "https://raw.githubusercontent.com/${{ github.repository }}/main/open-api/immich-openapi-specs.json" \
-            -o /tmp/base-spec.json
-
-      - name: Check newly-required fields have a backward-compat patch
-        working-directory: ./mobile
-        env:
-          OPENAPI_BASE_SPEC: /tmp/base-spec.json
-          OPENAPI_REVISION_SPEC: ../open-api/immich-openapi-specs.json
-        run: flutter test test/openapi_patches_coverage.dart

.github/workflows/cli.yml

@@ -31,7 +31,7 @@ jobs:
         working-directory: ./packages/cli
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -43,15 +43,13 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
       - name: Publish
         if: ${{ github.event_name == 'release' }}
-        env:
-          NPM_TAG: ${{ github.event.release.prerelease && 'rc' || 'latest' }}
-        run: mise run ci-publish -- --tag "$NPM_TAG"
+        run: mise run ci-publish
 
   docker:
     name: Docker
@@ -63,7 +61,7 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -75,13 +73,13 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0
+        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         if: ${{ !github.event.pull_request.head.repo.fork }}
         with:
           registry: ghcr.io
@@ -96,7 +94,7 @@ jobs:
 
       - name: Generate docker image tags
         id: metadata
-        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
         with:
           flavor: |
             latest=false
@@ -104,10 +102,10 @@ jobs:
             name=ghcr.io/${{ github.repository_owner }}/immich-cli
           tags: |
             type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'release' }}
-            type=raw,value=latest,enable=${{ github.event_name == 'release' && !github.event.release.prerelease }}
+            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
 
       - name: Build and push image
-        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
         with:
           file: packages/cli/Dockerfile
           platforms: linux/amd64,linux/arm64

.github/workflows/close-duplicates.yml

@@ -14,11 +14,7 @@ jobs:
       should_run: ${{ steps.should_run.outputs.run }}
     steps:
       - id: should_run
-        run: |
-          echo "run=${{
-            (github.event_name == 'issues' || github.event.discussion.category.name == 'Feature Request')
-            && !contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.issue.author_association || github.event.discussion.author_association)
-          }}" >> "$GITHUB_OUTPUT"
+        run: echo "run=${{ github.event_name == 'issues' || github.event.discussion.category.name == 'Feature Request' }}" >> $GITHUB_OUTPUT
 
   get_body:
     runs-on: ubuntu-latest
@@ -39,7 +35,7 @@ jobs:
     needs: [get_body, should_run]
     if: ${{ needs.should_run.outputs.should_run == 'true' }}
     container:
-      image: ghcr.io/immich-app/mdq:main@sha256:e73f60195b39748c4876f23e3e6cd22a68a9754acec8aef1fd6979fd52cd2c9f
+      image: ghcr.io/immich-app/mdq:main@sha256:0a8b8867773a0f8368061f47578603f438349f8f1f28b0e16105f481e5c794e0
     outputs:
       checked: ${{ steps.get_checkbox.outputs.checked }}
     steps:

.github/workflows/codeql-analysis.yml

@@ -44,7 +44,7 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -57,7 +57,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+        uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,7 +70,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+        uses: github/codeql-action/autobuild@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -83,6 +83,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+        uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/docker.yml

@@ -23,7 +23,7 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -60,7 +60,7 @@ jobs:
         suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
     steps:
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -90,7 +90,7 @@ jobs:
         suffix: ['']
     steps:
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -132,7 +132,7 @@ jobs:
             suffixes: '-rocm'
             platforms: linux/amd64
             runner-mapping: '{"linux/amd64": "pokedex-large"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@db54dcf16fbb12c43479a23749ceea0ad1b4a704 # multi-runner-build-workflow-v3.0.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@5813c7c4f7016c748ae7ac5d5f684846649d4d20 # multi-runner-build-workflow-v2.4.0
     permissions:
       contents: read
       actions: read
@@ -147,7 +147,7 @@ jobs:
       platforms: ${{ matrix.platforms }}
       runner-mapping: ${{ matrix.runner-mapping }}
       suffixes: ${{ matrix.suffixes }}
-      dockerhub-push: ${{ github.event_name == 'release' && !github.event.release.prerelease }}
+      dockerhub-push: ${{ github.event_name == 'release' }}
       build-args: |
         DEVICE=${{ matrix.device }}
 
@@ -155,7 +155,7 @@ jobs:
     name: Build and Push Server
     needs: pre-job
     if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@db54dcf16fbb12c43479a23749ceea0ad1b4a704 # multi-runner-build-workflow-v3.0.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@5813c7c4f7016c748ae7ac5d5f684846649d4d20 # multi-runner-build-workflow-v2.4.0
     permissions:
       contents: read
       actions: read
@@ -167,7 +167,7 @@ jobs:
       image: immich-server
       context: .
       dockerfile: server/Dockerfile
-      dockerhub-push: ${{ github.event_name == 'release' && !github.event.release.prerelease }}
+      dockerhub-push: ${{ github.event_name == 'release' }}
       build-args: |
         DEVICE=cpu
 

.github/workflows/docs-build.yml

@@ -21,7 +21,7 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -54,7 +54,7 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -66,7 +66,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 

.github/workflows/docs-deploy.yml

@@ -20,7 +20,7 @@ jobs:
       artifact: ${{ steps.get-artifact.outputs.result }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -98,16 +98,9 @@ jobs:
                 shouldDeploy: true
               };
             } else if (eventType == "release") {
-              const tag = context.payload.workflow_run.head_branch;
-              const { data: release } = await github.rest.repos.getReleaseByTag({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                tag,
-              });
               parameters = {
                 event: "release",
-                name: tag,
-                prerelease: release.prerelease,
+                name: context.payload.workflow_run.head_branch,
                 shouldDeploy: !isFork
               };
             }
@@ -126,7 +119,7 @@ jobs:
     if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -138,7 +131,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -153,7 +146,6 @@ jobs:
             const parameters = JSON.parse(process.env.PARAM_JSON);
             core.setOutput("event", parameters.event);
             core.setOutput("name", parameters.name);
-            core.setOutput("prerelease", parameters.prerelease);
             core.setOutput("shouldDeploy", parameters.shouldDeploy);
 
       - name: Download artifact
@@ -211,7 +203,7 @@ jobs:
         run: mise run //docs:deploy
 
       - name: Deploy Docs Release Domain
-        if: ${{ steps.parameters.outputs.event == 'release' && steps.parameters.outputs.prerelease != 'true' }}
+        if: ${{ steps.parameters.outputs.event == 'release' }}
         env:
           TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
@@ -221,11 +213,12 @@ jobs:
         run: 'mise run //deployment:tf apply'
 
       - name: Comment
-        uses: immich-app/devtools/actions/sticky-comment@0135acd12ad9f3369b94a2aa3c0ae8c835a4e926 # sticky-comment-action-v1.0.0
+        uses: actions-cool/maintain-one-comment@909842216bc8e8658364c572ec52100f4c2cc50a # v3.3.0
         if: ${{ steps.parameters.outputs.event == 'pr' }}
         with:
-          id: docs-pr-url
           token: ${{ steps.token.outputs.token }}
           number: ${{ fromJson(needs.checks.outputs.parameters).pr_number }}
           body: |
             📖 Documentation deployed to [${{ steps.docs-output.outputs.subdomain }}](https://${{ steps.docs-output.outputs.subdomain }})
+          emojis: 'rocket'
+          body-include: '<!-- Docs PR URL -->'

.github/workflows/docs-destroy.yml

@@ -17,7 +17,7 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -29,7 +29,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -44,8 +44,9 @@ jobs:
         run: 'mise run //deployment:tf destroy -- -refresh=false'
 
       - name: Comment
-        uses: immich-app/devtools/actions/sticky-comment@0135acd12ad9f3369b94a2aa3c0ae8c835a4e926 # sticky-comment-action-v1.0.0
+        uses: actions-cool/maintain-one-comment@909842216bc8e8658364c572ec52100f4c2cc50a # v3.3.0
         with:
-          id: docs-pr-url
           token: ${{ steps.token.outputs.token }}
+          number: ${{ github.event.number }}
           delete: true
+          body-include: '<!-- Docs PR URL -->'

.github/workflows/fix-format.yml

@@ -15,7 +15,7 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -28,7 +28,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -45,7 +45,7 @@ jobs:
         uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         if: always()
         with:
-          github-token: ${{ steps.token.outputs.token }}
+          github-token: ${{ steps.generate-token.outputs.token }}
           script: |
             github.rest.issues.removeLabel({
               issue_number: context.payload.pull_request.number,

.github/workflows/merge-translations.yml

@@ -31,7 +31,7 @@ jobs:
       - name: Generate a token
         id: generate_token
         if: ${{ inputs.skip != true }}
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

.github/workflows/org-zizmor.yml

@@ -13,4 +13,3 @@ jobs:
       actions: read
       contents: read
       security-events: write
-    secrets: inherit

.github/workflows/pr-label-validation.yml

@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

.github/workflows/pr-labeler.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

.github/workflows/prepare-release.yml

@@ -49,7 +49,7 @@ jobs:
     permissions: {} # No job-level permissions are needed because it uses the app-token
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -62,7 +62,7 @@ jobs:
           ref: main
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -119,7 +119,7 @@ jobs:
     steps:
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -137,7 +137,7 @@ jobs:
           github-token: ${{ steps.generate-token.outputs.token }}
 
       - name: Create draft release
-        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
+        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2
         with:
           draft: true
           tag_name: ${{ needs.bump_version.outputs.version }}

.github/workflows/preview-label.yaml

@@ -14,16 +14,16 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: immich-app/devtools/actions/sticky-comment@0135acd12ad9f3369b94a2aa3c0ae8c835a4e926 # sticky-comment-action-v1.0.0
+      - uses: mshick/add-pr-comment@8e4927817251f1ff60c001f04568532b38e0b4a0 # v3.11.0
         with:
-          id: preview-status
-          token: ${{ steps.token.outputs.token }}
-          body: 'Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.build/'
+          github-token: ${{ steps.token.outputs.token }}
+          message-id: 'preview-status'
+          message: 'Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.build/'
 
   remove-label:
     runs-on: ubuntu-latest
@@ -32,7 +32,7 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -48,16 +48,16 @@ jobs:
               name: 'preview'
             })
 
-      - uses: immich-app/devtools/actions/sticky-comment@0135acd12ad9f3369b94a2aa3c0ae8c835a4e926 # sticky-comment-action-v1.0.0
+      - uses: mshick/add-pr-comment@8e4927817251f1ff60c001f04568532b38e0b4a0 # v3.11.0
         if: ${{ github.event.pull_request.head.repo.fork }}
         with:
-          id: preview-status
-          token: ${{ steps.token.outputs.token }}
-          body: 'PRs from forks cannot have preview environments.'
+          github-token: ${{ steps.token.outputs.token }}
+          message-id: 'preview-status'
+          message: 'PRs from forks cannot have preview environments.'
 
-      - uses: immich-app/devtools/actions/sticky-comment@0135acd12ad9f3369b94a2aa3c0ae8c835a4e926 # sticky-comment-action-v1.0.0
+      - uses: mshick/add-pr-comment@8e4927817251f1ff60c001f04568532b38e0b4a0 # v3.11.0
         if: ${{ !github.event.pull_request.head.repo.fork }}
         with:
-          id: preview-status
-          token: ${{ steps.token.outputs.token }}
-          body: 'Preview environment has been removed.'
+          github-token: ${{ steps.token.outputs.token }}
+          message-id: 'preview-status'
+          message: 'Preview environment has been removed.'

.github/workflows/sdk.yml

@@ -16,7 +16,7 @@ jobs:
       packages: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -28,7 +28,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -39,6 +39,4 @@ jobs:
         run: pnpm --filter @immich/sdk build
 
       - name: Publish
-        env:
-          NPM_TAG: ${{ github.event.release.prerelease && 'rc' || 'latest' }}
-        run: pnpm --filter @immich/sdk publish --provenance --no-git-checks --tag "$NPM_TAG"
+        run: pnpm --filter @immich/sdk publish --provenance --no-git-checks

.github/workflows/static_analysis.yml

@@ -20,7 +20,7 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -49,7 +49,7 @@ jobs:
         working-directory: ./mobile
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -61,10 +61,9 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
-          working_directory: ./mobile
 
       - name: Install dependencies
         run: flutter pub get
@@ -73,6 +72,10 @@ jobs:
         run: flutter pub get
         working-directory: ./mobile/packages/ui
 
+      - name: Install dependencies for UI Showcase
+        run: flutter pub get
+        working-directory: ./mobile/packages/ui/showcase
+
       - name: Generate translation files
         run: mise //mobile:codegen:translation
 
@@ -90,8 +93,6 @@ jobs:
             mobile/**/*.g.dart
             mobile/**/*.gr.dart
             mobile/**/*.drift.dart
-            mobile/**/*.g.swift
-            mobile/**/*.g.kt
 
       - name: Verify files have not changed
         if: steps.verify-changed-files.outputs.files_changed == 'true'

.github/workflows/test.yml

@@ -17,7 +17,7 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -30,32 +30,25 @@ jobs:
           filters: |
             i18n:
               - 'i18n/**'
-              - 'mise.toml'
             web:
               - 'web/**'
               - 'i18n/**'
               - 'packages/sdk/**'
               - 'pnpm-lock.yaml'
-              - 'mise.toml'
             server:
               - 'server/**'
               - 'pnpm-lock.yaml'
-              - 'mise.toml'
             cli:
               - 'packages/cli/**'
               - 'packages/sdk/**'
               - 'pnpm-lock.yaml'
-              - 'mise.toml'
             e2e:
               - 'e2e/**'
               - 'pnpm-lock.yaml'
-              - 'mise.toml'
             mobile:
               - 'mobile/**'
-              - 'mise.toml'
             machine-learning:
               - 'machine-learning/**'
-              - 'mise.toml'
             .github:
               - '.github/**'
           force-filters: |
@@ -69,9 +62,12 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+    defaults:
+      run:
+        working-directory: ./server
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -83,12 +79,12 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
       - name: Run ci-unit
-        run: mise run //server:ci-unit
+        run: mise run ci-unit
 
   cli-unit-tests:
     name: Unit Test CLI
@@ -102,7 +98,7 @@ jobs:
         working-directory: ./packages/cli
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -114,7 +110,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -133,7 +129,7 @@ jobs:
         working-directory: ./packages/cli
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -145,7 +141,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -177,7 +173,7 @@ jobs:
         working-directory: ./web
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -189,7 +185,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -215,7 +211,7 @@ jobs:
         working-directory: ./web
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -227,7 +223,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -243,7 +239,7 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -255,7 +251,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -293,7 +289,7 @@ jobs:
         working-directory: ./e2e
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -305,7 +301,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -325,7 +321,7 @@ jobs:
         working-directory: ./server
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -338,7 +334,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -361,7 +357,7 @@ jobs:
         runner: [ubuntu-latest, ubuntu-24.04-arm]
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -374,7 +370,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
 
       - name: Setup Node
         uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -384,7 +380,7 @@ jobs:
           cache-dependency-path: '**/pnpm-lock.yaml'
 
       - name: Setup packages
-        run: pnpm --filter @immich/sdk --filter @immich/cli install --frozen-lockfile && pnpm --filter @immich/sdk --filter @immich/cli build
+        run: pnpm --filter "@immich/*" install --frozen-lockfile && pnpm --filter "@immich/*" build
 
       - name: Run setup web
         run: pnpm install --frozen-lockfile && pnpm exec svelte-kit sync
@@ -438,7 +434,7 @@ jobs:
         runner: [ubuntu-latest, ubuntu-24.04-arm]
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -451,7 +447,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
 
       - name: Setup Node
         uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -546,7 +542,7 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -557,10 +553,9 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
-          working_directory: ./mobile
 
       - name: Install dependencies
         run: flutter pub get
@@ -584,7 +579,7 @@ jobs:
         working-directory: ./machine-learning
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -595,7 +590,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -614,7 +609,7 @@ jobs:
         working-directory: ./.github
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -626,7 +621,7 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
@@ -644,7 +639,7 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -665,7 +660,7 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -677,12 +672,13 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
       - name: Install server dependencies
         run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm --filter immich install --frozen-lockfile
+
       - name: Run API generation
         run: mise //:open-api
         working-directory: open-api
@@ -721,9 +717,12 @@ jobs:
           --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
         ports:
           - 5432:5432
+    defaults:
+      run:
+        working-directory: ./server
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -735,28 +734,25 @@ jobs:
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
+        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
         with:
           github_token: ${{ steps.token.outputs.token }}
 
       - name: Install server dependencies
         run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm install --frozen-lockfile
 
-      - name: Build plugins
-        run: mise //:plugins
-
       - name: Build the app
-        run: mise //server:build
+        run: pnpm build
 
       - name: Run existing migrations
-        run: pnpm --filter immich migrations:run
+        run: pnpm migrations:run
 
       - name: Test npm run schema:reset command works
-        run: pnpm --filter immich schema:reset
+        run: pnpm schema:reset
 
       - name: Generate new migrations
         continue-on-error: true
-        run: pnpm --filter migrations:generate src/TestMigration
+        run: pnpm migrations:generate src/TestMigration
 
       - name: Find file changes
         uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
@@ -772,7 +768,7 @@ jobs:
         run: |
           echo "ERROR: Generated migration files not up to date!"
           echo "Changed files: ${CHANGED_FILES}"
-          cat ./server/src/*-TestMigration.ts
+          cat ./src/*-TestMigration.ts
           exit 1
 
       - name: Run SQL generation

.github/workflows/weblate-lock.yml

@@ -24,7 +24,7 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -47,7 +47,7 @@ jobs:
     if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1
+        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
         with:
           client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

CODEOWNERS

@@ -4,4 +4,4 @@
 /web/ @danieldietzler
 /machine-learning/ @mertalev
 /e2e/ @danieldietzler
-/mobile/ @shenlong-tanwen @santoshakil
+/mobile/ @shenlong-tanwen

CODE_OF_CONDUCT.md

@@ -0,0 +1,134 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation
+in our community a harassment-free experience for everyone, regardless
+of age, body size, visible or invisible disability, ethnicity, sex
+characteristics, gender identity and expression, level of experience,
+education, socio-economic status, nationality, personal appearance,
+race, religion, or sexual identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open,
+welcoming, diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for
+our community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our
+  mistakes, and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+- Trolling, insulting or derogatory comments, and personal or
+  political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in
+  a professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our
+standards of acceptable behavior and will take appropriate and fair
+corrective action in response to any behavior that they deem
+inappropriate, threatening, offensive, or harmful.
+
+Community leaders have the right and responsibility to remove, edit,
+or reject comments, commits, code, wiki edits, issues, and other
+contributions that are not aligned to this Code of Conduct, and will
+communicate reasons for moderation decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also
+applies when an individual is officially representing the community in
+public spaces. Examples of representing our community include using an
+official e-mail address, posting via an official social media account,
+or acting as an appointed representative at an online or offline
+event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior
+may be reported to the community leaders responsible for enforcement
+at our Discord channel. All complaints
+will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and
+security of the reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in
+determining the consequences for any action they deem in violation of
+this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior
+deemed unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders,
+providing clarity around the nature of the violation and an
+explanation of why the behavior was inappropriate. A public apology
+may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued
+behavior. No interaction with the people involved, including
+unsolicited interaction with those enforcing the Code of Conduct, for
+a specified period of time. This includes avoiding interactions in
+community spaces as well as external channels like social
+media. Violating these terms may lead to a temporary or permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards,
+including sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or
+public communication with the community for a specified period of
+time. No public or private interaction with the people involved,
+including unsolicited interaction with those enforcing the Code of
+Conduct, is allowed during this period. Violating these terms may lead
+to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of
+community standards, including sustained inappropriate behavior,
+harassment of an individual, or aggression toward or disparagement of
+classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction
+within the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor
+Covenant][homepage], version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of
+conduct enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the
+FAQ at https://www.contributor-covenant.org/faq. Translations are
+available at https://www.contributor-covenant.org/translations.

