fix(mobile): fetch non-archive for partners

2025-12-09 14:21:02 -08:00 · 2024-05-06 11:21:25 -05:00
4622 changed files with 241444 additions and 575843 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,73 +0,0 @@
 {
  "name": "Immich - Backend, Frontend and ML",
  "service": "immich-server",
  "runServices": [
    "immich-server",
    "redis",
    "database",
    "immich-machine-learning"
  ],
  "dockerComposeFile": [
    "../docker/docker-compose.dev.yml",
    "./server/container-compose-overrides.yml"
  ],
  "customizations": {
    "vscode": {
      "extensions": [
        "dbaeumer.vscode-eslint",
        "esbenp.prettier-vscode",
        "svelte.svelte-vscode",
        "ms-vscode-remote.remote-containers",
        "foxundermoon.shell-format",
        "timonwong.shellcheck",
        "rvest.vs-code-prettier-eslint",
        "bluebrown.yamlfmt",
        "vkrishna04.cspell-sync",
        "vitest.explorer",
        "ms-playwright.playwright",
        "ms-azuretools.vscode-docker"
      ]
    }
  },
  "features": {
    "ghcr.io/devcontainers/features/docker-in-docker:2": {
      // https://github.com/devcontainers/features/issues/1466
      "moby": false
    }
  },
  "forwardPorts": [3000, 9231, 9230, 2283],
  "portsAttributes": {
    "3000": {
      "label": "Immich - Frontend HTTP",
      "description": "The frontend of the Immich project",
      "onAutoForward": "openBrowserOnce"
    },
    "2283": {
      "label": "Immich - API Server - HTTP",
      "description": "The API server of the Immich project"
    },
    "9231": {
      "label": "Immich - API Server - DEBUG",
      "description": "The API server of the Immich project"
    },
    "9230": {
      "label": "Immich - Workers - DEBUG",
      "description": "The workers of the Immich project"
    }
  },
  "overrideCommand": true,
  "workspaceFolder": "/workspaces/immich",
  "remoteUser": "node",
  "userEnvProbe": "loginInteractiveShell",
  "remoteEnv": {
    // The location where your uploaded files are stored
    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./library}",
    //  Connection secret for postgres. You should change it to a random password
    //  Please use only the characters `A-Za-z0-9`, without special characters or spaces
    "DB_PASSWORD": "${localEnv:DB_PASSWORD:postgres}",
    //  The database username
    "DB_USERNAME": "${localEnv:DB_USERNAME:postgres}",
    //  The database name
    "DB_DATABASE_NAME": "${localEnv:DB_DATABASE_NAME:immich}"
  }
 }
--- a/.devcontainer/mobile/container-compose-overrides.yml
+++ b/.devcontainer/mobile/container-compose-overrides.yml
@@ -1,40 +0,0 @@
 services:
  immich-server:
    build:
      target: dev-container-mobile
    environment:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
    volumes: !override # bind mount host to /workspaces/immich
      - ..:/workspaces/immich
      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
      - pnpm-store:/usr/src/app/.pnpm-store
      - server-node_modules:/usr/src/app/server/node_modules
      - web-node_modules:/usr/src/app/web/node_modules
      - github-node_modules:/usr/src/app/.github/node_modules
      - cli-node_modules:/usr/src/app/cli/node_modules
      - docs-node_modules:/usr/src/app/docs/node_modules
      - e2e-node_modules:/usr/src/app/e2e/node_modules
      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
      - app-node_modules:/usr/src/app/node_modules
      - sveltekit:/usr/src/app/web/.svelte-kit
      - coverage:/usr/src/app/web/coverage
      - /etc/localtime:/etc/localtime:ro
  immich-web:
    env_file: !reset []
  immich-machine-learning:
    env_file: !reset []
  database:
    env_file: !reset []
    environment: !override
      POSTGRES_PASSWORD: ${DB_PASSWORD-postgres}
      POSTGRES_USER: ${DB_USERNAME-postgres}
      POSTGRES_DB: ${DB_DATABASE_NAME-immich}
      POSTGRES_INITDB_ARGS: '--data-checksums'
      POSTGRES_HOST_AUTH_METHOD: md5
    volumes:
      - ${UPLOAD_LOCATION:-postgres-devcontainer-volume}${UPLOAD_LOCATION:+/postgres}:/var/lib/postgresql/data
  redis:
    env_file: !reset []
 volumes:
  upload-devcontainer-volume:
  postgres-devcontainer-volume:
--- a/.devcontainer/mobile/devcontainer.json
+++ b/.devcontainer/mobile/devcontainer.json
@@ -1,52 +0,0 @@
 {
  "name": "Immich - Mobile",
  "service": "immich-server",
  "runServices": [
    "immich-server",
    "redis",
    "database",
    "immich-machine-learning"
  ],
  "dockerComposeFile": [
    "../../docker/docker-compose.dev.yml",
    "./container-compose-overrides.yml"
  ],
  "customizations": {
    "vscode": {
      "extensions": [
        "Dart-Code.dart-code",
        "Dart-Code.flutter",
        "dcmdev.dcm-vscode-extension",
        "esbenp.prettier-vscode",
        "dbaeumer.vscode-eslint",
        "esbenp.prettier-vscode",
        "svelte.svelte-vscode",
        "ms-vscode-remote.remote-containers",
        "foxundermoon.shell-format",
        "timonwong.shellcheck",
        "rvest.vs-code-prettier-eslint",
        "bluebrown.yamlfmt",
        "vkrishna04.cspell-sync",
        "vitest.explorer",
        "ms-playwright.playwright",
        "ms-azuretools.vscode-docker"
      ]
    }
  },
  "forwardPorts": [],
  "overrideCommand": true,
  "workspaceFolder": "/workspaces/immich",
  "remoteUser": "node",
  "userEnvProbe": "loginInteractiveShell",
  "remoteEnv": {
    // The location where your uploaded files are stored
    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./library}",
    //  Connection secret for postgres. You should change it to a random password
    //  Please use only the characters `A-Za-z0-9`, without special characters or spaces
    "DB_PASSWORD": "${localEnv:DB_PASSWORD:postgres}",
    //  The database username
    "DB_USERNAME": "${localEnv:DB_USERNAME:postgres}",
    //  The database name
    "DB_DATABASE_NAME": "${localEnv:DB_DATABASE_NAME:immich}"
  }
 }
--- a/.devcontainer/server/container-common.sh
+++ b/.devcontainer/server/container-common.sh
@@ -1,81 +0,0 @@
 #!/bin/bash
 export IMMICH_PORT="${DEV_SERVER_PORT:-2283}"
 export DEV_PORT="${DEV_PORT:-3000}"
 # search for immich directory inside workspace.
 # /workspaces/immich is the bind mount, but other directories can be mounted if runing
 # Devcontainer: Clone [repository|pull request] in container volumne
 WORKSPACES_DIR="/workspaces"
 IMMICH_DIR="$WORKSPACES_DIR/immich"
 IMMICH_DEVCONTAINER_LOG="$HOME/immich-devcontainer.log"
 log() {
    # Display command on console, log with timestamp to file
    echo "$*"
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" >>"$IMMICH_DEVCONTAINER_LOG"
 }
 run_cmd() {
    # Ensure log directory exists
    mkdir -p "$(dirname "$IMMICH_DEVCONTAINER_LOG")"
    log "$@"
    # Execute command: display normally on console, log with timestamps to file
    "$@" 2>&1 | tee >(while IFS= read -r line; do
        echo "[$(date '+%Y-%m-%d %H:%M:%S')] $line" >>"$IMMICH_DEVCONTAINER_LOG"
    done)
    # Preserve exit status
    return "${PIPESTATUS[0]}"
 }
 # Find directories excluding /workspaces/immich
 mapfile -t other_dirs < <(find "$WORKSPACES_DIR" -mindepth 1 -maxdepth 1 -type d ! -path "$IMMICH_DIR" ! -name ".*")
 if [ ${#other_dirs[@]} -gt 1 ]; then
    log "Error: More than one directory found in $WORKSPACES_DIR other than $IMMICH_DIR."
    exit 1
 elif [ ${#other_dirs[@]} -eq 1 ]; then
    export IMMICH_WORKSPACE="${other_dirs[0]}"
 else
    export IMMICH_WORKSPACE="$IMMICH_DIR"
 fi
 log "Found immich workspace in $IMMICH_WORKSPACE"
 log ""
 fix_permissions() {
    log "Fixing permissions for ${IMMICH_WORKSPACE}"
    # Change ownership for directories that exist
    for dir in "${IMMICH_WORKSPACE}/.vscode" \
        "${IMMICH_WORKSPACE}/server/upload" \
        "${IMMICH_WORKSPACE}/.pnpm-store" \
        "${IMMICH_WORKSPACE}/.github/node_modules" \
        "${IMMICH_WORKSPACE}/cli/node_modules" \
        "${IMMICH_WORKSPACE}/e2e/node_modules" \
        "${IMMICH_WORKSPACE}/open-api/typescript-sdk/node_modules" \
        "${IMMICH_WORKSPACE}/server/node_modules" \
        "${IMMICH_WORKSPACE}/server/dist" \
        "${IMMICH_WORKSPACE}/web/node_modules" \
        "${IMMICH_WORKSPACE}/web/dist"; do
        if [ -d "$dir" ]; then
            run_cmd sudo chown node -R "$dir"
        fi
    done
    log ""
 }
 install_dependencies() {
    log "Installing dependencies"
    (
        cd "${IMMICH_WORKSPACE}" || exit 1
        export CI=1 FROZEN=1 OFFLINE=1
        run_cmd make setup-web-dev setup-server-dev
    )
    log ""
 }
--- a/.devcontainer/server/container-compose-overrides.yml
+++ b/.devcontainer/server/container-compose-overrides.yml
@@ -1,43 +0,0 @@
 services:
  immich-server:
    build:
      target: dev-container-server
    env_file: !reset []
    hostname: immich-dev
    environment:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
    volumes: !override
      - ..:/workspaces/immich
      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
      - /etc/localtime:/etc/localtime:ro
      - pnpm-store:/usr/src/app/.pnpm-store
      - server-node_modules:/usr/src/app/server/node_modules
      - web-node_modules:/usr/src/app/web/node_modules
      - github-node_modules:/usr/src/app/.github/node_modules
      - cli-node_modules:/usr/src/app/cli/node_modules
      - docs-node_modules:/usr/src/app/docs/node_modules
      - e2e-node_modules:/usr/src/app/e2e/node_modules
      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
      - app-node_modules:/usr/src/app/node_modules
      - sveltekit:/usr/src/app/web/.svelte-kit
      - coverage:/usr/src/app/web/coverage
      - ../plugins:/build/corePlugin
  immich-web:
    env_file: !reset []
  immich-machine-learning:
    env_file: !reset []
  database:
    env_file: !reset []
    environment: !override
      POSTGRES_PASSWORD: ${DB_PASSWORD-postgres}
      POSTGRES_USER: ${DB_USERNAME-postgres}
      POSTGRES_DB: ${DB_DATABASE_NAME-immich}
      POSTGRES_INITDB_ARGS: '--data-checksums'
      POSTGRES_HOST_AUTH_METHOD: md5
    volumes:
      - ${UPLOAD_LOCATION:-postgres-devcontainer-volume}${UPLOAD_LOCATION:+/postgres}:/var/lib/postgresql/data
  redis:
    env_file: !reset []
 volumes:
  upload-devcontainer-volume:
  postgres-devcontainer-volume:
--- a/.devcontainer/server/container-start-backend.sh
+++ b/.devcontainer/server/container-start-backend.sh
@@ -1,22 +0,0 @@
 #!/bin/bash
 # shellcheck source=common.sh
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh
 log "Preparing Immich Nest API Server"
 log ""
 export CI=1
 run_cmd pnpm --filter immich install
 log "Starting Nest API Server"
 log ""
 cd "${IMMICH_WORKSPACE}/server" || (
    log "Immich workspace not found"
    exit 1
 )
 while true; do
    run_cmd pnpm --filter immich exec nest start --debug "0.0.0.0:9230" --watch
    log "Nest API Server crashed with exit code $?.  Respawning in 3s ..."
    sleep 3
 done
--- a/.devcontainer/server/container-start-frontend.sh
+++ b/.devcontainer/server/container-start-frontend.sh
@@ -1,29 +0,0 @@
 #!/bin/bash
 # shellcheck source=common.sh
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh
 export CI=1
 log "Preparing Immich Web Frontend"
 log ""
 run_cmd pnpm --filter @immich/sdk install
 run_cmd pnpm --filter @immich/sdk build
 run_cmd pnpm --filter immich-web install
 log "Starting Immich Web Frontend"
 log ""
 cd "${IMMICH_WORKSPACE}/web" || (
    log "Immich Workspace not found"
    exit 1
 )
 until curl --output /dev/null --silent --head --fail "http://127.0.0.1:${IMMICH_PORT}/api/server/config"; do
    log "Waiting for api server..."
    sleep 1
 done
 while true; do
    run_cmd pnpm --filter immich-web exec vite dev --host 0.0.0.0 --port "${DEV_PORT}"
    log "Web crashed with exit code $?.  Respawning in 3s ..."
    sleep 3
 done
--- a/.devcontainer/server/container-start.sh
+++ b/.devcontainer/server/container-start.sh
@@ -1,17 +0,0 @@
 #!/bin/bash
 # shellcheck source=common.sh
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh
 log "Setting up Immich dev container..."
 fix_permissions
 log "Setup complete, please wait while backend and frontend services automatically start"
 log
 log "If necessary, the services may be manually started using"
 log
 log "$ /immich-devcontainer/container-start-backend.sh"
 log "$ /immich-devcontainer/container-start-frontend.sh"
 log
 log "From different terminal windows, as these scripts automatically restart the server"
 log "on error, and will continuously run in a loop"
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,41 +1,31 @@
 .vscode/
 .github/
 .git/
 .env*
 *.log
 *.tmp
 *.temp
 **/Dockerfile
 **/node_modules/
 **/.pnpm-store/
 **/dist/
 **/coverage/
 **/build/
 design/
 docker/
 !docker/scripts
 docs/
 !docs/package.json
 !docs/package-lock.json
 e2e/
 !e2e/package.json
 !e2e/package-lock.json
 fastlane/
 machine-learning/
 misc/
 mobile/
 cli/coverage/
 cli/dist/
 cli/node_modules/
 open-api/typescript-sdk/build/
-!open-api/typescript-sdk/package.json
+open-api/typescript-sdk/node_modules/
 !open-api/typescript-sdk/package-lock.json
 server/coverage/
 server/node_modules/
 server/upload/
-server/src/queries
+server/dist/
 server/www/
 server/test/assets/
 web/node_modules/
 web/coverage/
 web/.svelte-kit
 web/build/
--- a/.gitattributes
+++ b/.gitattributes
@@ -2,22 +2,12 @@ mobile/openapi/**/*.md -diff -merge
 mobile/openapi/**/*.md linguist-generated=true
 mobile/openapi/**/*.dart -diff -merge
 mobile/openapi/**/*.dart linguist-generated=true
 mobile/openapi/.openapi-generator/FILES -diff -merge
 mobile/openapi/.openapi-generator/FILES linguist-generated=true
 mobile/lib/**/*.g.dart -diff -merge
 mobile/lib/**/*.g.dart linguist-generated=true
 mobile/lib/**/*.drift.dart -diff -merge
 mobile/lib/**/*.drift.dart linguist-generated=true
 mobile/drift_schemas/main/drift_schema_*.json -diff -merge
 mobile/drift_schemas/main/drift_schema_*.json linguist-generated=true
 mobile/lib/infrastructure/repositories/db.repository.steps.dart -diff -merge
 mobile/lib/infrastructure/repositories/db.repository.steps.dart linguist-generated=true
 mobile/test/drift/main/generated/** -diff -merge
 mobile/test/drift/main/generated/** linguist-generated=true
 open-api/typescript-sdk/fetch-client.ts -diff -merge
 open-api/typescript-sdk/fetch-client.ts linguist-generated=true
--- a/.github/.nvmrc
+++ b/.github/.nvmrc
@@ -1 +0,0 @@
 24.11.1
--- a/.github/.prettierignore
+++ b/.github/.prettierignore
@@ -1,4 +0,0 @@
 # Ignore files for PNPM, NPM and YARN
 pnpm-lock.yaml
 package-lock.json
 yarn.lock
--- a/.github/DISCUSSION_TEMPLATE/feature-request.yaml
+++ b/.github/DISCUSSION_TEMPLATE/feature-request.yaml
@@ -1,19 +1,18 @@
-title: '[Feature] feature-name-goes-here'
+title: "[Feature] <feature-name-goes-here>"
-labels: ['feature']
+labels: ["feature"]
 body:
  - type: markdown
    attributes:
      value: |
-        Please use this form to request new feature for Immich.
+        Please use this form to request new feature for Immich
        Stick to only a single feature per request. If you list multiple different features at once, 
        your request will be closed.
  - type: checkboxes
    attributes:
-      label: I have searched the existing feature requests, both open and closed, to make sure this is not a duplicate request.
+      label: I have searched the existing feature requests to make sure this is not a duplicate request.
      options:
-        - label: 'Yes'
+        - label: "Yes"
          required: true
  - type: textarea
    id: feature
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1 +1,5 @@
-custom: ['https://buy.immich.app', 'https://immich.store']
+# These are supported funding model platforms
 github: immich-app
 liberapay: alex.tran1502
 custom: https://www.buymeacoffee.com/altran1502
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -1,12 +1,6 @@
 name: Report an issue with Immich
 description: Report an issue with Immich
 body:
  - type: checkboxes
    attributes:
      label: I have searched the existing issues, both open and closed, to make sure this is not a duplicate report.
      options:
        - label: 'Yes'
  - type: markdown
    attributes:
      value: |
@@ -64,11 +58,6 @@ body:
        - label: Web
        - label: Mobile
  - type: input
    attributes:
      label: Device make and model
      placeholder: Samsung S25 Android 16
  - type: textarea
    validations:
      required: true
@@ -88,12 +77,13 @@ body:
    id: repro
    attributes:
      label: Reproduction steps
-      description: 'How do you trigger this bug? Please walk us through it step by step.'
+      description: "How do you trigger this bug? Please walk us through it step by step."
      value: |
        1.
        2.
        3.
        ...
      render: bash
    validations:
      required: true
@@ -101,13 +91,12 @@ body:
    id: logs
    attributes:
      label: Relevant log output
-      description:
+      description: Please copy and paste any relevant logs below. (code formatting is
        Please copy and paste any relevant logs below. (code formatting is
        enabled, no need for backticks)
      render: shell
    validations:
      required: false
-
+      
  - type: textarea
    attributes:
      label: Additional information
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,14 +1,11 @@
 blank_issues_enabled: false
 contact_links:
-  - name: ✋ I have a question or need support
+  - name: I have a question or need support
-    url: https://discord.immich.app
+    url: https://discord.gg/D8JsnBEuKb
    about: We use GitHub for tracking bugs, please check out our Discord channel for freaky fast support.
-  - name: 📷 My photo or video has a date, time, or timezone problem
+  - name: Feature Request
    url: https://github.com/immich-app/immich/discussions/12650
    about: Upload a sample file to this discussion and we will take a look
  - name: 🌟 Feature request
    url: https://github.com/immich-app/immich/discussions/new?category=feature-request
    about: Please use our GitHub Discussion for making feature requests.
-  - name: 🫣 I'm unsure where to go
+  - name: I'm unsure where to go
-    url: https://discord.immich.app
+    url: https://discord.gg/D8JsnBEuKb
    about: If you are unsure where to go, then joining our Discord is recommended; Just ask!
--- a/.github/PULL_REQUEST_TEMPLATE/config.yml
+++ b/.github/PULL_REQUEST_TEMPLATE/config.yml
@@ -1 +1,2 @@
 blank_issues_enabled: false
 blank_pull_request_template_enabled: false
--- a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md
+++ b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md
@@ -0,0 +1,22 @@
 ## Description
 <!--- Describe your changes in detail -->
 <!--- Why is this change required? What problem does it solve? -->
 <!--- If it fixes an open issue, please link to the issue here. -->
 Fixes # (issue)
 ## How Has This Been Tested?
 <!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration -->
 - [ ] Test A
 - [ ] Test B
 ## Screenshots (if appropriate):
 ## Checklist:
 - [ ] I have performed a self-review of my own code
 - [ ] I have made corresponding changes to the documentation if applicable
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,7 @@
 version: 2
 updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -1,37 +0,0 @@
 cli:
  - changed-files:
      - any-glob-to-any-file:
          - cli/src/**
 documentation:
  - changed-files:
      - any-glob-to-any-file:
          - docs/docs/**
          - docs/src/**
          - docs/static/**
 🖥️web:
  - changed-files:
      - any-glob-to-any-file:
          - web/src/**
          - web/static/**
 📱mobile:
  - changed-files:
      - any-glob-to-any-file:
          - mobile/lib/**
          - mobile/test/**
 🗄️server:
  - changed-files:
      - any-glob-to-any-file:
          - server/src/**
          - server/test/**
 🧠machine-learning:
  - changed-files:
      - any-glob-to-any-file:
          - machine-learning/**
 changelog:translation:
  - head-branch: ['^chore/translations$']
--- a/.github/mise.toml
+++ b/.github/mise.toml
@@ -1,10 +0,0 @@
 [tasks.install]
 run = "pnpm install --filter github --frozen-lockfile"
 [tasks.format]
 env._.path = "./node_modules/.bin"
 run = "prettier --check ."
