sync add

.devcontainer/devcontainer.json

@@ -2,7 +2,6 @@
   "name": "Immich - Backend, Frontend and ML",
   "service": "immich-server",
   "runServices": [
-    "immich-init",
     "immich-server",
     "redis",
     "database",
@@ -32,8 +31,29 @@
         "tasks": {
           "version": "2.0.0",
           "tasks": [
+            {
+              "label": "Fix Permissions, Install Dependencies",
+              "type": "shell",
+              "command": "[ -f /immich-devcontainer/container-start.sh ] && /immich-devcontainer/container-start.sh || exit 0",
+              "isBackground": true,
+              "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "dedicated",
+                "showReuseMessage": true,
+                "clear": false,
+                "group": "Devcontainer tasks",
+                "close": true
+              },
+              "runOptions": {
+                "runOn": "default"
+              },
+              "problemMatcher": []
+            },
             {
               "label": "Immich API Server (Nest)",
+              "dependsOn": ["Fix Permissions, Install Dependencies"],
               "type": "shell",
               "command": "[ -f /immich-devcontainer/container-start-backend.sh ] && /immich-devcontainer/container-start-backend.sh || exit 0",
               "isBackground": true,
@@ -54,6 +74,7 @@
             },
             {
               "label": "Immich Web Server (Vite)",
+              "dependsOn": ["Fix Permissions, Install Dependencies"],
               "type": "shell",
               "command": "[ -f /immich-devcontainer/container-start-frontend.sh ] && /immich-devcontainer/container-start-frontend.sh || exit 0",
               "isBackground": true,
@@ -109,8 +130,8 @@
     }
   },
   "overrideCommand": true,
-  "workspaceFolder": "/usr/src/app",
-  "remoteUser": "root",
+  "workspaceFolder": "/workspaces/immich",
+  "remoteUser": "node",
   "userEnvProbe": "loginInteractiveShell",
   "remoteEnv": {
     // The location where your uploaded files are stored

.devcontainer/mobile/container-compose-overrides.yml

@@ -1,17 +1,23 @@
 services:
-  immich-app-base:
-    image: busybox
   immich-server:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
-    image: immich-server-dev:latest
     build:
       target: dev-container-mobile
     environment:
       - IMMICH_SERVER_URL=http://127.0.0.1:2283/
-    volumes:
+    volumes: !override # bind mount host to /workspaces/immich
+      - ..:/workspaces/immich
       - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
+      - pnpm-store:/usr/src/app/.pnpm-store
+      - server-node_modules:/usr/src/app/server/node_modules
+      - web-node_modules:/usr/src/app/web/node_modules
+      - github-node_modules:/usr/src/app/.github/node_modules
+      - cli-node_modules:/usr/src/app/cli/node_modules
+      - docs-node_modules:/usr/src/app/docs/node_modules
+      - e2e-node_modules:/usr/src/app/e2e/node_modules
+      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
+      - app-node_modules:/usr/src/app/node_modules
+      - sveltekit:/usr/src/app/web/.svelte-kit
+      - coverage:/usr/src/app/web/coverage
       - /etc/localtime:/etc/localtime:ro
   immich-web:
     env_file: !reset []

.devcontainer/mobile/devcontainer.json

@@ -2,7 +2,6 @@
   "name": "Immich - Mobile",
   "service": "immich-server",
   "runServices": [
-    "immich-init",
     "immich-server",
     "redis",
     "database",
@@ -36,7 +35,7 @@
   },
   "forwardPorts": [],
   "overrideCommand": true,
-  "workspaceFolder": "/usr/src/app",
+  "workspaceFolder": "/workspaces/immich",
   "remoteUser": "node",
   "userEnvProbe": "loginInteractiveShell",
   "remoteEnv": {

.devcontainer/server/container-common.sh

@@ -2,6 +2,11 @@
 export IMMICH_PORT="${DEV_SERVER_PORT:-2283}"
 export DEV_PORT="${DEV_PORT:-3000}"
 
+# search for immich directory inside workspace.
+# /workspaces/immich is the bind mount, but other directories can be mounted if runing
+# Devcontainer: Clone [repository|pull request] in container volumne
+WORKSPACES_DIR="/workspaces"
+IMMICH_DIR="$WORKSPACES_DIR/immich"
 IMMICH_DEVCONTAINER_LOG="$HOME/immich-devcontainer.log"
 
 log() {
@@ -25,8 +30,52 @@ run_cmd() {
     return "${PIPESTATUS[0]}"
 }
 
-export IMMICH_WORKSPACE="/usr/src/app"
+# Find directories excluding /workspaces/immich
+mapfile -t other_dirs < <(find "$WORKSPACES_DIR" -mindepth 1 -maxdepth 1 -type d ! -path "$IMMICH_DIR" ! -name ".*")
+
+if [ ${#other_dirs[@]} -gt 1 ]; then
+    log "Error: More than one directory found in $WORKSPACES_DIR other than $IMMICH_DIR."
+    exit 1
+elif [ ${#other_dirs[@]} -eq 1 ]; then
+    export IMMICH_WORKSPACE="${other_dirs[0]}"
+else
+    export IMMICH_WORKSPACE="$IMMICH_DIR"
+fi
 
 log "Found immich workspace in $IMMICH_WORKSPACE"
 log ""
 
+fix_permissions() {
+
+    log "Fixing permissions for ${IMMICH_WORKSPACE}"
+
+    # Change ownership for directories that exist
+    for dir in "${IMMICH_WORKSPACE}/.vscode" \
+        "${IMMICH_WORKSPACE}/server/upload" \
+        "${IMMICH_WORKSPACE}/.pnpm-store" \
+        "${IMMICH_WORKSPACE}/.github/node_modules" \
+        "${IMMICH_WORKSPACE}/cli/node_modules" \
+        "${IMMICH_WORKSPACE}/e2e/node_modules" \
+        "${IMMICH_WORKSPACE}/open-api/typescript-sdk/node_modules" \
+        "${IMMICH_WORKSPACE}/server/node_modules" \
+        "${IMMICH_WORKSPACE}/server/dist" \
+        "${IMMICH_WORKSPACE}/web/node_modules" \
+        "${IMMICH_WORKSPACE}/web/dist"; do
+        if [ -d "$dir" ]; then
+            run_cmd sudo chown node -R "$dir"
+        fi
+    done
+
+    log ""
+}
+
+install_dependencies() {
+
+    log "Installing dependencies"
+    (
+        cd "${IMMICH_WORKSPACE}" || exit 1
+        export CI=1 FROZEN=1 OFFLINE=1
+        run_cmd make setup-web-dev setup-server-dev
+    )
+    log ""
+}

.devcontainer/server/container-compose-overrides.yml

@@ -1,21 +1,26 @@
 services:
-  immich-app-base:
-    image: busybox
   immich-server:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
-    image: immich-server-dev:latest
     build:
       target: dev-container-server
     env_file: !reset []
     hostname: immich-dev
     environment:
       - IMMICH_SERVER_URL=http://127.0.0.1:2283/
-    volumes:
+    volumes: !override
+      - ..:/workspaces/immich
       - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
       - /etc/localtime:/etc/localtime:ro
-      - pnpm_store_server:/buildcache/pnpm-store
+      - pnpm-store:/usr/src/app/.pnpm-store
+      - server-node_modules:/usr/src/app/server/node_modules
+      - web-node_modules:/usr/src/app/web/node_modules
+      - github-node_modules:/usr/src/app/.github/node_modules
+      - cli-node_modules:/usr/src/app/cli/node_modules
+      - docs-node_modules:/usr/src/app/docs/node_modules
+      - e2e-node_modules:/usr/src/app/e2e/node_modules
+      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
+      - app-node_modules:/usr/src/app/node_modules
+      - sveltekit:/usr/src/app/web/.svelte-kit
+      - coverage:/usr/src/app/web/coverage
       - ../plugins:/build/corePlugin
   immich-web:
     env_file: !reset []

.devcontainer/server/container-start.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+# shellcheck source=common.sh
+# shellcheck disable=SC1091
+source /immich-devcontainer/container-common.sh
+
+log "Setting up Immich dev container..."
+fix_permissions
+
+log "Setup complete, please wait while backend and frontend services automatically start"
+log
+log "If necessary, the services may be manually started using"
+log
+log "$ /immich-devcontainer/container-start-backend.sh"
+log "$ /immich-devcontainer/container-start-frontend.sh"
+log
+log "From different terminal windows, as these scripts automatically restart the server"
+log "on error, and will continuously run in a loop"

.gitattributes

@@ -6,12 +6,6 @@ mobile/openapi/**/*.dart linguist-generated=true
 mobile/lib/**/*.g.dart -diff -merge
 mobile/lib/**/*.g.dart linguist-generated=true
 
-mobile/android/**/*.g.kt -diff -merge
-mobile/android/**/*.g.kt linguist-generated=true
-
-mobile/ios/**/*.g.swift -diff -merge
-mobile/ios/**/*.g.swift linguist-generated=true
-
 mobile/lib/**/*.drift.dart -diff -merge
 mobile/lib/**/*.drift.dart linguist-generated=true
 

.github/.nvmrc

@@ -1 +1 @@
-24.14.1
+24.13.0

.github/package.json

@@ -1,7 +1,7 @@
 {
   "scripts": {
-    "format": "prettier --cache --check .",
-    "format:fix": "prettier --cache --write --list-different ."
+    "format": "prettier --check .",
+    "format:fix": "prettier --write ."
   },
   "devDependencies": {
     "prettier": "^3.7.4"

.github/pull_request_template.md

@@ -26,7 +26,6 @@ The `/api/something` endpoint is now `/api/something-else`
 
 ## Checklist:
 
-- [ ] I have carefully read CONTRIBUTING.md
 - [ ] I have performed a self-review of my own code
 - [ ] I have made corresponding changes to the documentation if applicable
 - [ ] I have no unrelated changes in the PR.