Makefile

@@ -1,46 +1,46 @@
 dev:
-	@printf "This command has been removed. Please use:\n\n    mise dev          # or mise //:dev from another directory\n\n" >&2 && exit 1
+	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans
 
 dev-down:
-	@printf "This command has been removed. Please use:\n\n    mise dev-down          # or mise //:dev-down from another directory\n\n" >&2 && exit 1
+	docker compose -f ./docker/docker-compose.dev.yml down --remove-orphans
 
 dev-update:
-	@printf "This command has been removed. Please use:\n\n    mise dev-update          # or mise //:dev-update from another directory\n\n" >&2 && exit 1
+	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans
 
 dev-scale:
-	@printf "This command has been removed. Please use:\n\n    mise dev-scale          # or mise //:dev-scale from another directory\n\n" >&2 && exit 1
+	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --scale immich-server=3 --remove-orphans
 
 dev-docs:
 	npm --prefix docs run start
 
 .PHONY: e2e
 e2e:
-	@printf "This command has been removed. Please use:\n\n    mise e2e          # or mise //:e2e from another directory\n\n" >&2 && exit 1
+	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --remove-orphans
 
 e2e-dev:
-	@printf "This command has been removed. Please use:\n\n    mise e2e-dev          # or mise //:e2e-dev from another directory\n\n" >&2 && exit 1
+	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.dev.yml up --remove-orphans
 
 e2e-update:
-	@printf "This command has been removed. Please use:\n\n    mise e2e-update          # or mise //:e2e-update from another directory\n\n" >&2 && exit 1
+	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
 
 e2e-down:
-	@printf "This command has been removed. Please use:\n\n    mise e2e-down          # or mise //:e2e-down from another directory\n\n" >&2 && exit 1
+	docker compose -f ./e2e/docker-compose.yml down --remove-orphans
 
 prod:
-	@printf "This command has been removed. Please use:\n\n    mise prod          # or mise //:prod from another directory\n\n" >&2 && exit 1
+	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
 
 prod-down:
-	@printf "This command has been removed. Please use:\n\n    mise prod-down          # or mise //:prod-down from another directory\n\n" >&2 && exit 1
+	docker compose -f ./docker/docker-compose.prod.yml down --remove-orphans
 
 prod-scale:
-	@printf "This command has been removed. Please use:\n\n    mise prod-scale          # or mise //:prod-scale from another directory\n\n" >&2 && exit 1
+	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
 
 .PHONY: open-api
 open-api:
-	@printf "This command has been removed. Please use:\n\n    mise open-api          # or mise //:open-api from another directory\n\n" >&2 && exit 1
+	@printf "This command has been removed. Please use:\n\n    mise open-api          # or mise //:open-api from another directory\n\n"\n\n >&2 && exit 1
 
 sql:
-	@printf "This command has been removed. Please use:\n\n    mise sql               # or mise //:sql from another directory\n\n" >&2 && exit 1
+	@printf "This command has been removed. Please use:\n\n    mise sql               # or mise //:sql from another directory\n\n"\n\n >&2 && exit 1
 
 
 renovate:
@@ -52,7 +52,16 @@ renovate:
 MODULES = e2e server web cli sdk docs .github
 
 test-e2e:
-	@printf "This command has been removed. Please use:\n\n    mise //e2e:test               # or mise //e2e:test-web for web tests, respectively\n\n" >&2 && exit 1
+	docker compose -f ./e2e/docker-compose.yml build
+	pnpm --filter immich-e2e run test
+	pnpm --filter immich-e2e run test:web
 
 clean:
-	@printf "This command has been removed. Please use:\n\n    mise clean               # or mise //:clean from another directory\n\n" >&2 && exit 1
+	find . -name "node_modules" -type d -prune -exec rm -rf {} +
+	find . -name "dist" -type d -prune -exec rm -rf '{}' +
+	find . -name "build" -type d -prune -exec rm -rf '{}' +
+	find . -name ".svelte-kit" -type d -prune -exec rm -rf '{}' +
+	find . -name "coverage" -type d -prune -exec rm -rf '{}' +
+	find . -name ".pnpm-store" -type d -prune -exec rm -rf '{}' +
+	command -v docker >/dev/null 2>&1 && docker compose -f ./docker/docker-compose.dev.yml down -v --remove-orphans || true
+	command -v docker >/dev/null 2>&1 && docker compose -f ./e2e/docker-compose.yml down -v --remove-orphans || true

SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security issues to `security@immich.app`

deployment/mise.lock

@@ -1,65 +0,0 @@
-# @generated - this file is auto-generated by `mise lock` https://mise.en.dev/dev-tools/mise-lock.html
-
-[[tools.opentofu]]
-version = "1.11.6"
-backend = "aqua:opentofu/opentofu"
-
-[tools.opentofu."platforms.linux-arm64"]
-checksum = "sha256:d4f2ab15776925864b049bb329d69682851de6f5204f256e9fa86d07a0308850"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_linux_arm64.tar.gz"
-
-[tools.opentofu."platforms.linux-arm64-musl"]
-checksum = "sha256:d4f2ab15776925864b049bb329d69682851de6f5204f256e9fa86d07a0308850"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_linux_arm64.tar.gz"
-
-[tools.opentofu."platforms.linux-x64"]
-checksum = "sha256:02800fafa2753a9f50c38483e2fdf5bc353fd62895eb9e25eec9a5145df3a69e"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_linux_amd64.tar.gz"
-
-[tools.opentofu."platforms.linux-x64-musl"]
-checksum = "sha256:02800fafa2753a9f50c38483e2fdf5bc353fd62895eb9e25eec9a5145df3a69e"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_linux_amd64.tar.gz"
-
-[tools.opentofu."platforms.macos-arm64"]
-checksum = "sha256:62d7fa8539e13b444827aa0a3b90c5972da5c47e8f8882d9dcf2e430e78840c1"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_darwin_arm64.tar.gz"
-
-[tools.opentofu."platforms.macos-x64"]
-checksum = "sha256:1408cdef1c380f914565e6b4bb70794c6b163f195fcb233357f3d6c5745906b6"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_darwin_amd64.tar.gz"
-
-[tools.opentofu."platforms.windows-x64"]
-checksum = "sha256:27323f70c875b8251bfd7e61a4cffc3ebff4e56ed1e611b955016f0c7077367e"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_windows_amd64.tar.gz"
-
-[[tools.terragrunt]]
-version = "1.0.3"
-backend = "aqua:gruntwork-io/terragrunt"
-
-[tools.terragrunt."platforms.linux-arm64"]
-checksum = "sha256:e5b60ab05b5214db694e6bc215d8124fb626e277cdb56b86f6147ae110d510fe"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_linux_arm64.tar.gz"
-
-[tools.terragrunt."platforms.linux-arm64-musl"]
-checksum = "sha256:e5b60ab05b5214db694e6bc215d8124fb626e277cdb56b86f6147ae110d510fe"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_linux_arm64.tar.gz"
-
-[tools.terragrunt."platforms.linux-x64"]
-checksum = "sha256:6d48049baf82e0bf9c804368dc85cbfeadc10955e33777e9e8de3e020b94b073"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_linux_amd64.tar.gz"
-
-[tools.terragrunt."platforms.linux-x64-musl"]
-checksum = "sha256:6d48049baf82e0bf9c804368dc85cbfeadc10955e33777e9e8de3e020b94b073"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_linux_amd64.tar.gz"
-
-[tools.terragrunt."platforms.macos-arm64"]
-checksum = "sha256:aacb5be2ca5475300cbce246dfbd8a45eb47510fbaa70fab8561c49ef5db03aa"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_darwin_arm64.tar.gz"
-
-[tools.terragrunt."platforms.macos-x64"]
-checksum = "sha256:3133c2251e191aede8e3dd2a5b3aee2e91c5f08f88f117aee40eed9a24c8ef6b"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_darwin_amd64.tar.gz"
-
-[tools.terragrunt."platforms.windows-x64"]
-checksum = "sha256:183b2745b4e04980a6bfa4450ff81956a12596ca22d70f7aaa793980f5b036db"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_windows_amd64.exe.tar.gz"

docker/docker-compose.dev.yml

@@ -21,7 +21,7 @@ services:
     volumes:
       - ..:/usr/src/app
       # - ../../ui:/usr/src/ui
-      - build_cache:/buildcache
+      - pnpm_cache:/buildcache/pnpm_cache
       - server_node_modules:/usr/src/app/server/node_modules
       - web_node_modules:/usr/src/app/web/node_modules
       - github_node_modules:/usr/src/app/.github/node_modules
@@ -45,11 +45,11 @@ services:
       target: dev
     command:
       - |
-        mise install
+        pnpm install
         touch /tmp/init-complete
         exec tail -f /dev/null
     volumes:
-      - build_cache:/buildcache
+      - pnpm_store_server:/buildcache/pnpm-store
     restart: 'no'
     healthcheck:
       test: ['CMD', 'test', '-f', '/tmp/init-complete']
@@ -73,7 +73,8 @@ services:
     volumes:
       - ${UPLOAD_LOCATION}/photos:/data
       - /etc/localtime:/etc/localtime:ro
-      - ../packages/plugin-core:/build/plugins/immich-plugin-core
+      - pnpm_store_server:/buildcache/pnpm-store
+      - ../packages/plugins:/build/corePlugin
     env_file:
       - .env
     environment:
@@ -121,6 +122,8 @@ services:
     ports:
       - 3000:3000
       - 24678:24678
+    volumes:
+      - pnpm_store_web:/buildcache/pnpm-store
     restart: unless-stopped
     depends_on:
       immich-init:
@@ -154,7 +157,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
+    image: docker.io/valkey/valkey:9@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
     healthcheck:
       test: redis-cli ping || exit 1
 
@@ -200,7 +203,9 @@ volumes:
   model_cache:
   prometheus_data:
   grafana_data:
-  build_cache:
+  pnpm_cache:
+  pnpm_store_server:
+  pnpm_store_web:
   server_node_modules:
   web_node_modules:
   github_node_modules:

docker/docker-compose.prod.yml

@@ -56,7 +56,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
+    image: docker.io/valkey/valkey:9@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always
@@ -85,7 +85,7 @@ services:
     container_name: immich_prometheus
     ports:
       - 9090:9090
-    image: prom/prometheus@sha256:69f5241418838263316593f7274a304b095c40bcf22e57272865da91bd60a8ac
+    image: prom/prometheus@sha256:e4254400b85610324913f0dc4acf92603d9984e7519414c5a12811aa6146acc3
     volumes:
       - ./prometheus.yml:/etc/prometheus/prometheus.yml
       - prometheus-data:/prometheus
@@ -97,7 +97,7 @@ services:
     command: ['./run.sh', '-disable-reporting']
     ports:
       - 3000:3000
-    image: grafana/grafana:12.4.4-ubuntu@sha256:df2e7ef5f32f771794cf76bad5f2bceac227036460a2cc269a9045e5662abc58
+    image: grafana/grafana:12.4.3-ubuntu@sha256:ca3f764fdc48cebdf22dd206f33ecb0795a9a7210eacd1b5c02204aebd78b223
     volumes:
       - grafana-data:/var/lib/grafana
 

docker/docker-compose.rootless.yml

@@ -61,7 +61,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
+    image: docker.io/valkey/valkey:9@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
     user: '1000:1000'
     security_opt:
       - no-new-privileges:true

docker/docker-compose.yml

@@ -49,7 +49,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
+    image: docker.io/valkey/valkey:9@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always

docs/docs/FAQ.mdx

@@ -26,8 +26,6 @@ For organizations seeking to resell Immich, we have established the following gu
 
 When in doubt or if you have an edge case scenario, we encourage you to contact us directly via email to discuss the use of our trademark. We can provide clear guidance on what is acceptable and what is not. You can reach out at: questions@immich.app
 
----
-
 ## User
 
 ### How can I reset the admin password?
@@ -38,10 +36,6 @@ The admin password can be reset by running the [reset-admin-password](/administr
 
 You can see the list of all users by running [list-users](/administration/server-commands.md) Command on the Immich-server.
 
-### How can I change my profile picture?
-
-View a single photo, press the three dots in the top-right to show context menu, and select "Set as profile picture". In the pop-up, use your mouse scroll wheel to zoom in the picture until it completely fills the circle. Click and drag the picture to align it to your liking. Press "Save" to save your changes.
-
 ---
 
 ## Mobile App

docs/docs/administration/reverse-proxy.md

@@ -112,7 +112,7 @@ services:
       traefik.enable: true
       # increase readingTimeouts for the entrypoint used here
       traefik.http.routers.immich.entrypoints: websecure
-      traefik.http.routers.immich.rule: Host(`immich.example.com`)
+      traefik.http.routers.immich.rule: Host(`immich.your-domain.com`)
       traefik.http.services.immich.loadbalancer.server.port: 2283
 ```
 

docs/docs/administration/server-commands.md

@@ -90,7 +90,7 @@ immich-admin list-users
 [
   {
     id: 'e65e6f88-2a30-4dbe-8dd9-1885f4889b53',
-    email: 'immich@example.com',
+    email: 'immich@example.com.com',
     name: 'Immich Admin',
     storageLabel: 'admin',
     externalPath: null,

docs/docs/api.md

@@ -7,7 +7,7 @@ Immich uses the [OpenAPI](https://swagger.io/specification/) standard to generat
 OpenAPI is used to generate the client (Typescript, Dart) SDK. `openapi-generator-cli` can be installed [here](https://openapi-generator.tech/docs/installation/). The generated SDK is based on the `immich-openapi-specs.json` file, which is autogenerated by the server **when running in development mode**. The `immich-openapi-specs.json` file can be modified with `@nestjs/swagger` decorators used or referenced by controller endpoints. See the [NestJS OpenAPI docs](https://docs.nestjs.com/openapi/types-and-parameters) for more info. When you add a new endpoint or modify an existing one, you must run the server in development mode and run the command below to update the client SDK.
 
 ```bash
-mise open-api
+make open-api
 ```
 
 You can find the generated client SDK in the `packages/sdk/client` for Typescript SDK and `mobile/openapi` for Dart SDK.

docs/docs/developer/database-migrations.md

@@ -5,7 +5,7 @@ After making any changes in the `server/src/schema`, a database migration need t
 1. Run the command
 
 ```bash
-mise //server:migrations generate <migration-name>
+pnpm run migrations:generate <migration-name>
 ```
 
 2. Check if the migration file makes sense.
@@ -18,7 +18,7 @@ The server will automatically detect `*.ts` file changes and restart. Part of th
 If you need to undo the most recently applied migration—for example, when developing or testing on schema changes—run:
 
 ```bash
-mise //server:migrations revert
+pnpm run migrations:revert
 ```
 
 This command rolls back the latest migration and brings the database schema back to its previous state.

docs/docs/developer/devcontainers.md

@@ -218,7 +218,7 @@ When the Dev Container starts, it automatically:
    - Debug ports: 9230 (workers), 9231 (API)
 
 :::info
-The Dev Container setup replaces the `mise dev` command from the traditional setup. All services start automatically when you open the container.
+The Dev Container setup replaces the `make dev` command from the traditional setup. All services start automatically when you open the container.
 :::
 
 ### Accessing Services
@@ -252,33 +252,44 @@ To connect the mobile app to your Dev Container:
 
 The Dev Container supports multiple ways to run tests:
 
+#### Using Mise Commands (Recommended)
+
 ```bash
-# Server
-mise //server:test          # unit tests
-mise //server:test-medium   # medium / integration tests
-
-# Web
-mise //web:test             # unit tests
-
-# E2E
-mise //e2e:test             # API tests
-mise //e2e:test-web         # web UI tests (Playwright)
-
-# Run all checks for a component
-mise //server:checklist
-mise //web:checklist
+# Run tests for specific components
+mise run checklist      # in `server/`, `web/`, `packages/cli`
 ```
 
-### Additional Commands
+#### Using PNPM Directly
+
+```bash
+# Server tests
+cd /workspaces/immich/server
+pnpm test               # Run all tests
+pnpm run test:medium    # Medium tests (integration tests)
+pnpm run test:watch     # Watch mode
+pnpm run test:cov       # Coverage report
+
+# Web tests
+cd /workspaces/immich/web
+pnpm test               # Run all tests
+pnpm run test:watch     # Watch mode
+
+# E2E tests
+cd /workspaces/immich/e2e
+pnpm run test           # Run API tests
+pnpm run test:web       # Run web UI tests
+```
+
+### Additional Make Commands
 
 ```bash
 # API generation
-mise //:open-api             # Generate OpenAPI specs
-mise //:open-api-typescript  # Generate TypeScript SDK
-mise //:open-api-dart        # Generate Dart SDK
+make open-api           # Generate OpenAPI specs
+make open-api-typescript # Generate TypeScript SDK
+make open-api-dart      # Generate Dart SDK
 
 # Database
-mise //server:sql            # Sync database schema
+mise sql                # Sync database schema
 ```
 
 ### Debugging

docs/docs/developer/pr-checklist.md

@@ -2,48 +2,40 @@
 
 A minimal devcontainer is supplied with this repository. All commands can be executed directly inside this container to avoid tedious installation of the environment.
 :::warning
-The provided devcontainer isn't complete at the moment. At least all dockerized steps in the Makefile won't work (`mise dev`, ....). Feel free to contribute!
+The provided devcontainer isn't complete at the moment. At least all dockerized steps in the Makefile won't work (`make dev`, ....). Feel free to contribute!
 :::
 When contributing code through a pull request, please check the following:
 
 ## Web Checks
 
-- [ ] `mise //web:lint` (linting via ESLint)
-- [ ] `mise //web:format` (formatting via Prettier)
-- [ ] `mise //web:check-svelte` (type checking via SvelteKit)
-- [ ] `mise //web:check-typescript` (type checking via `tsc`)
-- [ ] `mise //web:test` (unit tests)
+- [ ] `pnpm run lint` (linting via ESLint)
+- [ ] `pnpm run format` (formatting via Prettier)
+- [ ] `pnpm run check:svelte` (Type checking via SvelteKit)
+- [ ] `pnpm run check:typescript` (check typescript)
+- [ ] `pnpm test` (unit tests)
 
 :::tip AIO
-Run all web checks with `mise //web:checklist`
-:::
-
-:::tip Auto Fix
-Use `mise //web:lint-fix` and `mise //web:format-fix` to automatically correct some issues.
+Run all web checks with `pnpm run check:all`
 :::
 
 ## Documentation
 
-- [ ] `mise //docs:format` (formatting via Prettier)
+- [ ] `pnpm run format` (formatting via Prettier)
 - [ ] Update the `_redirects` file if you have renamed a page or removed it from the documentation.
 
-:::tip Auto Fix
-Use `mise //docs:format-fix` to automatically fix formatting.
-:::
-
 ## Server Checks
 
-- [ ] `mise //server:lint` (linting via ESLint)
-- [ ] `mise //server:format` (formatting via Prettier)
-- [ ] `mise //server:check` (type checking via `tsc`)
-- [ ] `mise //server:test` (unit tests)
+- [ ] `pnpm run lint` (linting via ESLint)
+- [ ] `pnpm run format` (formatting via Prettier)
+- [ ] `pnpm run check` (Type checking via `tsc`)
+- [ ] `pnpm test` (unit tests)
 
 :::tip AIO
-Run all server checks with `mise //server:checklist`
+Run all server checks with `pnpm run check:all`
 :::
 
 :::tip Auto Fix
-Use `mise //server:lint-fix` and `mise //server:format-fix` to automatically correct some issues.
+You can use `pnpm run __:fix` to potentially correct some issues automatically for `pnpm run format` and `lint`.
 :::
 
 ## Mobile Checklist
@@ -61,17 +53,6 @@ Run all these commands at once with `mise //mobile:checklist`
 You can use `mise //mobile:lint-fix` to potentially correct some issues automatically for `mise //mobile:lint`.
 :::
 
-## Machine Learning Checklist
-
-- [ ] `mise //machine-learning:lint` (linting via ruff)
-- [ ] `mise //machine-learning:format` (formatting via ruff)
-- [ ] `mise //machine-learning:check` (type checking via mypy)
-- [ ] `mise //machine-learning:test` (unit tests via pytest)
-
-:::tip AIO
-Run all machine learning checks with `mise //machine-learning:checklist`
-:::
-
 ## OpenAPI
 
 The OpenAPI client libraries need to be regenerated whenever there are changes to the `immich-openapi-specs.json` file. Note that you should not modify this file directly as it is auto-generated. See [OpenAPI](/api.md) for more details.

docs/docs/developer/setup.md

@@ -32,10 +32,6 @@ This environment includes the services below. Additional details are available i
 
 All the services are packaged to run as with single Docker Compose command.
 
-:::tip mise
-[mise](https://mise.jdx.dev) is used throughout the project to manage tool versions and run tasks. [Install mise](https://mise.jdx.dev/installing-mise.html), then from the repo root run `mise trust` and `mise install` to get all required tools. Tasks for each service can be run from the repo root using `mise //namespace:task` (e.g. `mise //server:lint`). To list all available tasks, run `mise tasks ls --all`.
-:::
-
 ### Server and web apps
 
 1. Clone the project repo.
@@ -45,7 +41,7 @@ All the services are packaged to run as with single Docker Compose command.
 5. From the root directory, run:
 
 ```bash title="Start development server"
-mise dev
+make dev # required Makefile installed on the system.
 ```
 
 5. Access the dev instance in your browser at http://localhost:3000, or connect via the mobile app.
@@ -60,23 +56,22 @@ You can access the web from `http://your-machine-ip:3000` or `http://localhost:3
 
 #### Connect web to a remote backend
 
-If you only want to do web development connected to an existing, remote backend, run from the repo root:
+If you only want to do web development connected to an existing, remote backend, follow these steps:
+
+1. Build the Immich SDK - `pnpm --filter @immich/sdk install && pnpm --filter @immich/sdk build`
+2. Enter the web directory - `cd web/`
+3. Install web dependencies - `pnpm i`
+4. Start the web development server
 
 ```bash
-IMMICH_SERVER_URL=https://demo.immich.app/ mise //web:start
-```
-
-This will install all dependencies (including the SDK) and start the dev server in one step. To connect to the hosted demo server specifically, use the shorthand:
-
-```bash
-mise //web:start-demo
+IMMICH_SERVER_URL=https://demo.immich.app/ pnpm run dev
 ```
 
 If you're using PowerShell on Windows you may need to set the env var separately like so:
 
 ```powershell
 $env:IMMICH_SERVER_URL = "https://demo.immich.app/"
-mise //web:start
+pnpm run dev
 ```
 
 #### `@immich/ui`
@@ -88,45 +83,31 @@ To see local changes to `@immich/ui` in Immich, do the following:
 3. Uncomment the corresponding volume in web service of the `docker/docker-compose.dev.yml` file (`../../ui:/usr/src/ui`)
 4. Uncomment the corresponding alias in the `web/vite.config.ts` file (`'@immich/ui': path.resolve(\_\_dirname, '../../ui/packages/ui')`)
 5. Uncomment the import statement in `web/src/app.css` file `@import '../../../ui/packages/ui/dist/theme/default.css';` and comment out `@import '@immich/ui/theme/default.css';`
-6. Start up the stack via `mise dev`
+6. Start up the stack via `make dev`
 7. After making changes in `@immich/ui`, rebuild it (`pnpm run build`)
 
 ### Mobile app
 
 #### Setup
 
-1. Run `mise //mobile:install` to install Flutter dependencies.
-2. Run `mise //mobile:translation` to generate the translation file.
-3. Change to the `mobile/` directory and run `flutter run` to start the app.
+1. [Install mise](https://mise.jdx.dev/installing-mise.html).
+2. Change to the immich (root) directory and trust the mise config with `mise trust`.
+3. Install tools with mise: `mise install`.
+4. Change to the `mobile/` directory.
+5. Run `flutter pub get` to install the dependencies.
+6. Run `make translation` to generate the translation file.
+7. Run `flutter run` to start the app.
 
 #### Translation
 
-To add a new translation text, enter the key-value pair in the `i18n/en.json` in the root of the immich project. Then run:
+To add a new translation text, enter the key-value pair in the `i18n/en.json` in the root of the immich project. Then, from the `mobile/` directory, run
 