 [tasks."format-fix"]
 env._.path = "./node_modules/.bin"
 run = "prettier --write ."
--- a/.github/package.json
+++ b/.github/package.json
@@ -1,9 +0,0 @@
 {
  "scripts": {
    "format": "prettier --check .",
    "format:fix": "prettier --write ."
  },
  "devDependencies": {
    "prettier": "^3.7.4"
  }
 }
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,40 +0,0 @@
 ## Description
 <!--- Describe your changes in detail -->
 <!--- Why is this change required? What problem does it solve? -->
 <!--- If it fixes an open issue, please link to the issue here. -->
 Fixes # (issue)
 ## How Has This Been Tested?
 <!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration -->
 - [ ] Test A
 - [ ] Test B
 <details><summary><h2>Screenshots (if appropriate)</h2></summary>
 <!-- Images go below this line. -->
 </details>
 <!-- API endpoint changes (if relevant)
 ## API Changes
 The `/api/something` endpoint is now `/api/something-else`
 -->
 ## Checklist:
 - [ ] I have performed a self-review of my own code
 - [ ] I have made corresponding changes to the documentation if applicable
 - [ ] I have no unrelated changes in the PR.
 - [ ] I have confirmed that any new dependencies are strictly necessary.
 - [ ] I have written tests for new code (if applicable)
 - [ ] I have followed naming conventions/patterns in the surrounding code
 - [ ] All code in `src/services/` uses repositories implementations for database calls, filesystem operations, etc.
 - [ ] All code in `src/repositories/` is pretty basic/simple and does not have any immich specific logic (that belongs in `src/services/`)
 ## Please describe to which degree, if any, an LLM was used in creating this pull request.
 ...
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -1,33 +1,41 @@
-changelog:
+changelog:
-  categories:
+  categories:
-    - title: 🚨 Breaking Changes
+    - title: ⚠️ Breaking Changes
-      labels:
+      labels:
-        - changelog:breaking-change
+        - breaking-change
-
+
-    - title: 🫥 Deprecated Changes
+    - title: 🗄️ Server
-      labels:
+      labels:
-        - changelog:deprecated
+        - 🗄️server
-
+
-    - title: 🔒 Security
+    - title: 📱 Mobile
-      labels:
+      labels:
-        - changelog:security
+        - 📱mobile
-
+
-    - title: 🚀 Features
+    - title: 🖥️ Web
-      labels:
+      labels:
-        - changelog:feature
+        - 🖥️web
-
+
-    - title: 🌟 Enhancements
+    - title: 🧠 Machine Learning
-      labels:
+      labels:
-        - changelog:enhancement
+        - 🧠machine-learning
-
+
-    - title: 🐛 Bug fixes
+    - title: ⚡ CLI
-      labels:
+      labels:
-        - changelog:bugfix
+        - cli
-
+
-    - title: 📚 Documentation
+    - title: 📓 Documentation
-      labels:
+      labels:
-        - changelog:documentation
+        - documentation
-
+
-    - title: 🌐 Translations
+    - title: 🔨 Maintenance
-      labels:
+      labels:
-        - changelog:translation
+        - deployment
        - dependencies
        - renovate
        - maintenance
        - tech-debt
    - title: Other changes
      labels:
        - "*"
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -1,49 +1,12 @@
 name: Build Mobile
 on:
  workflow_dispatch:
  workflow_call:
    inputs:
      ref:
        required: false
        type: string
      environment:
        description: 'Target environment'
        required: true
        default: 'development'
        type: string
    secrets:
      KEY_JKS:
        required: true
      ALIAS:
        required: true
      ANDROID_KEY_PASSWORD:
        required: true
      ANDROID_STORE_PASSWORD:
        required: true
      APP_STORE_CONNECT_API_KEY_ID:
        required: true
      APP_STORE_CONNECT_API_KEY_ISSUER_ID:
        required: true
      APP_STORE_CONNECT_API_KEY:
        required: true
      IOS_CERTIFICATE_P12:
        required: true
      IOS_CERTIFICATE_PASSWORD:
        required: true
      IOS_PROVISIONING_PROFILE:
        required: true
      IOS_PROVISIONING_PROFILE_SHARE_EXTENSION:
        required: true
      IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION:
        required: true
      IOS_DEVELOPMENT_PROVISIONING_PROFILE:
        required: true
      IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION:
        required: true
      IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION:
        required: true
      FASTLANE_TEAM_ID:
        required: true
  pull_request:
  push:
    branches: [main]
@@ -52,274 +15,61 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Check what should run
        id: check
        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
            mobile:
              - 'mobile/**'
          force-filters: |
            - '.github/workflows/build-mobile.yml'
          force-events: 'workflow_call,workflow_dispatch'
  build-sign-android:
    name: Build and sign Android
    needs: pre-job
    permissions:
      contents: read
    # Skip when PR from a fork
-    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
-    runs-on: mich
+    runs-on: macos-14
    steps:
-      - id: token
+      - name: Determine ref
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+        id: get-ref
-        with:
+        run: |
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
+          input_ref="${{ inputs.ref }}"
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+          github_ref="${{ github.sha }}"
          ref="${input_ref:-$github_ref}"
          echo "ref=$ref" >> $GITHUB_OUTPUT
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      - uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.ref || github.sha }}
+          ref: ${{ steps.get-ref.outputs.ref }}
-          persist-credentials: false
+
-          token: ${{ steps.token.outputs.token }}
+      - uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: '17'
          cache: 'gradle'
      - name: Setup Flutter SDK
        uses: subosito/flutter-action@v2
        with:
          channel: 'stable'
          flutter-version: '3.19.3'
          cache: true
      - name: Create the Keystore
        env:
          KEY_JKS: ${{ secrets.KEY_JKS }}
        working-directory: ./mobile
-        run: printf "%s" $KEY_JKS | base64 -d > android/key.jks
+        run: echo $KEY_JKS | base64 -d > android/key.jks
      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          distribution: 'zulu'
          java-version: '17'
      - name: Restore Gradle Cache
        id: cache-gradle-restore
        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
            ~/.android/sdk
            mobile/android/.gradle
            mobile/.dart_tool
          key: build-mobile-gradle-${{ runner.os }}-main
      - name: Setup Flutter SDK
        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
          cache: true
      - name: Setup Android SDK
        uses: android-actions/setup-android@9fc6c4e9069bf8d3d10b2204b1fb8f6ef7065407 # v3.2.2
        with:
          packages: ''
      - name: Get Packages
        working-directory: ./mobile
        run: flutter pub get
      - name: Generate translation file
        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
        working-directory: ./mobile
      - name: Generate platform APIs
        run: make pigeon
        working-directory: ./mobile
      - name: Build Android App Bundle
        working-directory: ./mobile
        env:
          ALIAS: ${{ secrets.ALIAS }}
          ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
          ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
          IS_MAIN: ${{ github.ref == 'refs/heads/main' }}
        run: |
-          if [[ $IS_MAIN == 'true' ]]; then
+          flutter build apk --release
-            flutter build apk --release
+          flutter build apk --release --split-per-abi --target-platform android-arm,android-arm64,android-x64
            flutter build apk --release --split-per-abi --target-platform android-arm,android-arm64,android-x64
          else
            flutter build apk --debug --split-per-abi --target-platform android-arm64
          fi
      - name: Publish Android Artifact
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@v4
        with:
          name: release-apk-signed
          path: mobile/build/app/outputs/flutter-apk/*.apk
      - name: Save Gradle Cache
        id: cache-gradle-save
        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
        if: github.ref == 'refs/heads/main'
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
            ~/.android/sdk
            mobile/android/.gradle
            mobile/.dart_tool
          key: ${{ steps.cache-gradle-restore.outputs.cache-primary-key }}
  build-sign-ios:
    name: Build and sign iOS
    needs: pre-job
    permissions:
      contents: read
    # Run on main branch or workflow_dispatch, or on PRs/other branches (build only, no upload)
    if: ${{ !github.event.pull_request.head.repo.fork && fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
    runs-on: macos-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
        with:
          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false
      - name: Setup Flutter SDK
        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
          cache: true
      - name: Install Flutter dependencies
        working-directory: ./mobile
        run: flutter pub get
      - name: Generate translation files
        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
        working-directory: ./mobile
      - name: Generate platform APIs
        run: make pigeon
        working-directory: ./mobile
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: '3.3'
          bundler-cache: true
          working-directory: ./mobile/ios
      - name: Install CocoaPods dependencies
        working-directory: ./mobile/ios
        run: |
          pod install
      - name: Create API Key
        env:
          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
          API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
          API_KEY_CONTENT: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
        working-directory: ./mobile/ios
        run: |
          mkdir -p ~/.appstoreconnect/private_keys
          echo "$API_KEY_CONTENT" | base64 --decode > ~/.appstoreconnect/private_keys/AuthKey_${API_KEY_ID}.p8
      - name: Import Certificate and Provisioning Profiles
        env:
          IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
          IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
          IOS_PROVISIONING_PROFILE: ${{ secrets.IOS_PROVISIONING_PROFILE }}
          IOS_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_SHARE_EXTENSION }}
          IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
          IOS_DEVELOPMENT_PROVISIONING_PROFILE: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE }}
          IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION }}
          IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
          ENVIRONMENT: ${{ inputs.environment || 'development' }}
        working-directory: ./mobile/ios
        run: |
          # Decode certificate
          echo "$IOS_CERTIFICATE_P12" | base64 --decode > certificate.p12
          # Decode provisioning profiles based on environment
          if [[ "$ENVIRONMENT" == "development" ]]; then
            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE" | base64 --decode > profile_dev.mobileprovision
            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION" | base64 --decode > profile_dev_share.mobileprovision
            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION" | base64 --decode > profile_dev_widget.mobileprovision
            ls -lh profile_dev*.mobileprovision
          else
            echo "$IOS_PROVISIONING_PROFILE" | base64 --decode > profile.mobileprovision
            echo "$IOS_PROVISIONING_PROFILE_SHARE_EXTENSION" | base64 --decode > profile_share.mobileprovision
            echo "$IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION" | base64 --decode > profile_widget.mobileprovision
            ls -lh profile*.mobileprovision
          fi
      - name: Create keychain and import certificate
        env:
          KEYCHAIN_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
          CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
        working-directory: ./mobile/ios
        run: |
          # Create keychain
          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
          security default-keychain -s build.keychain
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
          security set-keychain-settings -t 3600 -u build.keychain
          # Import certificate
          security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security
          security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" build.keychain
          # Verify certificate was imported
          security find-identity -v -p codesigning build.keychain
      - name: Build and deploy to TestFlight
        env:
          FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}
          IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
          KEYCHAIN_NAME: build.keychain
          KEYCHAIN_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
          APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
          ENVIRONMENT: ${{ inputs.environment || 'development' }}
          BUNDLE_ID_SUFFIX: ${{ inputs.environment == 'production' && '' || 'development' }}
          GITHUB_REF: ${{ github.ref }}
        working-directory: ./mobile/ios
        run: |
          # Only upload to TestFlight on main branch
          if [[ "$GITHUB_REF" == "refs/heads/main" ]]; then
            if [[ "$ENVIRONMENT" == "development" ]]; then
              bundle exec fastlane gha_testflight_dev
            else
              bundle exec fastlane gha_release_prod
            fi
          else
            # Build only, no TestFlight upload for non-main branches
            bundle exec fastlane gha_build_only
          fi
      - name: Clean up keychain
        if: always()
        run: |
          security delete-keychain build.keychain || true
      - name: Upload IPA artifact
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: ios-release-ipa
          path: mobile/ios/Runner.ipa
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -8,45 +8,31 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  cleanup:
    name: Cleanup
    runs-on: ubuntu-latest
    permissions:
      contents: read
      actions: write
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Check out code
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Cleanup
        env:
          GH_TOKEN: ${{ steps.token.outputs.token }}
          REF: ${{ github.ref }}
        run: |
          gh extension install actions/gh-actions-cache
          REPO=${{ github.repository }}
          BRANCH=${{ github.ref }}
          echo "Fetching list of cache keys"
-          cacheKeysForPR=$(gh actions-cache list -R $REPO -B ${REF} -L 100 | cut -f 1 )
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
          ## Setting this to not fail the workflow while deleting cache keys.
          set +e
          echo "Deleting caches..."
          for cacheKey in $cacheKeysForPR
          do
-              gh actions-cache delete $cacheKey -R "$REPO" -B "${REF}" --confirm
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
          done
          echo "Done"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -1,96 +1,67 @@
 name: CLI Build
 on:
  workflow_dispatch:
  push:
    branches: [main]
    paths:
-      - 'cli/**'
+      - "cli/**"
-      - '.github/workflows/cli.yml'
+      - ".github/workflows/cli.yml"
  pull_request:
    branches: [main]
    paths:
-      - 'cli/**'
+      - "cli/**"
-      - '.github/workflows/cli.yml'
+      - ".github/workflows/cli.yml"
  release:
    types: [published]
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
-permissions: {}
+permissions:
  packages: write
 jobs:
  publish:
-    name: CLI Publish
+    name: Publish
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
    steps:
-      - id: token
+      - uses: actions/checkout@v4
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+      # Setup .npmrc file to publish to npm
      - uses: actions/setup-node@v4
        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
+          node-version: "20.x"
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+          registry-url: "https://registry.npmjs.org"
-
+      - name: Prepare SDK
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        run: npm ci --prefix ../open-api/typescript-sdk/
-        with:
+      - name: Build SDK
-          persist-credentials: false
+        run: npm run build --prefix ../open-api/typescript-sdk/
-          token: ${{ steps.token.outputs.token }}
+      - run: npm ci
-
+      - run: npm run build
-      - name: Setup pnpm
+      - run: npm publish
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        if: ${{ github.event_name == 'workflow_dispatch' }}
      - name: Setup Node
        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './cli/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Setup typescript-sdk
        run: pnpm install && pnpm run build
        working-directory: ./open-api/typescript-sdk
      - run: pnpm install --frozen-lockfile
      - run: pnpm build
      - run: pnpm publish --no-git-checks
        if: ${{ github.event_name == 'release' }}
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
  docker:
    name: Docker
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    needs: publish
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        uses: docker/setup-qemu-action@v3.0.0
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@v3.3.0
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@v3
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
@@ -105,22 +76,22 @@ jobs:
      - name: Generate docker image tags
        id: metadata
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
+        uses: docker/metadata-action@v5
        with:
          flavor: |
            latest=false
          images: |
            name=ghcr.io/${{ github.repository_owner }}/immich-cli
          tags: |
-            type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'release' }}
+            type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'workflow_dispatch' }}
-            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+            type=raw,value=latest,enable=${{ github.event_name == 'workflow_dispatch' }}
      - name: Build and push image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@v5.3.0
        with:
          file: cli/Dockerfile
          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name == 'release' }}
+          push: ${{ github.event_name == 'workflow_dispatch' }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          tags: ${{ steps.metadata.outputs.tags }}
--- a/.github/workflows/close-duplicates.yml
+++ b/.github/workflows/close-duplicates.yml
@@ -1,107 +0,0 @@
 on:
  issues:
    types: [opened]
  discussion:
    types: [created]
 name: Close likely duplicates
 permissions: {}
 jobs:
  should_run:
    runs-on: ubuntu-latest
    outputs:
      should_run: ${{ steps.should_run.outputs.run }}
    steps:
      - id: should_run
        run: echo "run=${{ github.event_name == 'issues' || github.event.discussion.category.name == 'Feature Request' }}" >> $GITHUB_OUTPUT
  get_body:
    runs-on: ubuntu-latest
    needs: should_run
    if: ${{ needs.should_run.outputs.should_run == 'true' }}
    env:
      EVENT: ${{ toJSON(github.event) }}
    outputs:
      body: ${{ steps.get_body.outputs.body }}
    steps:
      - id: get_body
        run: |
          BODY=$(echo """$EVENT""" | jq -r '.issue // .discussion | .body' | base64 -w 0)
          echo "body=$BODY" >> $GITHUB_OUTPUT
  get_checkbox_json:
    runs-on: ubuntu-latest
    needs: [get_body, should_run]
    if: ${{ needs.should_run.outputs.should_run == 'true' }}
    container:
      image: ghcr.io/immich-app/mdq:main@sha256:237cdae7783609c96f18037a513d38088713cf4a2e493a3aa136d0c45490749a
    outputs:
      checked: ${{ steps.get_checkbox.outputs.checked }}
    steps:
      - id: get_checkbox
        env:
          BODY: ${{ needs.get_body.outputs.body }}
        run: |
          CHECKED=$(echo "$BODY" | base64 -d | /mdq --output json '# I have searched | - [?] Yes' | jq '.items[0].list[0].checked // false')
          echo "checked=$CHECKED" >> $GITHUB_OUTPUT
  close_and_comment:
    runs-on: ubuntu-latest
    needs: [get_checkbox_json, should_run]
    if: ${{ needs.should_run.outputs.should_run == 'true' && needs.get_checkbox_json.outputs.checked != 'true' }}
    permissions:
      issues: write
      discussions: write
    steps:
      - name: Close issue
        if: ${{ github.event_name == 'issues' }}
        env:
          GH_TOKEN: ${{ github.token }}
          NODE_ID: ${{ github.event.issue.node_id }}
        run: |
          gh api graphql \
            -f issueId="$NODE_ID" \
            -f body="This issue has automatically been closed as it is likely a duplicate. We get a lot of duplicate threads each day, which is why we ask you in the template to confirm that you searched for duplicates before opening one. If you're sure this is not a duplicate, please leave a comment and we will reopen the thread if necessary." \
            -f query='
              mutation CommentAndCloseIssue($issueId: ID!, $body: String!) {
                addComment(input: {
                  subjectId: $issueId, 
                  body: $body
                }) {
                  __typename
                }
                closeIssue(input: {
                  issueId: $issueId,
                  stateReason: DUPLICATE
                }) {
                  __typename
                }
              }'
      - name: Close discussion
        if: ${{ github.event_name == 'discussion' && github.event.discussion.category.name == 'Feature Request' }}
        env:
          GH_TOKEN: ${{ github.token }}
          NODE_ID: ${{ github.event.discussion.node_id }}
        run: |
          gh api graphql \
            -f discussionId="$NODE_ID" \
            -f body="This discussion has automatically been closed as it is likely a duplicate. We get a lot of duplicate threads each day, which is why we ask you in the template to confirm that you searched for duplicates before opening one. If you're sure this is not a duplicate, please leave a comment and we will reopen the thread if necessary." \
            -f query='
              mutation CommentAndCloseDiscussion($discussionId: ID!, $body: String!) {
                addDiscussionComment(input: {
                  discussionId: $discussionId,
                  body: $body
                }) {
                  __typename
                }
                closeDiscussion(input: {
                  discussionId: $discussionId,
                  reason: DUPLICATE
                }) {
                  __typename
                }
              }'
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -9,14 +9,14 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: 'CodeQL'
+name: "CodeQL"
 on:
  push:
-    branches: ['main']
+    branches: [ "main" ]
  pull_request:
    # The branches below must be a subset of the branches above
-    branches: ['main']
+    branches: [ "main" ]
  schedule:
    - cron: '20 13 * * 1'
@@ -24,8 +24,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  analyze:
    name: Analyze
@@ -38,51 +36,43 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language: ['javascript', 'python']
+        language: [ 'javascript', 'python' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
    steps:
-      - id: token
+    - name: Checkout repository
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+      uses: actions/checkout@v4
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-      - name: Checkout repository
+    # Initializes the CodeQL tools for scanning.
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+    - name: Initialize CodeQL
-        with:
+      uses: github/codeql-action/init@v3
-          persist-credentials: false
+      with:
-          token: ${{ steps.token.outputs.token }}
+        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.
-      # Initializes the CodeQL tools for scanning.