.github/workflows/auto-close.yml

@@ -1,148 +0,0 @@
-name: Auto-close PRs
-
-on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers]
-    types: [opened, edited, labeled]
-
-permissions: {}
-
-jobs:
-  parse_template:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.action != 'labeled' && github.event.pull_request.head.repo.fork == true }}
-    permissions:
-      contents: read
-    outputs:
-      uses_template: ${{ steps.check.outputs.uses_template }}
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          sparse-checkout: .github/pull_request_template.md
-          sparse-checkout-cone-mode: false
-          persist-credentials: false
-
-      - name: Check required sections
-        id: check
-        env:
-          BODY: ${{ github.event.pull_request.body }}
-        run: |
-          OK=true
-          while IFS= read -r header; do
-            printf '%s\n' "$BODY" | grep -qF "$header" || OK=false
-          done < <(sed '/<!--/,/-->/d' .github/pull_request_template.md | grep "^## ")
-          echo "uses_template=$OK" | tee --append "$GITHUB_OUTPUT"
-
-  close_template:
-    runs-on: ubuntu-latest
-    needs: parse_template
-    if: >-
-      ${{
-        needs.parse_template.outputs.uses_template == 'false'
-        && github.event.pull_request.state != 'closed'
-        && !contains(github.event.pull_request.labels.*.name, 'auto-closed:template')
-      }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Comment and close
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.pull_request.node_id }}
-        run: |
-          gh api graphql \
-            -f prId="$NODE_ID" \
-            -f body="This PR has been automatically closed as the description doesn't follow [our template](https://github.com/immich-app/immich/blob/main/.github/pull_request_template.md). After you edit it to match the template, the PR will automatically be reopened." \
-            -f query='
-              mutation CommentAndClosePR($prId: ID!, $body: String!) {
-                addComment(input: {
-                  subjectId: $prId,
-                  body: $body
-                }) {
-                  __typename
-                }
-                closePullRequest(input: {
-                  pullRequestId: $prId
-                }) {
-                  __typename
-                }
-              }'
-
-      - name: Add label
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: gh pr edit "$PR_NUMBER" --repo "${{ github.repository }}" --add-label "auto-closed:template"
-
-  close_llm:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.action == 'labeled' && github.event.label.name == 'auto-closed:llm' }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Comment and close
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.pull_request.node_id }}
-        run: |
-          gh api graphql \
-            -f prId="$NODE_ID" \
-            -f body="Thank you for your interest in contributing to Immich! Unfortunately this PR looks like it was generated using an LLM. As noted in our [CONTRIBUTING.md](https://github.com/immich-app/immich/blob/main/CONTRIBUTING.md#use-of-generative-ai), we request that you don't use LLMs to generate PRs as those are not a good use of maintainer time." \
-            -f query='
-              mutation CommentAndClosePR($prId: ID!, $body: String!) {
-                addComment(input: {
-                  subjectId: $prId,
-                  body: $body
-                }) {
-                  __typename
-                }
-                closePullRequest(input: {
-                  pullRequestId: $prId
-                }) {
-                  __typename
-                }
-              }'
-
-  reopen:
-    runs-on: ubuntu-latest
-    needs: parse_template
-    if: >-
-      ${{
-        needs.parse_template.outputs.uses_template == 'true'
-        && github.event.pull_request.state == 'closed'
-        && contains(github.event.pull_request.labels.*.name, 'auto-closed:template')
-      }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Remove template label
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: gh pr edit "$PR_NUMBER" --repo "${{ github.repository }}" --remove-label "auto-closed:template" || true
-
-      - name: Check for remaining auto-closed labels
-        id: check_labels
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: |
-          REMAINING=$(gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" --json labels \
-            --jq '[.labels[].name | select(startswith("auto-closed:"))] | length')
-          echo "remaining=$REMAINING" | tee --append "$GITHUB_OUTPUT"
-
-      - name: Reopen PR
-        if: ${{ steps.check_labels.outputs.remaining == '0' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.pull_request.node_id }}
-        run: |
-          gh api graphql \
-            -f prId="$NODE_ID" \
-            -f query='
-              mutation ReopenPR($prId: ID!) {
-                reopenPullRequest(input: {
-                  pullRequestId: $prId
-                }) {
-                  __typename
-                }
-              }'

.github/workflows/build-mobile.yml

@@ -51,14 +51,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -79,12 +79,12 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: ${{ inputs.ref || github.sha }}
           persist-credentials: false
@@ -96,14 +96,14 @@ jobs:
         working-directory: ./mobile
         run: printf "%s" $KEY_JKS | base64 -d > android/key.jks
 
-      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
+      - uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
         with:
           distribution: 'zulu'
           java-version: '17'
 
       - name: Restore Gradle Cache
         id: cache-gradle-restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: |
             ~/.gradle/caches
@@ -114,14 +114,14 @@ jobs:
           key: build-mobile-gradle-${{ runner.os }}-main
 
       - name: Setup Flutter SDK
-        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0
+        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
         with:
           channel: 'stable'
           flutter-version-file: ./mobile/pubspec.yaml
           cache: true
 
       - name: Setup Android SDK
-        uses: android-actions/setup-android@40fd30fb8d7440372e1316f5d1809ec01dcd3699 # v4.0.1
+        uses: android-actions/setup-android@9fc6c4e9069bf8d3d10b2204b1fb8f6ef7065407 # v3.2.2
         with:
           packages: ''
 
@@ -153,14 +153,14 @@ jobs:
           fi
 
       - name: Publish Android Artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: release-apk-signed
           path: mobile/build/app/outputs/flutter-apk/*.apk
 
       - name: Save Gradle Cache
         id: cache-gradle-save
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+        uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         if: github.ref == 'refs/heads/main'
         with:
           path: |
@@ -185,13 +185,13 @@ jobs:
         run: sudo xcode-select -s /Applications/Xcode_26.2.app/Contents/Developer
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
         with:
           ref: ${{ inputs.ref || github.sha }}
           persist-credentials: false
 
       - name: Setup Flutter SDK
-        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0
+        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2
         with:
           channel: 'stable'
           flutter-version-file: ./mobile/pubspec.yaml
@@ -210,7 +210,7 @@ jobs:
         working-directory: ./mobile
 
       - name: Setup Ruby
-        uses: ruby/setup-ruby@e65c17d16e57e481586a6a5a0282698790062f92 # v1.300.0
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: '3.3'
           bundler-cache: true
@@ -291,7 +291,7 @@ jobs:
           security delete-keychain build.keychain || true
 
       - name: Upload IPA artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: ios-release-ipa
           path: mobile/ios/Runner.ipa

.github/workflows/cache-cleanup.yml

@@ -19,13 +19,13 @@ jobs:
       actions: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check out code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}

.github/workflows/check-openapi.yml

@@ -1,31 +0,0 @@
-name: Check OpenAPI
-on:
-  workflow_dispatch:
-  pull_request:
-    paths:
-      - 'open-api/**'
-      - '.github/workflows/check-openapi.yml'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions: {}
-
-jobs:
-  check-openapi:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: Check for breaking API changes
-        uses: oasdiff/oasdiff-action/breaking@e6faebce24cf20ac38653d0d2c7f4aa80aaafc79 # v0.0.38
-        with:
-          base: https://raw.githubusercontent.com/${{ github.repository }}/main/open-api/immich-openapi-specs.json
-          revision: open-api/immich-openapi-specs.json
-          fail-on: ERR

.github/workflows/cli.yml

@@ -31,21 +31,21 @@ jobs:
         working-directory: ./cli
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './cli/.nvmrc'
           registry-url: 'https://registry.npmjs.org'
@@ -71,25 +71,25 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         if: ${{ !github.event.pull_request.head.repo.fork }}
         with:
           registry: ghcr.io
@@ -104,7 +104,7 @@ jobs:
 
       - name: Generate docker image tags
         id: metadata
-        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
         with:
           flavor: |
             latest=false
@@ -115,7 +115,7 @@ jobs:
             type=raw,value=latest,enable=${{ github.event_name == 'release' }}
 
       - name: Build and push image
-        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           file: cli/Dockerfile
           platforms: linux/amd64,linux/arm64

.github/workflows/close-duplicates.yml

@@ -35,7 +35,7 @@ jobs:
     needs: [get_body, should_run]
     if: ${{ needs.should_run.outputs.should_run == 'true' }}
     container:
-      image: ghcr.io/immich-app/mdq:main@sha256:557cca601891b8b7d78b940071d35aaf7aaeb9b327d19b22cf282118edbc5272
+      image: ghcr.io/immich-app/mdq:main@sha256:ab9f163cd5d5cec42704a26ca2769ecf3f10aa8e7bae847f1d527cdf075946e6
     outputs:
       checked: ${{ steps.get_checkbox.outputs.checked }}
     steps:

.github/workflows/codeql-analysis.yml

@@ -44,20 +44,20 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,7 +70,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -83,6 +83,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/docker.yml

@@ -23,14 +23,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -60,7 +60,7 @@ jobs:
         suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
     steps:
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -90,7 +90,7 @@ jobs:
         suffix: ['']
     steps:
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -131,8 +131,8 @@ jobs:
           - device: rocm
             suffixes: '-rocm'
             platforms: linux/amd64
-            runner-mapping: '{"linux/amd64": "pokedex-large"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@61a0fc2b41524edcc7c9fffb8bb178e6b0ccf21d # multi-runner-build-workflow-v2.3.0
+            runner-mapping: '{"linux/amd64": "pokedex-giant"}'
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@0477486d82313fba68f7c82c034120a4b8981297 # multi-runner-build-workflow-v2.1.0
     permissions:
       contents: read
       actions: read
@@ -155,7 +155,7 @@ jobs:
     name: Build and Push Server
     needs: pre-job
     if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@61a0fc2b41524edcc7c9fffb8bb178e6b0ccf21d # multi-runner-build-workflow-v2.3.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@0477486d82313fba68f7c82c034120a4b8981297 # multi-runner-build-workflow-v2.1.0
     permissions:
       contents: read
       actions: read
@@ -178,7 +178,7 @@ jobs:
     runs-on: ubuntu-latest
     if: always()
     steps:
-      - uses: immich-app/devtools/actions/success-check@53bb77345ee9f953f93bd6fd9980f07a2f24965e # success-check-action-v0.0.5
+      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
         with:
           needs: ${{ toJSON(needs) }}
 
@@ -189,6 +189,6 @@ jobs:
     runs-on: ubuntu-latest
     if: always()
     steps:
-      - uses: immich-app/devtools/actions/success-check@53bb77345ee9f953f93bd6fd9980f07a2f24965e # success-check-action-v0.0.5
+      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
         with:
           needs: ${{ toJSON(needs) }}

.github/workflows/docs-build.yml

@@ -21,14 +21,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -54,23 +54,23 @@ jobs:
 
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
           fetch-depth: 0
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './docs/.nvmrc'
           cache: 'pnpm'
@@ -86,7 +86,7 @@ jobs:
         run: pnpm build
 
       - name: Upload build output
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: docs-build-output
           path: docs/build/

.github/workflows/docs-deploy.yml

@@ -20,7 +20,7 @@ jobs:
       artifact: ${{ steps.get-artifact.outputs.result }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -29,7 +29,7 @@ jobs:
         run: echo 'The triggering workflow did not succeed' && exit 1
       - name: Get artifact
         id: get-artifact
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ steps.token.outputs.token }}
           script: |
@@ -48,7 +48,7 @@ jobs:
             return { found: true, id: matchArtifact.id };
       - name: Determine deploy parameters
         id: parameters
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         env:
           HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
         with:
@@ -119,23 +119,23 @@ jobs:
     if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@035e80a7d4355d5f087ffb95db9e4a0944c04e56 # use-mise-action-v1.1.3
+        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0
 
       - name: Load parameters
         id: parameters
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         env:
           PARAM_JSON: ${{ needs.checks.outputs.parameters }}
         with:
@@ -147,7 +147,7 @@ jobs:
             core.setOutput("shouldDeploy", parameters.shouldDeploy);
 
       - name: Download artifact
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         env:
           ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
         with:
@@ -192,13 +192,16 @@ jobs:
           ' >> $GITHUB_OUTPUT
 
       - name: Publish to Cloudflare Pages
-        working-directory: docs
-        env:
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          PROJECT_NAME: ${{ steps.docs-output.outputs.projectName }}
-          BRANCH_NAME: ${{ steps.parameters.outputs.name }}
-        run: mise run //docs:deploy
+        # TODO: Action is deprecated
+        uses: cloudflare/pages-action@f0a1cd58cd66095dee69bfa18fa5efd1dde93bca # v1.5.0
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
+          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          projectName: ${{ steps.docs-output.outputs.projectName }}
+          workingDirectory: 'docs'
+          directory: 'build'
+          branch: ${{ steps.parameters.outputs.name }}
+          wranglerVersion: '3'
 
       - name: Deploy Docs Release Domain
         if: ${{ steps.parameters.outputs.event == 'release' }}

.github/workflows/docs-destroy.yml

@@ -17,19 +17,19 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@035e80a7d4355d5f087ffb95db9e4a0944c04e56 # use-mise-action-v1.1.3
+        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0
 
       - name: Destroy Docs Subdomain
         env:

.github/workflows/fix-format.yml

@@ -16,39 +16,39 @@ jobs:
     steps:
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: 'Checkout'
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: true
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb # v6.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'
           cache-dependency-path: '**/pnpm-lock.yaml'
 
       - name: Fix formatting
-        run: pnpm --recursive install && pnpm run --recursive --if-present --parallel format:fix
+        run: pnpm --recursive install && pnpm run --recursive --parallel fix:format
 
       - name: Commit and push
-        uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10.0.0
+        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
         with:
           default_author: github_actions
           message: 'chore: fix formatting'
 
       - name: Remove label
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         if: always()
         with:
           github-token: ${{ steps.generate-token.outputs.token }}

.github/workflows/merge-translations.yml

@@ -31,7 +31,7 @@ jobs:
       - name: Generate a token
         id: generate_token
         if: ${{ inputs.skip != true }}
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

.github/workflows/pr-label-validation.yml

@@ -14,13 +14,13 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Require PR to have a changelog label
-        uses: mheap/github-action-required-labels@0ac283b4e65c1fb28ce6079dea5546ceca98ccbe # v5.5.2
+        uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1
         with:
           token: ${{ steps.token.outputs.token }}
           mode: exactly

.github/workflows/pr-labeler.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

.github/workflows/prepare-release.yml

@@ -50,26 +50,26 @@ jobs:
     steps:
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: true
           ref: main
 
       - name: Install uv
-        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb # v6.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'
@@ -86,7 +86,7 @@ jobs:
 
       - name: Commit and tag
         id: push-tag
-        uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10.0.0
+        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
         with:
           default_author: github_actions
           message: 'chore: version ${{ steps.output.outputs.version }}'
@@ -124,25 +124,25 @@ jobs:
     steps:
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: false
 
       - name: Download APK
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           name: release-apk-signed
           github-token: ${{ steps.generate-token.outputs.token }}
 
       - name: Create draft release
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
+        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
         with:
           draft: true
           tag_name: ${{ needs.bump_version.outputs.version }}
@@ -151,7 +151,6 @@ jobs:
           body_path: misc/release/notes.tmpl
           files: |
             docker/docker-compose.yml
-            docker/docker-compose.rootless.yml
             docker/example.env
             docker/hwaccel.ml.yml
             docker/hwaccel.transcoding.yml

.github/workflows/preview-label.yaml

@@ -14,12 +14,12 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: mshick/add-pr-comment@64b8e914979889d746c99dea15a76e77ef64580a # v3.10.0
+      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
         with:
           github-token: ${{ steps.token.outputs.token }}
           message-id: 'preview-status'
@@ -32,12 +32,12 @@ jobs:
       pull-requests: write
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ steps.token.outputs.token }}
           script: |
@@ -48,14 +48,14 @@ jobs:
               name: 'preview'
             })
 
-      - uses: mshick/add-pr-comment@64b8e914979889d746c99dea15a76e77ef64580a # v3.10.0
+      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
         if: ${{ github.event.pull_request.head.repo.fork }}
         with:
           github-token: ${{ steps.token.outputs.token }}
           message-id: 'preview-status'
           message: 'PRs from forks cannot have preview environments.'
 
-      - uses: mshick/add-pr-comment@64b8e914979889d746c99dea15a76e77ef64580a # v3.10.0
+      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
         if: ${{ !github.event.pull_request.head.repo.fork }}
         with:
           github-token: ${{ steps.token.outputs.token }}

.github/workflows/release-pr.yml

@@ -0,0 +1,170 @@
+name: Manage release PR
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  bump:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
+          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+
+      - name: Checkout
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          persist-credentials: true
+          ref: main
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+
+      - name: Setup Node
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        with:
+          node-version-file: './server/.nvmrc'
+          cache: 'pnpm'
+          cache-dependency-path: '**/pnpm-lock.yaml'
+
+      - name: Determine release type
+        id: bump-type
+        uses: ietf-tools/semver-action@c90370b2958652d71c06a3484129a4d423a6d8a8 # v1.11.0
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+
+      - name: Bump versions
+        env:
+          TYPE: ${{ steps.bump-type.outputs.bump }}
+        run: |
+          if [ "$TYPE" == "none" ]; then
+            exit 1 # TODO: Is there a cleaner way to abort the workflow?
+          fi
+          misc/release/pump-version.sh -s $TYPE -m true
+
+      - name: Manage Outline release document
+        id: outline
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        env:
+          OUTLINE_API_KEY: ${{ secrets.OUTLINE_API_KEY }}
+          NEXT_VERSION: ${{ steps.bump-type.outputs.next }}
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            const fs = require('fs');
+
+            const outlineKey = process.env.OUTLINE_API_KEY;
+            const parentDocumentId = 'da856355-0844-43df-bd71-f8edce5382d9'
+            const collectionId = 'e2910656-714c-4871-8721-447d9353bd73';
+            const baseUrl = 'https://outline.immich.cloud';
+
+            const listResponse = await fetch(`${baseUrl}/api/documents.list`, {
+              method: 'POST',
+              headers: {
+                'Authorization': `Bearer ${outlineKey}`,
+                'Content-Type': 'application/json'
+              },
+              body: JSON.stringify({ parentDocumentId })
+            });
+
+            if (!listResponse.ok) {
+              throw new Error(`Outline list failed: ${listResponse.statusText}`);
+            }
+
+            const listData = await listResponse.json();
+            const allDocuments = listData.data || [];
+
+            const document = allDocuments.find(doc => doc.title === 'next');
+
+            let documentId;
+            let documentUrl;
+            let documentText;
+
+            if (!document) {
+              // Create new document
+              console.log('No existing document found. Creating new one...');
+              const notesTmpl = fs.readFileSync('misc/release/notes.tmpl', 'utf8');
+              const createResponse = await fetch(`${baseUrl}/api/documents.create`, {
+                method: 'POST',
+                headers: {
+                  'Authorization': `Bearer ${outlineKey}`,
+                  'Content-Type': 'application/json'
+                },
+                body: JSON.stringify({
+                  title: 'next',
+                  text: notesTmpl,
+                  collectionId: collectionId,
+                  parentDocumentId: parentDocumentId,
+                  publish: true
+                })
+              });
+
+              if (!createResponse.ok) {
+                throw new Error(`Failed to create document: ${createResponse.statusText}`);
+              }
+
+              const createData = await createResponse.json();
+              documentId = createData.data.id;
+              const urlId = createData.data.urlId;
+              documentUrl = `${baseUrl}/doc/next-${urlId}`;
+              documentText = createData.data.text || '';
+              console.log(`Created new document: ${documentUrl}`);
+            } else {
+              documentId = document.id;
+              const docPath = document.url;
+              documentUrl = `${baseUrl}${docPath}`;
+              documentText = document.text || '';
+              console.log(`Found existing document: ${documentUrl}`);
+            }
+
+            // Generate GitHub release notes
+            console.log('Generating GitHub release notes...');
+            const releaseNotesResponse = await github.rest.repos.generateReleaseNotes({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              tag_name: `${process.env.NEXT_VERSION}`,
+            });
+
+            // Combine the content
+            const changelog = `
+            # ${process.env.NEXT_VERSION}
+
+            ${documentText}
+
+            ${releaseNotesResponse.data.body}
+
+            ---
+
+            `
+
+            const existingChangelog = fs.existsSync('CHANGELOG.md') ? fs.readFileSync('CHANGELOG.md', 'utf8') : '';
+            fs.writeFileSync('CHANGELOG.md', changelog + existingChangelog, 'utf8');
+
+            core.setOutput('document_url', documentUrl);
+
+      - name: Create PR
+        id: create-pr
+        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          commit-message: 'chore: release ${{ steps.bump-type.outputs.next }}'
+          title: 'chore: release ${{ steps.bump-type.outputs.next }}'
+          body: 'Release notes: ${{ steps.outline.outputs.document_url }}'
+          labels: 'changelog:skip'
+          branch: 'release/next'
+          draft: true

.github/workflows/release.yml

@@ -0,0 +1,148 @@
+name: release.yml
+on:
+  pull_request:
+    types: [closed]
+    paths:
+      - CHANGELOG.md
+
+jobs:
+  # Maybe double check PR source branch?
+
+  merge_translations:
+    uses: ./.github/workflows/merge-translations.yml
+    permissions:
+      pull-requests: write
+    secrets:
+      PUSH_O_MATIC_APP_ID: ${{ secrets.PUSH_O_MATIC_APP_ID }}
+      PUSH_O_MATIC_APP_KEY: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+      WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
+
+  build_mobile:
+    uses: ./.github/workflows/build-mobile.yml
+    needs: merge_translations
+    permissions:
+      contents: read
+    secrets:
+      KEY_JKS: ${{ secrets.KEY_JKS }}
+      ALIAS: ${{ secrets.ALIAS }}
+      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
+      ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
+      # iOS secrets
+      APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+      APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
+      APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
+      IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
+      IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
+      IOS_PROVISIONING_PROFILE: ${{ secrets.IOS_PROVISIONING_PROFILE }}
+      IOS_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_SHARE_EXTENSION }}misc/release/notes.tmpl
+      IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE }}
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION }}
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
+      FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}
+    with:
+      ref: main
+      environment: production
+
+  prepare_release:
+    runs-on: ubuntu-latest
+    needs: build_mobile
+    permissions:
+      actions: read # To download the app artifact
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
+          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+
+      - name: Checkout
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          persist-credentials: false
+          ref: main
+
+      - name: Extract changelog
+        id: changelog
+        run: |
+          CHANGELOG_PATH=$RUNNER_TEMP/changelog.md
+          sed -n '1,/^---$/p' CHANGELOG.md | head -n -1 > $CHANGELOG_PATH
+          echo "path=$CHANGELOG_PATH" >> $GITHUB_OUTPUT
+          VERSION=$(sed -n 's/^# //p' $CHANGELOG_PATH)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Download APK
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        with:
+          name: release-apk-signed
+          github-token: ${{ steps.generate-token.outputs.token }}
+
+      - name: Create draft release
+        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
+        with:
+          tag_name: ${{ steps.version.outputs.result }}
+          token: ${{ steps.generate-token.outputs.token }}
+          body_path: ${{ steps.changelog.outputs.path }}
+          draft: true
+          files: |
+            docker/docker-compose.yml
+            docker/example.env
+            docker/hwaccel.ml.yml
+            docker/hwaccel.transcoding.yml
+            docker/prometheus.yml
+            *.apk
+
+      - name: Rename Outline document
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        continue-on-error: true
+        env:
+          OUTLINE_API_KEY: ${{ secrets.OUTLINE_API_KEY }}
+          VERSION: ${{ steps.changelog.outputs.version }}
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            const outlineKey = process.env.OUTLINE_API_KEY;
+            const version = process.env.VERSION;
+            const parentDocumentId = 'da856355-0844-43df-bd71-f8edce5382d9';
+            const baseUrl = 'https://outline.immich.cloud';
+
+            const listResponse = await fetch(`${baseUrl}/api/documents.list`, {
+              method: 'POST',
+              headers: {
+                'Authorization': `Bearer ${outlineKey}`,
+                'Content-Type': 'application/json'
+              },
+              body: JSON.stringify({ parentDocumentId })
+            });
+
+            if (!listResponse.ok) {
+              throw new Error(`Outline list failed: ${listResponse.statusText}`);
+            }
+
+            const listData = await listResponse.json();
+            const allDocuments = listData.data || [];
+            const document = allDocuments.find(doc => doc.title === 'next');
+
+            if (document) {
+              console.log(`Found document 'next', renaming to '${version}'...`);
+
+              const updateResponse = await fetch(`${baseUrl}/api/documents.update`, {
+                method: 'POST',
+                headers: {
+                  'Authorization': `Bearer ${outlineKey}`,
+                  'Content-Type': 'application/json'
+                },
+                body: JSON.stringify({
+                  id: document.id,
+                  title: version
+                })
+              });
+
+              if (!updateResponse.ok) {
+                throw new Error(`Failed to rename document: ${updateResponse.statusText}`);
+              }
+            } else {
+              console.log('No document titled "next" found to rename');
+            }