 ```bash
-mise //mobile:translation
+make translation
 ```
 
 The mobile app asks you what backend to connect to. You can utilize the demo backend (https://demo.immich.app/) if you don't need to change server code or upload photos. Alternatively, you can run the server yourself per the instructions above.
 
-#### UI components and widget previews
-
-Shared design-system widgets (buttons, inputs, forms) live in the
-[`immich_ui` package](https://github.com/immich-app/immich/tree/main/mobile/packages/ui/)
-under `mobile/packages/ui/`. Components are defined in `lib/src/components/`
-and have matching previews in `lib/src/previews/`.
-
-To inspect a component in isolation with a light/dark toggle and hot reload,
-launch [Flutter's Widget Previewer](https://docs.flutter.dev/tools/widget-previewer):
-
-```bash
-cd mobile/packages/ui
-flutter widget-preview start
-```
-
-In VS Code or Android Studio with the Flutter plugin, the previewer
-auto-starts when you open the **Flutter Widget Preview** tab in the sidebar.
-
 ## IDE setup
 
 ### Lint / format extensions

docs/docs/developer/testing.md

@@ -4,20 +4,21 @@
 
 ### Unit tests
 
-Unit tests are run with `mise //server:test`.
-You need to run `mise //server:install` before _once_.
+Unit are run by calling `pnpm run test` from the `server/` directory.
+You need to run `pnpm install` (in `server/`) before _once_.
 
 ### End to end tests
 
 The e2e tests can be run by first starting up a test production environment via:
 