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-      - name: Initialize CodeQL
+        # queries: security-extended,security-and-quality
        uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
          # By default, queries listed here will override any specified in a config file.
          # Prefix the list here with "+" to use these queries and those in the config file.
          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
          # queries: security-extended,security-and-quality
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
+    # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
+    - name: Autobuild
-        uses: github/codeql-action/autobuild@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
+      uses: github/codeql-action/autobuild@v3
-      # ℹ️ Command-line programs to run using the OS shell.
+    # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-      # - run: |
+    # - run: |
-      #   echo "Run, Build Application using script"
+    #   echo "Run, Build Application using script"
-      #   ./location_of_script_within_repo/buildscript.sh
+    #   ./location_of_script_within_repo/buildscript.sh
-      - name: Perform CodeQL Analysis
+    - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
+      uses: github/codeql-action/analyze@v3
-        with:
+      with:
-          category: '/language:${{matrix.language}}'
+        category: "/language:${{matrix.language}}"
--- a/.github/workflows/docker-cleanup.yml
+++ b/.github/workflows/docker-cleanup.yml
@@ -0,0 +1,73 @@
 # This workflow runs on certain conditions to check for and potentially
 # delete container images from the GHCR which no longer have an associated
 # code branch.
 # Requires a PAT with the correct scope set in the secrets.
 #
 # This workflow will not trigger runs on forked repos.
 name: Docker Cleanup
 on:
  pull_request:
    types:
      - "closed"
  push:
    paths:
      - ".github/workflows/docker-cleanup.yml"
 concurrency:
  group: registry-tags-cleanup
  cancel-in-progress: false
 jobs:
  cleanup-images:
    name: Cleanup Stale Images Tags for ${{ matrix.primary-name }}
    runs-on: ubuntu-22.04
    strategy:
      fail-fast: false
      matrix:
        include:
          - primary-name: "immich-server"
          - primary-name: "immich-machine-learning"
    env:
      # Requires a personal access token with the OAuth scope delete:packages
      TOKEN: ${{ secrets.PACKAGE_DELETE_TOKEN }}
    steps:
      - name: Clean temporary images
        if: "${{ env.TOKEN != '' }}"
        uses: stumpylog/image-cleaner-action/ephemeral@v0.6.0
        with:
          token: "${{ env.TOKEN }}"
          owner: "immich-app"
          is_org: "true"
          do_delete: "true"
          package_name: "${{ matrix.primary-name }}"
          scheme: "pull_request"
          repo_name: "immich"
          match_regex: '^pr-(\d+)$|^(\d+)$'
  cleanup-untagged-images:
    name: Cleanup Untagged Images Tags for ${{ matrix.primary-name }}
    runs-on: ubuntu-22.04
    needs:
      - cleanup-images
    strategy:
      fail-fast: false
      matrix:
        include:
          - primary-name: "immich-server"
          - primary-name: "immich-machine-learning"
          - primary-name: "immich-build-cache"
    env:
      # Requires a personal access token with the OAuth scope delete:packages
      TOKEN: ${{ secrets.PACKAGE_DELETE_TOKEN }}
    steps:
      - name: Clean untagged images
        if: "${{ env.TOKEN != '' }}"
        uses: stumpylog/image-cleaner-action/untagged@v0.6.0
        with:
          token: "${{ env.TOKEN }}"
          owner: "immich-app"
          do_delete: "true"
          is_org: "true"
          package_name: "${{ matrix.primary-name }}"
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -5,6 +5,7 @@ on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  release:
    types: [published]
@@ -12,183 +13,118 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
-permissions: {}
+permissions:
  packages: write
 jobs:
-  pre-job:
+  build_and_push:
-    runs-on: ubuntu-latest
+    name: Build and Push
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Check what should run
        id: check
        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
            server:
              - 'server/**'
              - 'openapi/**'
              - 'web/**'
              - 'i18n/**'
            machine-learning:
              - 'machine-learning/**'
          force-filters: |
            - '.github/workflows/docker.yml'
            - '.github/workflows/multi-runner-build.yml'
            - '.github/actions/image-build'
          force-events: 'workflow_dispatch,release'
  retag_ml:
    name: Re-Tag ML
    needs: pre-job
    permissions:
      contents: read
      packages: write
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == false && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
-      matrix:
+      # Prevent a failure in one image from stopping the other builds
        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
    steps:
      - name: Login to GitHub Container Registry
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Re-tag image
        env:
          REGISTRY_NAME: 'ghcr.io'
          REPOSITORY: ${{ github.repository_owner }}/immich-machine-learning
          TAG_OLD: main${{ matrix.suffix }}
          TAG_PR: ${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }}
          TAG_COMMIT: commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
        run: |
          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_PR}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_COMMIT}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
  retag_server:
    name: Re-Tag Server
    needs: pre-job
    permissions:
      contents: read
      packages: write
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == false && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ['']
    steps:
      - name: Login to GitHub Container Registry
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Re-tag image
        env:
          REGISTRY_NAME: 'ghcr.io'
          REPOSITORY: ${{ github.repository_owner }}/immich-server
          TAG_OLD: main${{ matrix.suffix }}
          TAG_PR: ${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }}
          TAG_COMMIT: commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
        run: |
          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_PR}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_COMMIT}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
  machine-learning:
    name: Build and Push ML
    needs: pre-job
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == true }}
    strategy:
      fail-fast: false
      matrix:
        include:
-          - device: cpu
+          - image: immich-machine-learning
-          - device: cuda
+            context: machine-learning
-            suffixes: '-cuda'
+            file: machine-learning/Dockerfile
            platforms: linux/amd64,linux/arm64
            device: cpu
          - image: immich-machine-learning
            context: machine-learning
            file: machine-learning/Dockerfile
            platforms: linux/amd64
-          - device: openvino
+            device: cuda
-            suffixes: '-openvino'
+            suffix: -cuda
          - image: immich-machine-learning
            context: machine-learning
            file: machine-learning/Dockerfile
            platforms: linux/amd64
-          - device: armnn
+            device: openvino
-            suffixes: '-armnn'
+            suffix: -openvino
          - image: immich-machine-learning
            context: machine-learning
            file: machine-learning/Dockerfile
            platforms: linux/arm64
-          - device: rknn
+            device: armnn
-            suffixes: '-rknn'
+            suffix: -armnn
            platforms: linux/arm64
          - device: rocm
            suffixes: '-rocm'
            platforms: linux/amd64
            runner-mapping: '{"linux/amd64": "mich"}'
    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@0477486d82313fba68f7c82c034120a4b8981297 # multi-runner-build-workflow-v2.1.0
    permissions:
      contents: read
      actions: read
      packages: write
    secrets:
      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
    with:
      image: immich-machine-learning
      context: machine-learning
      dockerfile: machine-learning/Dockerfile
      platforms: ${{ matrix.platforms }}
      runner-mapping: ${{ matrix.runner-mapping }}
      suffixes: ${{ matrix.suffixes }}
      dockerhub-push: ${{ github.event_name == 'release' }}
      build-args: |
        DEVICE=${{ matrix.device }}
-  server:
+          - image: immich-server
-    name: Build and Push Server
+            context: .
-    needs: pre-job
+            file: server/Dockerfile
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+            platforms: linux/amd64,linux/arm64
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@0477486d82313fba68f7c82c034120a4b8981297 # multi-runner-build-workflow-v2.1.0
+            device: cpu
    permissions:
      contents: read
      actions: read
      packages: write
    secrets:
      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
    with:
      image: immich-server
      context: .
      dockerfile: server/Dockerfile
      dockerhub-push: ${{ github.event_name == 'release' }}
      build-args: |
        DEVICE=cpu
  success-check-server:
    name: Docker Build & Push Server Success
    needs: [server, retag_server]
    permissions: {}
    runs-on: ubuntu-latest
    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
+      - name: Checkout
-        with:
+        uses: actions/checkout@v4
          needs: ${{ toJSON(needs) }}
-  success-check-ml:
+      - name: Set up QEMU
-    name: Docker Build & Push ML Success
+        uses: docker/setup-qemu-action@v3.0.0
-    needs: [machine-learning, retag_ml]
+
-    permissions: {}
+      - name: Set up Docker Buildx
-    runs-on: ubuntu-latest
+        uses: docker/setup-buildx-action@v3.3.0
-    if: always()
+
-    steps:
+      - name: Login to Docker Hub
-      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
+        # Only push to Docker Hub when making a release
        if: ${{ github.event_name == 'release' }}
        uses: docker/login-action@v3
        with:
-          needs: ${{ toJSON(needs) }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        # Skip when PR from a fork
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Generate docker image tags
        id: metadata
        uses: docker/metadata-action@v5
        with:
          flavor: |
            # Disable latest tag
            latest=false
          images: |
            name=ghcr.io/${{ github.repository_owner }}/${{matrix.image}}
            name=altran1502/${{matrix.image}},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch,suffix=${{ matrix.suffix }}
            # Tag with pr-number
            type=ref,event=pr,suffix=${{ matrix.suffix }}
            # Tag with git tag on release
            type=ref,event=tag,suffix=${{ matrix.suffix }}
            type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }}
      - name: Determine build cache output
        id: cache-target
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            # Essentially just ignore the cache output (PR can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ matrix.image }}" >> $GITHUB_OUTPUT
          fi
      - name: Build and push image
        uses: docker/build-push-action@v5.3.0
        with:
          context: ${{ matrix.context }}
          file: ${{ matrix.file }}
          platforms: ${{ matrix.platforms }}
          # Skip pushing when PR from a fork
          push: ${{ !github.event.pull_request.head.repo.fork }}
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{matrix.image}}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          build-args: |
            DEVICE=${{ matrix.device }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -1,93 +0,0 @@
 name: Docs build
 on:
  push:
    branches: [main]
  pull_request:
  release:
    types: [published]
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Check what should run
        id: check
        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
            docs:
              - 'docs/**'
            open-api:
              - 'open-api/immich-openapi-specs.json'
          force-filters: |
            - '.github/workflows/docs-build.yml'
          force-events: 'release'
          force-branches: 'main'
  build:
    name: Docs Build
    needs: pre-job
    permissions:
      contents: read
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).docs == true }}
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./docs
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout code
        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './docs/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Run install
        run: pnpm install
      - name: Check formatting
        run: pnpm format
      - name: Run build
        run: pnpm build
      - name: Upload build output
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: docs-build-output
          path: docs/build/
          include-hidden-files: true
          retention-days: 1
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -1,225 +0,0 @@
 name: Docs deploy
 on:
  workflow_run: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
    workflows: ['Docs build']
    types:
      - completed
 env:
  TG_NON_INTERACTIVE: 'true'
 jobs:
  checks:
    name: Docs Deploy Checks
    runs-on: ubuntu-latest
    permissions:
      actions: read
      pull-requests: read
    outputs:
      parameters: ${{ steps.parameters.outputs.result }}
      artifact: ${{ steps.get-artifact.outputs.result }}
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - if: ${{ github.event.workflow_run.conclusion != 'success' }}
        run: echo 'The triggering workflow did not succeed' && exit 1
      - name: Get artifact
        id: get-artifact
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          script: |
            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
               owner: context.repo.owner,
               repo: context.repo.repo,
               run_id: context.payload.workflow_run.id,
            });
            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
              return artifact.name == "docs-build-output"
            })[0];
            if (!matchArtifact) {
              console.log("No artifact found with the name docs-build-output, build job was skipped")
              return { found: false };
            }
            return { found: true, id: matchArtifact.id };
      - name: Determine deploy parameters
        id: parameters
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        env:
          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        with:
          github-token: ${{ steps.token.outputs.token }}
          script: |
            const eventType = context.payload.workflow_run.event;
            const isFork = context.payload.workflow_run.repository.fork;
            let parameters;
            console.log({eventType, isFork});
            if (eventType == "push") {
              const branch = context.payload.workflow_run.head_branch;
              console.log({branch});
              const shouldDeploy = !isFork && branch == "main";
              parameters = {
                event: "branch",
                name: "main",
                shouldDeploy
              };
            } else if (eventType == "pull_request") {
              let pull_number = context.payload.workflow_run.pull_requests[0]?.number;
              if(!pull_number) {
                const {HEAD_SHA} = process.env;
                const response = await github.rest.search.issuesAndPullRequests({q: `repo:${{ github.repository }} is:pr sha:${HEAD_SHA}`,per_page: 1,})
                const items = response.data.items
                if (items.length < 1) {
                  throw new Error("No pull request found for the commit")
                }
                const pullRequestNumber = items[0].number
                console.info("Pull request number is", pullRequestNumber)
                pull_number = pullRequestNumber
              }
              const {data: pr} = await github.rest.pulls.get({
                owner: context.repo.owner,
                repo: context.repo.repo,
                pull_number
              });
              console.log({pull_number});
              parameters = {
                event: "pr",
                name: `pr-${pull_number}`,
                pr_number: pull_number,
                shouldDeploy: true
              };
            } else if (eventType == "release") {
              parameters = {
                event: "release",
                name: context.payload.workflow_run.head_branch,
                shouldDeploy: !isFork
              };
            }
            console.log(parameters);
            return parameters;
  deploy:
    name: Docs Deploy
    runs-on: ubuntu-latest
    needs: checks
    permissions:
      contents: read
      actions: read
      pull-requests: write
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout code
        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup Mise
        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0
      - name: Load parameters
        id: parameters
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        env:
          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
        with:
          github-token: ${{ steps.token.outputs.token }}
          script: |
            const parameters = JSON.parse(process.env.PARAM_JSON);
            core.setOutput("event", parameters.event);
            core.setOutput("name", parameters.name);
            core.setOutput("shouldDeploy", parameters.shouldDeploy);
      - name: Download artifact
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        env:
          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
        with:
          github-token: ${{ steps.token.outputs.token }}
          script: |
            let artifact = JSON.parse(process.env.ARTIFACT_JSON);
            let download = await github.rest.actions.downloadArtifact({
               owner: context.repo.owner,
               repo: context.repo.repo,
               artifact_id: artifact.id,
               archive_format: 'zip',
            });
            let fs = require('fs');
            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/docs-build-output.zip`, Buffer.from(download.data));
      - name: Unzip artifact
        run: unzip "${{ github.workspace }}/docs-build-output.zip" -d "${{ github.workspace }}/docs/build"
      - name: Deploy Docs Subdomain
        env:
          TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
          TF_VAR_prefix_event_type: ${{ steps.parameters.outputs.event }}
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
        working-directory: 'deployment/modules/cloudflare/docs'
        run: 'mise run //deployment:tf apply'
      - name: Deploy Docs Subdomain Output
        id: docs-output
        env:
          TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
          TF_VAR_prefix_event_type: ${{ steps.parameters.outputs.event }}
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
        working-directory: 'deployment/modules/cloudflare/docs'
        run: |
          mise run //deployment:tf output -- -json | jq -r '
            "projectName=\(.pages_project_name.value)",
            "subdomain=\(.immich_app_branch_subdomain.value)"
          ' >> $GITHUB_OUTPUT
      - name: Publish to Cloudflare Pages
        # TODO: Action is deprecated
        uses: cloudflare/pages-action@f0a1cd58cd66095dee69bfa18fa5efd1dde93bca # v1.5.0
        with:
          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          projectName: ${{ steps.docs-output.outputs.projectName }}
          workingDirectory: 'docs'
          directory: 'build'
          branch: ${{ steps.parameters.outputs.name }}
          wranglerVersion: '3'
      - name: Deploy Docs Release Domain
        if: ${{ steps.parameters.outputs.event == 'release' }}
        env:
          TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
        working-directory: 'deployment/modules/cloudflare/docs-release'
        run: 'mise run //deployment:tf apply'
      - name: Comment
        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
        if: ${{ steps.parameters.outputs.event == 'pr' }}
        with:
          token: ${{ steps.token.outputs.token }}
          number: ${{ fromJson(needs.checks.outputs.parameters).pr_number }}
          body: |
            📖 Documentation deployed to [${{ steps.docs-output.outputs.subdomain }}](https://${{ steps.docs-output.outputs.subdomain }})
          emojis: 'rocket'
          body-include: '<!-- Docs PR URL -->'
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -1,50 +0,0 @@
 name: Docs destroy
 on:
  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
    types: [closed]
 permissions: {}
 env:
  TG_NON_INTERACTIVE: 'true'
 jobs:
  deploy:
    name: Docs Destroy
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout code
        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup Mise
        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0
      - name: Destroy Docs Subdomain
        env:
          TF_VAR_prefix_name: 'pr-${{ github.event.number }}'
          TF_VAR_prefix_event_type: 'pr'
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
        working-directory: 'deployment/modules/cloudflare/docs'
        run: 'mise run //deployment:tf destroy -- -refresh=false'
      - name: Comment
        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
        with:
          token: ${{ steps.token.outputs.token }}
          number: ${{ github.event.number }}
          delete: true
          body-include: '<!-- Docs PR URL -->'
--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -1,61 +0,0 @@
 name: Fix formatting
 on:
  pull_request:
    types: [labeled]
 permissions: {}
 jobs:
  fix-formatting:
    runs-on: ubuntu-latest
    if: ${{ github.event.label.name == 'fix:formatting' }}
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Generate a token
        id: generate-token
        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: 'Checkout'
        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Fix formatting
        run: pnpm --recursive install && pnpm run --recursive --parallel fix:format
      - name: Commit and push
        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
        with:
          default_author: github_actions
          message: 'chore: fix formatting'
      - name: Remove label
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        if: always()
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
            github.rest.issues.removeLabel({
              issue_number: context.payload.pull_request.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              name: 'fix:formatting'
            })
--- a/.github/workflows/merge-translations.yml
+++ b/.github/workflows/merge-translations.yml
@@ -1,128 +0,0 @@
 name: Merge translations
 on:
  workflow_dispatch:
  workflow_call:
    secrets:
      PUSH_O_MATIC_APP_ID:
        required: true
      PUSH_O_MATIC_APP_KEY:
        required: true
      WEBLATE_TOKEN:
        required: true
    inputs:
      skip:
        description: 'Skip translations'
        required: false
        type: boolean
 permissions: {}
 env:
  WEBLATE_HOST: 'https://hosted.weblate.org'
  WEBLATE_COMPONENT: 'immich/immich'
 jobs:
  merge:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: Generate a token
        id: generate_token
        if: ${{ inputs.skip != true }}
        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Find translation PR
        id: find_pr
        if: ${{ inputs.skip != true }}
        env:
          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
        run: |
          set -euo pipefail
          PR=$(gh pr list --repo $GITHUB_REPOSITORY --author weblate --json number,mergeable)
          echo "$PR"
          PR_NUMBER=$(echo "$PR" | jq '
            if length == 1 then
              .[0].number
            else
              error("Expected exactly 1 entry, got \(length)")
            end
          ' 2>&1) || exit 1
          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT
          echo "Selected PR $PR_NUMBER"
          if ! echo "$PR" | jq -e '.[0].mergeable == "MERGEABLE"'; then
            echo "PR is not mergeable"
            exit 1
          fi
      - name: Lock weblate
        if: ${{ inputs.skip != true }}
        env:
          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
        run: |
          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=true
      - name: Commit translations
        if: ${{ inputs.skip != true }}
        env:
          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
        run: |
          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/repository/" -d operation=commit
          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/repository/" -d operation=push
      - name: Merge PR
        id: merge_pr
        if: ${{ inputs.skip != true }}
        env:
          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
        run: |
          set -euo pipefail
          REVIEW_ID=$(gh api -X POST "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" --field event='APPROVE' --field body='Automatically merging translations PR' \
            | jq '.id')
          echo "REVIEW_ID=$REVIEW_ID" >> $GITHUB_OUTPUT
          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --auto --squash
      - name: Wait for PR to merge
        if: ${{ inputs.skip != true }}
        env:
          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
          REVIEW_ID: ${{ steps.merge_pr.outputs.REVIEW_ID }}
        run: |
          # So we clean up no matter what
          set +e
          for i in {1..100}; do
            if gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json state | jq -e '.state == "MERGED"'; then
              echo "PR merged"
              exit 0
            else
              echo "PR not merged yet, waiting..."
              sleep 6
            fi
          done
          echo "PR did not merge in time"
          gh api -X PUT "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews/$REVIEW_ID/dismissals" --field message='Merge attempt timed out' --field event='DISMISS'
          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --disable-auto
          exit 1
      - name: Unlock weblate
        if: ${{ inputs.skip != true }}
        env:
          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
        run: |
          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=false
      - name: Report success
        run: |
          echo "Workflow completed successfully (or was skipped)"
--- a/.github/workflows/org-pr-require-conventional-commit.yml
+++ b/.github/workflows/org-pr-require-conventional-commit.yml
@@ -1,12 +0,0 @@
 name: PR Conventional Commit
 on:
  pull_request:
    types: [opened, synchronize, reopened, edited]
 jobs:
  validate-pr-title:
    name: Validate PR Title (conventional commit)
    uses: immich-app/devtools/.github/workflows/shared-pr-require-conventional-commit.yml@main
    permissions:
      pull-requests: write
--- a/.github/workflows/org-zizmor.yml
+++ b/.github/workflows/org-zizmor.yml
@@ -1,15 +0,0 @@
 name: Zizmor
 on:
  pull_request:
  push:
    branches: [main]
 jobs:
  zizmor:
    name: Zizmor
    uses: immich-app/devtools/.github/workflows/shared-zizmor.yml@main
    permissions:
      actions: read
      contents: read
      security-events: write
--- a/.github/workflows/pr-label-validation.yml
+++ b/.github/workflows/pr-label-validation.yml
@@ -1,31 +0,0 @@
 name: PR Label Validation
 on:
  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
    types: [opened, labeled, unlabeled, synchronize]
 permissions: {}
 jobs:
  validate-release-label:
    runs-on: ubuntu-latest
    permissions:
      issues: write
      pull-requests: write
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Require PR to have a changelog label
        uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1
        with:
          token: ${{ steps.token.outputs.token }}
          mode: exactly
          count: 1
          use_regex: true
          labels: 'changelog:.*'
          add_comment: true
          message: 'Label error. Requires {{errorString}} {{count}} of: {{ provided }}. Found: {{ applied }}. A maintainer will add the required label.'