.github/workflows/sdk.yml

@@ -19,21 +19,21 @@ jobs:
         working-directory: ./open-api/typescript-sdk
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './open-api/typescript-sdk/.nvmrc'
           registry-url: 'https://registry.npmjs.org'

.github/workflows/static_analysis.yml

@@ -20,14 +20,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -49,19 +49,19 @@ jobs:
         working-directory: ./mobile
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Flutter SDK
-        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0
+        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
         with:
           channel: 'stable'
           flutter-version-file: ./mobile/pubspec.yaml
@@ -69,14 +69,6 @@ jobs:
       - name: Install dependencies
         run: dart pub get
 
-      - name: Install dependencies for UI package
-        run: dart pub get
-        working-directory: ./mobile/packages/ui
-
-      - name: Install dependencies for UI Showcase
-        run: dart pub get
-        working-directory: ./mobile/packages/ui/showcase
-
       - name: Install DCM
         uses: CQLabs/setup-dcm@8697ae0790c0852e964a6ef1d768d62a6675481a # v2.0.1
         with:

.github/workflows/test.yml

@@ -17,14 +17,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -63,21 +63,21 @@ jobs:
         working-directory: ./server
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'
@@ -108,20 +108,20 @@ jobs:
         working-directory: ./cli
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './cli/.nvmrc'
           cache: 'pnpm'
@@ -155,20 +155,20 @@ jobs:
         working-directory: ./cli
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './cli/.nvmrc'
           cache: 'pnpm'
@@ -197,20 +197,20 @@ jobs:
         working-directory: ./web
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './web/.nvmrc'
           cache: 'pnpm'
@@ -241,20 +241,20 @@ jobs:
         working-directory: ./web
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './web/.nvmrc'
           cache: 'pnpm'
@@ -279,20 +279,20 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './web/.nvmrc'
           cache: 'pnpm'
@@ -327,20 +327,20 @@ jobs:
         working-directory: ./e2e
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './e2e/.nvmrc'
           cache: 'pnpm'
@@ -373,21 +373,21 @@ jobs:
         working-directory: ./server
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           submodules: 'recursive'
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'
@@ -412,21 +412,21 @@ jobs:
         runner: [ubuntu-latest, ubuntu-24.04-arm]
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           submodules: 'recursive'
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './e2e/.nvmrc'
           cache: 'pnpm'
@@ -446,29 +446,12 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
         if: ${{ !cancelled() }}
-      - name: Start Docker Compose
-        run: docker compose up -d --build --renew-anon-volumes --force-recreate --remove-orphans --wait --wait-timeout 300
+      - name: Docker build
+        run: docker compose build
         if: ${{ !cancelled() }}
       - name: Run e2e tests (api & cli)
-        env:
-          VITEST_DISABLE_DOCKER_SETUP: true
         run: pnpm test
         if: ${{ !cancelled() }}
-      - name: Run e2e tests (maintenance)
-        env:
-          VITEST_DISABLE_DOCKER_SETUP: true
-        run: pnpm test:maintenance
-        if: ${{ !cancelled() }}
-      - name: Capture Docker logs
-        if: always()
-        run: docker compose logs --no-color > docker-compose-logs.txt
-        working-directory: ./e2e
-      - name: Archive Docker logs
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-        if: always()
-        with:
-          name: e2e-server-docker-logs-${{ matrix.runner }}
-          path: e2e/docker-compose-logs.txt
   e2e-tests-web:
     name: End-to-End Tests (Web)
     needs: pre-job
@@ -484,21 +467,21 @@ jobs:
         runner: [ubuntu-latest, ubuntu-24.04-arm]
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           submodules: 'recursive'
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './e2e/.nvmrc'
           cache: 'pnpm'
@@ -511,40 +494,43 @@ jobs:
         run: pnpm install --frozen-lockfile
         if: ${{ !cancelled() }}
       - name: Install Playwright Browsers
-        run: pnpm exec playwright install chromium --only-shell
+        run: npx playwright install chromium --only-shell
         if: ${{ !cancelled() }}
       - name: Docker build
         run: docker compose up -d --build --renew-anon-volumes --force-recreate --remove-orphans --wait --wait-timeout 300
         if: ${{ !cancelled() }}
       - name: Run e2e tests (web)
         env:
+          CI: true
           PLAYWRIGHT_DISABLE_WEBSERVER: true
-        run: pnpm test:web
+        run: npx playwright test --project=web
         if: ${{ !cancelled() }}
       - name: Archive e2e test (web) results
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         if: success() || failure()
         with:
           name: e2e-web-test-results-${{ matrix.runner }}
           path: e2e/playwright-report/
       - name: Run ui tests (web)
         env:
+          CI: true
           PLAYWRIGHT_DISABLE_WEBSERVER: true
-        run: pnpm test:web:ui
+        run: npx playwright test --project=ui
         if: ${{ !cancelled() }}
       - name: Archive ui test (web) results
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         if: success() || failure()
         with:
           name: e2e-ui-test-results-${{ matrix.runner }}
           path: e2e/playwright-report/
       - name: Run maintenance tests
         env:
+          CI: true
           PLAYWRIGHT_DISABLE_WEBSERVER: true
-        run: pnpm test:web:maintenance
+        run: npx playwright test --project=maintenance
         if: ${{ !cancelled() }}
       - name: Archive maintenance tests (web) results
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         if: success() || failure()
         with:
           name: e2e-maintenance-isolated-test-results-${{ matrix.runner }}
@@ -554,10 +540,10 @@ jobs:
         run: docker compose logs --no-color > docker-compose-logs.txt
         working-directory: ./e2e
       - name: Archive Docker logs
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         if: always()
         with:
-          name: e2e-web-docker-logs-${{ matrix.runner }}
+          name: docker-compose-logs-${{ matrix.runner }}
           path: e2e/docker-compose-logs.txt
   success-check-e2e:
     name: End-to-End Tests Success
@@ -566,7 +552,7 @@ jobs:
     runs-on: ubuntu-latest
     if: always()
     steps:
-      - uses: immich-app/devtools/actions/success-check@53bb77345ee9f953f93bd6fd9980f07a2f24965e # success-check-action-v0.0.5
+      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
         with:
           needs: ${{ toJSON(needs) }}
   mobile-unit-tests:
@@ -578,17 +564,17 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup Flutter SDK
-        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0
+        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
         with:
           channel: 'stable'
           flutter-version-file: ./mobile/pubspec.yaml
@@ -610,17 +596,17 @@ jobs:
         working-directory: ./machine-learning
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Install uv
-        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
         with:
           python-version: 3.11
       - name: Install dependencies
@@ -650,20 +636,20 @@ jobs:
         working-directory: ./.github
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './.github/.nvmrc'
           cache: 'pnpm'
@@ -680,12 +666,12 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -701,20 +687,20 @@ jobs:
       contents: read
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'
@@ -763,20 +749,20 @@ jobs:
         working-directory: ./server
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: './server/.nvmrc'
           cache: 'pnpm'

.github/workflows/weblate-lock.yml

@@ -24,14 +24,14 @@ jobs:
       should_run: ${{ steps.check.outputs.should_run }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check what should run
         id: check
-        uses: immich-app/devtools/actions/pre-job@f50e3b600b6ac1763ddb8f3dfc69093512b967a1 # pre-job-action-v2.0.3
+        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
         with:
           github-token: ${{ steps.token.outputs.token }}
           filters: |
@@ -47,7 +47,7 @@ jobs:
     if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
     steps:
       - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@57ff6ebfd507b045514442683ff06ff1b2f6efbd # create-workflow-token-action-v1.0.2
+        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
         with:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -68,6 +68,6 @@ jobs:
     permissions: {}
     if: always()
     steps:
-      - uses: immich-app/devtools/actions/success-check@53bb77345ee9f953f93bd6fd9980f07a2f24965e # success-check-action-v0.0.5
+      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
         with:
           needs: ${{ toJSON(needs) }}

.gitignore

@@ -28,5 +28,3 @@ vite.config.js.timestamp-*
 .pnpm-store
 .devcontainer/library
 .devcontainer/.env*
-*.tsbuildinfo
-*.tsbuildInfo

.gitmodules

@@ -1,3 +1,6 @@
+[submodule "mobile/.isar"]
+	path = mobile/.isar
+	url = https://github.com/isar/isar
 [submodule "e2e/test-assets"]
 	path = e2e/test-assets
 	url = https://github.com/immich-app/test-assets

.pnpmfile.cjs

@@ -4,18 +4,12 @@ module.exports = {
       if (!pkg.name) {
         return pkg;
       }
-      // make exiftool-vendored.pl a regular dependency since Docker prod
-      // images build with --no-optional to reduce image size
       if (pkg.name === "exiftool-vendored") {
-        const binaryPackage =
-          process.platform === "win32"
-            ? "exiftool-vendored.exe"
-            : "exiftool-vendored.pl";
-
-        if (pkg.optionalDependencies[binaryPackage]) {
-          pkg.dependencies[binaryPackage] =
-            pkg.optionalDependencies[binaryPackage];
-          delete pkg.optionalDependencies[binaryPackage];
+        if (pkg.optionalDependencies["exiftool-vendored.pl"]) {
+          // make exiftool-vendored.pl a regular dependency
+          pkg.dependencies["exiftool-vendored.pl"] =
+            pkg.optionalDependencies["exiftool-vendored.pl"];
+          delete pkg.optionalDependencies["exiftool-vendored.pl"];
         }
       }
       return pkg;

.vscode/extensions.json

@@ -5,13 +5,6 @@
     "dbaeumer.vscode-eslint",
     "dart-code.flutter",
     "dart-code.dart-code",
-    "dcmdev.dcm-vscode-extension",
-    "bradlc.vscode-tailwindcss",
-    "ms-playwright.playwright",
-    "vitest.explorer",
-    "editorconfig.editorconfig",
-    "foxundermoon.shell-format",
-    "timonwong.shellcheck",
-    "bluebrown.yamlfmt"
+    "dcmdev.dcm-vscode-extension"
   ]
 }