 ```bash
-mise e2e
+make e2e
 ```
 
 Before you can run the tests, you need to run the following commands _once_:
 
-- `mise //e2e:ci-setup` (installs e2e, SDK, and CLI dependencies)
+- `pnpm install`
+- `pnpm --filter "@immich/*" build`
 - `mise //:open-api`
 
 Once the test environment is running, the e2e tests can be run via:

docs/docs/guides/database-gui.md

@@ -17,7 +17,7 @@ services:
     ports:
       - "8888:80"
     environment:
-      PGADMIN_DEFAULT_EMAIL: admin@example.com
+      PGADMIN_DEFAULT_EMAIL: user-name@domain-name.com
       PGADMIN_DEFAULT_PASSWORD: strong-password
     volumes:
       - pgadmin-data:/var/lib/pgadmin

docs/docs/install/environment-variables.md

@@ -154,33 +154,33 @@ Redis (Sentinel) URL example JSON before encoding:
 
 ## Machine Learning
 
-| Variable                                                    | Description                                                                                                                                                  |           Default            | Containers       |
-| :---------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------: | :--------------- |
-| `MACHINE_LEARNING_MODEL_TTL`                                | Inactivity time (s) before a model is unloaded (disabled if \<= 0)                                                                                           |            `300`             | machine learning |
-| `MACHINE_LEARNING_MODEL_TTL_POLL_S`                         | Interval (s) between checks for the model TTL (disabled if \<= 0)                                                                                            |             `10`             | machine learning |
-| `MACHINE_LEARNING_CACHE_FOLDER`                             | Directory where models are downloaded                                                                                                                        |           `/cache`           | machine learning |
-| `MACHINE_LEARNING_REQUEST_THREADS`<sup>\*1</sup>            | Thread count of the request thread pool (disabled if \<= 0)                                                                                                  |     number of CPU cores      | machine learning |
-| `MACHINE_LEARNING_MODEL_INTER_OP_THREADS`                   | Number of parallel model operations                                                                                                                          |             `1`              | machine learning |
-| `MACHINE_LEARNING_MODEL_INTRA_OP_THREADS`                   | Number of threads for each model operation                                                                                                                   |             `2`              | machine learning |
-| `MACHINE_LEARNING_WORKERS`<sup>\*2</sup>                    | Number of worker processes to spawn                                                                                                                          |             `1`              | machine learning |
-| `MACHINE_LEARNING_HTTP_KEEPALIVE_TIMEOUT_S`<sup>\*3</sup>   | HTTP Keep-alive time in seconds                                                                                                                              |             `2`              | machine learning |
-| `MACHINE_LEARNING_WORKER_TIMEOUT`                           | Maximum time (s) of unresponsiveness before a worker is killed                                                                                               | `300` (`900` if using ROCm)  | machine learning |
-| `MACHINE_LEARNING_PRELOAD__CLIP__TEXTUAL`                   | Comma-separated list of (textual) CLIP model(s) to preload and cache                                                                                         |                              | machine learning |
-| `MACHINE_LEARNING_PRELOAD__CLIP__VISUAL`                    | Comma-separated list of (visual) CLIP model(s) to preload and cache                                                                                          |                              | machine learning |
-| `MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION__RECOGNITION` | Comma-separated list of (recognition) facial recognition model(s) to preload and cache                                                                       |                              | machine learning |
-| `MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION__DETECTION`   | Comma-separated list of (detection) facial recognition model(s) to preload and cache                                                                         |                              | machine learning |
-| `MACHINE_LEARNING_PRELOAD__OCR__RECOGNITION`                | Comma-separated list of (recognition) OCR model(s) to preload and cache                                                                                      |                              | machine learning |
-| `MACHINE_LEARNING_PRELOAD__OCR__DETECTION`                  | Comma-separated list of (detection) OCR model(s) to preload and cache                                                                                        |                              | machine learning |
-| `MACHINE_LEARNING_ANN`                                      | Enable ARM-NN hardware acceleration if supported                                                                                                             |            `True`            | machine learning |
-| `MACHINE_LEARNING_ANN_FP16_TURBO`                           | Execute operations in FP16 precision: increasing speed, reducing precision (applies only to ARM-NN)                                                          |           `False`            | machine learning |
-| `MACHINE_LEARNING_ANN_TUNING_LEVEL`                         | ARM-NN GPU tuning level (1: rapid, 2: normal, 3: exhaustive)                                                                                                 |             `2`              | machine learning |
-| `MACHINE_LEARNING_DEVICE_IDS`<sup>\*4</sup>                 | Device IDs to use in multi-GPU environments                                                                                                                  |             `0`              | machine learning |
-| `MACHINE_LEARNING_MAX_BATCH_SIZE__FACIAL_RECOGNITION`       | Set the maximum number of faces that will be processed at once by the facial recognition model                                                               | None (`1` if using OpenVINO) | machine learning |
-| `MACHINE_LEARNING_MAX_BATCH_SIZE__OCR`                      | Set the maximum number of boxes that will be processed at once by the OCR model                                                                              |             `6`              | machine learning |
-| `MACHINE_LEARNING_RKNN`                                     | Enable RKNN hardware acceleration if supported                                                                                                               |            `True`            | machine learning |
-| `MACHINE_LEARNING_RKNN_THREADS`                             | How many threads of RKNN runtime should be spun up while inferencing.                                                                                        |             `1`              | machine learning |
-| `MACHINE_LEARNING_MODEL_ARENA`                              | Pre-allocates CPU memory to avoid memory fragmentation                                                                                                       |             true             | machine learning |
-| `MACHINE_LEARNING_OPENVINO_PRECISION`                       | If set to FP16, uses half-precision floating-point operations for faster inference with reduced accuracy (one of [`FP16`, `FP32`], applies only to OpenVINO) |            `FP32`            | machine learning |
+| Variable                                                    | Description                                                                                                                                                  |             Default             | Containers       |
+| :---------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------- | :-----------------------------: | :--------------- |
+| `MACHINE_LEARNING_MODEL_TTL`                                | Inactivity time (s) before a model is unloaded (disabled if \<= 0)                                                                                           |              `300`              | machine learning |
+| `MACHINE_LEARNING_MODEL_TTL_POLL_S`                         | Interval (s) between checks for the model TTL (disabled if \<= 0)                                                                                            |              `10`               | machine learning |
+| `MACHINE_LEARNING_CACHE_FOLDER`                             | Directory where models are downloaded                                                                                                                        |            `/cache`             | machine learning |
+| `MACHINE_LEARNING_REQUEST_THREADS`<sup>\*1</sup>            | Thread count of the request thread pool (disabled if \<= 0)                                                                                                  |       number of CPU cores       | machine learning |
+| `MACHINE_LEARNING_MODEL_INTER_OP_THREADS`                   | Number of parallel model operations                                                                                                                          |               `1`               | machine learning |
+| `MACHINE_LEARNING_MODEL_INTRA_OP_THREADS`                   | Number of threads for each model operation                                                                                                                   |               `2`               | machine learning |
+| `MACHINE_LEARNING_WORKERS`<sup>\*2</sup>                    | Number of worker processes to spawn                                                                                                                          |               `1`               | machine learning |
+| `MACHINE_LEARNING_HTTP_KEEPALIVE_TIMEOUT_S`<sup>\*3</sup>   | HTTP Keep-alive time in seconds                                                                                                                              |               `2`               | machine learning |
+| `MACHINE_LEARNING_WORKER_TIMEOUT`                           | Maximum time (s) of unresponsiveness before a worker is killed                                                                                               | `120` (`300` if using OpenVINO) | machine learning |
+| `MACHINE_LEARNING_PRELOAD__CLIP__TEXTUAL`                   | Comma-separated list of (textual) CLIP model(s) to preload and cache                                                                                         |                                 | machine learning |
+| `MACHINE_LEARNING_PRELOAD__CLIP__VISUAL`                    | Comma-separated list of (visual) CLIP model(s) to preload and cache                                                                                          |                                 | machine learning |
+| `MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION__RECOGNITION` | Comma-separated list of (recognition) facial recognition model(s) to preload and cache                                                                       |                                 | machine learning |
+| `MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION__DETECTION`   | Comma-separated list of (detection) facial recognition model(s) to preload and cache                                                                         |                                 | machine learning |
+| `MACHINE_LEARNING_PRELOAD__OCR__RECOGNITION`                | Comma-separated list of (recognition) OCR model(s) to preload and cache                                                                                      |                                 | machine learning |
+| `MACHINE_LEARNING_PRELOAD__OCR__DETECTION`                  | Comma-separated list of (detection) OCR model(s) to preload and cache                                                                                        |                                 | machine learning |
+| `MACHINE_LEARNING_ANN`                                      | Enable ARM-NN hardware acceleration if supported                                                                                                             |             `True`              | machine learning |
+| `MACHINE_LEARNING_ANN_FP16_TURBO`                           | Execute operations in FP16 precision: increasing speed, reducing precision (applies only to ARM-NN)                                                          |             `False`             | machine learning |
+| `MACHINE_LEARNING_ANN_TUNING_LEVEL`                         | ARM-NN GPU tuning level (1: rapid, 2: normal, 3: exhaustive)                                                                                                 |               `2`               | machine learning |
+| `MACHINE_LEARNING_DEVICE_IDS`<sup>\*4</sup>                 | Device IDs to use in multi-GPU environments                                                                                                                  |               `0`               | machine learning |
+| `MACHINE_LEARNING_MAX_BATCH_SIZE__FACIAL_RECOGNITION`       | Set the maximum number of faces that will be processed at once by the facial recognition model                                                               |  None (`1` if using OpenVINO)   | machine learning |
+| `MACHINE_LEARNING_MAX_BATCH_SIZE__OCR`                      | Set the maximum number of boxes that will be processed at once by the OCR model                                                                              |               `6`               | machine learning |
+| `MACHINE_LEARNING_RKNN`                                     | Enable RKNN hardware acceleration if supported                                                                                                               |             `True`              | machine learning |
+| `MACHINE_LEARNING_RKNN_THREADS`                             | How many threads of RKNN runtime should be spun up while inferencing.                                                                                        |               `1`               | machine learning |
+| `MACHINE_LEARNING_MODEL_ARENA`                              | Pre-allocates CPU memory to avoid memory fragmentation                                                                                                       |              true               | machine learning |
+| `MACHINE_LEARNING_OPENVINO_PRECISION`                       | If set to FP16, uses half-precision floating-point operations for faster inference with reduced accuracy (one of [`FP16`, `FP32`], applies only to OpenVINO) |             `FP32`              | machine learning |
 
 \*1: It is recommended to begin with this parameter when changing the concurrency levels of the machine learning service and then tune the other ones.
 

docs/docs/install/synology.md

@@ -52,7 +52,7 @@ Scroll to the bottom of the "**Details**" section and find the `IP Address` list
 
 ## Step 4 - Configure Firewall Settings
 
-Once your project completes the build process, your containers will start. In order to be able to access Immich from your browser, you need to configure the firewall settings for your Synology NAS to allow communication between the Immich containers.
+Once your project completes the build process, your containers will start. In order to be able to access Immich from your browser, you need to configure the firewall settings for your Synology NAS.
 
 Open "**Control Panel**" on your Synology NAS, and select "**Security**". Navigate to "**Firewall**"
 
@@ -74,7 +74,6 @@ Read the [Post Installation](/install/post-install.mdx) steps and [upgrade instr
 
 <details>
   <summary>Updating Immich using Container Manager</summary>
-
 Check the post installation and upgrade instructions at the links above before proceeding with this section.
 
 ## Step 1. Backup
@@ -111,7 +110,7 @@ Go to **Project**, select **Action** then **Build**. This will download, unpack,
 
 ## Step 5. Update firewall rule
 
-Without a fixed subnet, the default behavior is to automatically start the containers once installed. If `immich_server` runs for a few seconds and then stops, it may be because the firewall rule no longer matches the server IP address.
+The default behavior is to automatically start the containers once installed. If `immich_server` runs for a few seconds and then stops, it may be because the firewall rule no longer matches the server IP address.
 
 Go to the **Container** section. Click on `immich_server` and scroll down on **General** to find the IP address.
 ![Container IP](../../static/img/synology-container-ip.png)
@@ -124,67 +123,4 @@ In this example, the IP addresses mismatch and the firewall rule needs to be edi
 
 ![Edit IP](../../static/img/synology-fw-ipedit.png)
 
-To prevent future firewall issues, you may set a fixed subnet. [See Set Fixed Subnet](#set-fixed-subnet) for instructions.
-
-</details>
-
-<details id="set-fixed-subnet">
-  <summary>Set Fixed Subnet</summary>
-
-Docker by default assigns dynamic subnets to bridge networks which can change when rebuilding containers and can cause firewall rules to break. To avoid this, define a fixed subnet in your `docker-compose.yml`:
-
-## Step 1. Determine current subnet
-
-Go to the **Container** section. Click on `immich_server` and scroll down on **General** to find the IP address.
-![Container IP](../../static/img/synology-container-ip.png)
-
-## Step 2. Add network configuration
-
-Add the following network configuration at the end of your `docker-compose.yml` file:
-
-```yaml
-networks:
-  immich-network:
-    driver: bridge
-    ipam:
-      config:
-        - subnet: 172.20.0.0/16
-          gateway: 172.20.0.1
-```
-
-If your docker container is running on a different subnet then update accordingly.
-
-## Step 3. Add network to each service
-
-Add the network to each service (immich-server, immich-machine-learning, redis, database):
-
-```yaml
-services:
-  immich-server:
-    # other config options
-    networks:
-      - immich-network
-
-  immich-machine-learning:
-    # other config options
-    networks:
-      - immich-network
-
-  redis:
-    # other config options
-    networks:
-      - immich-network
-
-  database:
-    # other config options
-    networks:
-      - immich-network
-```
-
-Save your changes. Synology will ask if you want to save changes only or rebuild containers. Select rebuild containers.
-
-## Step 4. Update Firewall Rules, if necessary
-
-If your firewall rules were not already set for this subnet, the firewall rules will need to be updated. See [Step 4 - Configure Firewall Settings](#step-4---configure-firewall-settings).
-
 </details>

docs/docusaurus.config.js

@@ -10,6 +10,7 @@ const config = {
   url: 'https://docs.immich.app',
   baseUrl: '/',
   onBrokenLinks: 'throw',
+  onBrokenMarkdownLinks: 'warn',
   favicon: 'img/favicon.png',
 
   // GitHub pages deployment config.
@@ -28,9 +29,6 @@ const config = {
   // Mermaid diagrams
   markdown: {
     mermaid: true,
-    hooks: {
-      onBrokenMarkdownLinks: 'warn',
-    },
   },
   themes: ['@docusaurus/theme-mermaid'],
 

docs/mise.lock

@@ -1,5 +0,0 @@
-# @generated - this file is auto-generated by `mise lock` https://mise.en.dev/dev-tools/mise-lock.html
-
-[[tools.wrangler]]
-version = "4.66.0"
-backend = "npm:wrangler"

docs/mise.toml

@@ -3,7 +3,7 @@ run = "pnpm install --filter documentation --frozen-lockfile"
 
 [tasks.start]
 env._.path = "./node_modules/.bin"
-run = "docusaurus start --port 3005"
+run = "docusaurus --port 3005"
 
 [tasks.build]
 env._.path = "./node_modules/.bin"
@@ -28,4 +28,4 @@ run = "prettier --write ."
 run = "wrangler pages deploy build --project-name=${PROJECT_NAME} --branch=${BRANCH_NAME}"
 
 [tools]
-wrangler = "4.91.0"
+wrangler = "4.66.0"

e2e/docker-compose.dev.yml

@@ -83,7 +83,9 @@ volumes:
   model_cache:
   prometheus_data:
   grafana_data:
-  build_cache:
+  pnpm_cache:
+  pnpm_store_server:
+  pnpm_store_web:
   server_node_modules:
   web_node_modules:
   github_node_modules:

e2e/docker-compose.yml

@@ -4,8 +4,7 @@ services:
   e2e-auth-server:
     container_name: immich-e2e-auth-server
     build:
-      context: ../
-      dockerfile: packages/e2e-auth-server/Dockerfile
+      context: ../packages/e2e-auth-server
     ports:
       - 2286:2286
 
@@ -45,7 +44,7 @@ services:
 
   redis:
     container_name: immich-e2e-redis
-    image: docker.io/valkey/valkey:9@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
+    image: docker.io/valkey/valkey:9@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
     healthcheck:
       test: redis-cli ping || exit 1
 

e2e/mise.toml

@@ -1,21 +1,11 @@
 [tasks.install]
 run = "pnpm install --filter immich-e2e --frozen-lockfile"
 
-[tasks.build]
-dir = "{{ config_root }}"
-run = "docker compose build"
-
 [tasks.test]
-depends = ["//e2e:build", "//e2e:ci-setup"]
 env._.path = "./node_modules/.bin"
 run = "vitest --run"
 
-[tasks.playwright-install]
-env._.path = "./node_modules/.bin"
-run = "playwright install"
-
 [tasks."test-web"]
-depends = ["//e2e:build", "//e2e:ci-setup", "//e2e:playwright-install"]
 env._.path = "./node_modules/.bin"
 run = "playwright test"
 
@@ -40,12 +30,7 @@ run = "tsc --noEmit"
 
 
 [tasks.ci-setup]
-depends = [
-  "//:sdk:install",
-  "//:sdk:build",
-  "//packages/cli:install",
-  "//packages/cli:build",
-]
+depends = ["//:sdk:install", "//:sdk:build", "//cli:install", "//cli:build"]
 run = { task = ":install" }
 
 

e2e/package.json

@@ -32,7 +32,7 @@
     "@playwright/test": "^1.44.1",
     "@socket.io/component-emitter": "^3.1.2",
     "@types/luxon": "^3.4.2",
-    "@types/node": "^24.12.4",
+    "@types/node": "^24.12.2",
     "@types/pg": "^8.15.1",
     "@types/pngjs": "^6.0.4",
     "@types/supertest": "^7.0.0",

e2e/src/specs/maintenance/server/database-backups.e2e-spec.ts

@@ -2,7 +2,7 @@ import { LoginResponseDto, ManualJobName } from '@immich/sdk';
 import { errorDto } from 'src/responses';
 import { app, utils } from 'src/utils';
 import request from 'supertest';
-import { afterAll, beforeAll, beforeEach, describe, expect, it } from 'vitest';
+import { afterAll, beforeAll, describe, expect, it } from 'vitest';
 
 describe('/admin/database-backups', () => {
   let cookie: string | undefined;
@@ -13,9 +13,6 @@ describe('/admin/database-backups', () => {
     admin = await utils.adminSetup({
       onboarding: false,
     });
-  });
-
-  beforeEach(async () => {
     await utils.resetBackups(admin.accessToken);
   });
 

e2e/src/specs/server/api/album.e2e-spec.ts

@@ -504,14 +504,13 @@ describe('/albums', () => {
       });
     });
 
-    it('should deduplicate owner from albumUsers on create', async () => {
+    it('should not be able to share album with owner', async () => {
       const { status, body } = await request(app)
         .post('/albums')
         .send({ albumName: 'New album', albumUsers: [{ role: AlbumUserRole.Editor, userId: user1.userId }] })
         .set('Authorization', `Bearer ${user1.accessToken}`);
-      expect(status).toBe(201);
-      expect(body.albumUsers).toHaveLength(1);
-      expect(body.albumUsers[0]).toMatchObject({ role: AlbumUserRole.Owner, user: { id: user1.userId } });
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('Cannot share album with owner'));
     });
   });
 

e2e/src/specs/server/api/asset.e2e-spec.ts

@@ -492,6 +492,20 @@ describe('/asset', () => {
       expect(status).toEqual(200);
     });
 
+    it('should set the negative rating', async () => {
+      const { status, body } = await request(app)
+        .put(`/assets/${user1Assets[0].id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ rating: -1 });
+      expect(body).toMatchObject({
+        id: user1Assets[0].id,
+        exifInfo: expect.objectContaining({
+          rating: -1,
+        }),
+      });
+      expect(status).toEqual(200);
+    });
+
     it('should return tagged people', async () => {
       const { status, body } = await request(app)
         .put(`/assets/${user1Assets[0].id}`)

e2e/src/specs/server/api/search.e2e-spec.ts

@@ -259,6 +259,17 @@ describe('/search', () => {
           assets: [assetHeic],
         }),
       },
+      {
+        should: "should search city ('')",
+        deferred: () => ({
+          dto: {
+            city: '',
+            visibility: AssetVisibility.Timeline,
+            includeNull: true,
+          },
+          assets: [assetLast],
+        }),
+      },
       {
         should: 'should search city (null)',
         deferred: () => ({