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -1,22 +0,0 @@
 name: 'Pull Request Labeler'
 on:
  - pull_request_target # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
 permissions: {}
 jobs:
  labeler:
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
        with:
          repo-token: ${{ steps.token.outputs.token }}
--- a/.github/workflows/pr-require-label.yml
+++ b/.github/workflows/pr-require-label.yml
@@ -0,0 +1,13 @@
 name: Enforce PR labels
 on:
  pull_request:
    types: [labeled, unlabeled, opened, edited, synchronize]
 jobs:
  enforce-label:
    name: Enforce label
    runs-on: ubuntu-latest
    steps:
    - if: toJson(github.event.pull_request.labels) == '[]'
      run: exit 1
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -10,145 +10,74 @@ on:
        type: choice
        options:
          - 'false'
          - major
          - minor
          - patch
      mobileBump:
        description: 'Bump mobile build number'
        required: false
        type: boolean
      skipTranslations:
        description: 'Skip translations'
        required: false
        type: boolean
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-root
  cancel-in-progress: true
 permissions: {}
 jobs:
  merge_translations:
    uses: ./.github/workflows/merge-translations.yml
    with:
      skip: ${{ inputs.skipTranslations }}
    permissions:
      pull-requests: write
    secrets:
      PUSH_O_MATIC_APP_ID: ${{ secrets.PUSH_O_MATIC_APP_ID }}
      PUSH_O_MATIC_APP_KEY: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
  bump_version:
    runs-on: ubuntu-latest
-    needs: [merge_translations]
+
    outputs:
      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
-    permissions: {} # No job-level permissions are needed because it uses the app-token
+
    steps:
      - name: Generate a token
        id: generate-token
        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@v4
        with:
-          token: ${{ steps.generate-token.outputs.token }}
+          token: ${{ secrets.ORG_RELEASE_TOKEN }}
          persist-credentials: true
          ref: main
-      - name: Install uv
+      - name: Install Poetry
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        run: pipx install poetry
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Bump version
-        env:
+        run: misc/release/pump-version.sh -s "${{ inputs.serverBump }}" -m "${{ inputs.mobileBump }}"
          SERVER_BUMP: ${{ inputs.serverBump }}
          MOBILE_BUMP: ${{ inputs.mobileBump }}
        run: misc/release/pump-version.sh -s "${SERVER_BUMP}" -m "${MOBILE_BUMP}"
      - name: Commit and tag
        id: push-tag
-        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
+        uses: EndBug/add-and-commit@v9
        with:
-          default_author: github_actions
+          author_name: Alex The Bot
-          message: 'chore: version ${{ env.IMMICH_VERSION }}'
+          author_email: alex.tran1502@gmail.com
          default_author: user_info
          message: 'Version ${{ env.IMMICH_VERSION }}'
          tag: ${{ env.IMMICH_VERSION }}
          push: true
  build_mobile:
    uses: ./.github/workflows/build-mobile.yml
    needs: bump_version
-    permissions:
+    secrets: inherit
      contents: read
    secrets:
      KEY_JKS: ${{ secrets.KEY_JKS }}
      ALIAS: ${{ secrets.ALIAS }}
      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
      ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
      # iOS secrets
      APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
      APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
      APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
      IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
      IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
      IOS_PROVISIONING_PROFILE: ${{ secrets.IOS_PROVISIONING_PROFILE }}
      IOS_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_SHARE_EXTENSION }}
      IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
      IOS_DEVELOPMENT_PROVISIONING_PROFILE: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE }}
      IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION }}
      IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
      FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}
    with:
      ref: ${{ needs.bump_version.outputs.ref }}
      environment: production
  prepare_release:
    runs-on: ubuntu-latest
    needs: build_mobile
    permissions:
      actions: read # To download the app artifact
      # No content permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
    steps:
      - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@v4
        with:
-          token: ${{ steps.generate-token.outputs.token }}
+          token: ${{ secrets.ORG_RELEASE_TOKEN }}
          persist-credentials: false
      - name: Download APK
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@v4
        with:
          name: release-apk-signed
          github-token: ${{ steps.generate-token.outputs.token }}
      - name: Create draft release
-        uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2
+        uses: softprops/action-gh-release@v2
        with:
          draft: true
          tag_name: ${{ env.IMMICH_VERSION }}
          token: ${{ steps.generate-token.outputs.token }}
          generate_release_notes: true
          body_path: misc/release/notes.tmpl
          files: |
--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -1,63 +0,0 @@
 name: Preview label
 on:
  pull_request:
    types: [labeled, closed]
 permissions: {}
 jobs:
  comment-status:
    runs-on: ubuntu-latest
    if: ${{ github.event.action == 'labeled' && github.event.label.name == 'preview' }}
    permissions:
      pull-requests: write
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        with:
          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
          message: 'Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.build/'
  remove-label:
    runs-on: ubuntu-latest
    if: ${{ (github.event.action == 'closed' || github.event.pull_request.head.repo.fork) && contains(github.event.pull_request.labels.*.name, 'preview') }}
    permissions:
      pull-requests: write
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          script: |
            github.rest.issues.removeLabel({
              issue_number: context.payload.pull_request.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              name: 'preview'
            })
      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        if: ${{ github.event.pull_request.head.repo.fork }}
        with:
          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
          message: 'PRs from forks cannot have preview environments.'
      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
          message: 'Preview environment has been removed.'
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@@ -1,170 +0,0 @@
 name: Manage release PR
 on:
  workflow_dispatch:
  push:
    branches:
      - main
 concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  bump:
    runs-on: ubuntu-latest
    steps:
      - name: Generate a token
        id: generate-token
        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout
        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
          ref: main
      - name: Install uv
        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      - name: Setup Node
        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Determine release type
        id: bump-type
        uses: ietf-tools/semver-action@c90370b2958652d71c06a3484129a4d423a6d8a8 # v1.11.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
      - name: Bump versions
        env:
          TYPE: ${{ steps.bump-type.outputs.bump }}
        run: |
          if [ "$TYPE" == "none" ]; then
            exit 1 # TODO: Is there a cleaner way to abort the workflow?
          fi
          misc/release/pump-version.sh -s $TYPE -m true
      - name: Manage Outline release document
        id: outline
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        env:
          OUTLINE_API_KEY: ${{ secrets.OUTLINE_API_KEY }}
          NEXT_VERSION: ${{ steps.bump-type.outputs.next }}
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
            const fs = require('fs');
            const outlineKey = process.env.OUTLINE_API_KEY;
            const parentDocumentId = 'da856355-0844-43df-bd71-f8edce5382d9'
            const collectionId = 'e2910656-714c-4871-8721-447d9353bd73';
            const baseUrl = 'https://outline.immich.cloud';
            const listResponse = await fetch(`${baseUrl}/api/documents.list`, {
              method: 'POST',
              headers: {
                'Authorization': `Bearer ${outlineKey}`,
                'Content-Type': 'application/json'
              },
              body: JSON.stringify({ parentDocumentId })
            });
            if (!listResponse.ok) {
              throw new Error(`Outline list failed: ${listResponse.statusText}`);
            }
            const listData = await listResponse.json();
            const allDocuments = listData.data || [];
            const document = allDocuments.find(doc => doc.title === 'next');
            let documentId;
            let documentUrl;
            let documentText;
            if (!document) {
              // Create new document
              console.log('No existing document found. Creating new one...');
              const notesTmpl = fs.readFileSync('misc/release/notes.tmpl', 'utf8');
              const createResponse = await fetch(`${baseUrl}/api/documents.create`, {
                method: 'POST',
                headers: {
                  'Authorization': `Bearer ${outlineKey}`,
                  'Content-Type': 'application/json'
                },
                body: JSON.stringify({
                  title: 'next',
                  text: notesTmpl,
                  collectionId: collectionId,
                  parentDocumentId: parentDocumentId,
                  publish: true
                })
              });
              if (!createResponse.ok) {
                throw new Error(`Failed to create document: ${createResponse.statusText}`);
              }
              const createData = await createResponse.json();
              documentId = createData.data.id;
              const urlId = createData.data.urlId;
              documentUrl = `${baseUrl}/doc/next-${urlId}`;
              documentText = createData.data.text || '';
              console.log(`Created new document: ${documentUrl}`);
            } else {
              documentId = document.id;
              const docPath = document.url;
              documentUrl = `${baseUrl}${docPath}`;
              documentText = document.text || '';
              console.log(`Found existing document: ${documentUrl}`);
            }
            // Generate GitHub release notes
            console.log('Generating GitHub release notes...');
            const releaseNotesResponse = await github.rest.repos.generateReleaseNotes({
              owner: context.repo.owner,
              repo: context.repo.repo,
              tag_name: `${process.env.NEXT_VERSION}`,
            });
            // Combine the content
            const changelog = `
            # ${process.env.NEXT_VERSION}
            ${documentText}
            ${releaseNotesResponse.data.body}
            ---
            `
            const existingChangelog = fs.existsSync('CHANGELOG.md') ? fs.readFileSync('CHANGELOG.md', 'utf8') : '';
            fs.writeFileSync('CHANGELOG.md', changelog + existingChangelog, 'utf8');
            core.setOutput('document_url', documentUrl);
      - name: Create PR
        id: create-pr
        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
        with:
          token: ${{ steps.generate-token.outputs.token }}
          commit-message: 'chore: release ${{ steps.bump-type.outputs.next }}'
          title: 'chore: release ${{ steps.bump-type.outputs.next }}'
          body: 'Release notes: ${{ steps.outline.outputs.document_url }}'
          labels: 'changelog:skip'
          branch: 'release/next'
          draft: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,148 +0,0 @@
 name: release.yml
 on:
  pull_request:
    types: [closed]
    paths:
      - CHANGELOG.md
 jobs:
  # Maybe double check PR source branch?
  merge_translations:
    uses: ./.github/workflows/merge-translations.yml
    permissions:
      pull-requests: write
    secrets:
      PUSH_O_MATIC_APP_ID: ${{ secrets.PUSH_O_MATIC_APP_ID }}
      PUSH_O_MATIC_APP_KEY: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
  build_mobile:
    uses: ./.github/workflows/build-mobile.yml
    needs: merge_translations
    permissions:
      contents: read
    secrets:
      KEY_JKS: ${{ secrets.KEY_JKS }}
      ALIAS: ${{ secrets.ALIAS }}
      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
      ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
      # iOS secrets
      APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
      APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
      APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
      IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
      IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
      IOS_PROVISIONING_PROFILE: ${{ secrets.IOS_PROVISIONING_PROFILE }}
      IOS_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_SHARE_EXTENSION }}misc/release/notes.tmpl
      IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
      IOS_DEVELOPMENT_PROVISIONING_PROFILE: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE }}
      IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION }}
      IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
      FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}
    with:
      ref: main
      environment: production
  prepare_release:
    runs-on: ubuntu-latest
    needs: build_mobile
    permissions:
      actions: read # To download the app artifact
    steps:
      - name: Generate a token
        id: generate-token
        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout
        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false
          ref: main
      - name: Extract changelog
        id: changelog
        run: |
          CHANGELOG_PATH=$RUNNER_TEMP/changelog.md
          sed -n '1,/^---$/p' CHANGELOG.md | head -n -1 > $CHANGELOG_PATH
          echo "path=$CHANGELOG_PATH" >> $GITHUB_OUTPUT
          VERSION=$(sed -n 's/^# //p' $CHANGELOG_PATH)
          echo "version=$VERSION" >> $GITHUB_OUTPUT
      - name: Download APK
        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
        with:
          name: release-apk-signed
          github-token: ${{ steps.generate-token.outputs.token }}
      - name: Create draft release
        uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2
        with:
          tag_name: ${{ steps.version.outputs.result }}
          token: ${{ steps.generate-token.outputs.token }}
          body_path: ${{ steps.changelog.outputs.path }}
          draft: true
          files: |
            docker/docker-compose.yml
            docker/example.env
            docker/hwaccel.ml.yml
            docker/hwaccel.transcoding.yml
            docker/prometheus.yml
            *.apk
      - name: Rename Outline document
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        continue-on-error: true
        env:
          OUTLINE_API_KEY: ${{ secrets.OUTLINE_API_KEY }}
          VERSION: ${{ steps.changelog.outputs.version }}
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
            const outlineKey = process.env.OUTLINE_API_KEY;
            const version = process.env.VERSION;
            const parentDocumentId = 'da856355-0844-43df-bd71-f8edce5382d9';
            const baseUrl = 'https://outline.immich.cloud';
            const listResponse = await fetch(`${baseUrl}/api/documents.list`, {
              method: 'POST',
              headers: {
                'Authorization': `Bearer ${outlineKey}`,
                'Content-Type': 'application/json'
              },
              body: JSON.stringify({ parentDocumentId })
            });
            if (!listResponse.ok) {
              throw new Error(`Outline list failed: ${listResponse.statusText}`);
            }
            const listData = await listResponse.json();
            const allDocuments = listData.data || [];
            const document = allDocuments.find(doc => doc.title === 'next');
            if (document) {
              console.log(`Found document 'next', renaming to '${version}'...`);
              const updateResponse = await fetch(`${baseUrl}/api/documents.update`, {
                method: 'POST',
                headers: {
                  'Authorization': `Bearer ${outlineKey}`,
                  'Content-Type': 'application/json'
                },
                body: JSON.stringify({
                  id: document.id,
                  title: version
                })
              });
              if (!updateResponse.ok) {
                throw new Error(`Failed to rename document: ${updateResponse.statusText}`);
              }
            } else {
              console.log('No document titled "next" found to rename');
            }
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -4,44 +4,28 @@ on:
  release:
    types: [published]
-permissions: {}
+permissions:
  packages: write
 jobs:
  publish:
    name: Publish `@immich/sdk`
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./open-api/typescript-sdk
    steps:
-      - id: token
+      - uses: actions/checkout@v4
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@v4
        with:
-          node-version-file: './open-api/typescript-sdk/.nvmrc'
+          node-version: '20.x'
          registry-url: 'https://registry.npmjs.org'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Install deps
-        run: pnpm install --frozen-lockfile
+        run: npm ci
      - name: Build
-        run: pnpm build
+        run: npm run build
      - name: Publish
-        run: pnpm publish --no-git-checks
+        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -9,110 +9,35 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Check what should run
        id: check
        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
            mobile:
              - 'mobile/**'
          force-filters: |
            - '.github/workflows/static_analysis.yml'
          force-events: 'workflow_dispatch,release'
  mobile-dart-analyze:
    name: Run Dart Code Analysis
    needs: pre-job
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./mobile
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}
      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
+        uses: subosito/flutter-action@v2
        with:
-          channel: 'stable'
+          channel: "stable"
-          flutter-version-file: ./mobile/pubspec.yaml
+          flutter-version: "3.19.3"
      - name: Install dependencies
        run: dart pub get
-
+        working-directory: ./mobile
      - name: Install DCM
        uses: CQLabs/setup-dcm@8697ae0790c0852e964a6ef1d768d62a6675481a # v2.0.1
        with:
          github-token: ${{ steps.token.outputs.token }}
          version: auto
          working-directory: ./mobile
      - name: Generate translation file
        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
      - name: Run Build Runner
        run: make build
      - name: Generate platform API
        run: make pigeon
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
        with:
          files: |
            mobile/**/*.g.dart
            mobile/**/*.gr.dart
            mobile/**/*.drift.dart
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
          echo "ERROR: Generated files not up to date! Run 'make build' and 'make pigeon' inside the mobile directory"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1
      - name: Run dart analyze
        run: dart analyze --fatal-infos
        working-directory: ./mobile
      - name: Run dart format
-        run: make format
+        run: dart format lib/ --set-exit-if-changed
        working-directory: ./mobile
-      # TODO: Re-enable after upgrading custom_lint
+      # Enable after riverpod generator migration is completed
-      # - name: Run dart custom_lint
+      # - name: Run dart custom lint
      #   run: dart run custom_lint
-
+      #   working-directory: ./mobile
      # TODO: Use https://github.com/CQLabs/dcm-action
      - name: Run DCM
        run: dcm analyze lib --fatal-style --fatal-warnings
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
--- a/.github/workflows/weblate-lock.yml
+++ b/.github/workflows/weblate-lock.yml
@@ -1,73 +0,0 @@
 name: Weblate checks
 on:
  pull_request:
    branches: [main]
    types:
      - opened
      - synchronize
      - ready_for_review
      - auto_merge_enabled
      - auto_merge_disabled
 permissions: {}
 env:
  BOT_NAME: immich-push-o-matic
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Check what should run
        id: check
        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
        with:
          github-token: ${{ steps.token.outputs.token }}
          filters: |
            i18n:
              - modified: 'i18n/!(en)**\.json'
          skip-force-logic: 'true'
  enforce-lock:
    name: Check Weblate Lock
    needs: [pre-job]
    runs-on: ubuntu-latest
    permissions: {}
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Bot review status
        env:
          PR_NUMBER: ${{ github.event.pull_request.number || github.event.pull_request_review.pull_request.number }}
          GH_TOKEN: ${{ steps.token.outputs.token }}
        run: |
          # Then check for APPROVED by the bot, if absent fail
          gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json reviews | jq -e '.reviews | map(select(.author.login == env.BOT_NAME and .state == "APPROVED")) | length > 0' \
            || (echo "The push-o-matic bot has not approved this PR yet" && exit 1)
  success-check-lock:
    name: Weblate Lock Check Success
    needs: [enforce-lock]
    runs-on: ubuntu-latest
    permissions: {}
    if: always()
    steps:
      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
        with:
          needs: ${{ toJSON(needs) }}
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@
 .DS_Store
 .vscode/*
 !.vscode/launch.json
 !.vscode/extensions.json
 .idea
 docker/upload
@@ -15,16 +14,7 @@ mobile/gradle.properties
 mobile/openapi/pubspec.lock
 mobile/*.jks
 mobile/libisar.dylib
 mobile/openapi/test
 mobile/openapi/doc
 mobile/openapi/.openapi-generator/FILES
 mobile/ios/build
 open-api/typescript-sdk/build
 mobile/android/fastlane/report.xml
-mobile/ios/fastlane/report.xml
+mobile/ios/fastlane/report.xml
 vite.config.js.timestamp-*
 .pnpm-store
 .devcontainer/library
 .devcontainer/.env*
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,6 +1,6 @@
 [submodule "mobile/.isar"]
 	path = mobile/.isar
 	url = https://github.com/isar/isar
-[submodule "e2e/test-assets"]
+[submodule "server/test/assets"]
-	path = e2e/test-assets
+	path = server/test/assets
 	url = https://github.com/immich-app/test-assets
--- a/.pnpmfile.cjs
+++ b/.pnpmfile.cjs
@@ -1,18 +0,0 @@
 module.exports = {
  hooks: {
    readPackage: (pkg) => {
      if (!pkg.name) {
        return pkg;
      }
      if (pkg.name === "exiftool-vendored") {
        if (pkg.optionalDependencies["exiftool-vendored.pl"]) {
          // make exiftool-vendored.pl a regular dependency
          pkg.dependencies["exiftool-vendored.pl"] =
            pkg.optionalDependencies["exiftool-vendored.pl"];
          delete pkg.optionalDependencies["exiftool-vendored.pl"];
        }
      }
      return pkg;
    },
  },
 };
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -1,10 +0,0 @@
 {
  "recommendations": [
    "esbenp.prettier-vscode",
    "svelte.svelte-vscode",
    "dbaeumer.vscode-eslint",
    "dart-code.flutter",
    "dart-code.dart-code",
    "dcmdev.dcm-vscode-extension"
  ]
 }
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -5,33 +5,19 @@
      "type": "node",
      "request": "attach",
      "restart": true,
-      "port": 9231,
+      "port": 9230,
-      "name": "Immich API Server",
+      "name": "Immich Server",
-      "remoteRoot": "/usr/src/app/server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    },
    {
      "type": "node",
      "request": "attach",
      "restart": true,
-      "port": 9230,
+      "port": 9231,
-      "name": "Immich Workers",
+      "name": "Immich Microservices",
-      "remoteRoot": "/usr/src/app/server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    },
    {
      "type": "node",
      "request": "launch",
      "name": "Immich CLI",
      "program": "${workspaceFolder}/cli/dist/index.js",
      "args": ["upload", "--help"],
      "runtimeArgs": ["--enable-source-maps"],
      "console": "integratedTerminal",
      "resolveSourceMapLocations": ["${workspaceFolder}/cli/dist/**/*.js.map"],
      "sourceMaps": true,
      "outFiles": ["${workspaceFolder}/cli/dist/**/*.js"],
      "skipFiles": ["<node_internals>/**"],
      "preLaunchTask": "Build Immich CLI"
    }
  ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,64 +1,34 @@
 {
-  "[css]": {
+  "editor.formatOnSave": true,
  "[javascript][typescript][css]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true,
+    "editor.tabSize": 2,
    "editor.formatOnSave": true
  },
  "[svelte]": {
    "editor.defaultFormatter": "svelte.svelte-vscode",
    "editor.tabSize": 2
  },
  "svelte.enable-ts-plugin": true,
  "eslint.validate": [
    "javascript",
    "svelte"
  ],
  "typescript.preferences.importModuleSpecifier": "non-relative",
  "[dart]": {
    "editor.defaultFormatter": "Dart-Code.dart-code",
    "editor.formatOnSave": true,
    "editor.selectionHighlight": false,
    "editor.suggest.snippetsPreventQuickSuggestions": false,
    "editor.suggestSelection": "first",
    "editor.tabCompletion": "onlySnippets",
-    "editor.wordBasedSuggestions": "off"
+    "editor.wordBasedSuggestions": "off",
    "editor.defaultFormatter": "Dart-Code.dart-code"
  },
-  "[javascript]": {
+  "cSpell.words": [
-    "editor.codeActionsOnSave": {
+    "immich"
-      "source.organizeImports": "explicit",
+  ],
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[json]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[jsonc]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[svelte]": {
    "editor.codeActionsOnSave": {
      "source.organizeImports": "explicit",
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "svelte.svelte-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[typescript]": {
    "editor.codeActionsOnSave": {
      "source.organizeImports": "explicit",
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "cSpell.words": ["immich"],
  "editor.formatOnSave": true,
  "eslint.validate": ["javascript", "typescript", "svelte"],
  "explorer.fileNesting.enabled": true,
  "explorer.fileNesting.patterns": {
-    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
+    "*.ts": "${capture}.spec.ts,${capture}.mock.ts"
-    "*.ts": "${capture}.spec.ts,${capture}.mock.ts",
+  }
-    "package.json": "package-lock.json, yarn.lock, pnpm-lock.yaml, bun.lockb, bun.lock, pnpm-workspace.yaml, .pnpmfile.cjs"
+}
  },
  "svelte.enable-ts-plugin": true,
  "typescript.preferences.importModuleSpecifier": "non-relative"
 }
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -1,80 +0,0 @@
 {
  "version": "2.0.0",
  "tasks": [
    {
      "label": "Fix Permissions, Install Dependencies",
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start.sh ] && /immich-devcontainer/container-start.sh || exit 0",
      "isBackground": true,
      "presentation": {
        "echo": true,
        "reveal": "always",
        "focus": false,
        "panel": "dedicated",
        "showReuseMessage": true,
        "clear": false,
        "group": "Devcontainer tasks",
        "close": true
      },
      "runOptions": {
        "runOn": "default"
      },
      "problemMatcher": []
    },
    {
      "label": "Immich API Server (Nest)",
      "dependsOn": ["Fix Permissions, Install Dependencies"],
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start-backend.sh ] && /immich-devcontainer/container-start-backend.sh || exit 0",
      "isBackground": true,
      "presentation": {
        "echo": true,
        "reveal": "always",
        "focus": false,
        "panel": "dedicated",
        "showReuseMessage": true,
        "clear": false,
        "group": "Devcontainer tasks",
        "close": true
      },
      "runOptions": {
        "runOn": "default"
      },
      "problemMatcher": []
    },
    {
      "label": "Immich Web Server (Vite)",
      "dependsOn": ["Fix Permissions, Install Dependencies"],
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start-frontend.sh ] && /immich-devcontainer/container-start-frontend.sh || exit 0",
      "isBackground": true,
      "presentation": {
        "echo": true,
        "reveal": "always",
        "focus": false,
        "panel": "dedicated",
        "showReuseMessage": true,
        "clear": false,
        "group": "Devcontainer tasks",
        "close": true
      },
      "runOptions": {
        "runOn": "default"
      },
      "problemMatcher": []
    },
    {
      "label": "Immich Server and Web",
      "dependsOn": ["Immich Web Server (Vite)", "Immich API Server (Nest)"],
      "runOptions": {
        "runOn": "folderOpen"
      },
      "problemMatcher": []
    },
    {
      "label": "Build Immich CLI",
      "type": "shell",
      "command": "pnpm --filter cli build:dev"
    }
  ]
 }
--- a/2
+++ b/2
@@ -1,7 +1,5 @@
 /.github/ @bo0tzz
 /docker/ @bo0tzz
 /server/ @danieldietzler
 /web/ @danieldietzler
 /machine-learning/ @mertalev
 /e2e/ @danieldietzler
 /mobile/ @shenlong-tanwen
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -131,4 +131,4 @@ conduct enforcement ladder](https://github.com/mozilla/diversity).