.vscode/settings.json

@@ -1,7 +1,8 @@
 {
   "[css]": {
     "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true
+    "editor.formatOnSave": true,
+    "editor.tabSize": 2
   },
   "[dart]": {
     "editor.defaultFormatter": "Dart-Code.dart-code",
@@ -18,15 +19,18 @@
       "source.removeUnusedImports": "explicit"
     },
     "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true
+    "editor.formatOnSave": true,
+    "editor.tabSize": 2
   },
   "[json]": {
     "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true
+    "editor.formatOnSave": true,
+    "editor.tabSize": 2
   },
   "[jsonc]": {
     "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true
+    "editor.formatOnSave": true,
+    "editor.tabSize": 2
   },
   "[svelte]": {
     "editor.codeActionsOnSave": {
@@ -34,7 +38,8 @@
       "source.removeUnusedImports": "explicit"
     },
     "editor.defaultFormatter": "svelte.svelte-vscode",
-    "editor.formatOnSave": true
+    "editor.formatOnSave": true,
+    "editor.tabSize": 2
   },
   "[typescript]": {
     "editor.codeActionsOnSave": {
@@ -42,45 +47,18 @@
       "source.removeUnusedImports": "explicit"
     },
     "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true
+    "editor.formatOnSave": true,
+    "editor.tabSize": 2
   },
   "cSpell.words": ["immich"],
-  "css.lint.unknownAtRules": "ignore",
-  "editor.bracketPairColorization.enabled": true,
   "editor.formatOnSave": true,
-  "eslint.useFlatConfig": true,
   "eslint.validate": ["javascript", "typescript", "svelte"],
-  "eslint.workingDirectories": [
-    { "directory": "cli", "changeProcessCWD": true },
-    { "directory": "e2e", "changeProcessCWD": true },
-    { "directory": "server", "changeProcessCWD": true },
-    { "directory": "web", "changeProcessCWD": true }
-  ],
-  "files.watcherExclude": {
-    "**/.jj/**": true,
-    "**/.git/**": true,
-    "**/node_modules/**": true,
-    "**/build/**": true,
-    "**/dist/**": true,
-    "**/.svelte-kit/**": true
-  },
   "explorer.fileNesting.enabled": true,
   "explorer.fileNesting.patterns": {
     "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
     "*.ts": "${capture}.spec.ts,${capture}.mock.ts",
     "package.json": "package-lock.json, yarn.lock, pnpm-lock.yaml, bun.lockb, bun.lock, pnpm-workspace.yaml, .pnpmfile.cjs"
   },
-  "search.exclude": {
-    "**/node_modules": true,
-    "**/build": true,
-    "**/dist": true,
-    "**/.svelte-kit": true,
-    "**/open-api/typescript-sdk/src": true
-  },
   "svelte.enable-ts-plugin": true,
-  "tailwindCSS.experimental.configFile": {
-    "web/src/app.css": "web/src/**"
-  },
-  "js/ts.preferences.importModuleSpecifier": "non-relative",
-  "vitest.maximumConfigs": 10
+  "typescript.preferences.importModuleSpecifier": "non-relative"
 }

CONTRIBUTING.md

@@ -15,11 +15,9 @@ Please try to keep pull requests as focused as possible. A PR should do exactly
 
 If you are looking for something to work on, there are discussions and issues with a `good-first-issue` label on them. These are always a good starting point. If none of them sound interesting or fit your skill set, feel free to reach out on our Discord. We're happy to help you find something to work on!
 
-We usually do not assign issues to new contributors, since it happens often that a PR is never even opened. Again, reach out on Discord if you fear putting a lot of time into fixing an issue, but ending up with a duplicate PR.
-
 ## Use of generative AI
 
-We ask you not to open PRs generated with an LLM. We find that code generated like this tends to need a large amount of back-and-forth, which is a very inefficient use of our time. If we want LLM-generated code, it's much faster for us to use an LLM ourselves than to go through an intermediary via a pull request.
+We generally discourage PRs entirely generated by an LLM. For any part generated by an LLM, please put extra effort into your self-review. By using generative AI without proper self-review, the time you save ends up being more work we need to put in for proper reviews and code cleanup. Please keep that in mind when submitting code by an LLM. Clearly state the use of LLMs/(generative) AI in your pull request as requested by the template.
 
 ## Feature freezes
 

Makefile

@@ -52,7 +52,7 @@ attach-server:
 	docker exec -it docker_immich-server_1 sh
 
 renovate:
-  LOG_LEVEL=debug pnpm exec renovate --platform=local --repository-cache=reset
+  LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset
 
 # Directories that need to be created for volumes or build output
 VOLUME_DIRS = \

cli/.nvmrc

@@ -1 +1 @@
-24.14.1
+24.13.0

cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@immich/cli",
-  "version": "2.7.5",
+  "version": "2.5.6",
   "description": "Command Line Interface (CLI) for Immich",
   "type": "module",
   "exports": "./dist/index.js",
@@ -13,30 +13,31 @@
     "cli"
   ],
   "devDependencies": {
-    "@eslint/js": "^10.0.0",
-    "@immich/sdk": "workspace:*",
+    "@eslint/js": "^9.8.0",
+    "@immich/sdk": "file:../open-api/typescript-sdk",
     "@types/byte-size": "^8.1.0",
     "@types/cli-progress": "^3.11.0",
     "@types/lodash-es": "^4.17.12",
     "@types/micromatch": "^4.0.9",
     "@types/mock-fs": "^4.13.1",
-    "@types/node": "^24.12.2",
-    "@vitest/coverage-v8": "^4.0.0",
+    "@types/node": "^24.10.11",
+    "@vitest/coverage-v8": "^3.0.0",
     "byte-size": "^9.0.0",
     "cli-progress": "^3.12.0",
     "commander": "^12.0.0",
-    "eslint": "^10.0.0",
+    "eslint": "^9.14.0",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^64.0.0",
-    "globals": "^17.0.0",
+    "eslint-plugin-unicorn": "^62.0.0",
+    "globals": "^16.0.0",
     "mock-fs": "^5.2.0",
     "prettier": "^3.7.4",
     "prettier-plugin-organize-imports": "^4.0.0",
-    "typescript": "^6.0.0",
-    "typescript-eslint": "^8.58.0",
-    "vite": "^8.0.0",
-    "vitest": "^4.0.0",
+    "typescript": "^5.3.3",
+    "typescript-eslint": "^8.28.0",
+    "vite": "^7.0.0",
+    "vite-tsconfig-paths": "^6.0.0",
+    "vitest": "^3.0.0",
     "vitest-fetch-mock": "^0.4.0",
     "yaml": "^2.3.1"
   },
@@ -44,12 +45,12 @@
     "build": "vite build",
     "build:dev": "vite build --sourcemap true",
     "lint": "eslint \"src/**/*.ts\" --max-warnings 0",
-    "lint:fix": "pnpm run lint --fix",
-    "prepack": "pnpm run build",
+    "lint:fix": "npm run lint -- --fix",
+    "prepack": "npm run build",
     "test": "vitest",
     "test:cov": "vitest --coverage",
-    "format": "prettier --cache --check .",
-    "format:fix": "prettier --cache --write --list-different .",
+    "format": "prettier --check .",
+    "format:fix": "prettier --write .",
     "check": "tsc --noEmit"
   },
   "repository": {
@@ -68,6 +69,6 @@
     "micromatch": "^4.0.8"
   },
   "volta": {
-    "node": "24.14.1"
+    "node": "24.13.0"
   }
 }

cli/src/commands/asset.spec.ts

@@ -1,21 +1,13 @@
-import fs from 'node:fs';
-import os from 'node:os';
-import path from 'node:path';
+import * as fs from 'node:fs';
+import * as os from 'node:os';
+import * as path from 'node:path';
 import { setTimeout as sleep } from 'node:timers/promises';
 import { describe, expect, it, MockedFunction, vi } from 'vitest';
 
-import { AssetRejectReason, AssetUploadAction, checkBulkUpload, defaults, getSupportedMediaTypes } from '@immich/sdk';
+import { Action, checkBulkUpload, defaults, getSupportedMediaTypes, Reason } from '@immich/sdk';
 import createFetchMock from 'vitest-fetch-mock';
 
-import {
-  checkForDuplicates,
-  deleteFiles,
-  findSidecar,
-  getAlbumName,
-  startWatch,
-  uploadFiles,
-  UploadOptionsDto,
-} from 'src/commands/asset';
+import { checkForDuplicates, getAlbumName, startWatch, uploadFiles, UploadOptionsDto } from 'src/commands/asset';
 
 vi.mock('@immich/sdk');
 
@@ -58,7 +50,7 @@ describe('uploadFiles', () => {
   });
 
   it('returns new assets when upload file is successful', async () => {
-    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), function () {
+    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
       return {
         status: 200,
         body: JSON.stringify({ id: 'fc5621b1-86f6-44a1-9905-403e607df9f5', status: 'created' }),
@@ -75,7 +67,7 @@ describe('uploadFiles', () => {
 
   it('returns new assets when upload file retry is successful', async () => {
     let counter = 0;
-    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), function () {
+    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
       counter++;
       if (counter < retry) {
         throw new Error('Network error');
@@ -96,7 +88,7 @@ describe('uploadFiles', () => {
   });
 
   it('returns new assets when upload file retry is failed', async () => {
-    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), function () {
+    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
       throw new Error('Network error');
     });
 
@@ -120,7 +112,7 @@ describe('checkForDuplicates', () => {
     vi.mocked(checkBulkUpload).mockResolvedValue({
       results: [
         {
-          action: AssetUploadAction.Accept,
+          action: Action.Accept,
           id: testFilePath,
         },
       ],
@@ -144,10 +136,10 @@ describe('checkForDuplicates', () => {
     vi.mocked(checkBulkUpload).mockResolvedValue({
       results: [
         {
-          action: AssetUploadAction.Reject,
+          action: Action.Reject,
           id: testFilePath,
           assetId: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
-          reason: AssetRejectReason.Duplicate,
+          reason: Reason.Duplicate,
         },
       ],
     });
@@ -167,7 +159,7 @@ describe('checkForDuplicates', () => {
     vi.mocked(checkBulkUpload).mockResolvedValue({
       results: [
         {
-          action: AssetUploadAction.Accept,
+          action: Action.Accept,
           id: testFilePath,
         },
       ],
@@ -187,7 +179,7 @@ describe('checkForDuplicates', () => {
     mocked.mockResolvedValue({
       results: [
         {
-          action: AssetUploadAction.Accept,
+          action: Action.Accept,
           id: testFilePath,
         },
       ],
@@ -236,19 +228,16 @@ describe('startWatch', () => {
     await sleep(100); // to debounce the watcher from considering the test file as a existing file
     await fs.promises.writeFile(testFilePath, 'testjpg');
 
-    await vi.waitFor(
-      () =>
-        expect(checkBulkUpload).toHaveBeenCalledWith({
-          assetBulkUploadCheckDto: {
-            assets: [
-              expect.objectContaining({
-                id: testFilePath,
-              }),
-            ],
-          },
-        }),
-      { timeout: 5000 },
-    );
+    await vi.waitUntil(() => checkBulkUploadMocked.mock.calls.length > 0, 3000);
+    expect(checkBulkUpload).toHaveBeenCalledWith({
+      assetBulkUploadCheckDto: {
+        assets: [
+          expect.objectContaining({
+            id: testFilePath,
+          }),
+        ],
+      },
+    });
   });
 
   it('should filter out unsupported files', async () => {
@@ -260,19 +249,16 @@ describe('startWatch', () => {
     await fs.promises.writeFile(testFilePath, 'testjpg');
     await fs.promises.writeFile(unsupportedFilePath, 'testtxt');
 
-    await vi.waitFor(
-      () =>
-        expect(checkBulkUpload).toHaveBeenCalledWith({
-          assetBulkUploadCheckDto: {
-            assets: expect.arrayContaining([
-              expect.objectContaining({
-                id: testFilePath,
-              }),
-            ]),
-          },
-        }),
-      { timeout: 5000 },
-    );
+    await vi.waitUntil(() => checkBulkUploadMocked.mock.calls.length > 0, 3000);
+    expect(checkBulkUpload).toHaveBeenCalledWith({
+      assetBulkUploadCheckDto: {
+        assets: expect.arrayContaining([
+          expect.objectContaining({
+            id: testFilePath,
+          }),
+        ]),
+      },
+    });
 
     expect(checkBulkUpload).not.toHaveBeenCalledWith({
       assetBulkUploadCheckDto: {
@@ -297,19 +283,16 @@ describe('startWatch', () => {
     await fs.promises.writeFile(testFilePath, 'testjpg');
     await fs.promises.writeFile(ignoredFilePath, 'ignoredjpg');
 