@@ -280,6 +291,18 @@ describe('/search', () => {
           assets: [assetDensity],
         }),
       },
+      {
+        should: "should search state ('')",
+        deferred: () => ({
+          dto: {
+            state: '',
+            visibility: AssetVisibility.Timeline,
+            withExif: true,
+            includeNull: true,
+          },
+          assets: [assetLast, assetNotocactus],
+        }),
+      },
       {
         should: 'should search state (null)',
         deferred: () => ({
@@ -301,6 +324,17 @@ describe('/search', () => {
           assets: [assetFalcon],
         }),
       },
+      {
+        should: "should search country ('')",
+        deferred: () => ({
+          dto: {
+            country: '',
+            visibility: AssetVisibility.Timeline,
+            includeNull: true,
+          },
+          assets: [assetLast],
+        }),
+      },
       {
         should: 'should search country (null)',
         deferred: () => ({

e2e/src/specs/server/api/server.e2e-spec.ts

@@ -95,7 +95,6 @@ describe('/server', () => {
         major: expect.any(Number),
         minor: expect.any(Number),
         patch: expect.any(Number),
-        prerelease: null,
       });
     });
   });
@@ -116,7 +115,6 @@ describe('/server', () => {
         oauthAutoLaunch: false,
         ocr: false,
         passwordLogin: true,
-        realtimeTranscoding: false,
         search: true,
         sidecar: true,
         trash: true,
@@ -141,7 +139,6 @@ describe('/server', () => {
         maintenanceMode: false,
         mapDarkStyleUrl: 'https://tiles.immich.cloud/v1/style/dark.json',
         mapLightStyleUrl: 'https://tiles.immich.cloud/v1/style/light.json',
-        minFaces: 3,
       });
     });
   });

e2e/src/specs/server/api/system-config.e2e-spec.ts

@@ -21,18 +21,18 @@ describe('/system-config', () => {
       const response1 = await request(app)
         .put('/system-config')
         .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({ ...config, newVersionCheck: { enabled: false, channel: 'stable' } });
+        .send({ ...config, newVersionCheck: { enabled: false } });
 
       expect(response1.status).toBe(200);
-      expect(response1.body).toEqual({ ...config, newVersionCheck: { enabled: false, channel: 'stable' } });
+      expect(response1.body).toEqual({ ...config, newVersionCheck: { enabled: false } });
 
       const response2 = await request(app)
         .put('/system-config')
         .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({ ...config, newVersionCheck: { enabled: true, channel: 'stable' } });
+        .send({ ...config, newVersionCheck: { enabled: true } });
 
       expect(response2.status).toBe(200);
-      expect(response2.body).toEqual({ ...config, newVersionCheck: { enabled: true, channel: 'stable' } });
+      expect(response2.body).toEqual({ ...config, newVersionCheck: { enabled: true } });
     });
 
     it('should reject an invalid config entry', async () => {

e2e/src/specs/server/api/user.e2e-spec.ts

@@ -230,21 +230,6 @@ describe('/users', () => {
       const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
       expect(after).toMatchObject({ download: { includeEmbeddedVideos: true } });
     });
-
-    it('should update minimum face count to display people', async () => {
-      const before = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
-      expect(before).toMatchObject({ people: { minimumFaces: 3 } });
-
-      const { status, body } = await request(app)
-        .put('/users/me/preferences')
-        .send({ people: { minimumFaces: 2 } })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-      expect(status).toBe(200);
-      expect(body).toMatchObject({ people: { minimumFaces: 2 } });
-
-      const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
-      expect(after).toMatchObject({ people: { minimumFaces: 2 } });
-    });
   });
 
   describe('GET /users/:id', () => {

e2e/src/ui/generators/timeline/rest-response.ts

@@ -55,8 +55,8 @@ export function toColumnarFormat(assets: MockTimelineAsset[]): TimeBucketAssetRe
     result.duration.push(asset.duration);
     result.projectionType.push(asset.projectionType);
     result.livePhotoVideoId.push(asset.livePhotoVideoId);
-    result.city?.push(asset.city);
-    result.country?.push(asset.country);
+    result.city.push(asset.city);
+    result.country.push(asset.country);
     result.visibility.push(asset.visibility);
   }
 

e2e/src/ui/specs/timeline/timeline.e2e-spec.ts

@@ -536,7 +536,7 @@ test.describe('Timeline', () => {
         force: false,
         ids: [assetToTrash.id],
       });
-      await page.locator('#control-bar').getByLabel('Close').click();
+      await page.locator('#asset-selection-app-bar').getByLabel('Close').click();
       await page.getByText('Trash', { exact: true }).click();
       await timelineUtils.waitForTimelineLoad(page);
       await thumbnailUtils.expectInViewport(page, assetToTrash.id);
@@ -676,7 +676,7 @@ test.describe('Timeline', () => {
         ids: [assetToArchive.id],
       });
       await thumbnailUtils.expectThumbnailIsArchive(page, assetToArchive.id);
-      await page.locator('#control-bar').getByLabel('Close').click();
+      await page.locator('#asset-selection-app-bar').getByLabel('Close').click();
       await page.getByRole('link').getByText('Archive').click();
       await timelineUtils.waitForTimelineLoad(page);
       await thumbnailUtils.expectInViewport(page, assetToArchive.id);
@@ -823,7 +823,7 @@ test.describe('Timeline', () => {
       });
       // ensure thumbnail still exists and has favorite icon
       await thumbnailUtils.expectThumbnailIsFavorite(page, assetToFavorite.id);
-      await page.locator('#control-bar').getByLabel('Close').click();
+      await page.locator('#asset-selection-app-bar').getByLabel('Close').click();
       await page.getByRole('link').getByText('Favorites').click();
       await timelineUtils.waitForTimelineLoad(page);
       await pageUtils.goToAsset(page, assetToFavorite.fileCreatedAt);

e2e/src/utils.ts

@@ -568,8 +568,6 @@ export const utils = {
       name: ManualJobName.BackupDatabase,
     });
 
-    await utils.waitForQueueFinish(accessToken, 'backupDatabase');
-
     return utils.poll(
       () => request(app).get('/admin/database-backups').set('Authorization', `Bearer ${accessToken}`),
       ({ status, body }) => status === 200 && body.backups.length === 1,

i18n/bs.json

@@ -1 +0,0 @@
-{}

i18n/en.json

@@ -22,12 +22,13 @@
   "add_birthday": "Add a birthday",
   "add_endpoint": "Add endpoint",
   "add_exclusion_pattern": "Add exclusion pattern",
+  "add_filter": "Add filter",
+  "add_filter_description": "Click to add a filter condition",
   "add_location": "Add location",
   "add_more_users": "Add more users",
   "add_partner": "Add partner",
   "add_path": "Add path",
   "add_photos": "Add photos",
-  "add_step": "Add step",
   "add_tag": "Add tag",
   "add_to": "Add to…",
   "add_to_album": "Add to album",
@@ -41,6 +42,7 @@
   "add_to_shared_album": "Add to shared album",
   "add_upload_to_stack": "Add upload to stack",
   "add_url": "Add URL",
+  "add_workflow_step": "Add workflow step",
   "added_to_archive": "Added to archive",
   "added_to_favorites": "Added to favorites",
   "added_to_favorites_count": "Added {count, number} to favorites",
@@ -305,8 +307,6 @@
     "refreshing_all_libraries": "Refreshing all libraries",
     "registration": "Admin Registration",
     "registration_description": "Since you are the first user on the system, you will be assigned as the Admin and are responsible for administrative tasks, and additional users will be created by you.",
-    "release_channel_release_candidate": "Release candidate",
-    "release_channel_stable": "Stable",
     "remove_failed_jobs": "Remove failed jobs",
     "require_password_change_on_login": "Require user to change password on first login",
     "reset_settings_to_default": "Reset settings to default",
@@ -401,10 +401,6 @@
     "transcoding_preferred_hardware_device_description": "Applies only to VAAPI and QSV. Sets the dri node used for hardware transcoding.",
     "transcoding_preset_preset": "Preset (-preset)",
     "transcoding_preset_preset_description": "Compression speed. Slower presets produce smaller files, and increase quality when targeting a certain bitrate. VP9 ignores speeds above 'faster'.",
-    "transcoding_realtime": "Real-time Transcoding [EXPERIMENTAL]",
-    "transcoding_realtime_description": "Allows transcoding to be performed in real-time as the video is being streamed. Enables quality switching, but may cause higher playback latency and stuttering depending on server capabilities.",
-    "transcoding_realtime_enabled": "Enable real-time transcoding",
-    "transcoding_realtime_enabled_description": "If disabled, the server will refuse to start new real-time transcoding sessions.",
     "transcoding_reference_frames": "Reference frames",
     "transcoding_reference_frames_description": "The number of frames to reference when compressing a given frame. Higher values improve compression efficiency, but slow down encoding. 0 sets this value automatically.",
     "transcoding_required_description": "Only videos not in an accepted format",
@@ -448,8 +444,6 @@
     "user_settings_description": "Manage user settings",
     "user_successfully_removed": "User {email} has been successfully removed.",
     "users_page_description": "Admin users page",
-    "version_check_channel": "Release channel",
-    "version_check_channel_description": "Pick the release channel you want to get version announcements for",
     "version_check_enabled_description": "Enable version check",
     "version_check_implications": "The version check feature relies on periodic communication with {server}",
     "version_check_settings": "Version Check",
@@ -570,7 +564,6 @@
   "asset_added_to_album": "Added to album",
   "asset_adding_to_album": "Adding to album…",
   "asset_created": "Asset created",
-  "asset_day_count": "{date}: {count, plural, one {# asset} other {# assets}}",
   "asset_description_updated": "Asset description has been updated",
   "asset_filename_is_offline": "Asset {filename} is offline",
   "asset_has_unassigned_faces": "Asset has unassigned faces",
@@ -700,7 +693,6 @@
   "backup_settings_subtitle": "Manage upload settings",
   "backup_upload_details_page_more_details": "Tap for more details",
   "backward": "Backward",
-  "battery_optimization_backup_reliability": "Disabling battery optimizations can improve the reliability of background backup",
   "biometric_auth_enabled": "Biometric authentication enabled",
   "biometric_locked_out": "You are locked out of biometric authentication",
   "biometric_no_options": "No biometric options available",
@@ -708,7 +700,6 @@
   "birthdate_saved": "Date of birth saved successfully",
   "birthdate_set_description": "Date of birth is used to calculate the age of this person at the time of a photo.",
   "blurred_background": "Blurred background",
-  "browse_templates": "Browse templates",
   "bugs_and_feature_requests": "Bugs & Feature Requests",
   "build": "Build",
   "build_image": "Build Image",
@@ -742,7 +733,6 @@
   "cannot_update_the_description": "Cannot update the description",
   "cast": "Cast",
   "cast_description": "Configure available cast destinations",
-  "change": "Change",
   "change_date": "Change date",
   "change_description": "Change description",
   "change_display_order": "Change display order",
@@ -771,7 +761,6 @@
   "check_corrupt_asset_backup_description": "Run this check only over Wi-Fi and once all assets have been backed-up. The procedure might take a few minutes.",
   "check_logs": "Check Logs",
   "checksum": "Checksum",
-  "choose": "Choose",
   "choose_matching_people_to_merge": "Choose matching people to merge",
   "city": "City",
   "cleanup_confirm_description": "Immich found {count} assets (created before {date}) safely backed up to the server. Remove the local copies from this device?",
@@ -789,7 +778,6 @@
   "clear": "Clear",
   "clear_all": "Clear all",
   "clear_all_recent_searches": "Clear all recent searches",
-  "clear_failed_count": "Clear failed ({count})",
   "clear_file_cache": "Clear File Cache",
   "clear_message": "Clear message",
   "clear_value": "Clear value",
@@ -821,7 +809,6 @@
   "comments_are_disabled": "Comments are disabled",
   "common_create_new_album": "Create new album",
   "completed": "Completed",
-  "configuration": "Configuration",
   "confirm": "Confirm",
   "confirm_admin_password": "Confirm Admin Password",
   "confirm_delete_face": "Are you sure you want to delete {name} face from the asset?",
@@ -836,7 +823,6 @@
   "contain": "Contain",
   "context": "Context",
   "continue": "Continue",
-  "control_bottom_app_bar_add_tags": "Add Tags",
   "control_bottom_app_bar_create_new_album": "Create new album",
   "control_bottom_app_bar_delete_from_immich": "Delete from Immich",
   "control_bottom_app_bar_delete_from_local": "Delete from device",
@@ -850,7 +836,6 @@
   "copy_error": "Copy error",
   "copy_file_path": "Copy file path",
   "copy_image": "Copy Image",
-  "copy_json": "Copy JSON",
   "copy_link": "Copy link",
   "copy_link_to_clipboard": "Copy link to clipboard",
   "copy_password": "Copy password",
@@ -909,7 +894,6 @@
   "date_of_birth": "Date of birth",
   "date_of_birth_saved": "Date of birth saved successfully",
   "date_range": "Date range",
-  "date_time_original": "Date/Time Original",
   "day": "Day",
   "days": "Days",
   "deduplicate_all": "Deduplicate All",
@@ -988,10 +972,7 @@
   "downloading_asset_filename": "Downloading asset {filename}",
   "downloading_from_icloud": "Downloading from iCloud",
   "downloading_media": "Downloading media",
-  "drag_to_reorder": "Drag to reorder",
   "drop_files_to_upload": "Drop files anywhere to upload",
-  "duplicate": "Duplicate",
-  "duplicate_workflow": "Duplicate workflow",
   "duplicates": "Duplicates",
   "duplicates_description": "Resolve each group by indicating which, if any, are duplicates.",
   "duration": "Duration",
@@ -1093,7 +1074,6 @@
     "failed_to_remove_product_key": "Failed to remove product key",
     "failed_to_reset_pin_code": "Failed to reset PIN code",
     "failed_to_stack_assets": "Failed to stack assets",
-    "failed_to_tag_assets": "Failed to tag assets",
     "failed_to_unstack_assets": "Failed to un-stack assets",
     "failed_to_update_notification_status": "Failed to update notification status",
     "incorrect_email_or_password": "Incorrect email or password",
@@ -1213,13 +1193,11 @@
   "export_as_json": "Export as JSON",
   "export_database": "Export Database",
   "export_database_description": "Export the SQLite database",
-  "exposure_time": "Exposure Time",
   "extension": "Extension",
   "external": "External",
   "external_libraries": "External Libraries",
   "external_network": "External network",
   "external_network_sheet_info": "When not on the preferred Wi-Fi network, the app will connect to the server through the first of the below URLs it can reach, starting from top to bottom",
-  "f_number": "F-Number",
   "face_unassigned": "Unassigned",
   "failed": "Failed",
   "failed_count": "Failed: {count}",
@@ -1237,6 +1215,7 @@
   "features_setting_description": "Manage the app features",
   "file_name_or_extension": "File name or extension",
   "file_name_text": "File name",
+  "file_name_with_value": "File name: {file_name}",
   "file_size": "File size",
   "filename": "Filename",
   "filetype": "Filetype",
@@ -1249,7 +1228,6 @@
   "find_them_fast": "Find them fast by name with search",
   "first": "First",
   "fix_incorrect_match": "Fix incorrect match",
-  "focal_length": "Focal Length",
   "folder": "Folder",
   "folder_not_found": "Folder not found",
   "folders": "Folders",
@@ -1370,7 +1348,6 @@
   "ios_debug_info_no_sync_yet": "No background sync job has run yet",
   "ios_debug_info_processes_queued": "{count, plural, one {{count} background process queued} other {{count} background processes queued}}",
   "ios_debug_info_processing_ran_at": "Processing ran {dateTime}",
-  "iso": "ISO",
   "items_count": "{count, plural, one {# item} other {# items}}",
   "jobs": "Jobs",
   "json_editor": "JSON editor",
@@ -1401,7 +1378,6 @@
   "leave": "Leave",
   "leave_album": "Leave album",
   "lens_model": "Lens model",
-  "less": "Less",
   "let_others_respond": "Let others respond",
   "level": "Level",
   "library": "Library",
@@ -1595,8 +1571,6 @@
   "merge_people_prompt": "Do you want to merge these people? This action is irreversible.",
   "merge_people_successfully": "Merge people successfully",
   "merged_people_count": "Merged {count, plural, one {# person} other {# people}}",
-  "minFaces": "Minimum faces",
-  "minFaces_description": "The minimum number of recognized faces for a person to be displayed",
   "minimize": "Minimize",
   "minute": "Minute",
   "minutes": "Minutes",
@@ -1606,7 +1580,6 @@
   "mobile_app": "Mobile App",
   "mobile_app_download_onboarding_note": "Download the companion mobile app using the following options",
   "model": "Model",
-  "modify_date": "Modify Date",
   "month": "Month",
   "more": "More",
   "motion": "Motion",
@@ -1655,6 +1628,7 @@
   "next": "Next",
   "next_memory": "Next memory",
   "no": "No",
+  "no_actions_added": "No actions added yet",
   "no_albums_found": "No albums found",
   "no_albums_message": "Create an album to organize your photos and videos",
   "no_albums_with_name_yet": "It looks like you do not have any albums with this name yet.",
@@ -1671,6 +1645,7 @@
   "no_exif_info_available": "No exif info available",
   "no_explore_results_message": "Upload more photos to explore your collection.",
   "no_favorites_message": "Add favorites to quickly find your best pictures and videos",
+  "no_filters_added": "No filters added yet",
   "no_libraries_message": "Create an external library to view your photos and videos",
   "no_local_assets_found": "No local assets found with this checksum",
   "no_location_set": "No location set",
@@ -1683,7 +1658,6 @@
   "no_results": "No results",
   "no_results_description": "Try a synonym or more general keyword",
   "no_shared_albums_message": "Create an album to share photos and videos with people in your network",
-  "no_steps": "No steps added yet",
   "no_uploads_in_progress": "No uploads in progress",
   "none": "None",
   "not_allowed": "Not allowed",
@@ -1692,7 +1666,6 @@
   "not_selected": "Not selected",
   "notes": "Notes",
   "nothing_here_yet": "Nothing here yet",
-  "notification_backup_reliability": "Enable notifications to improve background backup reliability",
   "notification_permission_dialog_content": "To enable notifications, go to Settings and select allow.",
   "notification_permission_list_tile_content": "Grant permission to enable notifications.",
   "notification_permission_list_tile_enable_button": "Enable Notifications",
@@ -1730,7 +1703,6 @@
   "organize_into_albums": "Organize into albums",
   "organize_into_albums_description": "Put existing photos into albums using current sync settings",
   "organize_your_library": "Organize your library",
-  "orientation": "Orientation",
   "original": "original",
   "other": "Other",
   "other_devices": "Other devices",
@@ -1822,8 +1794,6 @@
   "play_original_video_setting_description": "Prefer playback of original videos rather than transcoded videos. If original asset is not compatible it may not playback correctly.",
   "play_transcoded_video": "Play transcoded video",
   "please_auth_to_access": "Please authenticate to access",
-  "plugin_method_filter_type": "Filter",
-  "plugin_method_filter_type_description": "This method can filter events and conditionally prevent subsequent steps from running",
   "port": "Port",
   "preferences_settings_subtitle": "Manage the app's preferences",
   "preferences_settings_title": "Preferences",
@@ -1845,7 +1815,6 @@
   "profile_drawer_readonly_mode": "Read-only mode enabled. Long-press the user avatar icon to exit.",
   "profile_image_of_user": "Profile image of {user}",
   "profile_picture_set": "Profile picture set.",
-  "projection_type": "Projection Type",
   "public_album": "Public album",
   "public_share": "Public Share",
   "purchase_account_info": "Supporter",
@@ -2215,9 +2184,7 @@
   "show_in_timeline": "Show in timeline",
   "show_in_timeline_setting_description": "Show photos and videos from this user in your timeline",
   "show_keyboard_shortcuts": "Show keyboard shortcuts",
-  "show_less": "Show less",
   "show_metadata": "Show metadata",
-  "show_more_fields": "{count, plural, one {Show # more field} other {Show # more fields}}",
   "show_or_hide_info": "Show or hide info",
   "show_password": "Show password",
   "show_person_options": "Show person options",
@@ -2247,7 +2214,6 @@
   "slideshow_repeat": "Repeat slideshow",
   "slideshow_repeat_description": "Loop back to beginning when slideshow ends",
   "slideshow_settings": "Slideshow settings",
-  "smart_album": "Smart album",
   "sort_albums_by": "Sort albums by...",
   "sort_created": "Date created",
   "sort_items": "Number of items",
@@ -2270,11 +2236,6 @@
   "start_date_before_end_date": "Start date must be before end date",
   "state": "State",
   "status": "Status",
-  "step_delete": "Delete step",
-  "step_delete_confirm": "Are you sure you want to delete this step?",
-  "step_details": "Step details",
-  "steps": "Steps",
-  "steps_count": "{count, plural, one {# step} other {# steps}}",
   "stop_casting": "Stop casting",
   "stop_motion_photo": "Stop Motion Photo",
   "stop_photo_sharing": "Stop sharing your photos?",
@@ -2368,7 +2329,7 @@
   "trash_page_title": "Trash ({count})",
   "trashed_items_will_be_permanently_deleted_after": "Trashed items will be permanently deleted after {days, plural, one {# day} other {# days}}.",
   "trigger": "Trigger",
-  "trigger_asset_uploaded": "Asset Upload",
+  "trigger_asset_uploaded": "Asset Uploaded",
   "trigger_asset_uploaded_description": "Triggered when a new asset is uploaded",
   "trigger_description": "An event that kicks off the workflow",
   "trigger_person_recognized": "Person Recognized",
@@ -2408,13 +2369,13 @@
   "unsupported_field_type": "Unsupported field type",
   "unsupported_file_type": "File {file} can't be uploaded because its file type {type} is not supported.",
   "untagged": "Untagged",
+  "untitled_workflow": "Untitled workflow",
   "up_next": "Up next",
   "update_location_action_prompt": "Update the location of {count} selected assets with:",
   "updated_at": "Updated",
   "updated_password": "Updated password",
   "upload": "Upload",
   "upload_concurrency": "Upload concurrency",
-  "upload_day_count": "{date}: {count, plural, one {# upload} other {# uploads}}",
   "upload_details": "Upload Details",
   "upload_dialog_info": "Do you want to backup the selected Asset(s) to the server?",
   "upload_dialog_title": "Upload Asset",
@@ -2430,8 +2391,6 @@
   "upload_to_immich": "Upload to Immich ({count})",
   "uploading": "Uploading",
   "uploading_media": "Uploading media",
-  "uploads": "Uploads",
-  "uploads_count": "{count, plural, one {# upload} other {# uploads}}",
   "url": "URL",
   "usage": "Usage",
   "use_biometric": "Use biometric",
@@ -2439,7 +2398,6 @@
   "use_browser_locale_description": "Format dates, times, and numbers based on your browser locale",
   "use_current_connection": "Use current connection",
   "use_custom_date_range": "Use custom date range instead",
-  "use_template": "Use template",
   "user": "User",
   "user_has_been_deleted": "This user has been deleted.",
   "user_id": "User ID",
@@ -2469,7 +2427,6 @@
   "video": "Video",
   "video_hover_setting": "Play video thumbnail on hover",
   "video_hover_setting_description": "Play video thumbnail when mouse is hovering over item. Even when disabled, playback can be started by hovering over the play icon.",
-  "video_quality": "Video quality",
   "videos": "Videos",
   "videos_count": "{count, plural, one {# Video} other {# Videos}}",
   "videos_only": "Videos only",
@@ -2502,10 +2459,8 @@
   "week": "Week",
   "welcome": "Welcome",
   "welcome_to_immich": "Welcome to Immich",
-  "when": "When",
   "width": "Width",
   "wifi_name": "Wi-Fi Name",
-  "workflow": "Workflow",
   "workflow_delete_prompt": "Are you sure you want to delete this workflow?",
   "workflow_deleted": "Workflow deleted",
   "workflow_description": "Workflow description",
@@ -2515,7 +2470,6 @@
   "workflow_name": "Workflow name",
   "workflow_navigation_prompt": "Are you sure you want to leave without saving your changes?",
   "workflow_summary": "Workflow summary",
-  "workflow_templates": "Workflow templates",
   "workflow_update_success": "Workflow updated successfully",
   "workflow_updated": "Workflow updated",
   "workflows": "Workflows",

i18n/kab.json

@@ -1 +0,0 @@
-{}

i18n/kxm.json

@@ -1 +0,0 @@
-{}

i18n/lmo.json

@@ -1 +0,0 @@
-{}

i18n/mi.json

@@ -1 +0,0 @@
-{}

i18n/ne.json

@@ -1 +0,0 @@
-{}

i18n/sw.json

@@ -1 +0,0 @@
-{}

i18n/swg.json

@@ -1 +0,0 @@
-{}

i18n/tl.json

@@ -1 +0,0 @@
-{}

machine-learning/Dockerfile

@@ -1,8 +1,8 @@
 ARG DEVICE=cpu
 
-FROM python:3.11-bookworm@sha256:121d86b6d08752968a7dddbc708849e5f3a839bbff47f32212b46d2a1d842bab AS builder-cpu