 For answers to common questions about this code of conduct, see the
 FAQ at https://www.contributor-covenant.org/faq. Translations are
-available at https://www.contributor-covenant.org/translations.
+available at https://www.contributor-covenant.org/translations.
--- a/133
+++ b/133
@@ -1,39 +1,30 @@
 dev:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans || make dev-down
 dev-down:
 	docker compose -f ./docker/docker-compose.dev.yml down --remove-orphans
 dev-update:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans
 dev-scale:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --scale immich-server=3 --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --build -V  --scale immich-server=3 --remove-orphans
-dev-docs:
+stage:
-	npm --prefix docs run start
+	docker compose -f ./docker/docker-compose.staging.yml up --build -V --remove-orphans
 pull-stage:
 	docker compose -f ./docker/docker-compose.staging.yml pull
 .PHONY: e2e
 e2e:
-	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --remove-orphans
+	docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
 e2e-dev:
 	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.dev.yml up --remove-orphans
 e2e-update:
 	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
 e2e-down:
 	docker compose -f ./e2e/docker-compose.yml down --remove-orphans
 prod:
-	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
+	docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
 prod-down:
 	docker compose -f ./docker/docker-compose.prod.yml down --remove-orphans
 prod-scale:
-	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
+	docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
 .PHONY: open-api
 open-api:
@@ -46,107 +37,7 @@ open-api-typescript:
 	cd ./open-api && bash ./bin/generate-open-api.sh typescript
 sql:
-	pnpm --filter immich run sync:sql
+	npm --prefix server run sql:generate
 attach-server:
 	docker exec -it docker_immich-server_1 sh
 renovate:
  LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset
 # Directories that need to be created for volumes or build output
 VOLUME_DIRS = \
 	./.pnpm-store \
 	./web/.svelte-kit \
 	./web/node_modules \
 	./web/coverage \
 	./e2e/node_modules \
 	./docs/node_modules \
 	./server/node_modules \
 	./open-api/typescript-sdk/node_modules \
 	./.github/node_modules \
 	./node_modules \
 	./cli/node_modules
 # Include .env file if it exists
 -include docker/.env
 MODULES = e2e server web cli sdk docs .github
 # directory to package name mapping function
 #   cli     = @immich/cli
 #   docs    = documentation
 #   e2e     = immich-e2e
 #   open-api/typescript-sdk = @immich/sdk
 #   server  = immich
 #   web     = immich-web
 map-package = $(subst sdk,@immich/sdk,$(subst cli,@immich/cli,$(subst docs,documentation,$(subst e2e,immich-e2e,$(subst server,immich,$(subst web,immich-web,$1))))))
 audit-%:
 	pnpm --filter $(call map-package,$*) audit fix
 install-%:
 	pnpm --filter $(call map-package,$*) install $(if $(FROZEN),--frozen-lockfile) $(if $(OFFLINE),--offline)
 build-cli: build-sdk
 build-web: build-sdk
 build-%: install-%
 	pnpm --filter $(call map-package,$*) run build
 format-%:
 	pnpm --filter $(call map-package,$*) run format:fix
 lint-%:
 	pnpm --filter $(call map-package,$*) run lint:fix
 check-%:
 	pnpm --filter $(call map-package,$*) run check
 check-web:
 	pnpm --filter immich-web run check:typescript
 	pnpm --filter immich-web run check:svelte
 test-%:
 	pnpm --filter $(call map-package,$*) run test
 test-e2e:
 	docker compose -f ./e2e/docker-compose.yml build
 	pnpm --filter immich-e2e run test
 	pnpm --filter immich-e2e run test:web
 test-medium:
 	docker run \
    --rm \
    -v ./server/src:/usr/src/app/src \
    -v ./server/test:/usr/src/app/test \
    -v ./server/vitest.config.medium.mjs:/usr/src/app/vitest.config.medium.mjs \
    -v ./server/tsconfig.json:/usr/src/app/tsconfig.json \
    -e NODE_ENV=development \
    immich-server:latest \
    -c "pnpm test:medium -- --run"
 test-medium-dev:
 	docker exec -it immich_server /bin/sh -c "pnpm run test:medium"
 install-all:
 	pnpm -r --filter '!documentation' install
 build-all: $(foreach M,$(filter-out e2e docs .github,$(MODULES)),build-$M) ;
 check-all:
 	pnpm -r --filter '!documentation' run "/^(check|check\:svelte|check\:typescript)$/"
 lint-all:
 	pnpm -r --filter '!documentation' run lint:fix
 format-all:
 	pnpm -r --filter '!documentation' run format:fix
 audit-all:
 	pnpm -r --filter '!documentation' audit fix
 hygiene-all: audit-all
 	pnpm -r --filter '!documentation' run "/(format:fix|check|check:svelte|check:typescript|sql)/"
 test-all:
 	pnpm -r --filter '!documentation' run "/^test/"
 clean:
 	find . -name "node_modules" -type d -prune -exec rm -rf {} +
 	find . -name "dist" -type d -prune -exec rm -rf '{}' +
 	find . -name "build" -type d -prune -exec rm -rf '{}' +
 	find . -name ".svelte-kit" -type d -prune -exec rm -rf '{}' +
 	find . -name "coverage" -type d -prune -exec rm -rf '{}' +
 	find . -name ".pnpm-store" -type d -prune -exec rm -rf '{}' +
 	command -v docker >/dev/null 2>&1 && docker compose -f ./docker/docker-compose.dev.yml down -v --remove-orphans || true
 	command -v docker >/dev/null 2>&1 && docker compose -f ./e2e/docker-compose.yml down -v --remove-orphans || true
 setup-server-dev: install-server
 setup-web-dev: install-sdk build-sdk install-web
--- a/README.md
+++ b/README.md
@@ -1,11 +1,11 @@
 <p align="center"> 
-  <br/>
+  <br/>  
  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
-  <a href="https://discord.immich.app">
+  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" alt="Discord"/>
  </a>
-  <br/>
+  <br/>  
-  <br/>
+  <br/>   
 </p>
 <p align="center">
@@ -17,7 +17,6 @@
 <img src="design/immich-screenshots.png" title="Main Screenshot">
 </a>
 <br/>
 <p align="center">
  <a href="readme_i18n/README_ca_ES.md">Català</a>
  <a href="readme_i18n/README_es_ES.md">Español</a>
@@ -28,51 +27,56 @@
  <a href="readme_i18n/README_de_DE.md">Deutsch</a>
  <a href="readme_i18n/README_nl_NL.md">Nederlands</a>
  <a href="readme_i18n/README_tr_TR.md">Türkçe</a>
-  <a href="readme_i18n/README_zh_CN.md">简体中文</a>
+  <a href="readme_i18n/README_zh_CN.md">中文</a>
  <a href="readme_i18n/README_zh_TW.md">正體中文</a>
  <a href="readme_i18n/README_uk_UA.md">Українська</a>
  <a href="readme_i18n/README_ru_RU.md">Русский</a>
  <a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
  <a href="readme_i18n/README_sv_SE.md">Svenska</a>
  <a href="readme_i18n/README_ar_JO.md">العربية</a>
  <a href="readme_i18n/README_vi_VN.md">Tiếng Việt</a>
  <a href="readme_i18n/README_th_TH.md">ภาษาไทย</a>
 </p>
 ## Disclaimer
-> [!WARNING]
+- ⚠️ The project is under **very active** development.
-> ⚠️ Always follow [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) backup plan for your precious photos and videos!
+- ⚠️ Expect bugs and breaking changes.
-> 
+- ⚠️ **Do not use the app as the only way to store your photos and videos.**
- 
+- ⚠️ Always follow [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) backup plan for your precious photos and videos!
-> [!NOTE]
+## Content
 > You can find the main documentation, including installation guides, at https://immich.app/.
-## Links
+- [Official Documentation](https://immich.app/docs)
-
+- [Roadmap](https://github.com/orgs/immich-app/projects/1)
 - [Documentation](https://docs.immich.app/)
 - [About](https://docs.immich.app/overview/introduction)
 - [Installation](https://docs.immich.app/install/requirements)
 - [Roadmap](https://immich.app/roadmap)
 - [Demo](#demo)
 - [Features](#features)
- [Translations](https://docs.immich.app/developer/translations)
+- [Introduction](https://immich.app/docs/overview/introduction)
- [Contributing](https://docs.immich.app/overview/support-the-project)
+- [Installation](https://immich.app/docs/install/requirements)
 - [Contribution Guidelines](https://immich.app/docs/overview/support-the-project)
 ## Documentation
 You can find the main documentation, including installation guides, at https://immich.app/.
 ## Demo
-Access the demo [here](https://demo.immich.app). For the mobile app, you can use `https://demo.immich.app` for the `Server Endpoint URL`.
+You can access the web demo at https://demo.immich.app
-### Login credentials
+For the mobile app, you can use `https://demo.immich.app/api` for the `Server Endpoint URL`
-| Email           | Password |
+```bash title="Demo Credential"
-| --------------- | -------- |
+The credential
-| demo@immich.app | demo     |
+email: demo@immich.app
 password: demo
 ```
 ```
 Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
 ```
 ## Activities
 ![Activities](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Repobeats analytics image")
 ## Features
 | Features                                     | Mobile | Web |
-| :------------------------------------------- | ------ | --- |
+| :--------------------------------------------- | -------- | ----- |
 | Upload and view videos and photos            | Yes    | Yes |
 | Auto backup when the app is opened           | Yes    | N/A |
 | Prevent duplication of assets                | Yes    | Yes |
@@ -92,7 +96,7 @@ Access the demo [here](https://demo.immich.app). For the mobile app, you can use
 | LivePhoto/MotionPhoto backup and playback    | Yes    | Yes |
 | Support 360 degree image display             | No     | Yes |
 | User-defined storage structure               | Yes    | Yes |
-| Public Sharing                               | Yes    | Yes |
+| Public Sharing                               | No     | Yes |
 | Archive and Favorites                        | Yes    | Yes |
 | Global Map                                   | Yes    | Yes |
 | Partner Sharing                              | Yes    | Yes |
@@ -101,33 +105,19 @@ Access the demo [here](https://demo.immich.app). For the mobile app, you can use
 | Offline support                              | Yes    | No  |
 | Read-only gallery                            | Yes    | Yes |
 | Stacked Photos                               | Yes    | Yes |
 | Tags                                         | No     | Yes |
 | Folder View                                  | Yes    | Yes |
 ## Translations
 Read more about translations [here](https://docs.immich.app/developer/translations).
 <a href="https://hosted.weblate.org/engage/immich/">
 <img src="https://hosted.weblate.org/widget/immich/immich/multi-auto.svg" alt="Translation status" />
 </a>
 ## Repository activity
 ![Activities](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Repobeats analytics image")
 ## Star history
 <a href="https://star-history.com/#immich-app/immich&type=date&legend=top-left">
 <picture>
   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=date&theme=dark" />
   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=date" />
   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=immich-app/immich&type=date" width="100%" />
 </picture>
 </a>
 ## Contributors
-<a href="https://github.com/immich-app/immich/graphs/contributors">
+<a href="https://github.com/alextran1502/immich/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=immich-app/immich" width="100%"/>
 </a>
 ## Star History
 <a href="https://star-history.com/#immich-app/immich&Date">
 <picture>
   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=Date&theme=dark" />
   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" />
   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" width="100%" />
 </picture>
 </a>
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,4 +2,4 @@
 ## Reporting a Vulnerability
-Please report security issues to `security@immich.app`
+Please report security issues to `alex.tran1502@gmail.com`
--- a/cli/.eslintignore
+++ b/cli/.eslintignore
@@ -0,0 +1 @@
 /dist
--- a/cli/.eslintrc.cjs
+++ b/cli/.eslintrc.cjs
@@ -0,0 +1,28 @@
 module.exports = {
  parser: '@typescript-eslint/parser',
  parserOptions: {
    project: 'tsconfig.json',
    sourceType: 'module',
    tsconfigRootDir: __dirname,
  },
  plugins: ['@typescript-eslint/eslint-plugin'],
  extends: ['plugin:@typescript-eslint/recommended', 'plugin:prettier/recommended', 'plugin:unicorn/recommended'],
  root: true,
  env: {
    node: true,
  },
  ignorePatterns: ['.eslintrc.js'],
  rules: {
    '@typescript-eslint/interface-name-prefix': 'off',
    '@typescript-eslint/explicit-function-return-type': 'off',
    '@typescript-eslint/explicit-module-boundary-types': 'off',
    '@typescript-eslint/no-explicit-any': 'off',
    '@typescript-eslint/no-floating-promises': 'error',
    'unicorn/prefer-module': 'off',
    'unicorn/prevent-abbreviations': 'off',
    'unicorn/no-process-exit': 'off',
    'unicorn/import-style': 'off',
    curly: 2,
    'prettier/prettier': 0,
  },
 };
--- a/cli/.nvmrc
+++ b/cli/.nvmrc
@@ -1 +1 @@
-24.11.1
+v20.12
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -1,14 +1,19 @@
-FROM node:24.1.0-alpine3.20@sha256:8fe019e0d57dbdce5f5c27c0b63d2775cf34b00e3755a7dea969802d7e0c2b25 AS core
+FROM node:20-alpine3.19@sha256:7a91aa397f2e2dfbfcdad2e2d72599f374e0b0172be1d86eeb73f1d33f36a4b2 as core
 WORKDIR /usr/src/open-api/typescript-sdk
 COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
 RUN npm ci
 COPY open-api/typescript-sdk/ ./
 RUN npm run build
 WORKDIR /usr/src/app
-COPY package* pnpm* .pnpmfile.cjs ./
+
-COPY ./cli ./cli/
+COPY cli/package.json cli/package-lock.json ./
-COPY ./open-api/typescript-sdk ./open-api/typescript-sdk/
+RUN npm ci
-RUN corepack enable pnpm && \
+
-  pnpm install --filter @immich/sdk --filter @immich/cli --frozen-lockfile && \
+COPY cli .
-  pnpm --filter @immich/sdk build && \
+RUN npm run build
  pnpm --filter @immich/cli build
 WORKDIR /import
-ENTRYPOINT ["node", "/usr/src/app/cli/dist"]
+ENTRYPOINT ["node", "/usr/src/app/dist"]
--- a/cli/README.md
+++ b/cli/README.md
@@ -1,38 +1,19 @@
 A command-line interface for interfacing with the self-hosted photo manager [Immich](https://immich.app/).
-Please see the [Immich CLI documentation](https://docs.immich.app/features/command-line-interface).
+Please see the [Immich CLI documentation](https://immich.app/docs/features/command-line-interface).