-    await vi.waitFor(
-      () =>
-        expect(checkBulkUpload).toHaveBeenCalledWith({
-          assetBulkUploadCheckDto: {
-            assets: expect.arrayContaining([
-              expect.objectContaining({
-                id: testFilePath,
-              }),
-            ]),
-          },
-        }),
-      { timeout: 5000 },
-    );
+    await vi.waitUntil(() => checkBulkUploadMocked.mock.calls.length > 0, 3000);
+    expect(checkBulkUpload).toHaveBeenCalledWith({
+      assetBulkUploadCheckDto: {
+        assets: expect.arrayContaining([
+          expect.objectContaining({
+            id: testFilePath,
+          }),
+        ]),
+      },
+    });
 
     expect(checkBulkUpload).not.toHaveBeenCalledWith({
       assetBulkUploadCheckDto: {
@@ -326,85 +309,3 @@ describe('startWatch', () => {
     await fs.promises.rm(testFolder, { recursive: true, force: true });
   });
 });
-
-describe('findSidecar', () => {
-  let testDir: string;
-  let testFilePath: string;
-
-  beforeEach(() => {
-    testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'test-sidecar-'));
-    testFilePath = path.join(testDir, 'test.jpg');
-    fs.writeFileSync(testFilePath, 'test');
-  });
-
-  afterEach(() => {
-    fs.rmSync(testDir, { recursive: true, force: true });
-  });
-
-  it('should find sidecar file with photo.xmp naming convention', () => {
-    const sidecarPath = path.join(testDir, 'test.xmp');
-    fs.writeFileSync(sidecarPath, 'xmp data');
-
-    const result = findSidecar(testFilePath);
-    expect(result).toBe(sidecarPath);
-  });
-
-  it('should find sidecar file with photo.ext.xmp naming convention', () => {
-    const sidecarPath = path.join(testDir, 'test.jpg.xmp');
-    fs.writeFileSync(sidecarPath, 'xmp data');
-
-    const result = findSidecar(testFilePath);
-    expect(result).toBe(sidecarPath);
-  });
-
-  it('should prefer photo.ext.xmp over photo.xmp when both exist', () => {
-    const sidecarPath1 = path.join(testDir, 'test.xmp');
-    const sidecarPath2 = path.join(testDir, 'test.jpg.xmp');
-    fs.writeFileSync(sidecarPath1, 'xmp data 1');
-    fs.writeFileSync(sidecarPath2, 'xmp data 2');
-
-    const result = findSidecar(testFilePath);
-    // Should return the first one found (photo.xmp) based on the order in the code
-    expect(result).toBe(sidecarPath1);
-  });
-
-  it('should return undefined when no sidecar file exists', () => {
-    const result = findSidecar(testFilePath);
-    expect(result).toBeUndefined();
-  });
-});
-
-describe('deleteFiles', () => {
-  let testDir: string;
-  let testFilePath: string;
-
-  beforeEach(() => {
-    testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'test-delete-'));
-    testFilePath = path.join(testDir, 'test.jpg');
-    fs.writeFileSync(testFilePath, 'test');
-  });
-
-  afterEach(() => {
-    fs.rmSync(testDir, { recursive: true, force: true });
-  });
-
-  it('should delete asset and sidecar file when main file is deleted', async () => {
-    const sidecarPath = path.join(testDir, 'test.xmp');
-    fs.writeFileSync(sidecarPath, 'xmp data');
-
-    await deleteFiles([{ id: 'test-id', filepath: testFilePath }], [], { delete: true, concurrency: 1 });
-
-    expect(fs.existsSync(testFilePath)).toBe(false);
-    expect(fs.existsSync(sidecarPath)).toBe(false);
-  });
-
-  it('should not delete sidecar file when delete option is false', async () => {
-    const sidecarPath = path.join(testDir, 'test.xmp');
-    fs.writeFileSync(sidecarPath, 'xmp data');
-
-    await deleteFiles([{ id: 'test-id', filepath: testFilePath }], [], { delete: false, concurrency: 1 });
-
-    expect(fs.existsSync(testFilePath)).toBe(true);
-    expect(fs.existsSync(sidecarPath)).toBe(true);
-  });
-});

cli/src/commands/asset.ts

@@ -1,9 +1,9 @@
 import {
+  Action,
   AssetBulkUploadCheckItem,
   AssetBulkUploadCheckResult,
   AssetMediaResponseDto,
   AssetMediaStatus,
-  AssetUploadAction,
   Permission,
   addAssetsToAlbum,
   checkBulkUpload,
@@ -17,7 +17,7 @@ import { Matcher, watch as watchFs } from 'chokidar';
 import { MultiBar, Presets, SingleBar } from 'cli-progress';
 import { chunk } from 'lodash-es';
 import micromatch from 'micromatch';
-import { Stats, createReadStream, existsSync } from 'node:fs';
+import { Stats, createReadStream } from 'node:fs';
 import { stat, unlink } from 'node:fs/promises';
 import path, { basename } from 'node:path';
 import { Queue } from 'src/queue';
@@ -180,49 +180,18 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
   }
 
   let multiBar: MultiBar | undefined;
-  let totalSize = 0;
-  const statsMap = new Map<string, Stats>();
-
-  // Calculate total size first
-  for (const filepath of files) {
-    const stats = await stat(filepath);
-    statsMap.set(filepath, stats);
-    totalSize += stats.size;
-  }
 
   if (progress) {
     multiBar = new MultiBar(
-      {
-        format: '{message} | {bar} | {percentage}% | ETA: {eta_formatted} | {value}/{total}',
-        formatValue: (v: number, options, type) => {
-          // Don't format percentage
-          if (type === 'percentage') {
-            return v.toString();
-          }
-          return byteSize(v).toString();
-        },
-        etaBuffer: 100, // Increase samples for ETA calculation
-      },
+      { format: '{message} | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
       Presets.shades_classic,
     );
-
-    // Ensure we restore cursor on interrupt
-    process.on('SIGINT', () => {
-      if (multiBar) {
-        multiBar.stop();
-      }
-      process.exit(0);
-    });
   } else {
-    console.log(`Received ${files.length} files (${byteSize(totalSize)}), hashing...`);
+    console.log(`Received ${files.length} files, hashing...`);
   }
 
-  const hashProgressBar = multiBar?.create(totalSize, 0, {
-    message: 'Hashing files          ',
-  });
-  const checkProgressBar = multiBar?.create(totalSize, 0, {
-    message: 'Checking for duplicates',
-  });
+  const hashProgressBar = multiBar?.create(files.length, 0, { message: 'Hashing files          ' });
+  const checkProgressBar = multiBar?.create(files.length, 0, { message: 'Checking for duplicates' });
 
   const newFiles: string[] = [];
   const duplicates: Asset[] = [];
@@ -234,7 +203,7 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
       const results = response.results as AssetBulkUploadCheckResults;
 
       for (const { id: filepath, assetId, action } of results) {
-        if (action === AssetUploadAction.Accept) {
+        if (action === Action.Accept) {
           newFiles.push(filepath);
         } else {
           // rejects are always duplicates
@@ -242,13 +211,7 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
         }
       }
 
-      // Update progress based on total size of processed files
-      let processedSize = 0;
-      for (const asset of assets) {
-        const stats = statsMap.get(asset.id);
-        processedSize += stats?.size || 0;
-      }
-      checkProgressBar?.increment(processedSize);
+      checkProgressBar?.increment(assets.length);
     },
     { concurrency, retry: 3 },
   );
@@ -258,10 +221,6 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
 
   const queue = new Queue<string, AssetBulkUploadCheckItem[]>(
     async (filepath: string): Promise<AssetBulkUploadCheckItem[]> => {
-      const stats = statsMap.get(filepath);
-      if (!stats) {
-        throw new Error(`Stats not found for ${filepath}`);
-      }
       const dto = { id: filepath, checksum: await sha1(filepath) };
 
       results.push(dto);
@@ -272,7 +231,7 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
         void checkBulkUploadQueue.push(batch);
       }
 
-      hashProgressBar?.increment(stats.size);
+      hashProgressBar?.increment();
       return results;
     },
     { concurrency, retry: 3 },
@@ -403,22 +362,34 @@ export const uploadFiles = async (
 const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaResponseDto> => {
   const { baseUrl, headers } = defaults;
 
+  const assetPath = path.parse(input);
+  const noExtension = path.join(assetPath.dir, assetPath.name);
+
+  const sidecarsFiles = await Promise.all(
+    // XMP sidecars can come in two filename formats. For a photo named photo.ext, the filenames are photo.ext.xmp and photo.xmp
+    [`${noExtension}.xmp`, `${input}.xmp`].map(async (sidecarPath) => {
+      try {
+        const stats = await stat(sidecarPath);
+        return new UploadFile(sidecarPath, stats.size);
+      } catch {
+        return false;
+      }
+    }),
+  );
+
+  const sidecarData = sidecarsFiles.find((file): file is UploadFile => file !== false);
+
   const formData = new FormData();
+  formData.append('deviceAssetId', `${basename(input)}-${stats.size}`.replaceAll(/\s+/g, ''));
+  formData.append('deviceId', 'CLI');
   formData.append('fileCreatedAt', stats.mtime.toISOString());
   formData.append('fileModifiedAt', stats.mtime.toISOString());
   formData.append('fileSize', String(stats.size));
   formData.append('isFavorite', 'false');
   formData.append('assetData', new UploadFile(input, stats.size));
 
-  const sidecarPath = findSidecar(input);
-  if (sidecarPath) {
-    try {
-      const stats = await stat(sidecarPath);
-      const sidecarData = new UploadFile(sidecarPath, stats.size);
-      formData.append('sidecarData', sidecarData);
-    } catch {
-      // noop
-    }
+  if (sidecarData) {
+    formData.append('sidecarData', sidecarData);
   }
 
   const response = await fetch(`${baseUrl}/assets`, {
@@ -434,19 +405,7 @@ const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaRespon
   return response.json();
 };
 