+FROM python:3.11-bookworm@sha256:970c99f886b839fc8829289040c1845dadaf2cae46b37acc7710333158ec29b4 AS builder-cpu
 
-FROM python:3.13-slim-trixie@sha256:b04b5d7233d2ad9c379e22ea8927cd1378cd15c60d4ef876c065b25ea8fb3bf3 AS builder-openvino
+FROM python:3.13-slim-trixie@sha256:d168b8d9eb761f4d3fe305ebd04aeb7e7f2de0297cec5fb2f8f6403244621664 AS builder-openvino
 
 FROM builder-cpu AS builder-cuda
 
@@ -39,12 +39,12 @@ RUN --mount=type=cache,target=/root/.cache/uv \
     --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
     uv sync --frozen --extra ${DEVICE} --no-dev --no-editable --no-install-project --compile-bytecode --no-progress --active --link-mode copy
 
-FROM python:3.11-slim-bookworm@sha256:8dca233de9f3d9bb410665f00a4da6dd06f331083137e0e98ccf227236fcc438 AS prod-cpu
+FROM python:3.11-slim-bookworm@sha256:9c6f90801e6b68e772b7c0ca74260cbf7af9f320acec894e26fccdaccfbe3b47 AS prod-cpu
 
 ENV LD_PRELOAD=/usr/lib/libmimalloc.so.2 \
     MACHINE_LEARNING_MODEL_ARENA=false
 
-FROM python:3.13-slim-trixie@sha256:b04b5d7233d2ad9c379e22ea8927cd1378cd15c60d4ef876c065b25ea8fb3bf3 AS prod-openvino
+FROM python:3.13-slim-trixie@sha256:d168b8d9eb761f4d3fe305ebd04aeb7e7f2de0297cec5fb2f8f6403244621664 AS prod-openvino
 
 RUN apt-get update && \
     apt-get install --no-install-recommends -yqq ocl-icd-libopencl1 wget && \

machine-learning/immich_ml/__main__.py

@@ -49,7 +49,6 @@ try:
             str(settings.http_keepalive_timeout_s),
             "--graceful-timeout",
             "10",
-            "--no-control-socket",
         ],
     ) as cmd:
         cmd.wait()

machine-learning/immich_ml/config.py

@@ -6,7 +6,7 @@ from pathlib import Path
 from socket import socket
 
 from gunicorn.arbiter import Arbiter
-from pydantic import BaseModel, Field
+from pydantic import BaseModel
 from pydantic_settings import BaseSettings, SettingsConfigDict
 from rich.console import Console
 from rich.logging import RichHandler
@@ -42,10 +42,6 @@ class MaxBatchSize(BaseModel):
     ocr: int | None = None
 
 
-def default_worker_timeout() -> int:
-    return 900 if os.environ.get("DEVICE") == "rocm" else 300
-
-
 class Settings(BaseSettings):
     model_config = SettingsConfigDict(
         env_prefix="MACHINE_LEARNING_",
@@ -58,7 +54,7 @@ class Settings(BaseSettings):
     model_ttl: int = 300
     model_ttl_poll_s: int = 10
     workers: int = 1
-    worker_timeout: int = Field(default_factory=default_worker_timeout)
+    worker_timeout: int = 300
     http_keepalive_timeout_s: int = 2
     test_full: bool = False
     request_threads: int = os.cpu_count() or 4

machine-learning/immich_ml/main.py

@@ -12,7 +12,7 @@ from zipfile import BadZipFile
 
 import orjson
 from fastapi import Depends, FastAPI, File, Form, HTTPException
-from fastapi.responses import PlainTextResponse
+from fastapi.responses import ORJSONResponse, PlainTextResponse
 from onnxruntime.capi.onnxruntime_pybind11_state import InvalidProtobuf, NoSuchFile
 from PIL.Image import Image
 from pydantic import ValidationError
@@ -32,7 +32,6 @@ from .schemas import (
     ModelIdentity,
     ModelTask,
     ModelType,
-    ORJSONResponse,
     PipelineRequest,
     T,
 )

machine-learning/immich_ml/models/clip/textual.py

@@ -89,9 +89,7 @@ class OpenClipTextualEncoder(BaseCLIPTextualEncoder):
 
         tokenizer: Tokenizer = Tokenizer.from_file(self.tokenizer_file_path.as_posix())
 
-        pad_id = tokenizer.token_to_id(pad_token)
-        if pad_id is None:
-            raise ValueError(f"Pad token '{pad_token}' not found in tokenizer vocab")
+        pad_id: int = tokenizer.token_to_id(pad_token)
         tokenizer.enable_padding(length=context_length, pad_token=pad_token, pad_id=pad_id)
         tokenizer.enable_truncation(max_length=context_length)
 

machine-learning/immich_ml/models/facial_recognition/recognition.py

@@ -89,10 +89,4 @@ class FaceRecognizer(InferenceModel):
     @property
     def _batch_size_default(self) -> int | None:
         providers = ort.get_available_providers()
-        if (
-            self.model_format == ModelFormat.ONNX
-            and "MIGraphXExecutionProvider" not in providers
-            and "OpenVINOExecutionProvider" not in providers
-        ):
-            return None
-        return 1
+        return None if self.model_format == ModelFormat.ONNX and "OpenVINOExecutionProvider" not in providers else 1

machine-learning/immich_ml/models/ocr/recognition.py

@@ -64,7 +64,6 @@ class TextRecognizer(InferenceModel):
                 rec_batch_num=max_batch_size if max_batch_size else 6,
                 rec_img_shape=(3, 48, 320),
                 lang_type=self.language,
-                model_root_dir=self.cache_dir,
             )
         )
         return session

machine-learning/immich_ml/schemas.py

@@ -3,16 +3,9 @@ from typing import Any, Literal, Protocol, TypeGuard, TypeVar
 
 import numpy as np
 import numpy.typing as npt
-import orjson
-from fastapi.responses import JSONResponse
 from typing_extensions import TypedDict
 
 
-class ORJSONResponse(JSONResponse):
-    def render(self, content: Any) -> bytes:
-        return orjson.dumps(content, option=orjson.OPT_SERIALIZE_NUMPY)
-
-
 class StrEnum(str, Enum):
     value: str
 

machine-learning/immich_ml/sessions/ort.py

@@ -1,7 +1,6 @@
 from __future__ import annotations
 
 from pathlib import Path
-from threading import Lock
 from typing import Any
 
 import numpy as np
@@ -13,37 +12,6 @@ from immich_ml.schemas import ModelPrecision, SessionNode
 
 from ..config import log, settings
 
-MigraphxInputSignature = tuple[tuple[str, str, tuple[int, ...]], ...]
-
-_migraphx_registry_lock = Lock()
-_migraphx_model_locks: dict[str, Lock] = {}
-_migraphx_compiled_inputs: set[tuple[str, MigraphxInputSignature]] = set()
-
-
-def _migraphx_get_model_lock(model_key: str) -> Lock:
-    with _migraphx_registry_lock:
-        lock = _migraphx_model_locks.get(model_key)
-        if lock is None:
-            lock = Lock()
-            _migraphx_model_locks[model_key] = lock
-        return lock
-
-
-def _migraphx_has_compiled_input(key: tuple[str, MigraphxInputSignature]) -> bool:
-    with _migraphx_registry_lock:
-        return key in _migraphx_compiled_inputs
-
-
-def _migraphx_mark_compiled_input(key: tuple[str, MigraphxInputSignature]) -> None:
-    with _migraphx_registry_lock:
-        _migraphx_compiled_inputs.add(key)
-
-
-def _migraphx_input_signature(
-    input_feed: dict[str, NDArray[np.float32]] | dict[str, NDArray[np.int32]],
-) -> MigraphxInputSignature:
-    return tuple((name, str(value.dtype), tuple(value.shape)) for name, value in sorted(input_feed.items()))
-
 
 class OrtSession:
     session: ort.InferenceSession
@@ -80,21 +48,7 @@ class OrtSession:
         input_feed: dict[str, NDArray[np.float32]] | dict[str, NDArray[np.int32]],
         run_options: Any = None,
     ) -> list[NDArray[np.float32]]:
-        if "MIGraphXExecutionProvider" in self.providers:
-            model_key = self.model_path.resolve().as_posix()
-            input_key = (model_key, _migraphx_input_signature(input_feed))
-            if not _migraphx_has_compiled_input(input_key):
-                model_lock = _migraphx_get_model_lock(model_key)
-                with model_lock:
-                    if not _migraphx_has_compiled_input(input_key):
-                        outputs: list[NDArray[np.float32]] = self.session.run(output_names, input_feed, run_options)
-                        _migraphx_mark_compiled_input(input_key)
-                        return outputs
-
-            outputs = self.session.run(output_names, input_feed, run_options)
-            return outputs
-
-        outputs = self.session.run(output_names, input_feed, run_options)
+        outputs: list[NDArray[np.float32]] = self.session.run(output_names, input_feed, run_options)
         return outputs
 
     @property

machine-learning/mise.lock

@@ -1,72 +0,0 @@
-# @generated - this file is auto-generated by `mise lock` https://mise.en.dev/dev-tools/mise-lock.html
-
-[[tools.python]]
-version = "3.11.15"
-backend = "core:python"
-
-[tools.python."platforms.linux-arm64"]
-checksum = "sha256:243f794278eff6adba96ed3677ec6877175df84c25f140e17f09f9be82d0f12a"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260510/cpython-3.11.15+20260510-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz"
-provenance = "github-attestations"
-
-[tools.python."platforms.linux-arm64-musl"]
-checksum = "sha256:52b4c52094ff8b383a45c694acf4c5c0e883152be6d5229a35a8186ce907c6eb"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260510/cpython-3.11.15+20260510-aarch64-unknown-linux-musl-install_only_stripped.tar.gz"
-provenance = "github-attestations"
-
-[tools.python."platforms.linux-x64"]
-checksum = "sha256:171dffd8c0f66e8a0725364a7428015b22fc18dd298b24f541392e17dd0e561f"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260510/cpython-3.11.15+20260510-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz"
-provenance = "github-attestations"
-
-[tools.python."platforms.linux-x64-musl"]
-checksum = "sha256:2ac90fef8917ebd14826a6d667593a06cf0ae5f745ba9b1147dc086dd35f5284"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260510/cpython-3.11.15+20260510-x86_64-unknown-linux-musl-install_only_stripped.tar.gz"
-provenance = "github-attestations"
-
-[tools.python."platforms.macos-arm64"]
-checksum = "sha256:fdfc363b538662eb7441a14e06f72c4a992c56af7f401f5730ea5081f8f8ad6e"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260510/cpython-3.11.15+20260510-aarch64-apple-darwin-install_only_stripped.tar.gz"
-provenance = "github-attestations"
-
-[tools.python."platforms.macos-x64"]
-checksum = "sha256:5f1eb247cbca2c0ad5ccbf6d299a4f54b31b5c63b492d74c3531dc4344a42f88"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260510/cpython-3.11.15+20260510-x86_64-apple-darwin-install_only_stripped.tar.gz"
-provenance = "github-attestations"
-
-[tools.python."platforms.windows-x64"]
-checksum = "sha256:756d7f148498b8822f6aedf44a020613576f09983161f346ad36dcef6238cdc3"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260510/cpython-3.11.15+20260510-x86_64-pc-windows-msvc-install_only_stripped.tar.gz"
-provenance = "github-attestations"
-
-[[tools.uv]]
-version = "0.8.15"
-backend = "aqua:astral-sh/uv"
-
-[tools.uv."platforms.linux-arm64"]
-checksum = "sha256:23ea21a05c62c4c307ce691f29bff2f15c94c4f07f2b83d9b356f0664bc8b3a2"
-url = "https://github.com/astral-sh/uv/releases/download/0.8.15/uv-aarch64-unknown-linux-musl.tar.gz"
-
-[tools.uv."platforms.linux-arm64-musl"]
-checksum = "sha256:23ea21a05c62c4c307ce691f29bff2f15c94c4f07f2b83d9b356f0664bc8b3a2"
-url = "https://github.com/astral-sh/uv/releases/download/0.8.15/uv-aarch64-unknown-linux-musl.tar.gz"
-
-[tools.uv."platforms.linux-x64"]
-checksum = "sha256:d0fec58f3124e05e0a1af0f6541abfce4333253cdaf23c7b6bb2e6128bf138ea"
-url = "https://github.com/astral-sh/uv/releases/download/0.8.15/uv-x86_64-unknown-linux-musl.tar.gz"
-
-[tools.uv."platforms.linux-x64-musl"]
-checksum = "sha256:d0fec58f3124e05e0a1af0f6541abfce4333253cdaf23c7b6bb2e6128bf138ea"
-url = "https://github.com/astral-sh/uv/releases/download/0.8.15/uv-x86_64-unknown-linux-musl.tar.gz"
-
-[tools.uv."platforms.macos-arm64"]
-checksum = "sha256:103367962c5cb00bf7370d84cbaa3fec5a9807be9cc833ea9d8eea400c119fa2"
-url = "https://github.com/astral-sh/uv/releases/download/0.8.15/uv-aarch64-apple-darwin.tar.gz"
-
-[tools.uv."platforms.macos-x64"]
-checksum = "sha256:2bbef70982e97dfc36454de173f35ec1a5e83ae11e3885df6a50db3fd76171cb"
-url = "https://github.com/astral-sh/uv/releases/download/0.8.15/uv-x86_64-apple-darwin.tar.gz"
-
-[tools.uv."platforms.windows-x64"]
-checksum = "sha256:459d95892a5cc5c21779532f4f41b9238594b79e312a5142da2148ecfa10e705"
-url = "https://github.com/astral-sh/uv/releases/download/0.8.15/uv-x86_64-pc-windows-msvc.zip"

machine-learning/pyproject.toml

@@ -10,7 +10,7 @@ dependencies = [
     "fastapi>=0.95.2,<1.0",
     "gunicorn>=21.1.0",
     "huggingface-hub>=1.0,<2.0",
-    "insightface>=0.7.3,<2.0",
+    "insightface>=0.7.3,<1.0",
     "numpy>=2.4.0,<3.0",
     "opencv-python-headless>=4.7.0.72,<5.0",
     "orjson>=3.9.5",

machine-learning/test_main.py

@@ -35,37 +35,7 @@ from immich_ml.sessions.ort import OrtSession
 from immich_ml.sessions.rknn import RknnSession, run_inference
 
 
-class FakeLock:
-    def __init__(self) -> None:
-        self.enter = mock.Mock()
-        self.exit = mock.Mock()
-
-    def __enter__(self) -> None:
-        self.enter()
-
-    def __exit__(self, *args: object) -> None:
-        self.exit(*args)
-
-
 class TestBase:
-    def test_sets_default_worker_timeout(self, monkeypatch: MonkeyPatch) -> None:
-        monkeypatch.delenv("DEVICE", raising=False)
-        monkeypatch.delenv("MACHINE_LEARNING_WORKER_TIMEOUT", raising=False)
-
-        assert Settings().worker_timeout == 300
-
-    def test_sets_rocm_default_worker_timeout(self, monkeypatch: MonkeyPatch) -> None:
-        monkeypatch.setenv("DEVICE", "rocm")
-        monkeypatch.delenv("MACHINE_LEARNING_WORKER_TIMEOUT", raising=False)
-
-        assert Settings().worker_timeout == 900
-
-    def test_worker_timeout_env_override(self, monkeypatch: MonkeyPatch) -> None:
-        monkeypatch.setenv("DEVICE", "rocm")
-        monkeypatch.setenv("MACHINE_LEARNING_WORKER_TIMEOUT", "1200")
-
-        assert Settings().worker_timeout == 1200
-
     def test_sets_default_cache_dir(self) -> None:
         encoder = OpenClipTextualEncoder("ViT-B-32__openai")
 
@@ -443,52 +413,6 @@ class TestOrtSession:
 
         assert sess_options is session.sess_options
 
-    def test_serializes_rocm_first_run_for_new_input_signature(self, mocker: MockerFixture) -> None:
-        lock = FakeLock()
-        get_model_lock = mocker.patch("immich_ml.sessions.ort._migraphx_get_model_lock", return_value=lock)
-        mocker.patch("immich_ml.sessions.ort._migraphx_compiled_inputs", set())
-        mocker.patch("immich_ml.sessions.ort.Path.mkdir")
-        session = OrtSession("/cache/ViT-B-32__openai/model.onnx", providers=["MIGraphXExecutionProvider"])
-        input_feed = {"input": np.random.rand(1, 3, 224, 224).astype(np.float32)}
-
-        session.run(None, input_feed)
-        session.run(None, input_feed)
-
-        lock.enter.assert_called_once()
-        lock.exit.assert_called_once()
-        get_model_lock.assert_called_once()
-        session.session.run.assert_has_calls([mock.call(None, input_feed, None), mock.call(None, input_feed, None)])
-
-    def test_serializes_rocm_run_for_each_new_input_signature(self, mocker: MockerFixture) -> None:
-        lock = FakeLock()
-        mocker.patch("immich_ml.sessions.ort._migraphx_get_model_lock", return_value=lock)
-        mocker.patch("immich_ml.sessions.ort._migraphx_compiled_inputs", set())
-        mocker.patch("immich_ml.sessions.ort.Path.mkdir")
-        session = OrtSession("/cache/ViT-B-32__openai/model.onnx", providers=["MIGraphXExecutionProvider"])
-        input_feed = {"input": np.random.rand(1, 3, 224, 224).astype(np.float32)}
-        new_shape_input_feed = {"input": np.random.rand(2, 3, 224, 224).astype(np.float32)}
-
-        session.run(None, input_feed)
-        session.run(None, new_shape_input_feed)
-
-        assert lock.enter.call_count == 2
-        assert lock.exit.call_count == 2
-        session.session.run.assert_has_calls(
-            [mock.call(None, input_feed, None), mock.call(None, new_shape_input_feed, None)]
-        )
-
-    def test_does_not_serialize_non_rocm_run(self, mocker: MockerFixture) -> None:
-        lock = FakeLock()
-        get_model_lock = mocker.patch("immich_ml.sessions.ort._migraphx_get_model_lock", return_value=lock)
-        session = OrtSession("/cache/ViT-B-32__openai/model.onnx", providers=["CPUExecutionProvider"])
-        input_feed = {"input": np.random.rand(1, 3, 224, 224).astype(np.float32)}
-
-        session.run(None, input_feed)
-
-        get_model_lock.assert_not_called()
-        lock.enter.assert_not_called()
-        session.session.run.assert_called_once_with(None, input_feed, None)
-
 
 class TestAnnSession:
     def test_creates_ann_session(self, ann_session: mock.Mock, info: mock.Mock) -> None:
@@ -816,10 +740,6 @@ class TestFaceRecognition:
 
     def test_recognition(self, cv_image: cv2.Mat, mocker: MockerFixture) -> None:
         mocker.patch.object(FaceRecognizer, "load")
-        mocker.patch(
-            "immich_ml.models.facial_recognition.recognition.ort.get_available_providers",
-            return_value=["CPUExecutionProvider"],
-        )
         face_recognizer = FaceRecognizer("buffalo_s", min_score=0.0, cache_dir="test_cache")
 
         num_faces = 2
@@ -864,10 +784,6 @@ class TestFaceRecognition:
         )
         mocker.patch("immich_ml.models.base.InferenceModel.download")
         mocker.patch("immich_ml.models.facial_recognition.recognition.ArcFaceONNX")
-        mocker.patch(
-            "immich_ml.models.facial_recognition.recognition.ort.get_available_providers",
-            return_value=["CPUExecutionProvider"],
-        )
         ort_session.return_value.get_inputs.return_value = [SimpleNamespace(name="input.1", shape=(1, 3, 224, 224))]
         ort_session.return_value.get_outputs.return_value = [SimpleNamespace(name="output.1", shape=(1, 800))]
         path.return_value.__truediv__.return_value.__truediv__.return_value.suffix = ".onnx"
@@ -902,10 +818,6 @@ class TestFaceRecognition:
         )
         mocker.patch("immich_ml.models.base.InferenceModel.download")
         mocker.patch("immich_ml.models.facial_recognition.recognition.ArcFaceONNX")
-        mocker.patch(
-            "immich_ml.models.facial_recognition.recognition.ort.get_available_providers",
-            return_value=["CPUExecutionProvider"],
-        )
         path.return_value.__truediv__.return_value.__truediv__.return_value.suffix = ".onnx"
 
         inputs = [SimpleNamespace(name="input.1", shape=("batch", 3, 224, 224))]
@@ -971,34 +883,6 @@ class TestFaceRecognition:
         onnx.load.assert_not_called()
         onnx.save.assert_not_called()
 
-    def test_recognition_does_not_add_batch_axis_for_migraphx(
-        self, ort_session: mock.Mock, path: mock.Mock, mocker: MockerFixture
-    ) -> None:
-        onnx = mocker.patch("immich_ml.models.facial_recognition.recognition.onnx", autospec=True)
-        update_dims = mocker.patch(
-            "immich_ml.models.facial_recognition.recognition.update_inputs_outputs_dims", autospec=True
-        )
-        mocker.patch("immich_ml.models.base.InferenceModel.download")
-        mocker.patch("immich_ml.models.facial_recognition.recognition.ArcFaceONNX")
-        mocker.patch(
-            "immich_ml.models.facial_recognition.recognition.ort.get_available_providers",
-            return_value=["MIGraphXExecutionProvider", "CPUExecutionProvider"],
-        )
-        path.return_value.__truediv__.return_value.__truediv__.return_value.suffix = ".onnx"
-
-        inputs = [SimpleNamespace(name="input.1", shape=(1, 3, 224, 224))]
-        outputs = [SimpleNamespace(name="output.1", shape=(1, 800))]
-        ort_session.return_value.get_inputs.return_value = inputs
-        ort_session.return_value.get_outputs.return_value = outputs
-
-        face_recognizer = FaceRecognizer("buffalo_s", cache_dir=path)
-        face_recognizer.load()
-
-        assert face_recognizer.batch_size == 1
-        update_dims.assert_not_called()
-        onnx.load.assert_not_called()
-        onnx.save.assert_not_called()
-
     def test_set_custom_max_batch_size(self, mocker: MockerFixture) -> None:
         mocker.patch.object(settings, "max_batch_size", MaxBatchSize(facial_recognition=2))
 
@@ -1008,10 +892,6 @@ class TestFaceRecognition:
 
     def test_ignore_other_custom_max_batch_size(self, mocker: MockerFixture) -> None:
         mocker.patch.object(settings, "max_batch_size", MaxBatchSize(ocr=2))
-        mocker.patch(
-            "immich_ml.models.facial_recognition.recognition.ort.get_available_providers",
-            return_value=["CPUExecutionProvider"],
-        )
 
         recognizer = FaceRecognizer("buffalo_l", cache_dir="test_cache")
 
@@ -1044,12 +924,7 @@ class TestOcr:
         text_recognizer.load()
 
         rapid_recognizer.assert_called_once_with(
-            OcrOptions(
-              session=ort_session.return_value,
-              rec_batch_num=6,
-              rec_img_shape=(3, 48, 320),
-              model_root_dir=text_recognizer.cache_dir,
-            )
+            OcrOptions(session=ort_session.return_value, rec_batch_num=6, rec_img_shape=(3, 48, 320))
         )
 
     def test_set_custom_max_batch_size(self, ort_session: mock.Mock, path: mock.Mock, mocker: MockerFixture) -> None:
@@ -1062,12 +937,7 @@ class TestOcr:
         text_recognizer.load()
 
         rapid_recognizer.assert_called_once_with(
-            OcrOptions(
-              session=ort_session.return_value,
-              rec_batch_num=4,
-              rec_img_shape=(3, 48, 320),
-              model_root_dir=text_recognizer.cache_dir,
-            )
+            OcrOptions(session=ort_session.return_value, rec_batch_num=4, rec_img_shape=(3, 48, 320))
         )
 
     def test_ignore_other_custom_max_batch_size(
@@ -1082,12 +952,7 @@ class TestOcr:
         text_recognizer.load()
 
         rapid_recognizer.assert_called_once_with(
-            OcrOptions(
-              session=ort_session.return_value,
-              rec_batch_num=6,
-              rec_img_shape=(3, 48, 320),
-              model_root_dir=text_recognizer.cache_dir,
-            )
+            OcrOptions(session=ort_session.return_value, rec_batch_num=6, rec_img_shape=(3, 48, 320))
         )
 
 

mise.lock

@@ -1,283 +0,0 @@
-# @generated - this file is auto-generated by `mise lock` https://mise.en.dev/dev-tools/mise-lock.html
-
-[[tools."github:extism/cli"]]
-version = "1.6.3"
-backend = "github:extism/cli"
-
-[tools."github:extism/cli"."platforms.linux-arm64"]
-checksum = "sha256:d92f830c9be39637569feacb04e9750c28848df6d9a219db94152a9b4eb9452b"
-url = "https://github.com/extism/cli/releases/download/v1.6.3/extism-v1.6.3-linux-arm64.tar.gz"
-url_api = "https://api.github.com/repos/extism/cli/releases/assets/275694030"
-
-[tools."github:extism/cli"."platforms.linux-arm64-musl"]
-checksum = "sha256:d92f830c9be39637569feacb04e9750c28848df6d9a219db94152a9b4eb9452b"
-url = "https://github.com/extism/cli/releases/download/v1.6.3/extism-v1.6.3-linux-arm64.tar.gz"
-url_api = "https://api.github.com/repos/extism/cli/releases/assets/275694030"
-
-[tools."github:extism/cli"."platforms.linux-x64"]
-checksum = "sha256:34e7ae9bfded6e2c32dee83f70a4e50d34f9d3e80d1762b09625fe82e214d02d"
-url = "https://github.com/extism/cli/releases/download/v1.6.3/extism-v1.6.3-linux-amd64.tar.gz"
-url_api = "https://api.github.com/repos/extism/cli/releases/assets/275694025"
-
-[tools."github:extism/cli"."platforms.linux-x64-musl"]
-checksum = "sha256:34e7ae9bfded6e2c32dee83f70a4e50d34f9d3e80d1762b09625fe82e214d02d"
-url = "https://github.com/extism/cli/releases/download/v1.6.3/extism-v1.6.3-linux-amd64.tar.gz"
-url_api = "https://api.github.com/repos/extism/cli/releases/assets/275694025"
-
-[tools."github:extism/cli"."platforms.macos-arm64"]
-checksum = "sha256:b4ddbc575b5ac000115247f781723f9b9f284ed87b29c600539d72161b5b29fc"
-url = "https://github.com/extism/cli/releases/download/v1.6.3/extism-v1.6.3-darwin-arm64.tar.gz"
-url_api = "https://api.github.com/repos/extism/cli/releases/assets/275694029"
-
-[tools."github:extism/cli"."platforms.macos-x64"]
-checksum = "sha256:9a2f71b6e6009685a622cc3084e52d2a1a8e23c98d29ffa72e666e9dc699855f"
-url = "https://github.com/extism/cli/releases/download/v1.6.3/extism-v1.6.3-darwin-amd64.tar.gz"
-url_api = "https://api.github.com/repos/extism/cli/releases/assets/275694026"
-
-[tools."github:extism/cli"."platforms.windows-x64"]
-checksum = "sha256:47e4ed2782445b2b08a4d1ac127211588f8b4d1fc25fd6481d4cb65151b5213c"
-url = "https://github.com/extism/cli/releases/download/v1.6.3/extism-v1.6.3-windows-amd64.zip"
-url_api = "https://api.github.com/repos/extism/cli/releases/assets/275694035"
-
-[[tools."github:extism/js-pdk"]]
-version = "1.6.0"
-backend = "github:extism/js-pdk"
-
-[tools."github:extism/js-pdk"."platforms.linux-arm64"]
-checksum = "sha256:15a186250e68d6bff4ec839fff275d45a90e383a69209dcc1239eb9e3aee6e1b"
-url = "https://github.com/extism/js-pdk/releases/download/v1.6.0/extism-js-aarch64-linux-v1.6.0.gz"
-url_api = "https://api.github.com/repos/extism/js-pdk/releases/assets/353223214"
-
-[tools."github:extism/js-pdk"."platforms.linux-arm64-musl"]
-checksum = "sha256:15a186250e68d6bff4ec839fff275d45a90e383a69209dcc1239eb9e3aee6e1b"
-url = "https://github.com/extism/js-pdk/releases/download/v1.6.0/extism-js-aarch64-linux-v1.6.0.gz"
-url_api = "https://api.github.com/repos/extism/js-pdk/releases/assets/353223214"
-
-[tools."github:extism/js-pdk"."platforms.linux-x64"]
-checksum = "sha256:4ded271ccf465031ccd0dc35e7a140e134d7f30721671cc4a8e1ff805d4aad68"
-url = "https://github.com/extism/js-pdk/releases/download/v1.6.0/extism-js-x86_64-linux-v1.6.0.gz"
-url_api = "https://api.github.com/repos/extism/js-pdk/releases/assets/353223119"
-
-[tools."github:extism/js-pdk"."platforms.linux-x64-musl"]