 # For developers
-Before building the CLI, you must build the immich server and the open-api client. To build the server run the following in the server folder:
+To run the Immich CLI from source, run the following in the cli folder:
-    $ pnpm install
+    $ npm run build
-    $ pnpm run build
+    $ ts-node .
-Then, to build the open-api client run the following in the open-api folder:
+You'll need ts-node, the easiest way to install it is to use npm:
-    $ ./bin/generate-open-api.sh
+    $ npm i -g ts-node
 ## Run from build
 Go to the cli folder and build it:
    $ pnpm install
    $ pnpm run build
    $ node dist/index.js
 ## Run and Debug from source (VSCode)
 With VScode you can run and debug the Immich CLI. Go to the launch.json file, find the Immich CLI config and change this with the command you need to debug
 `"args": ["upload", "--help"],`
 replace that for the command of your choice.
 ## Install from build
 You can also build and install the CLI using
-    $ pnpm run build
+    $ npm run build
-    $ pnpm install -g .
+    $ npm install -g .
 ****
--- a/cli/bin/immich
+++ b/cli/bin/immich
@@ -1,2 +0,0 @@
 #!/usr/bin/env node
 import '../dist/index.js';
--- a/cli/eslint.config.mjs
+++ b/cli/eslint.config.mjs
@@ -1,51 +0,0 @@
 import js from '@eslint/js';
 import eslintPluginPrettierRecommended from 'eslint-plugin-prettier/recommended';
 import eslintPluginUnicorn from 'eslint-plugin-unicorn';
 import globals from 'globals';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 import typescriptEslint from 'typescript-eslint';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 export default typescriptEslint.config([
  eslintPluginUnicorn.configs.recommended,
  eslintPluginPrettierRecommended,
  js.configs.recommended,
  typescriptEslint.configs.recommended,
  {
    ignores: ['eslint.config.mjs', 'dist'],
  },
  {
    languageOptions: {
      globals: {
        ...globals.node,
      },
      parser: typescriptEslint.parser,
      ecmaVersion: 5,
      sourceType: 'module',
      parserOptions: {
        project: 'tsconfig.json',
        tsconfigRootDir: __dirname,
      },
    },
    rules: {
      '@typescript-eslint/interface-name-prefix': 'off',
      '@typescript-eslint/explicit-function-return-type': 'off',
      '@typescript-eslint/explicit-module-boundary-types': 'off',
      '@typescript-eslint/no-explicit-any': 'off',
      '@typescript-eslint/no-floating-promises': 'error',
      'unicorn/prefer-module': 'off',
      'unicorn/prevent-abbreviations': 'off',
      'unicorn/no-process-exit': 'off',
      'unicorn/import-style': 'off',
      curly: 2,
      'prettier/prettier': 0,
      'object-shorthand': ['error', 'always'],
    },
  },
 ]);
--- a/cli/mise.toml
+++ b/cli/mise.toml
@@ -1,29 +0,0 @@
 [tasks.install]
 run = "pnpm install --filter @immich/cli --frozen-lockfile"
 [tasks.build]
 env._.path = "./node_modules/.bin"
 run = "vite build"
 [tasks.test]
 env._.path = "./node_modules/.bin"
 run = "vite"
 [tasks.lint]
 env._.path = "./node_modules/.bin"
 run = "eslint \"src/**/*.ts\" --max-warnings 0"
 [tasks."lint-fix"]
 run = { task = "lint --fix" }
 [tasks.format]
 env._.path = "./node_modules/.bin"
 run = "prettier --check ."
 [tasks."format-fix"]
 env._.path = "./node_modules/.bin"
 run = "prettier --write ."
 [tasks.check]
 env._.path = "./node_modules/.bin"
 run = "tsc --noEmit"
--- a/cli/package-lock.json
+++ b/cli/package-lock.json
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,11 +1,11 @@
 {
  "name": "@immich/cli",
-  "version": "2.2.103",
+  "version": "2.2.0",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
  "bin": {
-    "immich": "./bin/immich"
+    "immich": "dist/index.js"
  },
  "license": "GNU Affero General Public License version 3",
  "keywords": [
@@ -13,37 +13,33 @@
    "cli"
  ],
  "devDependencies": {
    "@eslint/js": "^9.8.0",
    "@immich/sdk": "file:../open-api/typescript-sdk",
    "@types/byte-size": "^8.1.0",
    "@types/cli-progress": "^3.11.0",
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^24.10.1",
+    "@types/node": "^20.3.1",
-    "@vitest/coverage-v8": "^3.0.0",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
-    "byte-size": "^9.0.0",
+    "@typescript-eslint/parser": "^7.0.0",
    "@vitest/coverage-v8": "^1.2.2",
    "byte-size": "^8.1.1",
    "cli-progress": "^3.12.0",
    "commander": "^12.0.0",
-    "eslint": "^9.14.0",
+    "eslint": "^8.56.0",
-    "eslint-config-prettier": "^10.1.8",
+    "eslint-config-prettier": "^9.1.0",
    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^62.0.0",
+    "eslint-plugin-unicorn": "^52.0.0",
    "globals": "^16.0.0",
    "mock-fs": "^5.2.0",
-    "prettier": "^3.7.4",
+    "prettier": "^3.2.5",
-    "prettier-plugin-organize-imports": "^4.0.0",
+    "prettier-plugin-organize-imports": "^3.2.4",
    "typescript": "^5.3.3",
-    "typescript-eslint": "^8.28.0",
+    "vite": "^5.0.12",
-    "vite": "^7.0.0",
+    "vite-tsconfig-paths": "^4.3.2",
-    "vite-tsconfig-paths": "^5.0.0",
+    "vitest": "^1.2.2",
    "vitest": "^3.0.0",
    "vitest-fetch-mock": "^0.4.0",
    "yaml": "^2.3.1"
  },
  "scripts": {
    "build": "vite build",
    "build:dev": "vite build --sourcemap true",
    "lint": "eslint \"src/**/*.ts\" --max-warnings 0",
    "lint:fix": "npm run lint -- --fix",
    "prepack": "npm run build",
@@ -62,13 +58,10 @@
    "node": ">=20.0.0"
  },
  "dependencies": {
    "chokidar": "^4.0.3",
    "fast-glob": "^3.3.2",
-    "fastq": "^1.17.1",
+    "lodash-es": "^4.17.21"
    "lodash-es": "^4.17.21",
    "micromatch": "^4.0.8"
  },
  "volta": {
-    "node": "24.11.1"
+    "node": "20.12.2"
  }
 }
--- a/cli/src/commands/asset.spec.ts
+++ b/cli/src/commands/asset.spec.ts
@@ -1,311 +0,0 @@
 import * as fs from 'node:fs';
 import * as os from 'node:os';
 import * as path from 'node:path';
 import { setTimeout as sleep } from 'node:timers/promises';
 import { describe, expect, it, MockedFunction, vi } from 'vitest';
 import { Action, checkBulkUpload, defaults, getSupportedMediaTypes, Reason } from '@immich/sdk';
 import createFetchMock from 'vitest-fetch-mock';
 import { checkForDuplicates, getAlbumName, startWatch, uploadFiles, UploadOptionsDto } from 'src/commands/asset';
 vi.mock('@immich/sdk');
 describe('getAlbumName', () => {
  it('should return a non-undefined value', () => {
    if (os.platform() === 'win32') {
      // This is meaningless for Unix systems.
      expect(getAlbumName(String.raw`D:\test\Filename.txt`, {} as UploadOptionsDto)).toBe('test');
    }
    expect(getAlbumName('D:/parentfolder/test/Filename.txt', {} as UploadOptionsDto)).toBe('test');
  });
  it('has higher priority to return `albumName` in `options`', () => {
    expect(getAlbumName('/parentfolder/test/Filename.txt', { albumName: 'example' } as UploadOptionsDto)).toBe(
      'example',
    );
  });
 });
 describe('uploadFiles', () => {
  const testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'test-'));
  const testFilePath = path.join(testDir, 'test.png');
  const testFileData = 'test';
  const baseUrl = 'http://example.com';
  const apiKey = 'key';
  const retry = 3;
  const fetchMocker = createFetchMock(vi);
  beforeEach(() => {
    // Create a test file
    fs.writeFileSync(testFilePath, testFileData);
    // Defaults
    vi.mocked(defaults).baseUrl = baseUrl;
    vi.mocked(defaults).headers = { 'x-api-key': apiKey };
    fetchMocker.enableMocks();
    fetchMocker.resetMocks();
  });
  it('returns new assets when upload file is successful', async () => {
    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
      return {
        status: 200,
        body: JSON.stringify({ id: 'fc5621b1-86f6-44a1-9905-403e607df9f5', status: 'created' }),
      };
    });
    await expect(uploadFiles([testFilePath], { concurrency: 1 })).resolves.toEqual([
      {
        filepath: testFilePath,
        id: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
      },
    ]);
  });
  it('returns new assets when upload file retry is successful', async () => {
    let counter = 0;
    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
      counter++;
      if (counter < retry) {
        throw new Error('Network error');
      }
      return {
        status: 200,
        body: JSON.stringify({ id: 'fc5621b1-86f6-44a1-9905-403e607df9f5', status: 'created' }),
      };
    });
    await expect(uploadFiles([testFilePath], { concurrency: 1 })).resolves.toEqual([
      {
        filepath: testFilePath,
        id: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
      },
    ]);
  });
  it('returns new assets when upload file retry is failed', async () => {
    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
      throw new Error('Network error');
    });
    await expect(uploadFiles([testFilePath], { concurrency: 1 })).resolves.toEqual([]);
  });
 });
 describe('checkForDuplicates', () => {
  const testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'test-'));
  const testFilePath = path.join(testDir, 'test.png');
  const testFileData = 'test';
  const testFileChecksum = 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3'; // SHA1
  const retry = 3;
  beforeEach(() => {
    // Create a test file
    fs.writeFileSync(testFilePath, testFileData);
  });
  it('checks duplicates', async () => {
    vi.mocked(checkBulkUpload).mockResolvedValue({
      results: [
        {
          action: Action.Accept,
          id: testFilePath,
        },
      ],
    });
    await checkForDuplicates([testFilePath], { concurrency: 1 });
    expect(checkBulkUpload).toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: [
          {
            checksum: testFileChecksum,
            id: testFilePath,
          },
        ],
      },
    });
  });
  it('returns duplicates when check duplicates is rejected', async () => {
    vi.mocked(checkBulkUpload).mockResolvedValue({
      results: [
        {
          action: Action.Reject,
          id: testFilePath,
          assetId: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
          reason: Reason.Duplicate,
        },
      ],
    });
    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
      duplicates: [
        {
          filepath: testFilePath,
          id: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
        },
      ],
      newFiles: [],
    });
  });
  it('returns new assets when check duplicates is accepted', async () => {
    vi.mocked(checkBulkUpload).mockResolvedValue({
      results: [
        {
          action: Action.Accept,
          id: testFilePath,
        },
      ],
    });
    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
      duplicates: [],
      newFiles: [testFilePath],
    });
  });
  it('returns results when check duplicates retry is successful', async () => {
    let mocked = vi.mocked(checkBulkUpload);
    for (let i = 1; i < retry; i++) {
      mocked = mocked.mockRejectedValueOnce(new Error('Network error'));
    }
    mocked.mockResolvedValue({
      results: [
        {
          action: Action.Accept,
          id: testFilePath,
        },
      ],
    });
    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
      duplicates: [],
      newFiles: [testFilePath],
    });
  });
  it('returns results when check duplicates retry is failed', async () => {
    vi.mocked(checkBulkUpload).mockRejectedValue(new Error('Network error'));
    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
      duplicates: [],
      newFiles: [],
    });
  });
 });
 describe('startWatch', () => {
  let testFolder: string;
  let checkBulkUploadMocked: MockedFunction<typeof checkBulkUpload>;
  beforeEach(async () => {
    vi.restoreAllMocks();
    vi.mocked(getSupportedMediaTypes).mockResolvedValue({
      image: ['.jpg'],
      sidecar: ['.xmp'],
      video: ['.mp4'],
    });
    testFolder = await fs.promises.mkdtemp(path.join(os.tmpdir(), 'test-startWatch-'));
    checkBulkUploadMocked = vi.mocked(checkBulkUpload);
    checkBulkUploadMocked.mockResolvedValue({
      results: [],
    });
  });
  it('should start watching a directory and upload new files', async () => {
    const testFilePath = path.join(testFolder, 'test.jpg');
    await startWatch([testFolder], { concurrency: 1 }, { batchSize: 1, debounceTimeMs: 10 });
    await sleep(100); // to debounce the watcher from considering the test file as a existing file
    await fs.promises.writeFile(testFilePath, 'testjpg');
    await vi.waitUntil(() => checkBulkUploadMocked.mock.calls.length > 0, 3000);
    expect(checkBulkUpload).toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: [
          expect.objectContaining({
            id: testFilePath,
          }),
        ],
      },
    });
  });
  it('should filter out unsupported files', async () => {
    const testFilePath = path.join(testFolder, 'test.jpg');
    const unsupportedFilePath = path.join(testFolder, 'test.txt');
    await startWatch([testFolder], { concurrency: 1 }, { batchSize: 1, debounceTimeMs: 10 });
    await sleep(100); // to debounce the watcher from considering the test file as a existing file
    await fs.promises.writeFile(testFilePath, 'testjpg');
    await fs.promises.writeFile(unsupportedFilePath, 'testtxt');
    await vi.waitUntil(() => checkBulkUploadMocked.mock.calls.length > 0, 3000);
    expect(checkBulkUpload).toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: expect.arrayContaining([
          expect.objectContaining({
            id: testFilePath,
          }),
        ]),
      },
    });
    expect(checkBulkUpload).not.toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: expect.arrayContaining([
          expect.objectContaining({
            id: unsupportedFilePath,
          }),
        ]),
      },
    });
  });
  it('should filter out ignored patterns', async () => {
    const testFilePath = path.join(testFolder, 'test.jpg');
    const ignoredPattern = 'ignored';
    const ignoredFolder = path.join(testFolder, ignoredPattern);
    await fs.promises.mkdir(ignoredFolder, { recursive: true });
    const ignoredFilePath = path.join(ignoredFolder, 'ignored.jpg');
    await startWatch([testFolder], { concurrency: 1, ignore: ignoredPattern }, { batchSize: 1, debounceTimeMs: 10 });
    await sleep(100); // to debounce the watcher from considering the test file as a existing file
    await fs.promises.writeFile(testFilePath, 'testjpg');
    await fs.promises.writeFile(ignoredFilePath, 'ignoredjpg');
    await vi.waitUntil(() => checkBulkUploadMocked.mock.calls.length > 0, 3000);
    expect(checkBulkUpload).toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: expect.arrayContaining([
          expect.objectContaining({
            id: testFilePath,
          }),
        ]),
      },
    });
    expect(checkBulkUpload).not.toHaveBeenCalledWith({
      assetBulkUploadCheckDto: {
        assets: expect.arrayContaining([
          expect.objectContaining({
            id: ignoredFilePath,
          }),
        ]),
      },
    });
  });
  afterEach(async () => {
    await fs.promises.rm(testFolder, { recursive: true, force: true });
  });
 });
--- a/cli/src/commands/asset.ts
+++ b/cli/src/commands/asset.ts
@@ -1,9 +1,7 @@
 import {
  Action,
  AssetBulkUploadCheckItem,
  AssetBulkUploadCheckResult,
-  AssetMediaResponseDto,
+  AssetFileUploadResponseDto,
  AssetMediaStatus,
  addAssetsToAlbum,
  checkBulkUpload,
  createAlbum,
@@ -12,18 +10,13 @@ import {
  getSupportedMediaTypes,
 } from '@immich/sdk';
 import byteSize from 'byte-size';
-import { Matcher, watch as watchFs } from 'chokidar';
+import { Presets, SingleBar } from 'cli-progress';
 import { MultiBar, Presets, SingleBar } from 'cli-progress';
 import { chunk } from 'lodash-es';
 import micromatch from 'micromatch';
 import { Stats, createReadStream } from 'node:fs';
 import { stat, unlink } from 'node:fs/promises';
 import os from 'node:os';
 import path, { basename } from 'node:path';
-import { Queue } from 'src/queue';
+import { BaseOptions, authenticate, crawl, sha1 } from 'src/utils';
 import { BaseOptions, Batcher, authenticate, crawl, sha1 } from 'src/utils';
 const UPLOAD_WATCH_BATCH_SIZE = 100;
 const UPLOAD_WATCH_DEBOUNCE_TIME_MS = 10_000;
 const s = (count: number) => (count === 1 ? '' : 's');
@@ -31,20 +24,16 @@ const s = (count: number) => (count === 1 ? '' : 's');
 type AssetBulkUploadCheckResults = Array<AssetBulkUploadCheckResult & { id: string }>;
 type Asset = { id: string; filepath: string };
-export interface UploadOptionsDto {
+interface UploadOptionsDto {
  recursive?: boolean;
  ignore?: string;
  dryRun?: boolean;
  skipHash?: boolean;
  delete?: boolean;
  deleteDuplicates?: boolean;
  album?: boolean;
  albumName?: string;
  includeHidden?: boolean;
  concurrency: number;
  progress?: boolean;
  watch?: boolean;
  jsonOutput?: boolean;
 }
 class UploadFile extends File {
@@ -64,98 +53,19 @@ class UploadFile extends File {
  }
 }
 const uploadBatch = async (files: string[], options: UploadOptionsDto) => {
  const { newFiles, duplicates } = await checkForDuplicates(files, options);
  const newAssets = await uploadFiles(newFiles, options);
  if (options.jsonOutput) {
    console.log(JSON.stringify({ newFiles, duplicates, newAssets }, undefined, 4));
  }
  await updateAlbums([...newAssets, ...duplicates], options);
  await deleteFiles(newAssets, duplicates, options);
 };
 export const startWatch = async (
  paths: string[],
  options: UploadOptionsDto,
  {
    batchSize = UPLOAD_WATCH_BATCH_SIZE,
    debounceTimeMs = UPLOAD_WATCH_DEBOUNCE_TIME_MS,
  }: { batchSize?: number; debounceTimeMs?: number } = {},
 ) => {
  const watcherIgnored: Matcher[] = [];
  const { image, video } = await getSupportedMediaTypes();
  const extensions = new Set([...image, ...video]);
  if (options.ignore) {
    watcherIgnored.push((path) => micromatch.contains(path, `**/${options.ignore}`));
  }
  const pathsBatcher = new Batcher<string>({
    batchSize,
    debounceTimeMs,
    onBatch: async (paths: string[]) => {
      const uniquePaths = [...new Set(paths)];
      await uploadBatch(uniquePaths, options);
    },
  });
  const onFile = async (path: string, stats?: Stats) => {
    if (stats?.isDirectory()) {
      return;
    }
    const ext = '.' + path.split('.').pop()?.toLowerCase();
    if (!ext || !extensions.has(ext)) {
      return;
    }
    if (!options.progress) {
      // logging when progress is disabled as it can cause issues with the progress bar rendering
      console.log(`Change detected: ${path}`);
    }
    pathsBatcher.add(path);
  };
  const fsWatcher = watchFs(paths, {
    ignoreInitial: true,
    ignored: watcherIgnored,
    alwaysStat: true,
    awaitWriteFinish: true,
    depth: options.recursive ? undefined : 1,
    persistent: true,
  })
    .on('add', onFile)
    .on('change', onFile)
    .on('error', (error) => console.error(`Watcher error: ${error}`));
  process.on('SIGINT', async () => {
    console.log('Exiting...');
    await fsWatcher.close();
    process.exit();
  });
 };
 export const upload = async (paths: string[], baseOptions: BaseOptions, options: UploadOptionsDto) => {
  await authenticate(baseOptions);
  const scanFiles = await scan(paths, options);
  if (scanFiles.length === 0) {
-    if (options.watch) {
+    console.log('No files found, exiting');
-      console.log('No files found initially.');
+    return;
    } else {
      console.log('No files found, exiting');
      return;
    }
  }
-  if (options.watch) {
+  const { newFiles, duplicates } = await checkForDuplicates(scanFiles, options);
-    console.log('Watching for changes...');
+  const newAssets = await uploadFiles(newFiles, options);
-    await startWatch(paths, options);
+  await updateAlbums([...newAssets, ...duplicates], options);
-    // watcher does not handle the initial scan
+  await deleteFiles(newFiles, options);
    // as the scan() is a more efficient quick start with batched results
  }
  await uploadBatch(scanFiles, options);
 };
 const scan = async (pathsToCrawl: string[], options: UploadOptionsDto) => {