-export const findSidecar = (filepath: string): string | undefined => {
-  const assetPath = path.parse(filepath);
-  const noExtension = path.join(assetPath.dir, assetPath.name);
-
-  // XMP sidecars can come in two filename formats. For a photo named photo.ext, the filenames are photo.ext.xmp and photo.xmp
-  for (const sidecarPath of [`${noExtension}.xmp`, `${filepath}.xmp`]) {
-    if (existsSync(sidecarPath)) {
-      return sidecarPath;
-    }
-  }
-};
-
-export const deleteFiles = async (uploaded: Asset[], duplicates: Asset[], options: UploadOptionsDto): Promise<void> => {
+const deleteFiles = async (uploaded: Asset[], duplicates: Asset[], options: UploadOptionsDto): Promise<void> => {
   let fileCount = 0;
   if (options.delete) {
     fileCount += uploaded.length;
@@ -474,15 +433,7 @@ export const deleteFiles = async (uploaded: Asset[], duplicates: Asset[], option
 
   const chunkDelete = async (files: Asset[]) => {
     for (const assetBatch of chunk(files, options.concurrency)) {
-      await Promise.all(
-        assetBatch.map(async (input: Asset) => {
-          await unlink(input.filepath);
-          const sidecarPath = findSidecar(input.filepath);
-          if (sidecarPath) {
-            await unlink(sidecarPath);
-          }
-        }),
-      );
+      await Promise.all(assetBatch.map((input: Asset) => unlink(input.filepath)));
       deletionProgress.update(assetBatch.length);
     }
   };

cli/src/utils.ts

@@ -81,7 +81,7 @@ export const connect = async (url: string, key: string) => {
 
   const [error] = await withError(getMyUser());
   if (isHttpError(error)) {
-    logError(error, `Failed to connect to server ${url}`);
+    logError(error, 'Failed to connect to server');
     process.exit(1);
   }
 

cli/tsconfig.json

@@ -15,12 +15,8 @@
     "incremental": true,
     "skipLibCheck": true,
     "esModuleInterop": true,
-    "rootDir": "./src",
-    "paths": {
-      "src/*": ["./src/*"],
-    },
-    "tsBuildInfoFile": "./dist/tsconfig.tsbuildinfo",
+    "baseUrl": "./",
     "types": ["vitest/globals"]
   },
-  "exclude": ["dist", "node_modules", "vite.config.ts"]
+  "exclude": ["dist", "node_modules"]
 }

cli/vite.config.ts

@@ -1,12 +1,10 @@
-import { defineConfig, UserConfig } from 'vite';
+import { defineConfig } from 'vite';
+import tsconfigPaths from 'vite-tsconfig-paths';
 
 export default defineConfig({
-  resolve: {
-    alias: { src: '/src' },
-    tsconfigPaths: true,
-  },
+  resolve: { alias: { src: '/src' } },
   build: {
-    rolldownOptions: {
+    rollupOptions: {
       input: 'src/index.ts',
       output: {
         dir: 'dist',
@@ -18,8 +16,5 @@ export default defineConfig({
     // bundle everything except for Node built-ins
     noExternal: /^(?!node:).*$/,
   },
-  test: {
-    name: 'cli:unit',
-    globals: true,
-  },
-} as UserConfig);
+  plugins: [tsconfigPaths()],
+});

cli/vitest.config.ts

@@ -0,0 +1,7 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    globals: true,
+  },
+});

deployment/mise.toml

@@ -1,6 +1,6 @@
 [tools]
-terragrunt = "1.0.0"
-opentofu = "1.11.5"
+terragrunt = "0.98.0"
+opentofu = "1.11.4"
 
 [tasks."tg:fmt"]
 run = "terragrunt hclfmt"

docker/docker-compose.dev.yml

@@ -14,66 +14,33 @@
 name: immich-dev
 
 services:
-  immich-app-base:
-    profiles: ['_base']
-    tmpfs:
-      - /tmp
-    volumes:
-      - ..:/usr/src/app
-      # - ../../ui:/usr/src/ui
-      - pnpm_cache:/buildcache/pnpm_cache
-      - server_node_modules:/usr/src/app/server/node_modules
-      - web_node_modules:/usr/src/app/web/node_modules
-      - github_node_modules:/usr/src/app/.github/node_modules
-      - cli_node_modules:/usr/src/app/cli/node_modules
-      - docs_node_modules:/usr/src/app/docs/node_modules
-      - e2e_node_modules:/usr/src/app/e2e/node_modules
-      - sdk_node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
-      - app_node_modules:/usr/src/app/node_modules
-      - sveltekit:/usr/src/app/web/.svelte-kit
-      - coverage:/usr/src/app/web/coverage
-
-  immich-init:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
-    container_name: immich_init
-    image: immich-server-dev:latest
-    build:
-      context: ../
-      dockerfile: server/Dockerfile.dev
-      target: dev
-    command:
-      - |
-        pnpm install
-        touch /tmp/init-complete
-        exec tail -f /dev/null
-    volumes:
-      - pnpm_store_server:/buildcache/pnpm-store
-    restart: 'no'
-    healthcheck:
-      test: ['CMD', 'test', '-f', '/tmp/init-complete']
-      interval: 2s
-      timeout: 3s
-      retries: 300
-      start_period: 300s
-
   immich-server:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
     container_name: immich_server
     command: ['immich-dev']
     image: immich-server-dev:latest
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
     build:
       context: ../
       dockerfile: server/Dockerfile.dev
       target: dev
     restart: unless-stopped
     volumes:
+      - ..:/usr/src/app
       - ${UPLOAD_LOCATION}/photos:/data
       - /etc/localtime:/etc/localtime:ro
-      - pnpm_store_server:/buildcache/pnpm-store
+      - pnpm-store:/usr/src/app/.pnpm-store
+      - server-node_modules:/usr/src/app/server/node_modules
+      - web-node_modules:/usr/src/app/web/node_modules
+      - github-node_modules:/usr/src/app/.github/node_modules
+      - cli-node_modules:/usr/src/app/cli/node_modules
+      - docs-node_modules:/usr/src/app/docs/node_modules
+      - e2e-node_modules:/usr/src/app/e2e/node_modules
+      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
+      - app-node_modules:/usr/src/app/node_modules
+      - sveltekit:/usr/src/app/web/.svelte-kit
+      - coverage:/usr/src/app/web/coverage
       - ../plugins:/build/corePlugin
     env_file:
       - .env
@@ -91,14 +58,11 @@ services:
       IMMICH_THIRD_PARTY_BUG_FEATURE_URL: https://github.com/immich-app/immich/issues
       IMMICH_THIRD_PARTY_DOCUMENTATION_URL: https://docs.immich.app
       IMMICH_THIRD_PARTY_SUPPORT_URL: https://docs.immich.app/community-guides
-      IMMICH_HELMET_FILE: 'true'
     ports:
       - 9230:9230
       - 9231:9231
       - 2283:2283
     depends_on:
-      immich-init:
-        condition: service_healthy
       redis:
         condition: service_started
       database:
@@ -107,9 +71,6 @@ services:
       disable: false
 
   immich-web:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
     container_name: immich_web
     image: immich-web-dev:latest
     build:
@@ -123,11 +84,20 @@ services:
       - 3000:3000
       - 24678:24678
     volumes:
-      - pnpm_store_web:/buildcache/pnpm-store
+      - ..:/usr/src/app
+      - pnpm-store:/usr/src/app/.pnpm-store
+      - server-node_modules:/usr/src/app/server/node_modules
+      - web-node_modules:/usr/src/app/web/node_modules
+      - github-node_modules:/usr/src/app/.github/node_modules
+      - cli-node_modules:/usr/src/app/cli/node_modules
+      - docs-node_modules:/usr/src/app/docs/node_modules
+      - e2e-node_modules:/usr/src/app/e2e/node_modules
+      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
+      - app-node_modules:/usr/src/app/node_modules
+      - sveltekit:/usr/src/app/web/.svelte-kit
+      - coverage:/usr/src/app/web/coverage
     restart: unless-stopped
     depends_on:
-      immich-init:
-        condition: service_healthy
       immich-server:
         condition: service_started
 
@@ -146,7 +116,7 @@ services:
       - 3003:3003
     volumes:
       - ../machine-learning/immich_ml:/usr/src/immich_ml
-      - model_cache:/cache
+      - model-cache:/cache
     env_file:
       - .env
     depends_on:
@@ -157,7 +127,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
+    image: docker.io/valkey/valkey:9@sha256:930b41430fb727f533c5982fe509b6f04233e26d0f7354e04de4b0d5c706e44e
     healthcheck:
       test: redis-cli ping || exit 1
 
@@ -186,7 +156,7 @@ services:
   #   image: prom/prometheus
   #   volumes:
   #     - ./prometheus.yml:/etc/prometheus/prometheus.yml
-  #     - prometheus_data:/prometheus
+  #     - prometheus-data:/prometheus
 
   # first login uses admin/admin
   # add data source for http://immich-prometheus:9090 to get started
@@ -197,22 +167,20 @@ services:
   #     - 3000:3000
   #   image: grafana/grafana:10.3.3-ubuntu
   #   volumes:
-  #     - grafana_data:/var/lib/grafana
+  #     - grafana-data:/var/lib/grafana
 
 volumes:
-  model_cache:
-  prometheus_data:
-  grafana_data:
-  pnpm_cache:
-  pnpm_store_server:
-  pnpm_store_web:
-  server_node_modules:
-  web_node_modules:
-  github_node_modules:
-  cli_node_modules:
-  docs_node_modules:
-  e2e_node_modules:
-  sdk_node_modules:
-  app_node_modules:
+  model-cache:
+  prometheus-data:
+  grafana-data:
+  pnpm-store:
+  server-node_modules:
+  web-node_modules:
+  github-node_modules:
+  cli-node_modules:
+  docs-node_modules:
+  e2e-node_modules:
+  sdk-node_modules:
+  app-node_modules:
   sveltekit:
   coverage:

docker/docker-compose.prod.yml

@@ -56,7 +56,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
+    image: docker.io/valkey/valkey:9@sha256:930b41430fb727f533c5982fe509b6f04233e26d0f7354e04de4b0d5c706e44e
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always
@@ -85,7 +85,7 @@ services:
     container_name: immich_prometheus
     ports:
       - 9090:9090
-    image: prom/prometheus@sha256:dda13e28bf95a5e5ca5b8ed56852006094c1c8e8871d9c9dbeed30aa6e55271f
+    image: prom/prometheus@sha256:1f0f50f06acaceb0f5670d2c8a658a599affe7b0d8e78b898c1035653849a702
     volumes:
       - ./prometheus.yml:/etc/prometheus/prometheus.yml
       - prometheus-data:/prometheus
@@ -97,7 +97,7 @@ services:
     command: ['./run.sh', '-disable-reporting']
     ports:
       - 3000:3000
-    image: grafana/grafana:12.4.2-ubuntu@sha256:78839fe49e1425c02416fa8072591533a72bd9598e563b54a07d78f9e27fb5d3
+    image: grafana/grafana:12.3.2-ubuntu@sha256:6cca4b429a1dc0d37d401dee54825c12d40056c3c6f3f56e3f0d6318ce77749b
     volumes:
       - grafana-data:/var/lib/grafana
 

docker/docker-compose.rootless.yml

@@ -61,7 +61,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
+    image: docker.io/valkey/valkey:9@sha256:930b41430fb727f533c5982fe509b6f04233e26d0f7354e04de4b0d5c706e44e
     user: '1000:1000'
     security_opt:
       - no-new-privileges:true

docker/docker-compose.yml

@@ -49,7 +49,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
+    image: docker.io/valkey/valkey:9@sha256:930b41430fb727f533c5982fe509b6f04233e26d0f7354e04de4b0d5c706e44e
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always

docs/.nvmrc

@@ -1 +1 @@
-24.14.1
+24.13.0

docs/docs/administration/backup-and-restore.md

@@ -210,7 +210,7 @@ The provided restore process ensures your database is never in a broken state by
 
 ## Filesystem
 
-Immich does not handle filesystem backups for you. You have to arrange these yourself! Immich stores two types of content in the filesystem: (a) original, unmodified assets (photos and videos), and (b) generated content. We recommend backing up the entire contents of `UPLOAD_LOCATION`, but only the original content is critical, which is stored in the following folders:
+Immich stores two types of content in the filesystem: (a) original, unmodified assets (photos and videos), and (b) generated content. We recommend backing up the entire contents of `UPLOAD_LOCATION`, but only the original content is critical, which is stored in the following folders:
 