-checksum = "sha256:4ded271ccf465031ccd0dc35e7a140e134d7f30721671cc4a8e1ff805d4aad68"
-url = "https://github.com/extism/js-pdk/releases/download/v1.6.0/extism-js-x86_64-linux-v1.6.0.gz"
-url_api = "https://api.github.com/repos/extism/js-pdk/releases/assets/353223119"
-
-[tools."github:extism/js-pdk"."platforms.macos-arm64"]
-checksum = "sha256:548e25bda3971a07c32d78a249135cf8cb7b3eede101e878e06e53e01ac2e0ce"
-url = "https://github.com/extism/js-pdk/releases/download/v1.6.0/extism-js-aarch64-macos-v1.6.0.gz"
-url_api = "https://api.github.com/repos/extism/js-pdk/releases/assets/353223215"
-
-[tools."github:extism/js-pdk"."platforms.macos-x64"]
-checksum = "sha256:d85a875c2a071f0c29fe572764c52c3a499f157ab7f9efac8939a4364390e29b"
-url = "https://github.com/extism/js-pdk/releases/download/v1.6.0/extism-js-x86_64-macos-v1.6.0.gz"
-url_api = "https://api.github.com/repos/extism/js-pdk/releases/assets/353223239"
-
-[tools."github:extism/js-pdk"."platforms.windows-x64"]
-checksum = "sha256:97b7b746141e4777e1ca2b76febdeb16dc9d314ff6a4257df05a476b67228acc"
-url = "https://github.com/extism/js-pdk/releases/download/v1.6.0/extism-js-x86_64-windows-v1.6.0.gz"
-url_api = "https://api.github.com/repos/extism/js-pdk/releases/assets/353224133"
-
-[[tools."github:jellyfin/jellyfin-ffmpeg"]]
-version = "7.1.3-6"
-backend = "github:jellyfin/jellyfin-ffmpeg"
-
-[tools."github:jellyfin/jellyfin-ffmpeg".options]
-asset_pattern = "jellyfin-ffmpeg_*_portable_linuxarm64-gpl.tar.xz"
-
-[[tools."github:webassembly/binaryen"]]
-version = "version_124"
-backend = "github:webassembly/binaryen"
-
-[tools."github:webassembly/binaryen"."platforms.linux-arm64"]
-checksum = "sha256:6291bd9a57d8e046f3bc099a4db386c147433a87f71c783a901c5b1792e38de3"
-url = "https://github.com/WebAssembly/binaryen/releases/download/version_124/binaryen-version_124-aarch64-linux.tar.gz"
-url_api = "https://api.github.com/repos/WebAssembly/binaryen/releases/assets/288927659"
-
-[tools."github:webassembly/binaryen"."platforms.linux-arm64-musl"]
-checksum = "sha256:6291bd9a57d8e046f3bc099a4db386c147433a87f71c783a901c5b1792e38de3"
-url = "https://github.com/WebAssembly/binaryen/releases/download/version_124/binaryen-version_124-aarch64-linux.tar.gz"
-url_api = "https://api.github.com/repos/WebAssembly/binaryen/releases/assets/288927659"
-
-[tools."github:webassembly/binaryen"."platforms.linux-x64"]
-checksum = "sha256:0290c3779fedf592b8da0ded3032ff55c41a2b7bfa2d6bf7b7bac6f0e6e28963"
-url = "https://github.com/WebAssembly/binaryen/releases/download/version_124/binaryen-version_124-x86_64-linux.tar.gz"
-url_api = "https://api.github.com/repos/WebAssembly/binaryen/releases/assets/288926769"
-
-[tools."github:webassembly/binaryen"."platforms.linux-x64-musl"]
-checksum = "sha256:0290c3779fedf592b8da0ded3032ff55c41a2b7bfa2d6bf7b7bac6f0e6e28963"
-url = "https://github.com/WebAssembly/binaryen/releases/download/version_124/binaryen-version_124-x86_64-linux.tar.gz"
-url_api = "https://api.github.com/repos/WebAssembly/binaryen/releases/assets/288926769"
-
-[tools."github:webassembly/binaryen"."platforms.macos-arm64"]
-checksum = "sha256:86a2c960ff62c6d2ea6009d1f89745c22c70100d394a095eab45eb941bdaa24c"
-url = "https://github.com/WebAssembly/binaryen/releases/download/version_124/binaryen-version_124-arm64-macos.tar.gz"
-url_api = "https://api.github.com/repos/WebAssembly/binaryen/releases/assets/288926134"
-
-[tools."github:webassembly/binaryen"."platforms.macos-x64"]
-checksum = "sha256:b389bb0731758d86c3cb266d01d28a12725c23bd3cabc3df34faa162af0887e9"
-url = "https://github.com/WebAssembly/binaryen/releases/download/version_124/binaryen-version_124-x86_64-macos.tar.gz"
-url_api = "https://api.github.com/repos/WebAssembly/binaryen/releases/assets/288926135"
-
-[tools."github:webassembly/binaryen"."platforms.windows-x64"]
-checksum = "sha256:b5e1d2a1ad3c03229ddc89823848f4a1c11f9c6402a51fa26f0aaa5f1d7a2203"
-url = "https://github.com/WebAssembly/binaryen/releases/download/version_124/binaryen-version_124-x86_64-windows.tar.gz"
-url_api = "https://api.github.com/repos/WebAssembly/binaryen/releases/assets/288925833"
-
-[[tools.java]]
-version = "21.0.2"
-backend = "core:java"
-
-[tools.java."platforms.linux-arm64"]
-checksum = "sha256:08db1392a48d4eb5ea5315cf8f18b89dbaf36cda663ba882cf03c704c9257ec2"
-url = "https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_linux-aarch64_bin.tar.gz"
-
-[tools.java."platforms.linux-x64"]
-checksum = "sha256:a2def047a73941e01a73739f92755f86b895811afb1f91243db214cff5bdac3f"
-url = "https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_linux-x64_bin.tar.gz"
-
-[tools.java."platforms.macos-arm64"]
-checksum = "sha256:b3d588e16ec1e0ef9805d8a696591bd518a5cea62567da8f53b5ce32d11d22e4"
-url = "https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_macos-aarch64_bin.tar.gz"
-
-[tools.java."platforms.macos-x64"]
-checksum = "sha256:8fd09e15dc406387a0aba70bf5d99692874e999bf9cd9208b452b5d76ac922d3"
-url = "https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_macos-x64_bin.tar.gz"
-
-[tools.java."platforms.windows-x64"]
-checksum = "sha256:b6c17e747ae78cdd6de4d7532b3164b277daee97c007d3eaa2b39cca99882664"
-url = "https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_windows-x64_bin.zip"
-
-[[tools.node]]
-version = "24.15.0"
-backend = "core:node"
-
-[tools.node."platforms.linux-arm64"]
-checksum = "sha256:73afc234d558c24919875f51c2d1ea002a2ada4ea6f83601a383869fefa64eed"
-url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-arm64.tar.gz"
-
-[tools.node."platforms.linux-arm64-musl"]
-checksum = "sha256:31e98aa960a067da91edffd5d93bc46657b5d2a8029612c359f5f2ac0060152a"
-url = "https://unofficial-builds.nodejs.org/download/release/v24.15.0/node-v24.15.0-linux-arm64-musl.tar.gz"
-
-[tools.node."platforms.linux-x64"]
-checksum = "sha256:44836872d9aec49f1e6b52a9a922872db9a2b02d235a616a5681b6a85fec8d89"
-url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-x64.tar.gz"
-
-[tools.node."platforms.linux-x64-musl"]
-checksum = "sha256:f55af5bd489c5347b113ca6594cae00a54b30ba57ac5875324311bfc6f4762e3"
-url = "https://unofficial-builds.nodejs.org/download/release/v24.15.0/node-v24.15.0-linux-x64-musl.tar.gz"
-
-[tools.node."platforms.macos-arm64"]
-checksum = "sha256:372331b969779ab5d15b949884fc6eaf88d5afe87bde8ba881d6400b9100ffc4"
-url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-darwin-arm64.tar.gz"
-
-[tools.node."platforms.macos-x64"]
-checksum = "sha256:ffd5ee293467927f3ee731a553eb88fd1f48cf74eebc2d74a6babe4af228673b"
-url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-darwin-x64.tar.gz"
-
-[tools.node."platforms.windows-x64"]
-checksum = "sha256:cc5149eabd53779ce1e7bdc5401643622d0c7e6800ade18928a767e940bb0e62"
-url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-win-x64.zip"
-
-[[tools."npm:oazapfts"]]
-version = "7.5.0"
-backend = "npm:oazapfts"
-
-[[tools.opentofu]]
-version = "1.11.6"
-backend = "aqua:opentofu/opentofu"
-
-[tools.opentofu."platforms.linux-arm64"]
-checksum = "sha256:d4f2ab15776925864b049bb329d69682851de6f5204f256e9fa86d07a0308850"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_linux_arm64.tar.gz"
-
-[tools.opentofu."platforms.linux-arm64-musl"]
-checksum = "sha256:d4f2ab15776925864b049bb329d69682851de6f5204f256e9fa86d07a0308850"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_linux_arm64.tar.gz"
-
-[tools.opentofu."platforms.linux-x64"]
-checksum = "sha256:02800fafa2753a9f50c38483e2fdf5bc353fd62895eb9e25eec9a5145df3a69e"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_linux_amd64.tar.gz"
-
-[tools.opentofu."platforms.linux-x64-musl"]
-checksum = "sha256:02800fafa2753a9f50c38483e2fdf5bc353fd62895eb9e25eec9a5145df3a69e"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_linux_amd64.tar.gz"
-
-[tools.opentofu."platforms.macos-arm64"]
-checksum = "sha256:62d7fa8539e13b444827aa0a3b90c5972da5c47e8f8882d9dcf2e430e78840c1"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_darwin_arm64.tar.gz"
-
-[tools.opentofu."platforms.macos-x64"]
-checksum = "sha256:1408cdef1c380f914565e6b4bb70794c6b163f195fcb233357f3d6c5745906b6"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_darwin_amd64.tar.gz"
-
-[tools.opentofu."platforms.windows-x64"]
-checksum = "sha256:27323f70c875b8251bfd7e61a4cffc3ebff4e56ed1e611b955016f0c7077367e"
-url = "https://github.com/opentofu/opentofu/releases/download/v1.11.6/tofu_1.11.6_windows_amd64.tar.gz"
-
-[[tools.pnpm]]
-version = "11.4.0"
-backend = "aqua:pnpm/pnpm"
-
-[tools.pnpm."platforms.linux-arm64"]
-checksum = "sha256:cc38ebd5b2610a5744f84576b963c49e6609a8df5aed714ae3de749998d4478c"
-url = "https://github.com/pnpm/pnpm/releases/download/v11.4.0/pnpm-linux-arm64.tar.gz"
-provenance = "github-attestations"
-
-[tools.pnpm."platforms.linux-arm64-musl"]
-checksum = "sha256:a1e2ec9123c709fd04b704227cfcf3b50cd2bbbc1bd39d2df414530b5697eb75"
-url = "https://github.com/pnpm/pnpm/releases/download/v11.4.0/pnpm-linux-arm64-musl.tar.gz"
-provenance = "github-attestations"
-
-[tools.pnpm."platforms.linux-x64"]
-checksum = "sha256:f3f8d1217eef013bbc71a24d52efb1f1041e4aff55edd80e0b08e25f409305a4"
-url = "https://github.com/pnpm/pnpm/releases/download/v11.4.0/pnpm-linux-x64.tar.gz"
-provenance = "github-attestations"
-
-[tools.pnpm."platforms.linux-x64-musl"]
-checksum = "sha256:60010ad00a96b71e20d1618acaca7a71395e710cbd5e88946c030a1d07c56916"
-url = "https://github.com/pnpm/pnpm/releases/download/v11.4.0/pnpm-linux-x64-musl.tar.gz"
-provenance = "github-attestations"
-
-[tools.pnpm."platforms.macos-arm64"]
-checksum = "sha256:ba59014c2c1ce8b76af9f559385206a2623de4ff2b694b5c91598a8f44abb4e2"
-url = "https://github.com/pnpm/pnpm/releases/download/v11.4.0/pnpm-darwin-arm64.tar.gz"
-provenance = "github-attestations"
-
-[tools.pnpm."platforms.windows-x64"]
-checksum = "sha256:84ce90e38bc0b1164173eb853a0fbffc7edcb050cb0d5c8ce4ca609f5c808e0a"
-url = "https://github.com/pnpm/pnpm/releases/download/v11.4.0/pnpm-win32-x64.zip"
-provenance = "github-attestations"
-
-[[tools.terragrunt]]
-version = "1.0.3"
-backend = "aqua:gruntwork-io/terragrunt"
-
-[tools.terragrunt."platforms.linux-arm64"]
-checksum = "sha256:e5b60ab05b5214db694e6bc215d8124fb626e277cdb56b86f6147ae110d510fe"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_linux_arm64.tar.gz"
-
-[tools.terragrunt."platforms.linux-arm64-musl"]
-checksum = "sha256:e5b60ab05b5214db694e6bc215d8124fb626e277cdb56b86f6147ae110d510fe"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_linux_arm64.tar.gz"
-
-[tools.terragrunt."platforms.linux-x64"]
-checksum = "sha256:6d48049baf82e0bf9c804368dc85cbfeadc10955e33777e9e8de3e020b94b073"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_linux_amd64.tar.gz"
-
-[tools.terragrunt."platforms.linux-x64-musl"]
-checksum = "sha256:6d48049baf82e0bf9c804368dc85cbfeadc10955e33777e9e8de3e020b94b073"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_linux_amd64.tar.gz"
-
-[tools.terragrunt."platforms.macos-arm64"]
-checksum = "sha256:aacb5be2ca5475300cbce246dfbd8a45eb47510fbaa70fab8561c49ef5db03aa"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_darwin_arm64.tar.gz"
-
-[tools.terragrunt."platforms.macos-x64"]
-checksum = "sha256:3133c2251e191aede8e3dd2a5b3aee2e91c5f08f88f117aee40eed9a24c8ef6b"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_darwin_amd64.tar.gz"
-
-[tools.terragrunt."platforms.windows-x64"]
-checksum = "sha256:183b2745b4e04980a6bfa4450ff81956a12596ca22d70f7aaa793980f5b036db"
-url = "https://github.com/gruntwork-io/terragrunt/releases/download/v1.0.3/terragrunt_windows_amd64.exe.tar.gz"

mise.toml

@@ -2,7 +2,7 @@ experimental_monorepo_root = true
 
 [monorepo]
 config_roots = [
-  "packages/plugin-core",
+  "packages/plugins",
   "server",
   "packages/cli",
   "deployment",
@@ -16,14 +16,17 @@ config_roots = [
 
 [tools]
 node = "24.15.0"
-pnpm = "11.4.0"
+flutter = "3.41.9"
+pnpm = "10.33.1"
 terragrunt = "1.0.3"
 opentofu = "1.11.6"
-"npm:oazapfts" = "7.5.0"
-"github:extism/cli" = "1.6.3"
-"github:webassembly/binaryen" = "version_124"
-"github:extism/js-pdk" = "1.6.0"
 java = "21.0.2"
+"npm:oazapfts" = "7.5.0"
+
+[tools."github:CQLabs/homebrew-dcm"]
+version = "1.37.0"
+bin = "dcm"
+postinstall = "chmod +x \"$MISE_TOOL_INSTALL_PATH/dcm\" || true"
 
 [tools."github:jellyfin/jellyfin-ffmpeg"]
 version = "7.1.3-6"
@@ -37,13 +40,6 @@ macos-arm64 = { asset_pattern = "jellyfin-ffmpeg_*_portable_macarm64-gpl.tar.xz"
 [settings]
 experimental = true
 pin = true
-lockfile = true
-
-[tasks.plugins]
-run = [
-  "pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter @immich/plugin-core install --frozen-lockfile",
-  "pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter @immich/plugin-core build",
-]
 
 [tasks.open-api-typescript]
 run = [
@@ -59,84 +55,17 @@ run = "bash ./bin/generate-dart-sdk.sh"
 [tasks.open-api]
 env = { SHARP_IGNORE_GLOBAL_LIBVIPS = true }
 run = [
-  { task = "//:plugins" },
   { task = "//server:install" },
   { task = "//server:build" },
   { task = "//server:sync-open-api" },
-  { task = ":open-api-typescript" },
-  { task = ":open-api-dart" },
+  { task = ":open-api-typescript"},
+  { task = ":open-api-dart"},
 ]
 
 [tasks.sql]
 dir = "server"
 run = "node ./dist/bin/sync-sql.js"
 
-# TODO dev, prod, and e2e should be de-duplicated by using env but for some reason I ran into issues
-[tasks.dev]
-depends = "//:plugins"
-dir = "docker"
-interactive = true
-env = { COMPOSE_BAKE = true }
-run = "docker compose -f ./docker-compose.dev.yml up --remove-orphans"
-depends_post = "//:dev-down"
-
-[tasks.dev-update]
-run = { task = "//:dev", args = ["--build", "-V"] }
-
-[tasks.dev-scale]
-run = { task = "//:dev", args = ["--build", "-V", "--scale immich-server=3"] }
-
-[tasks.dev-down]
-dir = "docker"
-run = "docker compose -f ./docker-compose.dev.yml down --remove-orphans"
-
-[tasks.prod]
-depends = "//:plugins"
-dir = "docker"
-interactive = true
-env = { COMPOSE_BAKE = true }
-run = "docker compose -f ./docker-compose.prod.yml up --build --remove-orphans"
-depends_post = "//:prod-down"
-
-[tasks.prod-scale]
-run = { task = "//:prod", args = [
-  "--build",
-  "-V",
-  "--scale immich-server=3",
-  "--scale immich-microservices",
-] }
-
-[tasks.prod-down]
-dir = "docker"
-run = "docker compose -f ./docker-compose.prod.yml down --remove-orphans"
-
-[tasks.e2e]
-depends = "//:plugins"
-dir = "e2e"
-interactive = true
-env = { COMPOSE_BAKE = true }
-run = "docker compose -f ./docker-compose.yml up --remove-orphans"
-depends_post = "//:e2e-down"
-
-[tasks.e2e-dev]
-depends = "//:plugins"
-dir = "e2e"
-interactive = true
-env = { COMPOSE_BAKE = true }
-run = "docker compose -f ./docker-compose.dev.yml up --remove-orphans"
-depends_post = "//:e2e-dev-down"
-
-[tasks.e2e-update]
-run = { task = "//:e2e", args = ["--build", '-V'] }
-
-[tasks.e2e-down]
-dir = "e2e"
-run = "docker compose -f ./docker-compose.yml down --remove-orphans"
-
-[tasks.e2e-dev-down]
-dir = "e2e"
-run = "docker compose -f ./docker-compose.dev.yml down --remove-orphans"
-
 # SDK tasks
 [tasks."sdk:install"]
 dir = "packages/sdk"
@@ -152,14 +81,3 @@ run = "pnpm format"
 
 [tasks."i18n:format-fix"]
 run = "pnpm format:fix"
-
-[tasks.clean]
-run = [
-  "find . -name 'node_modules' -type d -prune -exec rm -rf '{}' +",
-  "find . -name 'dist' -type d -prune -exec rm -rf '{}' +",
-  "find . -name 'build' -type d -prune -exec rm -rf '{}' +",
-  "find . -name '.svelte-kit' -type d -prune -exec rm -rf '{}' +",
-  "find . -name 'coverage' -type d -prune -exec rm -rf '{}' +",
-  "find . -name '.pnpm-store' -type d -prune -exec rm -rf '{}' +",
-  { task = "//:*-down" },
-]

mobile/.vscode/settings.json

@@ -1,4 +1,5 @@
 {
+  "dart.flutterSdkPath": ".fvm/versions/3.41.9",
   "dart.lineLength": 120,
   "[dart]": {
     "editor.rulers": [

mobile/android/app/build.gradle

@@ -89,13 +89,6 @@ flutter {
 }
 
 dependencies {
-  constraints {
-    implementation("androidx.glance:glance-appwidget") {
-      version { strictly libs.versions.glance.get() }
-      because 'home_widget requests 1.+ which can resolve to pre-releases incompatible with our compileSdk/AGP'
-    }
-  }
-
   implementation libs.okhttp
   implementation libs.cronet.embedded
   implementation libs.media3.datasource.okhttp

mobile/android/app/src/main/AndroidManifest.xml

@@ -89,20 +89,6 @@
         <data android:mimeType="video/*" />
       </intent-filter>
 
-      <!-- Allow Immich to act as an image viewer -->
-      <intent-filter android:label="View in Immich">
-        <action android:name="android.intent.action.VIEW" />
-        <category android:name="android.intent.category.DEFAULT" />
-        <data android:scheme="content" android:mimeType="image/*" />
-      </intent-filter>
-
-      <!-- Allow Immich to act as a video viewer -->
-      <intent-filter android:label="View in Immich">
-        <action android:name="android.intent.action.VIEW" />
-        <category android:name="android.intent.category.DEFAULT" />
-        <data android:scheme="content" android:mimeType="video/*" />
-      </intent-filter>
-
       <!-- immich:// URL scheme handling -->
       <intent-filter>
         <action android:name="android.intent.action.VIEW" />

mobile/android/app/src/main/kotlin/app/alextran/immich/MainActivity.kt

@@ -1,7 +1,6 @@
 package app.alextran.immich
 
 import android.content.Context
-import android.content.Intent
 import android.os.Build
 import android.os.ext.SdkExtensions
 import app.alextran.immich.background.BackgroundEngineLock
@@ -18,12 +17,9 @@ import app.alextran.immich.images.LocalImageApi
 import app.alextran.immich.images.LocalImagesImpl
 import app.alextran.immich.images.RemoteImageApi
 import app.alextran.immich.images.RemoteImagesImpl
-import app.alextran.immich.permission.PermissionApi
-import app.alextran.immich.permission.PermissionApiImpl
 import app.alextran.immich.sync.NativeSyncApi
 import app.alextran.immich.sync.NativeSyncApiImpl26
 import app.alextran.immich.sync.NativeSyncApiImpl30
-import app.alextran.immich.viewintent.ViewIntentPlugin
 import io.flutter.embedding.android.FlutterFragmentActivity
 import io.flutter.embedding.engine.FlutterEngine
 
@@ -33,11 +29,6 @@ class MainActivity : FlutterFragmentActivity() {
     registerPlugins(this, flutterEngine)
   }
 
-  override fun onNewIntent(intent: Intent) {
-    super.onNewIntent(intent)
-    setIntent(intent)
-  }
-
   companion object {
     fun registerPlugins(ctx: Context, flutterEngine: FlutterEngine) {
       HttpClientManager.initialize(ctx)
@@ -53,19 +44,15 @@ class MainActivity : FlutterFragmentActivity() {
         } else {
           NativeSyncApiImpl30(ctx)
         }
-      val permissionApiImpl = PermissionApiImpl(ctx)
       NativeSyncApi.setUp(messenger, nativeSyncApiImpl)
-      PermissionApi.setUp(messenger, permissionApiImpl)
       LocalImageApi.setUp(messenger, LocalImagesImpl(ctx))
       RemoteImageApi.setUp(messenger, RemoteImagesImpl(ctx))
 
       BackgroundWorkerFgHostApi.setUp(messenger, BackgroundWorkerApiImpl(ctx))
       ConnectivityApi.setUp(messenger, ConnectivityApiImpl(ctx))
 
-      flutterEngine.plugins.add(ViewIntentPlugin())
       flutterEngine.plugins.add(backgroundEngineLockImpl)
       flutterEngine.plugins.add(nativeSyncApiImpl)
-      flutterEngine.plugins.add(permissionApiImpl)
     }
 
     fun cancelPlugins(flutterEngine: FlutterEngine) {
@@ -73,8 +60,6 @@ class MainActivity : FlutterFragmentActivity() {
         flutterEngine.plugins.get(NativeSyncApiImpl26::class.java) as ImmichPlugin?
           ?: flutterEngine.plugins.get(NativeSyncApiImpl30::class.java) as ImmichPlugin?
       nativeApi?.detachFromEngine()
-      val permissionApi = flutterEngine.plugins.get(PermissionApiImpl::class.java) as ImmichPlugin?
-      permissionApi?.detachFromEngine()
     }
   }
 }

mobile/android/app/src/main/kotlin/app/alextran/immich/core/Network.g.kt

@@ -315,7 +315,6 @@ interface NetworkApi {
   fun hasCertificate(): Boolean
   fun getClientPointer(): Long
   fun setRequestHeaders(headers: Map<String, String>, serverUrls: List<String>, token: String?)
-  fun getAppGroupId(): String
 
   companion object {
     /** The codec used by NetworkApi. */
@@ -431,21 +430,6 @@ interface NetworkApi {
           channel.setMessageHandler(null)
         }
       }
-      run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NetworkApi.getAppGroupId$separatedMessageChannelSuffix", codec)
-        if (api != null) {
-          channel.setMessageHandler { _, reply ->
-            val wrapped: List<Any?> = try {
-              listOf(api.getAppGroupId())
-            } catch (exception: Throwable) {
-              NetworkPigeonUtils.wrapError(exception)
-            }
-            reply.reply(wrapped)
-          }
-        } else {
-          channel.setMessageHandler(null)
-        }
-      }
     }
   }
 }

mobile/android/app/src/main/kotlin/app/alextran/immich/core/NetworkApiPlugin.kt

@@ -13,7 +13,7 @@ class NetworkApiPlugin : FlutterPlugin, ActivityAware {
   private var networkApi: NetworkApiImpl? = null
 
   override fun onAttachedToEngine(binding: FlutterPlugin.FlutterPluginBinding) {
-    networkApi = NetworkApiImpl(binding.applicationContext)
+    networkApi = NetworkApiImpl()
     NetworkApi.setUp(binding.binaryMessenger, networkApi)
   }
 
@@ -39,11 +39,9 @@ class NetworkApiPlugin : FlutterPlugin, ActivityAware {
   }
 }
 
-private class NetworkApiImpl(private val context: Context) : NetworkApi {
+private class NetworkApiImpl : NetworkApi {
   var activity: Activity? = null
 
-  override fun getAppGroupId(): String = context.packageName
-
   override fun addCertificate(clientData: ClientCertData, callback: (Result<Unit>) -> Unit) {
     try {
       HttpClientManager.setKeyEntry(clientData.data, clientData.password.toCharArray())

mobile/android/app/src/main/kotlin/app/alextran/immich/images/RemoteImagesImpl.kt

@@ -23,8 +23,6 @@ import java.io.IOException
 import java.nio.ByteBuffer
 import java.util.concurrent.ConcurrentHashMap
 
-private const val MAX_PREALLOC_BYTES = 128 * 1024 * 1024
-
 private class RemoteRequest(val cancellationSignal: CancellationSignal)
 
 class RemoteImagesImpl(context: Context) : RemoteImageApi {
@@ -230,6 +228,7 @@ private class CronetImageFetcher : ImageFetcher {
     private val onComplete: () -> Unit,
   ) : UrlRequest.Callback() {
     private var buffer: NativeByteBuffer? = null
+    private var wrapped: ByteBuffer? = null
     private var error: Exception? = null
 
     override fun onRedirectReceived(request: UrlRequest, info: UrlResponseInfo, newUrl: String) {
@@ -243,16 +242,15 @@ private class CronetImageFetcher : ImageFetcher {
       }
 
       try {
-        // Content-Length is a size hint only. With Content-Encoding (gzip/br/...),
-        // Cronet auto-decompresses and writes decompressed bytes to our buffer, which
-        // may exceed the wire/compressed Content-Length. Always use the growable
-        // buffer path so we can't overflow.
         val contentLength = info.allHeaders["content-length"]?.firstOrNull()?.toIntOrNull() ?: 0
-        // Cap the up-front alloc: Content-Length is untrusted and can be huge or near
-        // Int.MAX_VALUE (overflowing `+1`). For larger responses the grow path takes over.
-        val initialSize = if (contentLength in 1..MAX_PREALLOC_BYTES) contentLength + 1 else INITIAL_BUFFER_SIZE
-        buffer = NativeByteBuffer(initialSize)
-        request.read(buffer!!.wrapRemaining())
+        if (contentLength > 0) {
+          buffer = NativeByteBuffer(contentLength + 1)
+          wrapped = NativeBuffer.wrap(buffer!!.pointer, contentLength + 1)
+          request.read(wrapped)
+        } else {
+          buffer = NativeByteBuffer(INITIAL_BUFFER_SIZE)
+          request.read(buffer!!.wrapRemaining())
+        }
       } catch (e: Exception) {
         error = e
         return request.cancel()
@@ -265,14 +263,14 @@ private class CronetImageFetcher : ImageFetcher {
       byteBuffer: ByteBuffer
     ) {
       try {
-        // Always pass a fresh wrap so byteBuffer.position() represents only the
-        // bytes Cronet wrote in this iteration. Reusing the caller-supplied
-        // ByteBuffer breaks advance(): Cronet's position keeps accumulating
-        // across reads, which would double-count previous iterations' bytes.
-        val buf = buffer!!.run {
-          advance(byteBuffer.position())
-          ensureHeadroom()
-          wrapRemaining()
+        val buf = if (wrapped == null) {
+          buffer!!.run {
+            advance(byteBuffer.position())
+            ensureHeadroom()
+            wrapRemaining()
+          }
+        } else {
+          wrapped
         }
         request.read(buf)
       } catch (e: Exception) {
@@ -282,6 +280,7 @@ private class CronetImageFetcher : ImageFetcher {
     }
 
     override fun onSucceeded(request: UrlRequest, info: UrlResponseInfo) {
+      wrapped?.let { buffer!!.advance(it.position()) }
       onSuccess(buffer!!)
       onComplete()
     }

mobile/android/app/src/main/kotlin/app/alextran/immich/permission/ManageMediaPermissionDelegate.kt

@@ -1,96 +0,0 @@
-package app.alextran.immich.permission
-
-import android.content.Context
-import android.content.Intent
-import android.os.Build
-import android.provider.MediaStore
-import android.provider.Settings