@@ -173,102 +83,48 @@ const scan = async (pathsToCrawl: string[], options: UploadOptionsDto) => {
  return files;
 };
-export const checkForDuplicates = async (files: string[], { concurrency, skipHash, progress }: UploadOptionsDto) => {
+const checkForDuplicates = async (files: string[], { concurrency, skipHash }: UploadOptionsDto) => {
  if (skipHash) {
    console.log('Skipping hash check, assuming all files are new');
    return { newFiles: files, duplicates: [] };
  }
-  let multiBar: MultiBar | undefined;
+  const progressBar = new SingleBar(
    { format: 'Checking files | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
    Presets.shades_classic,
  );
-  if (progress) {
+  progressBar.start(files.length, 0);
    multiBar = new MultiBar(
      { format: '{message} | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
      Presets.shades_classic,
    );
  } else {
    console.log(`Received ${files.length} files, hashing...`);
  }
  const hashProgressBar = multiBar?.create(files.length, 0, { message: 'Hashing files          ' });
  const checkProgressBar = multiBar?.create(files.length, 0, { message: 'Checking for duplicates' });
  const newFiles: string[] = [];
  const duplicates: Asset[] = [];
-  const checkBulkUploadQueue = new Queue<AssetBulkUploadCheckItem[], void>(
+  try {
-    async (assets: AssetBulkUploadCheckItem[]) => {
+    // TODO refactor into a queue
-      const response = await checkBulkUpload({ assetBulkUploadCheckDto: { assets } });
+    for (const items of chunk(files, concurrency)) {
      const dto = await Promise.all(items.map(async (filepath) => ({ id: filepath, checksum: await sha1(filepath) })));
      const { results } = await checkBulkUpload({ assetBulkUploadCheckDto: { assets: dto } });
-      const results = response.results as AssetBulkUploadCheckResults;
+      for (const { id: filepath, assetId, action } of results as AssetBulkUploadCheckResults) {
      for (const { id: filepath, assetId, action } of results) {
        if (action === Action.Accept) {
          newFiles.push(filepath);
        } else {
          // rejects are always duplicates
          duplicates.push({ id: assetId as string, filepath });
        }
        progressBar.increment();
      }
-
+    }
-      checkProgressBar?.increment(assets.length);
+  } finally {
-    },
+    progressBar.stop();
    { concurrency, retry: 3 },
  );
  const results: { id: string; checksum: string }[] = [];
  let checkBulkUploadRequests: AssetBulkUploadCheckItem[] = [];
  const queue = new Queue<string, AssetBulkUploadCheckItem[]>(
    async (filepath: string): Promise<AssetBulkUploadCheckItem[]> => {
      const dto = { id: filepath, checksum: await sha1(filepath) };
      results.push(dto);
      checkBulkUploadRequests.push(dto);
      if (checkBulkUploadRequests.length === 5000) {
        const batch = checkBulkUploadRequests;
        checkBulkUploadRequests = [];
        void checkBulkUploadQueue.push(batch);
      }
      hashProgressBar?.increment();
      return results;
    },
    { concurrency, retry: 3 },
  );
  for (const item of files) {
    void queue.push(item);
  }
  await queue.drained();
  if (checkBulkUploadRequests.length > 0) {
    void checkBulkUploadQueue.push(checkBulkUploadRequests);
  }
  await checkBulkUploadQueue.drained();
  multiBar?.stop();
  console.log(`Found ${newFiles.length} new files and ${duplicates.length} duplicate${s(duplicates.length)}`);
  // Report failures
  const failedTasks = queue.tasks.filter((task) => task.status === 'failed');
  if (failedTasks.length > 0) {
    console.log(`Failed to verify ${failedTasks.length} file${s(failedTasks.length)}:`);
    for (const task of failedTasks) {
      console.log(`- ${task.data} - ${task.error}`);
    }
  }
  return { newFiles, duplicates };
 };
-export const uploadFiles = async (
+const uploadFiles = async (files: string[], { dryRun, concurrency }: UploadOptionsDto): Promise<Asset[]> => {
  files: string[],
  { dryRun, concurrency, progress }: UploadOptionsDto,
 ): Promise<Asset[]> => {
  if (files.length === 0) {
    console.log('All assets were already uploaded, nothing to do.');
    return [];
@@ -288,20 +144,12 @@ export const uploadFiles = async (
    return files.map((filepath) => ({ id: '', filepath }));
  }
-  let uploadProgress: SingleBar | undefined;
+  const uploadProgress = new SingleBar(
-
+    { format: 'Uploading assets | {bar} | {percentage}% | ETA: {eta_formatted} | {value_formatted}/{total_formatted}' },
-  if (progress) {
+    Presets.shades_classic,
-    uploadProgress = new SingleBar(
+  );
-      {
+  uploadProgress.start(totalSize, 0);
-        format: 'Uploading assets | {bar} | {percentage}% | ETA: {eta_formatted} | {value_formatted}/{total_formatted}',
+  uploadProgress.update({ value_formatted: 0, total_formatted: byteSize(totalSize) });
      },
      Presets.shades_classic,
    );
  } else {
    console.log(`Uploading ${files.length} asset${s(files.length)} (${byteSize(totalSize)})`);
  }
  uploadProgress?.start(totalSize, 0);
  uploadProgress?.update({ value_formatted: 0, total_formatted: byteSize(totalSize) });
  let duplicateCount = 0;
  let duplicateSize = 0;
@@ -310,56 +158,41 @@ export const uploadFiles = async (
  const newAssets: Asset[] = [];
-  const queue = new Queue<string, AssetMediaResponseDto>(
+  try {
-    async (filepath: string) => {
+    for (const items of chunk(files, concurrency)) {
-      const stats = statsMap.get(filepath);
+      await Promise.all(
-      if (!stats) {
+        items.map(async (filepath) => {
-        throw new Error(`Stats not found for ${filepath}`);
+          const stats = statsMap.get(filepath) as Stats;
-      }
+          const response = await uploadFile(filepath, stats);
-      const response = await uploadFile(filepath, stats);
+          newAssets.push({ id: response.id, filepath });
      newAssets.push({ id: response.id, filepath });
      if (response.status === AssetMediaStatus.Duplicate) {
        duplicateCount++;
        duplicateSize += stats.size ?? 0;
      } else {
        successCount++;
        successSize += stats.size ?? 0;
      }
-      uploadProgress?.update(successSize, { value_formatted: byteSize(successSize + duplicateSize) });
+          if (response.duplicate) {
            duplicateCount++;
            duplicateSize += stats.size ?? 0;
          } else {
            successCount++;
            successSize += stats.size ?? 0;
          }
-      return response;
+          uploadProgress.update(successSize, { value_formatted: byteSize(successSize + duplicateSize) });
    },
    { concurrency, retry: 3 },
  );
-  for (const item of files) {
+          return response;
-    void queue.push(item);
+        }),
      );
    }
  } finally {
    uploadProgress.stop();
  }
  await queue.drained();
  uploadProgress?.stop();
  console.log(`Successfully uploaded ${successCount} new asset${s(successCount)} (${byteSize(successSize)})`);
  if (duplicateCount > 0) {
    console.log(`Skipped ${duplicateCount} duplicate asset${s(duplicateCount)} (${byteSize(duplicateSize)})`);
  }
  // Report failures
  const failedTasks = queue.tasks.filter((task) => task.status === 'failed');
  if (failedTasks.length > 0) {
    console.log(`Failed to upload ${failedTasks.length} asset${s(failedTasks.length)}:`);
    for (const task of failedTasks) {
      console.log(`- ${task.data} - ${task.error}`);
    }
  }
  return newAssets;
 };
-const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaResponseDto> => {
+const uploadFile = async (input: string, stats: Stats): Promise<AssetFileUploadResponseDto> => {
  const { baseUrl, headers } = defaults;
  const assetPath = path.parse(input);
@@ -392,7 +225,7 @@ const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaRespon
    formData.append('sidecarData', sidecarData);
  }
-  const response = await fetch(`${baseUrl}/assets`, {
+  const response = await fetch(`${baseUrl}/asset/upload`, {
    method: 'post',
    redirect: 'error',
    headers: headers as Record<string, string>,
@@ -405,46 +238,28 @@ const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaRespon
  return response.json();
 };
-const deleteFiles = async (uploaded: Asset[], duplicates: Asset[], options: UploadOptionsDto): Promise<void> => {
+const deleteFiles = async (files: string[], options: UploadOptionsDto): Promise<void> => {
-  let fileCount = 0;
+  if (!options.delete) {
  if (options.delete) {
    fileCount += uploaded.length;
  }
  if (options.deleteDuplicates) {
    fileCount += duplicates.length;
  }
  if (options.dryRun) {
    console.log(`Would have deleted ${fileCount} local asset${s(fileCount)}`);
    return;
  }
-  if (fileCount === 0) {
+  if (options.dryRun) {
    console.log(`Would have deleted ${files.length} local asset${s(files.length)}`);
    return;
  }
  console.log('Deleting assets that have been uploaded...');
  const deletionProgress = new SingleBar(
    { format: 'Deleting local assets | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
    Presets.shades_classic,
  );
-  deletionProgress.start(fileCount, 0);
+  deletionProgress.start(files.length, 0);
  const chunkDelete = async (files: Asset[]) => {
    for (const assetBatch of chunk(files, options.concurrency)) {
      await Promise.all(assetBatch.map((input: Asset) => unlink(input.filepath)));
      deletionProgress.update(assetBatch.length);
    }
  };
  try {
-    if (options.delete) {
+    for (const assetBatch of chunk(files, options.concurrency)) {
-      await chunkDelete(uploaded);
+      await Promise.all(assetBatch.map((input: string) => unlink(input)));
-    }
+      deletionProgress.update(assetBatch.length);
    if (options.deleteDuplicates) {
      await chunkDelete(duplicates);
    }
  } finally {
    deletionProgress.stop();
@@ -530,9 +345,7 @@ const updateAlbums = async (assets: Asset[], options: UploadOptionsDto) => {
  }
 };
-// `filepath` valid format:
+const getAlbumName = (filepath: string, options: UploadOptionsDto) => {
-// - Windows: `D:\\test\\Filename.txt` or `D:/test/Filename.txt`
+  const folderName = os.platform() === 'win32' ? filepath.split('\\').at(-2) : filepath.split('/').at(-2);
-// - Unix: `/test/Filename.txt`
+  return options.albumName ?? folderName;
 export const getAlbumName = (filepath: string, options: UploadOptionsDto) => {
  return options.albumName ?? path.basename(path.dirname(filepath));
 };
--- a/cli/src/commands/auth.ts
+++ b/cli/src/commands/auth.ts
@@ -1,4 +1,4 @@
-import { getMyUser } from '@immich/sdk';
+import { getMyUserInfo } from '@immich/sdk';
 import { existsSync } from 'node:fs';
 import { mkdir, unlink } from 'node:fs/promises';
 import { BaseOptions, connect, getAuthFilePath, logError, withError, writeAuthFile } from 'src/utils';
@@ -10,13 +10,13 @@ export const login = async (url: string, key: string, options: BaseOptions) => {
  await connect(url, key);
-  const [error, user] = await withError(getMyUser());
+  const [error, userInfo] = await withError(getMyUserInfo());
  if (error) {
    logError(error, 'Failed to load user info');
    process.exit(1);
  }
-  console.log(`Logged in as ${user.email}`);
+  console.log(`Logged in as ${userInfo.email}`);
  if (!existsSync(configDir)) {
    // Create config folder if it doesn't exist
--- a/cli/src/commands/server-info.ts
+++ b/cli/src/commands/server-info.ts
@@ -1,4 +1,4 @@
-import { getAssetStatistics, getMyUser, getServerVersion, getSupportedMediaTypes } from '@immich/sdk';
+import { getAssetStatistics, getMyUserInfo, getServerVersion, getSupportedMediaTypes } from '@immich/sdk';
 import { BaseOptions, authenticate } from 'src/utils';
 export const serverInfo = async (options: BaseOptions) => {
@@ -8,7 +8,7 @@ export const serverInfo = async (options: BaseOptions) => {
    getServerVersion(),
    getSupportedMediaTypes(),
    getAssetStatistics({}),
-    getMyUser(),
+    getMyUserInfo(),
  ]);
  console.log(`Server Info (via ${userInfo.email})`);
--- a/cli/src/index.ts
+++ b/cli/src/index.ts
@@ -8,7 +8,6 @@ import { serverInfo } from 'src/commands/server-info';
 import { version } from '../package.json';
 const defaultConfigDirectory = path.join(os.homedir(), '.config/immich/');
 const defaultConcurrency = Math.max(1, os.cpus().length - 1);
 const program = new Command()
  .name('immich')
@@ -67,26 +66,9 @@ program
  .addOption(
    new Option('-c, --concurrency <number>', 'Number of assets to upload at the same time')
      .env('IMMICH_UPLOAD_CONCURRENCY')
-      .default(defaultConcurrency),
+      .default(4),
  )
  .addOption(
    new Option('-j, --json-output', 'Output detailed information in json format')
      .env('IMMICH_JSON_OUTPUT')
      .default(false),
  )
  .addOption(new Option('--delete', 'Delete local assets after upload').env('IMMICH_DELETE_ASSETS'))
  .addOption(
    new Option('--delete-duplicates', 'Delete local assets that are duplicates (already exist on server)').env(
      'IMMICH_DELETE_DUPLICATES',
    ),
  )
  .addOption(new Option('--no-progress', 'Hide progress bars').env('IMMICH_PROGRESS_BAR').default(true))
  .addOption(
    new Option('--watch', 'Watch for changes and upload automatically')
      .env('IMMICH_WATCH_CHANGES')
      .default(false)
      .implies({ progress: false }),
  )
  .argument('[paths...]', 'One or more paths to assets to be uploaded')
  .action((paths, options) => upload(paths, program.opts(), options));
--- a/cli/src/queue.ts
+++ b/cli/src/queue.ts
@@ -1,131 +0,0 @@
 import * as fastq from 'fastq';
 import { uniqueId } from 'lodash-es';
 export type Task<T, R> = {
  readonly id: string;
  status: 'idle' | 'processing' | 'succeeded' | 'failed';
  data: T;
  error: unknown | undefined;
  count: number;
  // TODO: Could be useful to adding progress property.
  // TODO: Could be useful to adding start_at/end_at/duration properties.
  result: undefined | R;
 };
 export type QueueOptions = {
  verbose?: boolean;
  concurrency?: number;
  retry?: number;
  // TODO: Could be useful to adding timeout property for retry.
 };
 export type ComputedQueueOptions = Required<QueueOptions>;
 export const defaultQueueOptions = {
  concurrency: 1,
  retry: 0,
  verbose: false,
 };
 /**
 * An in-memory queue that processes tasks in parallel with a given concurrency.
 * @see {@link https://www.npmjs.com/package/fastq}
 * @template T - The type of the worker task data.
 * @template R - The type of the worker output data.
 */
 export class Queue<T, R> {
  private readonly queue: fastq.queueAsPromised<string, Task<T, R>>;
  private readonly store = new Map<string, Task<T, R>>();
  readonly options: ComputedQueueOptions;
  readonly worker: (data: T) => Promise<R>;
  /**
   * Create a new queue.
   * @param worker - The worker function that processes the task.
   * @param options - The queue options.
   */
  constructor(worker: (data: T) => Promise<R>, options?: QueueOptions) {
    this.options = { ...defaultQueueOptions, ...options };
    this.worker = worker;
    this.store = new Map<string, Task<T, R>>();
    this.queue = this.buildQueue();
  }
  get tasks(): Task<T, R>[] {
    const tasks: Task<T, R>[] = [];
    for (const task of this.store.values()) {
      tasks.push(task);
    }
    return tasks;
  }
  getTask(id: string): Task<T, R> {
    const task = this.store.get(id);
    if (!task) {
      throw new Error(`Task with id ${id} not found`);
    }
    return task;
  }
  /**
   * Wait for the queue to be empty.
   * @returns Promise<void> - The returned Promise will be resolved when all tasks in the queue have been processed by a worker.
   * This promise could be ignored as it will not lead to a `unhandledRejection`.
   */
  drained(): Promise<void> {
    return this.queue.drained();
  }
  /**
   * Add a task at the end of the queue.
   * @see {@link https://www.npmjs.com/package/fastq}
   * @param data
   * @returns Promise<void> - A Promise that will be fulfilled (rejected) when the task is completed successfully (unsuccessfully).
   * This promise could be ignored as it will not lead to a `unhandledRejection`.
   */
  async push(data: T): Promise<Task<T, R>> {
    const id = uniqueId();
    const task: Task<T, R> = { id, status: 'idle', error: undefined, count: 0, data, result: undefined };
    this.store.set(id, task);
    return this.queue.push(id);
  }
  // TODO: Support more function delegation to fastq.
  private buildQueue(): fastq.queueAsPromised<string, Task<T, R>> {
    return fastq.promise((id: string) => {
      const task = this.getTask(id);
      return this.work(task);
    }, this.options.concurrency);
  }
  private async work(task: Task<T, R>): Promise<Task<T, R>> {
    task.count += 1;
    task.error = undefined;
    task.status = 'processing';
    if (this.options.verbose) {
      console.log('[task] processing:', task);
    }
    try {
      task.result = await this.worker(task.data);
      task.status = 'succeeded';
      if (this.options.verbose) {
        console.log('[task] succeeded:', task);
      }
      return task;
    } catch (error) {
      task.error = error;
      task.status = 'failed';
      if (this.options.verbose) {
        console.log('[task] failed:', task);
      }
      if (this.options.retry > 0 && task.count < this.options.retry) {
        if (this.options.verbose) {
          console.log('[task] retry:', task);
        }
        return this.work(task);
      }
      return task;
    }
  }
 }
--- a/cli/src/utils.spec.ts
+++ b/cli/src/utils.spec.ts
@@ -1,21 +1,14 @@
 import mockfs from 'mock-fs';
-import { readFileSync } from 'node:fs';
+import { CrawlOptions, crawl } from 'src/utils';
 import { Batcher, CrawlOptions, crawl } from 'src/utils';
 import { Mock } from 'vitest';
 interface Test {
  test: string;
  options: Omit<CrawlOptions, 'extensions'>;
  files: Record<string, boolean>;
  skipOnWin32?: boolean;
 }
 const cwd = process.cwd();
 const readContent = (path: string) => {
  return readFileSync(path).toString();
 };
 const extensions = [
  '.jpg',
  '.jpeg',
@@ -50,18 +43,6 @@ const tests: Test[] = [
      '/photos/image.jpg': true,
    },
  },
  {
    test: 'should crawl folders with quotes',
    options: {
      pathsToCrawl: ["/photo's/", '/photo"s/', '/photo`s/'],
    },
    files: {
      "/photo's/image1.jpg": true,
      '/photo"s/image2.jpg': true,
      '/photo`s/image3.jpg': true,
    },
    skipOnWin32: true, // single quote interferes with mockfs root on Windows
  },
  {
    test: 'should crawl a single file',
    options: {
@@ -129,7 +110,17 @@ const tests: Test[] = [
      '/albums/image3.jpg': true,
    },
  },
-
+  {
    test: 'should support globbing paths',
    options: {
      pathsToCrawl: ['/photos*'],
    },
    files: {
      '/photos1/image1.jpg': true,
      '/photos2/image2.jpg': true,
      '/images/image3.jpg': false,
    },
  },
  {
    test: 'should crawl a single path without trailing slash',
    options: {
@@ -265,8 +256,7 @@ const tests: Test[] = [
  {
    test: 'should support ignoring absolute paths',
    options: {
-      // Currently, fast-glob has some caveat when dealing with `/`.
+      pathsToCrawl: ['/'],
      pathsToCrawl: ['/*s'],
      recursive: true,
      exclusionPattern: '/images/**',
    },
@@ -284,58 +274,17 @@ describe('crawl', () => {
  });
  describe('crawl', () => {
-    for (const { test: name, options, files, skipOnWin32 } of tests) {
+    for (const { test, options, files } of tests) {
-      if (process.platform === 'win32' && skipOnWin32) {
+      it(test, async () => {
-        test.skip(name);
+        mockfs(Object.fromEntries(Object.keys(files).map((file) => [file, ''])));
        continue;
      }
      it(name, async () => {
        // The file contents is the same as the path.
        mockfs(Object.fromEntries(Object.keys(files).map((file) => [file, file])));
        const actual = await crawl({ ...options, extensions });
        const expected = Object.entries(files)
          .filter((entry) => entry[1])
          .map(([file]) => file);
-        // Compare file's content instead of path since a file can be represent in multiple ways.
+        expect(actual.sort()).toEqual(expected.sort());
        expect(actual.map((path) => readContent(path)).toSorted()).toEqual(expected.toSorted());
      });
    }
  });
 });
 describe('Batcher', () => {
  let batcher: Batcher;
  let onBatch: Mock;
  beforeEach(() => {
    onBatch = vi.fn();
    batcher = new Batcher({ batchSize: 2, onBatch });
  });
  it('should trigger onBatch() when a batch limit is reached', async () => {
    batcher.add('a');
    batcher.add('b');
    batcher.add('c');
    expect(onBatch).toHaveBeenCalledOnce();
    expect(onBatch).toHaveBeenCalledWith(['a', 'b']);
  });
  it('should trigger onBatch() when flush() is called', async () => {
    batcher.add('a');
    batcher.flush();
    expect(onBatch).toHaveBeenCalledOnce();
    expect(onBatch).toHaveBeenCalledWith(['a']);
  });
  it('should trigger onBatch() when debounce time reached', async () => {
    vi.useFakeTimers();
    batcher = new Batcher({ batchSize: 2, debounceTimeMs: 100, onBatch });
    batcher.add('a');
    expect(onBatch).not.toHaveBeenCalled();
    vi.advanceTimersByTime(200);
    expect(onBatch).toHaveBeenCalledOnce();
    expect(onBatch).toHaveBeenCalledWith(['a']);
    vi.useRealTimers();
  });
 });
--- a/cli/src/utils.ts
+++ b/cli/src/utils.ts
@@ -1,9 +1,8 @@
-import { getMyUser, init, isHttpError } from '@immich/sdk';
+import { defaults, getMyUserInfo, isHttpError } from '@immich/sdk';
-import { convertPathToPattern, glob } from 'fast-glob';
+import { glob } from 'fast-glob';
 import { createHash } from 'node:crypto';
 import { createReadStream } from 'node:fs';
 import { readFile, stat, writeFile } from 'node:fs/promises';
 import { platform } from 'node:os';
 import { join, resolve } from 'node:path';
 import yaml from 'yaml';
@@ -47,9 +46,10 @@ export const connect = async (url: string, key: string) => {
    // noop
  }
-  init({ baseUrl: url, apiKey: key });
+  defaults.baseUrl = url;
  defaults.headers = { 'x-api-key': key };
-  const [error] = await withError(getMyUser());
+  const [error] = await withError(getMyUserInfo());
  if (isHttpError(error)) {
    logError(error, 'Failed to connect to server');
    process.exit(1);
@@ -107,11 +107,6 @@ export interface CrawlOptions {
  exclusionPattern?: string;
  extensions: string[];
 }
 const convertPathToPatternOnWin = (path: string) => {
  return platform() === 'win32' ? convertPathToPattern(path) : path;
 };
 export const crawl = async (options: CrawlOptions): Promise<string[]> => {
  const { extensions: extensionsWithPeriod, recursive, pathsToCrawl, exclusionPattern, includeHidden } = options;
  const extensions = extensionsWithPeriod.map((extension) => extension.replace('.', ''));
@@ -130,37 +125,41 @@ export const crawl = async (options: CrawlOptions): Promise<string[]> => {
      if (stats.isFile() || stats.isSymbolicLink()) {
        crawledFiles.push(absolutePath);
      } else {
-        patterns.push(convertPathToPatternOnWin(absolutePath));
+        patterns.push(absolutePath);
      }
    } catch (error: any) {
      if (error.code === 'ENOENT') {
-        patterns.push(convertPathToPatternOnWin(currentPath));
+        patterns.push(currentPath);
      } else {
        throw error;
      }
    }
  }
-  if (patterns.length === 0) {
+  let searchPattern: string;
  if (patterns.length === 1) {
    searchPattern = patterns[0];
  } else if (patterns.length === 0) {
    return crawledFiles;
  } else {
    searchPattern = '{' + patterns.join(',') + '}';
  }
-  const searchPatterns = patterns.map((pattern) => {
+  if (recursive) {
-    let escapedPattern = pattern.replaceAll("'", "[']").replaceAll('"', '["]').replaceAll('`', '[`]');
+    searchPattern = searchPattern + '/**/';
-    if (recursive) {
+  }
      escapedPattern = escapedPattern + '/**';
    }
    return `${escapedPattern}/*.{${extensions.join(',')}}`;
  });
-  const globbedFiles = await glob(searchPatterns, {
+  searchPattern = `${searchPattern}/*.{${extensions.join(',')}}`;
  const globbedFiles = await glob(searchPattern, {
    absolute: true,
    caseSensitiveMatch: false,
    onlyFiles: true,
    dot: includeHidden,
    ignore: [`**/${exclusionPattern}`],
  });
  globbedFiles.push(...crawledFiles);
-  return globbedFiles.toSorted();
+  return globbedFiles.sort();
 };
 export const sha1 = (filepath: string) => {
@@ -172,64 +171,3 @@ export const sha1 = (filepath: string) => {
    rs.on('end', () => resolve(hash.digest('hex')));
  });
 };
 /**
 * Batches items and calls onBatch to process them
 * when the batch size is reached or the debounce time has passed.
 */
 export class Batcher<T = unknown> {
  private items: T[] = [];
  private readonly batchSize: number;
  private readonly debounceTimeMs?: number;
  private readonly onBatch: (items: T[]) => void;
  private debounceTimer?: NodeJS.Timeout;
  constructor({
    batchSize,
    debounceTimeMs,
    onBatch,
  }: {
    batchSize: number;
    debounceTimeMs?: number;
    onBatch: (items: T[]) => Promise<void>;
  }) {
    this.batchSize = batchSize;
    this.debounceTimeMs = debounceTimeMs;
    this.onBatch = onBatch;
  }
  private setDebounceTimer() {
    if (this.debounceTimer) {
      clearTimeout(this.debounceTimer);
    }
    if (this.debounceTimeMs) {
      this.debounceTimer = setTimeout(() => this.flush(), this.debounceTimeMs);
    }
  }
  private clearDebounceTimer() {
    if (this.debounceTimer) {
      clearTimeout(this.debounceTimer);
      this.debounceTimer = undefined;
    }
  }
  add(item: T) {
    this.items.push(item);
    this.setDebounceTimer();
    if (this.items.length >= this.batchSize) {
      this.flush();
    }
  }
  flush() {
    this.clearDebounceTimer();
    if (this.items.length === 0) {
      return;
    }
    this.onBatch(this.items);
    this.items = [];
  }
 }
--- a/cli/src/version.ts
+++ b/cli/src/version.ts
@@ -0,0 +1,37 @@
 import { version } from '../package.json';
 export interface ICliVersion {
  major: number;
  minor: number;
  patch: number;
 }
 export class CliVersion implements ICliVersion {
  constructor(
    public readonly major: number,
    public readonly minor: number,
    public readonly patch: number,
  ) {}
  toString() {
    return `${this.major}.${this.minor}.${this.patch}`;
  }
  toJSON() {
    const { major, minor, patch } = this;
    return { major, minor, patch };
  }
  static fromString(version: string): CliVersion {
    const regex = /v?(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)/i;
    const matchResult = version.match(regex);
    if (matchResult) {
      const [, major, minor, patch] = matchResult.map(Number);
      return new CliVersion(major, minor, patch);
    } else {
      throw new Error(`Invalid version format: ${version}`);
    }
  }
 }
 export const cliVersion = CliVersion.fromString(version);
--- a/cli/tsconfig.json
+++ b/cli/tsconfig.json
@@ -9,7 +9,7 @@
    "experimentalDecorators": true,
    "allowSyntheticDefaultImports": true,
    "resolveJsonModule": true,
-    "target": "es2023",
+    "target": "es2022",
    "sourceMap": true,
    "outDir": "./dist",
    "incremental": true,
--- a/cli/vite.config.ts
+++ b/cli/vite.config.ts
@@ -2,7 +2,6 @@ import { defineConfig } from 'vite';
 import tsconfigPaths from 'vite-tsconfig-paths';
 export default defineConfig({
  resolve: { alias: { src: '/src' } },
  build: {
    rollupOptions: {
      input: 'src/index.ts',
--- a/deployment/.env
+++ b/deployment/.env
@@ -1,4 +0,0 @@
 export CLOUDFLARE_ACCOUNT_ID="op://tf/cloudflare/account_id"
 export CLOUDFLARE_API_TOKEN="op://tf/cloudflare/api_token"
 export TF_STATE_POSTGRES_CONN_STR="op://tf/tf_state/postgres_conn_str"
 export TF_VAR_env=$ENVIRONMENT
--- a/deployment/.gitignore
+++ b/deployment/.gitignore
@@ -1,38 +0,0 @@
 # OpenTofu
 # Local .terraform directories
 **/.terraform/*
 # .tfstate files
 *.tfstate
 *.tfstate.*
 # Crash log files
 crash.log
 crash.*.log
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
 override.tf.json
 *_override.tf
 *_override.tf.json
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
 # Terragrunt
 # terragrunt cache directories
 **/.terragrunt-cache/*
 # Terragrunt debug output file (when using `--terragrunt-debug` option)
 # See: https://terragrunt.gruntwork.io/docs/reference/cli-options/#terragrunt-debug
 terragrunt-debug.tfvars.json
--- a/deployment/mise.toml
+++ b/deployment/mise.toml
@@ -1,20 +0,0 @@
 [tools]
 terragrunt = "0.93.10"
 opentofu = "1.10.7"
 [tasks."tg:fmt"]
 run = "terragrunt hclfmt"
 description = "Format terragrunt files"
 [tasks.tf]
 run = "terragrunt run --all"
 description = "Wrapper for terragrunt run-all"
 dir = "{{cwd}}"
 [tasks."tf:fmt"]
 run = "tofu fmt -recursive tf/"
 description = "Format terraform files"
 [tasks."tf:init"]
 run = { task = "tf init -- -reconfigure" }
 dir = "{{cwd}}"
--- a/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
@@ -1,38 +0,0 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/cloudflare/cloudflare" {
  version     = "4.52.5"
  constraints = "4.52.5"
  hashes = [
    "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=",
    "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=",
    "h1:4vZVOpKeEQZsF2VrARRZFeL37Ed/gD4rRMtfnvWQres=",
    "h1:BZOsTF83QPKXTAaYqxPKzdl1KRjk/L2qbPpFjM0w28A=",
    "h1:CDuC+HXLvc1z6wkCRsSDcc/+QENIHEtssYshiWg3opA=",
    "h1:DE+YFzLnqSe79pI2R4idRGx5QzLdrA7RXvngTkGfZ30=",
    "h1:DfaJwH3Ml4yrRbdAY4AcDVy0QTQk5T3A622TXzS/u2E=",
    "h1:EIDXP0W3kgIv2pecrFmqtK/DnlqkyckzBzhxKaXU+4A=",
    "h1:EV4kYyaOnwGA0bh/3hU6Ezqnt1PFDxopH7i85e48IzY=",
    "h1:M0iXabfzamU+MPDi0G9XACpbacFKMakmM+Z9HZ8HrsM=",
    "h1:YWmCbGF/KbsrUzcYVBLscwLizidbp95TDQa0N2qpmVo=",
    "h1:cxPcCB5gbrpUO1+IXkQYs1YTY50/0IlApCzGea0cwuQ=",
    "h1:g6DldikTV2HXUu9uoeNY5FuLufgaYWF4ufgZg7wq62s=",
    "h1:oi/Hrx9pwoQ+Z52CBC+rrowVH387EIj0qvnxQgDeI+0=",
    "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b",
    "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a",
    "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7",
    "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238",
    "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b",
    "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072",
    "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661",
    "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
    "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54",
    "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852",
    "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0",
    "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5",
    "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036",
    "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803",
  ]
 }
--- a/deployment/modules/cloudflare/docs-release/config.tf
+++ b/deployment/modules/cloudflare/docs-release/config.tf
@@ -1,11 +0,0 @@
 terraform {
  backend "pg" {}
  required_version = "~> 1.7"
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
      version = "4.52.5"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs-release/domain.tf
+++ b/deployment/modules/cloudflare/docs-release/domain.tf
@@ -1,14 +0,0 @@
 resource "cloudflare_pages_domain" "immich_app_release_domain" {
  account_id   = var.cloudflare_account_id
  project_name = data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_name
  domain       = "docs.immich.app"
 }
 resource "cloudflare_record" "immich_app_release_domain" {
  name = "docs.immich.app"
  proxied = true
  ttl = 1
  type = "CNAME"
  content = data.terraform_remote_state.cloudflare_immich_app_docs.outputs.immich_app_branch_pages_hostname
  zone_id = data.terraform_remote_state.cloudflare_account.outputs.immich_app_zone_id
 }
--- a/deployment/modules/cloudflare/docs-release/providers.tf
+++ b/deployment/modules/cloudflare/docs-release/providers.tf
@@ -1,3 +0,0 @@
 provider "cloudflare" {
  api_token = data.terraform_remote_state.api_keys_state.outputs.terraform_key_cloudflare_docs
 }
--- a/deployment/modules/cloudflare/docs-release/remote-state.tf
+++ b/deployment/modules/cloudflare/docs-release/remote-state.tf
@@ -1,27 +0,0 @@
 data "terraform_remote_state" "api_keys_state" {
  backend = "pg"
  config = {
    conn_str = var.tf_state_postgres_conn_str
    schema_name = "prod_cloudflare_api_keys"
  }
 }
 data "terraform_remote_state" "cloudflare_account" {
  backend = "pg"
  config = {
    conn_str = var.tf_state_postgres_conn_str
    schema_name = "prod_cloudflare_account"
  }
 }
 data "terraform_remote_state" "cloudflare_immich_app_docs" {
  backend = "pg"
  config = {
    conn_str = var.tf_state_postgres_conn_str
    schema_name = "prod_cloudflare_immich_app_docs_${var.prefix_name}"
  }
 }
--- a/deployment/modules/cloudflare/docs-release/terragrunt.hcl
+++ b/deployment/modules/cloudflare/docs-release/terragrunt.hcl
@@ -1,20 +0,0 @@
 terraform {
  source = "."
  extra_arguments custom_vars {
    commands = get_terraform_commands_that_need_vars()
  }
 }
 include {
  path = find_in_parent_folders("state.hcl")
 }
 remote_state {
  backend = "pg"
  config = {
    conn_str = get_env("TF_STATE_POSTGRES_CONN_STR")
    schema_name = "prod_cloudflare_immich_app_docs_release"
  }
 }
--- a/deployment/modules/cloudflare/docs-release/variables.tf
+++ b/deployment/modules/cloudflare/docs-release/variables.tf
@@ -1,4 +0,0 @@
 variable "cloudflare_account_id" {}
 variable "tf_state_postgres_conn_str" {}
 variable "prefix_name" {}
--- a/deployment/modules/cloudflare/docs/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs/.terraform.lock.hcl
@@ -1,38 +0,0 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/cloudflare/cloudflare" {
  version     = "4.52.5"
  constraints = "4.52.5"
  hashes = [
    "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=",
    "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=",
    "h1:4vZVOpKeEQZsF2VrARRZFeL37Ed/gD4rRMtfnvWQres=",
    "h1:BZOsTF83QPKXTAaYqxPKzdl1KRjk/L2qbPpFjM0w28A=",
    "h1:CDuC+HXLvc1z6wkCRsSDcc/+QENIHEtssYshiWg3opA=",
    "h1:DE+YFzLnqSe79pI2R4idRGx5QzLdrA7RXvngTkGfZ30=",
    "h1:DfaJwH3Ml4yrRbdAY4AcDVy0QTQk5T3A622TXzS/u2E=",
    "h1:EIDXP0W3kgIv2pecrFmqtK/DnlqkyckzBzhxKaXU+4A=",
    "h1:EV4kYyaOnwGA0bh/3hU6Ezqnt1PFDxopH7i85e48IzY=",
    "h1:M0iXabfzamU+MPDi0G9XACpbacFKMakmM+Z9HZ8HrsM=",
    "h1:YWmCbGF/KbsrUzcYVBLscwLizidbp95TDQa0N2qpmVo=",
    "h1:cxPcCB5gbrpUO1+IXkQYs1YTY50/0IlApCzGea0cwuQ=",
    "h1:g6DldikTV2HXUu9uoeNY5FuLufgaYWF4ufgZg7wq62s=",
    "h1:oi/Hrx9pwoQ+Z52CBC+rrowVH387EIj0qvnxQgDeI+0=",
    "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b",
    "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a",
    "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7",
    "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238",
    "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b",
    "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072",
    "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661",
    "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
    "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54",
    "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852",
    "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0",
    "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5",
    "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036",
    "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803",
  ]
 }
--- a/deployment/modules/cloudflare/docs/config.tf
+++ b/deployment/modules/cloudflare/docs/config.tf
@@ -1,11 +0,0 @@
 terraform {
  backend "pg" {}
  required_version = "~> 1.7"
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
      version = "4.52.5"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs/domain.tf
+++ b/deployment/modules/cloudflare/docs/domain.tf
@@ -1,26 +0,0 @@
 resource "cloudflare_pages_domain" "immich_app_branch_domain" {
  account_id   = var.cloudflare_account_id
  project_name = local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_name : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_name
  domain       = "docs.${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
 }
 resource "cloudflare_record" "immich_app_branch_subdomain" {
  name    = "docs.${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
  proxied = true
  ttl     = 1
  type    = "CNAME"
  content   = "${replace(var.prefix_name, "/\\/|\\./", "-")}.${local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_subdomain : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_subdomain}"
  zone_id = data.terraform_remote_state.cloudflare_account.outputs.immich_app_zone_id
 }
 output "immich_app_branch_subdomain" {
  value = cloudflare_record.immich_app_branch_subdomain.hostname
 }
 output "immich_app_branch_pages_hostname" {
  value = cloudflare_record.immich_app_branch_subdomain.content
 }
 output "pages_project_name" {
  value = cloudflare_pages_domain.immich_app_branch_domain.project_name
 }
--- a/deployment/modules/cloudflare/docs/locals.tf
+++ b/deployment/modules/cloudflare/docs/locals.tf
@@ -1,7 +0,0 @@
 locals {
  domain_name = "immich.app"
  preview_prefix = contains(["branch", "pr"], var.prefix_event_type) ? "preview" : ""
  archive_prefix = contains(["release"], var.prefix_event_type) ? "archive" : ""
  deploy_domain_prefix = coalesce(local.preview_prefix, local.archive_prefix)
  is_release = contains(["release"], var.prefix_event_type)
 }
--- a/deployment/modules/cloudflare/docs/providers.tf
+++ b/deployment/modules/cloudflare/docs/providers.tf
@@ -1,3 +0,0 @@
 provider "cloudflare" {
  api_token = data.terraform_remote_state.api_keys_state.outputs.terraform_key_cloudflare_docs
 }
--- a/deployment/modules/cloudflare/docs/remote-state.tf
+++ b/deployment/modules/cloudflare/docs/remote-state.tf
@@ -1,17 +0,0 @@
 data "terraform_remote_state" "api_keys_state" {
  backend = "pg"
  config = {
    conn_str = var.tf_state_postgres_conn_str
    schema_name = "prod_cloudflare_api_keys"
  }
 }
 data "terraform_remote_state" "cloudflare_account" {
  backend = "pg"
  config = {
    conn_str = var.tf_state_postgres_conn_str
    schema_name = "prod_cloudflare_account"
  }
 }
--- a/deployment/modules/cloudflare/docs/terragrunt.hcl
+++ b/deployment/modules/cloudflare/docs/terragrunt.hcl
@@ -1,24 +0,0 @@
 terraform {
  source = "."
  extra_arguments custom_vars {
    commands = get_terraform_commands_that_need_vars()
  }
 }
 include {
  path = find_in_parent_folders("state.hcl")
 }
 locals {
  prefix_name = get_env("TF_VAR_prefix_name")
 }
 remote_state {
  backend = "pg"
  config = {
    conn_str = get_env("TF_STATE_POSTGRES_CONN_STR")
    schema_name = "prod_cloudflare_immich_app_docs_${local.prefix_name}"
  }
 }
--- a/deployment/modules/cloudflare/docs/variables.tf
+++ b/deployment/modules/cloudflare/docs/variables.tf
@@ -1,5 +0,0 @@
 variable "cloudflare_account_id" {}
 variable "tf_state_postgres_conn_str" {}
 variable "prefix_name" {}
 variable "prefix_event_type" {}
--- a/Show More
+++ b/Show More
`@@ -1 +1,2 @@`
		`blank_issues_enabled: false`
	`blank_pull_request_template_enabled: false`	`blank_pull_request_template_enabled: false`
`@@ -2,4 +2,4 @@`

	`## Reporting a Vulnerability`	`## Reporting a Vulnerability`

	Please report security issues to `security@immich.app`	Please report security issues to `alex.tran1502@gmail.com`
		`@@ -1,2 +0,0 @@`
			`#!/usr/bin/env node`
			`import '../dist/index.js';`