-import androidx.core.net.toUri
-import io.flutter.embedding.engine.plugins.activity.ActivityPluginBinding
-import io.flutter.plugin.common.PluginRegistry
-
-class ManageMediaPermissionDelegate(
-  context: Context,
-  private val requestCode: Int = 1003,
-) : PluginRegistry.ActivityResultListener {
-  private val ctx = context.applicationContext
-  private var activityBinding: ActivityPluginBinding? = null
-  private var pendingResult: ((Result<Boolean>) -> Unit)? = null
-
-  fun hasManageMediaPermission(): Boolean {
-    return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
-      MediaStore.canManageMedia(ctx)
-    } else {
-      false
-    }
-  }
-
-  fun requestManageMediaPermission(callback: (Result<Boolean>) -> Unit) {
-    if (hasManageMediaPermission()) {
-      callback(Result.success(true))
-      return
-    }
-
-    openManageMediaPermissionSettings(callback)
-  }
-
-  fun manageMediaPermission(callback: (Result<Boolean>) -> Unit) {
-    openManageMediaPermissionSettings(callback)
-  }
-
-  private fun openManageMediaPermissionSettings(callback: (Result<Boolean>) -> Unit) {
-    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.S) {
-      callback(Result.success(false))
-      return
-    }
-
-    val activity = activityBinding?.activity
-    if (activity == null) {
-      callback(Result.failure(FlutterError("NO_ACTIVITY", "Activity not available", null)))
-      return
-    }
-
-    pendingResult = callback
-    val intent = Intent(Settings.ACTION_REQUEST_MANAGE_MEDIA).apply {
-      data = "package:${activity.packageName}".toUri()
-    }
-    try {
-      activity.startActivityForResult(intent, requestCode)
-    } catch (e: Exception) {
-      pendingResult = null
-      callback(
-        Result.failure(
-          FlutterError("ACTIVITY_LAUNCH_FAILED", "Failed to launch MANAGE_MEDIA settings", e.toString())
-        )
-      )
-    }
-  }
-
-  fun onAttachedToActivity(binding: ActivityPluginBinding) {
-    activityBinding = binding
-    binding.addActivityResultListener(this)
-  }
-
-  fun onDetachedFromActivity() {
-    failPending("ACTIVITY_DETACHED", "Activity detached before MANAGE_MEDIA result")
-    activityBinding?.removeActivityResultListener(this)
-    activityBinding = null
-  }
-
-  override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?): Boolean {
-    if (requestCode == this.requestCode) {
-      val callback = pendingResult
-      pendingResult = null
-      callback?.invoke(Result.success(hasManageMediaPermission()))
-      return true
-    }
-
-    return false
-  }
-
-  private fun failPending(code: String, message: String) {
-    val callback = pendingResult ?: return
-    pendingResult = null
-    callback(Result.failure(FlutterError(code, message, null)))
-  }
-}

mobile/android/app/src/main/kotlin/app/alextran/immich/permission/PermissionApi.g.kt

@@ -1,169 +0,0 @@
-// Autogenerated from Pigeon (v26.3.4), do not edit directly.
-// See also: https://pub.dev/packages/pigeon
-@file:Suppress("UNCHECKED_CAST", "ArrayInDataClass")
-
-package app.alextran.immich.permission
-
-import android.util.Log
-import io.flutter.plugin.common.BasicMessageChannel
-import io.flutter.plugin.common.BinaryMessenger
-import io.flutter.plugin.common.EventChannel
-import io.flutter.plugin.common.MessageCodec
-import io.flutter.plugin.common.StandardMethodCodec
-import io.flutter.plugin.common.StandardMessageCodec
-import java.io.ByteArrayOutputStream
-import java.nio.ByteBuffer
-private object PermissionApiPigeonUtils {
-
-  fun wrapResult(result: Any?): List<Any?> {
-    return listOf(result)
-  }
-
-  fun wrapError(exception: Throwable): List<Any?> {
-    return if (exception is FlutterError) {
-      listOf(
-        exception.code,
-        exception.message,
-        exception.details
-      )
-    } else {
-      listOf(
-        exception.javaClass.simpleName,
-        exception.toString(),
-        "Cause: " + exception.cause + ", Stacktrace: " + Log.getStackTraceString(exception)
-      )
-    }
-  }
-}
-
-/**
- * Error class for passing custom error details to Flutter via a thrown PlatformException.
- * @property code The error code.
- * @property message The error message.
- * @property details The error details. Must be a datatype supported by the api codec.
- */
-class FlutterError (
-  val code: String,
-  override val message: String? = null,
-  val details: Any? = null
-) : RuntimeException()
-
-enum class PermissionStatus(val raw: Int) {
-  GRANTED(0),
-  DENIED(1),
-  PERMANENTLY_DENIED(2);
-
-  companion object {
-    fun ofRaw(raw: Int): PermissionStatus? {
-      return values().firstOrNull { it.raw == raw }
-    }
-  }
-}
-private open class PermissionApiPigeonCodec : StandardMessageCodec() {
-  override fun readValueOfType(type: Byte, buffer: ByteBuffer): Any? {
-    return when (type) {
-      129.toByte() -> {
-        return (readValue(buffer) as Long?)?.let {
-          PermissionStatus.ofRaw(it.toInt())
-        }
-      }
-      else -> super.readValueOfType(type, buffer)
-    }
-  }
-  override fun writeValue(stream: ByteArrayOutputStream, value: Any?)   {
-    when (value) {
-      is PermissionStatus -> {
-        stream.write(129)
-        writeValue(stream, value.raw.toLong())
-      }
-      else -> super.writeValue(stream, value)
-    }
-  }
-}
-
-
-/** Generated interface from Pigeon that represents a handler of messages from Flutter. */
-interface PermissionApi {
-  fun isIgnoringBatteryOptimizations(): PermissionStatus
-  fun hasManageMediaPermission(): Boolean
-  fun requestManageMediaPermission(callback: (Result<Boolean>) -> Unit)
-  fun manageMediaPermission(callback: (Result<Boolean>) -> Unit)
-
-  companion object {
-    /** The codec used by PermissionApi. */
-    val codec: MessageCodec<Any?> by lazy {
-      PermissionApiPigeonCodec()
-    }
-    /** Sets up an instance of `PermissionApi` to handle messages through the `binaryMessenger`. */
-    @JvmOverloads
-    fun setUp(binaryMessenger: BinaryMessenger, api: PermissionApi?, messageChannelSuffix: String = "") {
-      val separatedMessageChannelSuffix = if (messageChannelSuffix.isNotEmpty()) ".$messageChannelSuffix" else ""
-      run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.PermissionApi.isIgnoringBatteryOptimizations$separatedMessageChannelSuffix", codec)
-        if (api != null) {
-          channel.setMessageHandler { _, reply ->
-            val wrapped: List<Any?> = try {
-              listOf(api.isIgnoringBatteryOptimizations())
-            } catch (exception: Throwable) {
-              PermissionApiPigeonUtils.wrapError(exception)
-            }
-            reply.reply(wrapped)
-          }
-        } else {
-          channel.setMessageHandler(null)
-        }
-      }
-      run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.PermissionApi.hasManageMediaPermission$separatedMessageChannelSuffix", codec)
-        if (api != null) {
-          channel.setMessageHandler { _, reply ->
-            val wrapped: List<Any?> = try {
-              listOf(api.hasManageMediaPermission())
-            } catch (exception: Throwable) {
-              PermissionApiPigeonUtils.wrapError(exception)
-            }
-            reply.reply(wrapped)
-          }
-        } else {
-          channel.setMessageHandler(null)
-        }
-      }
-      run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.PermissionApi.requestManageMediaPermission$separatedMessageChannelSuffix", codec)
-        if (api != null) {
-          channel.setMessageHandler { _, reply ->
-            api.requestManageMediaPermission{ result: Result<Boolean> ->
-              val error = result.exceptionOrNull()
-              if (error != null) {
-                reply.reply(PermissionApiPigeonUtils.wrapError(error))
-              } else {
-                val data = result.getOrNull()
-                reply.reply(PermissionApiPigeonUtils.wrapResult(data))
-              }
-            }
-          }
-        } else {
-          channel.setMessageHandler(null)
-        }
-      }
-      run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.PermissionApi.manageMediaPermission$separatedMessageChannelSuffix", codec)
-        if (api != null) {
-          channel.setMessageHandler { _, reply ->
-            api.manageMediaPermission{ result: Result<Boolean> ->
-              val error = result.exceptionOrNull()
-              if (error != null) {
-                reply.reply(PermissionApiPigeonUtils.wrapError(error))
-              } else {
-                val data = result.getOrNull()
-                reply.reply(PermissionApiPigeonUtils.wrapResult(data))
-              }
-            }
-          }
-        } else {
-          channel.setMessageHandler(null)
-        }
-      }
-    }
-  }
-}

mobile/android/app/src/main/kotlin/app/alextran/immich/permission/PermissionApiImpl.kt

@@ -1,50 +0,0 @@
-package app.alextran.immich.permission
-
-import android.content.Context
-import android.os.PowerManager
-import app.alextran.immich.core.ImmichPlugin
-import io.flutter.embedding.engine.plugins.activity.ActivityAware
-import io.flutter.embedding.engine.plugins.activity.ActivityPluginBinding
-
-class PermissionApiImpl(context: Context) : ImmichPlugin(), PermissionApi, ActivityAware {
-  private val ctx: Context = context.applicationContext
-  private val manageMediaPermissionDelegate = ManageMediaPermissionDelegate(context)
-
-  private val powerManager =
-    ctx.getSystemService(Context.POWER_SERVICE) as PowerManager
-
-
-  override fun isIgnoringBatteryOptimizations(): PermissionStatus {
-    if (powerManager.isIgnoringBatteryOptimizations(ctx.packageName)) {
-      return PermissionStatus.GRANTED
-    }
-    return PermissionStatus.DENIED
-  }
-
-  override fun hasManageMediaPermission(): Boolean =
-    manageMediaPermissionDelegate.hasManageMediaPermission()
-
-  override fun requestManageMediaPermission(callback: (Result<Boolean>) -> Unit) {
-    manageMediaPermissionDelegate.requestManageMediaPermission { completeWhenActive(callback, it) }
-  }
-
-  override fun manageMediaPermission(callback: (Result<Boolean>) -> Unit) {
-    manageMediaPermissionDelegate.manageMediaPermission { completeWhenActive(callback, it) }
-  }
-
-  override fun onAttachedToActivity(binding: ActivityPluginBinding) {
-    manageMediaPermissionDelegate.onAttachedToActivity(binding)
-  }
-
-  override fun onDetachedFromActivityForConfigChanges() {
-    manageMediaPermissionDelegate.onDetachedFromActivity()
-  }
-
-  override fun onReattachedToActivityForConfigChanges(binding: ActivityPluginBinding) {
-    manageMediaPermissionDelegate.onAttachedToActivity(binding)
-  }
-
-  override fun onDetachedFromActivity() {
-    manageMediaPermissionDelegate.onDetachedFromActivity()
-  }
-}

mobile/android/app/src/main/kotlin/app/alextran/immich/sync/MediaTrashDelegate.kt

@@ -1,133 +0,0 @@
-package app.alextran.immich.sync
-
-import android.app.Activity
-import android.content.ContentResolver
-import android.content.ContentUris
-import android.content.Context
-import android.content.Intent
-import android.net.Uri
-import android.os.Build
-import android.os.Bundle
-import android.provider.MediaStore
-import androidx.annotation.RequiresApi
-import io.flutter.embedding.engine.plugins.activity.ActivityPluginBinding
-import io.flutter.plugin.common.PluginRegistry
-
-class MediaTrashDelegate(
-  context: Context,
-  private val trashRequestCode: Int = 1002,
-) : PluginRegistry.ActivityResultListener {
-  private val ctx = context.applicationContext
-  private var activityBinding: ActivityPluginBinding? = null
-  private var pendingResult: ((Result<Boolean>) -> Unit)? = null
-
-  private fun hasManageMediaPermission(): Boolean {
-    return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
-      MediaStore.canManageMedia(ctx)
-    } else {
-      false
-    }
-  }
-
-  fun restoreFromTrashById(mediaId: String, type: Long, callback: (Result<Boolean>) -> Unit) {
-    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.R || !hasManageMediaPermission()) {
-      callback(Result.failure(FlutterError("PERMISSION_DENIED", "Media permission required", null)))
-      return
-    }
-
-    val id = mediaId.toLongOrNull()
-    if (id == null) {
-      callback(Result.failure(FlutterError("INVALID_ID", "The file id is not a valid number: $mediaId", null)))
-      return
-    }
-
-    if (!isInTrash(id)) {
-      callback(Result.failure(FlutterError("TRASH_NOT_FOUND", "Item with id=$id not found in trash", null)))
-      return
-    }
-
-    restoreUri(ContentUris.withAppendedId(contentUriForType(type.toInt()), id), callback)
-  }
-
-  @RequiresApi(Build.VERSION_CODES.R)
-  private fun restoreUri(
-    contentUri: Uri,
-    callback: (Result<Boolean>) -> Unit,
-  ) {
-    val activity = activityBinding?.activity
-    if (activity == null) {
-      callback(Result.failure(FlutterError("NO_ACTIVITY", "Activity not available", null)))
-      return
-    }
-
-    try {
-      val pendingIntent = MediaStore.createTrashRequest(ctx.contentResolver, listOf(contentUri), false)
-      pendingResult = callback
-      activity.startIntentSenderForResult(
-        pendingIntent.intentSender,
-        trashRequestCode,
-        null,
-        0,
-        0,
-        0,
-      )
-    } catch (e: Exception) {
-      pendingResult = null
-      callback(
-        Result.failure(
-          FlutterError("TRASH_ERROR", "Error creating or starting trash request", e.toString())
-        )
-      )
-    }
-  }
-
-  @RequiresApi(Build.VERSION_CODES.R)
-  private fun isInTrash(id: Long): Boolean {
-    val filesUri = MediaStore.Files.getContentUri(MediaStore.VOLUME_EXTERNAL)
-    val args = Bundle().apply {
-      putString(ContentResolver.QUERY_ARG_SQL_SELECTION, "${MediaStore.Files.FileColumns._ID}=?")
-      putStringArray(ContentResolver.QUERY_ARG_SQL_SELECTION_ARGS, arrayOf(id.toString()))
-      putInt(MediaStore.QUERY_ARG_MATCH_TRASHED, MediaStore.MATCH_ONLY)
-      putInt(ContentResolver.QUERY_ARG_LIMIT, 1)
-    }
-    return ctx.contentResolver.query(filesUri, arrayOf(MediaStore.Files.FileColumns._ID), args, null)
-      ?.use { it.moveToFirst() } == true
-  }
-
-  private fun contentUriForType(type: Int): Uri =
-    when (type) {
-      // Same order as AssetType from Dart.
-      1 -> MediaStore.Images.Media.EXTERNAL_CONTENT_URI
-      2 -> MediaStore.Video.Media.EXTERNAL_CONTENT_URI
-      3 -> MediaStore.Audio.Media.EXTERNAL_CONTENT_URI
-      else -> MediaStore.Files.getContentUri(MediaStore.VOLUME_EXTERNAL)
-    }
-
-  fun onAttachedToActivity(binding: ActivityPluginBinding) {
-    activityBinding = binding
-    binding.addActivityResultListener(this)
-  }
-
-  fun onDetachedFromActivity() {
-    failPending("ACTIVITY_DETACHED", "Activity detached before trash result")
-    activityBinding?.removeActivityResultListener(this)
-    activityBinding = null
-  }
-
-  override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?): Boolean {
-    if (requestCode == trashRequestCode) {
-      val callback = pendingResult
-      pendingResult = null
-      callback?.invoke(Result.success(resultCode == Activity.RESULT_OK))
-      return true
-    }
-
-    return false
-  }
-
-  private fun failPending(code: String, message: String) {
-    val callback = pendingResult ?: return
-    pendingResult = null
-    callback(Result.failure(FlutterError(code, message, null)))
-  }
-}

mobile/android/app/src/main/kotlin/app/alextran/immich/sync/Messages.g.kt

@@ -542,19 +542,17 @@ private open class MessagesPigeonCodec : StandardMessageCodec() {
 
 /** Generated interface from Pigeon that represents a handler of messages from Flutter. */
 interface NativeSyncApi {
-  fun shouldFullSync(callback: (Result<Boolean>) -> Unit)
-  fun getMediaChanges(callback: (Result<SyncDelta>) -> Unit)
+  fun shouldFullSync(): Boolean
+  fun getMediaChanges(): SyncDelta
   fun checkpointSync()
   fun clearSyncCheckpoint()
-  fun getAssetIdsForAlbum(albumId: String, callback: (Result<List<String>>) -> Unit)
-  fun getAlbums(callback: (Result<List<PlatformAlbum>>) -> Unit)
+  fun getAssetIdsForAlbum(albumId: String): List<String>
+  fun getAlbums(): List<PlatformAlbum>
   fun getAssetsCountSince(albumId: String, timestamp: Long): Long
-  fun getAssetsForAlbum(albumId: String, updatedTimeCond: Long?, callback: (Result<List<PlatformAsset>>) -> Unit)
+  fun getAssetsForAlbum(albumId: String, updatedTimeCond: Long?): List<PlatformAsset>
   fun hashAssets(assetIds: List<String>, allowNetworkAccess: Boolean, callback: (Result<List<HashResult>>) -> Unit)
   fun cancelHashing()
-  fun cancelSync()
   fun getTrashedAssets(): Map<String, List<PlatformAsset>>
-  fun restoreFromTrashById(mediaId: String, type: Long, callback: (Result<Boolean>) -> Unit)
   fun getCloudIdForAssetIds(assetIds: List<String>): List<CloudIdResult>
 
   companion object {
@@ -571,33 +569,27 @@ interface NativeSyncApi {
         val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.shouldFullSync$separatedMessageChannelSuffix", codec)
         if (api != null) {
           channel.setMessageHandler { _, reply ->
-            api.shouldFullSync{ result: Result<Boolean> ->
-              val error = result.exceptionOrNull()
-              if (error != null) {
-                reply.reply(MessagesPigeonUtils.wrapError(error))
-              } else {
-                val data = result.getOrNull()
-                reply.reply(MessagesPigeonUtils.wrapResult(data))
-              }
+            val wrapped: List<Any?> = try {
+              listOf(api.shouldFullSync())
+            } catch (exception: Throwable) {
+              MessagesPigeonUtils.wrapError(exception)
             }
+            reply.reply(wrapped)
           }
         } else {
           channel.setMessageHandler(null)
         }
       }
       run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.getMediaChanges$separatedMessageChannelSuffix", codec)
+        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.getMediaChanges$separatedMessageChannelSuffix", codec, taskQueue)
         if (api != null) {
           channel.setMessageHandler { _, reply ->
-            api.getMediaChanges{ result: Result<SyncDelta> ->
-              val error = result.exceptionOrNull()
-              if (error != null) {
-                reply.reply(MessagesPigeonUtils.wrapError(error))
-              } else {
-                val data = result.getOrNull()
-                reply.reply(MessagesPigeonUtils.wrapResult(data))
-              }
+            val wrapped: List<Any?> = try {
+              listOf(api.getMediaChanges())
+            } catch (exception: Throwable) {
+              MessagesPigeonUtils.wrapError(exception)
             }
+            reply.reply(wrapped)
           }
         } else {
           channel.setMessageHandler(null)
@@ -636,38 +628,32 @@ interface NativeSyncApi {
         }
       }
       run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.getAssetIdsForAlbum$separatedMessageChannelSuffix", codec)
+        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.getAssetIdsForAlbum$separatedMessageChannelSuffix", codec, taskQueue)
         if (api != null) {
           channel.setMessageHandler { message, reply ->
             val args = message as List<Any?>
             val albumIdArg = args[0] as String
-            api.getAssetIdsForAlbum(albumIdArg) { result: Result<List<String>> ->
-              val error = result.exceptionOrNull()
-              if (error != null) {
-                reply.reply(MessagesPigeonUtils.wrapError(error))
-              } else {
-                val data = result.getOrNull()
-                reply.reply(MessagesPigeonUtils.wrapResult(data))
-              }
+            val wrapped: List<Any?> = try {
+              listOf(api.getAssetIdsForAlbum(albumIdArg))
+            } catch (exception: Throwable) {
+              MessagesPigeonUtils.wrapError(exception)
             }
+            reply.reply(wrapped)
           }
         } else {
           channel.setMessageHandler(null)
         }
       }
       run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.getAlbums$separatedMessageChannelSuffix", codec)
+        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.getAlbums$separatedMessageChannelSuffix", codec, taskQueue)
         if (api != null) {
           channel.setMessageHandler { _, reply ->
-            api.getAlbums{ result: Result<List<PlatformAlbum>> ->
-              val error = result.exceptionOrNull()
-              if (error != null) {
-                reply.reply(MessagesPigeonUtils.wrapError(error))
-              } else {
-                val data = result.getOrNull()
-                reply.reply(MessagesPigeonUtils.wrapResult(data))
-              }
+            val wrapped: List<Any?> = try {
+              listOf(api.getAlbums())
+            } catch (exception: Throwable) {
+              MessagesPigeonUtils.wrapError(exception)
             }
+            reply.reply(wrapped)
           }
         } else {
           channel.setMessageHandler(null)
@@ -692,21 +678,18 @@ interface NativeSyncApi {
         }
       }
       run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.getAssetsForAlbum$separatedMessageChannelSuffix", codec)
+        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.getAssetsForAlbum$separatedMessageChannelSuffix", codec, taskQueue)
         if (api != null) {
           channel.setMessageHandler { message, reply ->
             val args = message as List<Any?>
             val albumIdArg = args[0] as String
             val updatedTimeCondArg = args[1] as Long?
-            api.getAssetsForAlbum(albumIdArg, updatedTimeCondArg) { result: Result<List<PlatformAsset>> ->
-              val error = result.exceptionOrNull()
-              if (error != null) {
-                reply.reply(MessagesPigeonUtils.wrapError(error))
-              } else {
-                val data = result.getOrNull()
-                reply.reply(MessagesPigeonUtils.wrapResult(data))
-              }
+            val wrapped: List<Any?> = try {
+              listOf(api.getAssetsForAlbum(albumIdArg, updatedTimeCondArg))
+            } catch (exception: Throwable) {
+              MessagesPigeonUtils.wrapError(exception)
             }
+            reply.reply(wrapped)
           }
         } else {
           channel.setMessageHandler(null)
@@ -749,22 +732,6 @@ interface NativeSyncApi {
           channel.setMessageHandler(null)
         }
       }
-      run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.cancelSync$separatedMessageChannelSuffix", codec)
-        if (api != null) {
-          channel.setMessageHandler { _, reply ->
-            val wrapped: List<Any?> = try {
-              api.cancelSync()
-              listOf(null)
-            } catch (exception: Throwable) {
-              MessagesPigeonUtils.wrapError(exception)
-            }
-            reply.reply(wrapped)
-          }
-        } else {
-          channel.setMessageHandler(null)
-        }
-      }
       run {
         val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.getTrashedAssets$separatedMessageChannelSuffix", codec, taskQueue)
         if (api != null) {
@@ -780,27 +747,6 @@ interface NativeSyncApi {
           channel.setMessageHandler(null)
         }
       }
-      run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.restoreFromTrashById$separatedMessageChannelSuffix", codec)
-        if (api != null) {
-          channel.setMessageHandler { message, reply ->
-            val args = message as List<Any?>
-            val mediaIdArg = args[0] as String
-            val typeArg = args[1] as Long
-            api.restoreFromTrashById(mediaIdArg, typeArg) { result: Result<Boolean> ->
-              val error = result.exceptionOrNull()
-              if (error != null) {
-                reply.reply(MessagesPigeonUtils.wrapError(error))
-              } else {
-                val data = result.getOrNull()
-                reply.reply(MessagesPigeonUtils.wrapResult(data))
-              }
-            }
-          }
-        } else {
-          channel.setMessageHandler(null)
-        }
-      }
       run {
         val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NativeSyncApi.getCloudIdForAssetIds$separatedMessageChannelSuffix", codec, taskQueue)
         if (api != null) {

mobile/android/app/src/main/kotlin/app/alextran/immich/sync/MessagesImpl26.kt

@@ -4,11 +4,7 @@ import android.content.Context
 
 
 class NativeSyncApiImpl26(context: Context) : NativeSyncApiImplBase(context), NativeSyncApi {
-  override fun shouldFullSync(callback: (Result<Boolean>) -> Unit) {
-    runSync(callback) { shouldFullSync() }
-  }
-
-  private fun shouldFullSync(): Boolean {
+  override fun shouldFullSync(): Boolean {
     return true
   }
 
@@ -22,11 +18,7 @@ class NativeSyncApiImpl26(context: Context) : NativeSyncApiImplBase(context), Na
     // No-op for Android 10 and below
   }
 
-  override fun getMediaChanges(callback: (Result<SyncDelta>) -> Unit) {
-    runSync(callback) { getMediaChanges() }
-  }
-
-  private fun getMediaChanges(): SyncDelta {
+  override fun getMediaChanges(): SyncDelta {
     throw IllegalStateException("Method not supported on this Android version.")
   }