 1. `UPLOAD_LOCATION/library`
 2. `UPLOAD_LOCATION/upload`

docs/docs/administration/jobs-workers.md

@@ -67,8 +67,7 @@ graph TD
     C --> D["Thumbnail Generation (Large, small, blurred and person)"]
     D --> E[Smart Search]
     D --> F[Face Detection]
-    D --> G[OCR]
-    D --> H[Video Transcoding]
-    E --> I[Duplicate Detection]
-    F --> J[Facial Recognition]
+    D --> G[Video Transcoding]
+    E --> H[Duplicate Detection]
+    F --> I[Facial Recognition]
 ```

docs/docs/administration/oauth.md

@@ -14,7 +14,6 @@ Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an i
 - [Authelia](https://www.authelia.com/integration/openid-connect/immich/)
 - [Okta](https://www.okta.com/openid-connect/)
 - [Google](https://developers.google.com/identity/openid-connect/openid-connect)
-- [Keycloak](https://www.keycloak.org)
 
 ## Prerequisites
 
@@ -50,10 +49,6 @@ Before enabling OAuth in Immich, a new client application needs to be configured
    - `https://immich.example.com/auth/login`
    - `https://immich.example.com/user-settings`
 
-3. Configure Backchannel logout URL
-
-   If the authentication server supports it, the **Backchannel logout URL** can be specified, and it is of the form: `http://DOMAIN:PORT/api/oauth/backchannel-logout`.
-
 ## Enable OAuth
 
 Once you have a new OAuth client application configured, Immich can be configured using the Administration Settings page, available on the web (Administration -> Settings).
@@ -67,8 +62,6 @@ Once you have a new OAuth client application configured, Immich can be configure
 | `scope`                                              | string  | openid email profile | Full list of scopes to send with the request (space delimited)                      |
 | `id_token_signed_response_alg`                       | string  | RS256                | The algorithm used to sign the id token (examples: RS256, HS256)                    |
 | `userinfo_signed_response_alg`                       | string  | none                 | The algorithm used to sign the userinfo response (examples: RS256, HS256)           |
-| `prompt`                                             | string  | (empty)              | Prompt parameter for authorization url (examples: select_account, login, consent)   |
-| `end_session_endpoint`                               | URL     | (empty)              | Http(s) alternative end session endpoint (logout URI)                               |
 | Request timeout                                      | string  | 30,000 (30 seconds)  | Number of milliseconds to wait for http requests to complete before giving up       |
 | Storage Label Claim                                  | string  | preferred_username   | Claim mapping for the user's storage label**¹**                                     |
 | Role Claim                                           | string  | immich_role          | Claim mapping for the user's role. (should return "user" or "admin")**¹**           |
@@ -187,7 +180,6 @@ Configuration of OAuth in Immich System Settings
 | Scope                              | openid email profile immich_scope                                   |
 | ID Token Signed Response Algorithm | RS256                                                               |
 | Userinfo Signed Response Algorithm | RS256                                                               |
-| End Session Endpoint               | https://auth.example.com/logout?rd=https://immich.example.com/      |
 | Storage Label Claim                | uid                                                                 |
 | Storage Quota Claim                | immich_quota                                                        |
 | Default Storage Quota (GiB)        | 0 (empty for unlimited quota)                                       |
@@ -261,40 +253,4 @@ Configuration of OAuth in Immich System Settings
 
 </details>
 
-<details>
-<summary>Keycloak Example</summary>
-
-### Keycloak Example
-
-Here's an example of OAuth configured for Keycloak:
-
-Create your immich client on your Keycloak Realm.
-
-<img src={require('./img/keycloak-general-settings.webp').default} width='100%' title="Keycloak Client general Settings" />
-<img src={require('./img/keycloak-access-settings.webp').default} width='100%' title="Keycloak Client Access Settings" />
-<img src={require('./img/keycloak-capability-config.webp').default} width='100%' title="Keycloak Client Capability Configuration" />
-
-Configuration of OAuth in Immich System Settings
-
-| Setting                      | Value                                                 |
-| ---------------------------- | ----------------------------------------------------- |
-| Issuer URL                   | `https://<KEYCLOAK_DOMAIN>/realms/<YOUR_REALM>`       |
-| Client ID                    | immich                                                |
-| Client Secret                | can be optained from Clients -> immich -> Credentials |
-| Scope                        | openid email profile                                  |
-| Signing Algorithm            | RS256                                                 |
-| Storage Label Claim          | preferred_username                                    |
-| Role Claim                   | immich_role                                           |
-| Storage Quota Claim          | immich_quota                                          |
-| Default Storage Quota (GiB)  | 0 (empty for unlimited quota)                         |
-| Button Text                  | Sign in with Keycloak (recommended)                   |
-| Auto Register                | Enabled (optional)                                    |
-| Auto Launch                  | Enabled (optional)                                    |
-| Mobile Redirect URI Override | Disabled                                              |
-| Mobile Redirect URI          |                                                       |
-
-Role Claim can be managed via Client Role. Remember to create a mapper with claim name `immich_role`.
-
-</details>
-
 [oidc]: https://openid.net/connect/

docs/docs/administration/system-settings.md

@@ -230,7 +230,7 @@ The default value is `ultrafast`.
 
 ### Audio codec (`ffmpeg.targetAudioCodec`) {#ffmpeg.targetAudioCodec}
 
-Which audio codec to use when the audio stream is being transcoded. Can be one of `mp3`, `aac`, `opus`.
+Which audio codec to use when the audio stream is being transcoded. Can be one of `mp3`, `aac`, `libopus`.
 
 The default value is `aac`.
 

docs/docs/developer/architecture.mdx

@@ -24,7 +24,7 @@ Immich has three main clients:
 3. CLI - Command-line utility for bulk upload
 
 :::info
-All three clients use [OpenAPI](/api.md) to auto-generate rest clients for easy integration. For more information about this process, see [OpenAPI](/api.md).
+All three clients use [OpenAPI](./open-api.md) to auto-generate rest clients for easy integration. For more information about this process, see [OpenAPI](./open-api.md).
 :::
 
 ### Mobile App
@@ -71,7 +71,7 @@ An incoming HTTP request is mapped to a controller (`src/controllers`). Controll
 
 ### Domain Transfer Objects (DTOs)
 
-The server uses [Domain Transfer Objects](https://en.wikipedia.org/wiki/Data_transfer_object) as public interfaces for the inputs (query, params, and body) and outputs (response) for each endpoint. DTOs translate to [OpenAPI](/api.md) schemas and control the generated code used by each client.
+The server uses [Domain Transfer Objects](https://en.wikipedia.org/wiki/Data_transfer_object) as public interfaces for the inputs (query, params, and body) and outputs (response) for each endpoint. DTOs translate to [OpenAPI](./open-api.md) schemas and control the generated code used by each client.
 
 ### Background Jobs
 

docs/docs/developer/devcontainers.md

@@ -44,7 +44,7 @@ While this guide focuses on VS Code, you have many options for Dev Container dev
 **Self-Hostable Options:**
 
 - [Coder](https://coder.com) - Enterprise-focused, requires Terraform knowledge, self-managed
-- [DevPod](https://devpod.sh) - Client-only tool with excellent devcontainer.json support, works with any provider (local, cloud, or on-premise). Check [quick-start guide](#quick-start-guide-for-devpod-with-docker)
+- [DevPod](https://devpod.sh) - Client-only tool with excellent devcontainer.json support, works with any provider (local, cloud, or on-premise)
   :::
 
 ## Dev Container Services
@@ -408,27 +408,7 @@ If you encounter issues:
 1. Check container logs: View → Output → Select "Dev Containers"
 2. Rebuild without cache: "Dev Containers: Rebuild Container Without Cache"
 3. Review [common Docker issues](https://docs.docker.com/desktop/troubleshoot/)
-4. Ask in [Discord](https://discord.immich.app) `#contributing` channel
-
-### Quick-start guide for DevPod with docker
-
-You will need DevPod CLI (check [DevPod CLI installation guide](https://devpod.sh/docs/getting-started/install)) and Docker Desktop.
-
-```sh
-# Step 1: Clone the Repository
-git clone https://github.com/immich-app/immich.git
-cd immich
-
-# Step 2: Prepare DevPod (if you haven't already)
-devpod provider add docker
-devpod provider use docker
-
-# Step 3: Build 'immich-server-dev' docker image first manually
-docker build -f server/Dockerfile.dev -t immich-server-dev .
-
-# Step 4: Now you can start devcontainer
-devpod up .
-```
+4. Ask in [Discord](https://discord.immich.app) `#help-desk-support` channel
 
 ## Mobile Development
 

docs/docs/developer/open-api.md

@@ -1,4 +1,4 @@
-# API
+# OpenAPI
 
 Immich uses the [OpenAPI](https://swagger.io/specification/) standard to generate API documentation. To view the published docs see [here](https://api.immich.app/).
 

docs/docs/developer/pr-checklist.md

@@ -53,7 +53,7 @@ You can use `dart fix --apply` and `dcm fix lib` to potentially correct some iss
 
 ## OpenAPI
 
-The OpenAPI client libraries need to be regenerated whenever there are changes to the `immich-openapi-specs.json` file. Note that you should not modify this file directly as it is auto-generated. See [OpenAPI](/api.md) for more details.
+The OpenAPI client libraries need to be regenerated whenever there are changes to the `immich-openapi-specs.json` file. Note that you should not modify this file directly as it is auto-generated. See [OpenAPI](/developer/open-api.md) for more details.
 
 ## Database Migrations
 

docs/docs/developer/setup.md

@@ -80,9 +80,9 @@ To see local changes to `@immich/ui` in Immich, do the following:
 
 1. Install `@immich/ui` as a sibling to `immich/`, for example `/home/user/immich` and `/home/user/ui`
 2. Build the `@immich/ui` project via `pnpm run build`
-3. Uncomment the corresponding volume in web service of the `docker/docker-compose.dev.yml` file (`../../ui:/usr/src/ui`)
-4. Uncomment the corresponding alias in the `web/vite.config.ts` file (`'@immich/ui': path.resolve(\_\_dirname, '../../ui/packages/ui')`)
-5. Uncomment the import statement in `web/src/app.css` file `@import '../../../ui/packages/ui/dist/theme/default.css';` and comment out `@import '@immich/ui/theme/default.css';`
+3. Uncomment the corresponding volume in web service of the `docker/docker-compose.dev.yaml` file (`../../ui:/usr/ui`)
+4. Uncomment the corresponding alias in the `web/vite.config.js` file (`'@immich/ui': path.resolve(\_\_dirname, '../../ui')`)
+5. Uncomment the import statement in `web/src/app.css` file `@import '/usr/ui/dist/theme/default.css';` and comment out `@import '@immich/ui/theme/default.css';`
 6. Start up the stack via `make dev`
 7. After making changes in `@immich/ui`, rebuild it (`pnpm run build`)
 

docs/docs/features/duplicates-utility.md

@@ -1,28 +0,0 @@
-# Duplicates Utility
-
-Immich comes with a duplicates utility to help you detect assets that look visually similar. The duplicate detection feature relies on machine learning and is enabled by default. For more information about when the duplicate detection job runs, see [Jobs and Workers](/administration/jobs-workers). Once an asset has been processed and added to a duplicate group, it becomes available to review in the "Review duplicates" utility, which can be found [here](https://my.immich.app/utilities/duplicates).
-
-## Reviewing duplicates
-
-The review duplicates page allows the user to individually select which assets should be kept and which ones should be trashed. When more than one asset is kept, there is an option to automatically put the kept assets into a stack.
-
-### Automatic preselection
-
-When using "Deduplicate All" or viewing suggestions, Immich automatically preselects which assets to keep based on:
-
-1. **Image size in bytes** — larger files are preferred as they typically have higher quality.
-2. **Count of EXIF data** — assets with more metadata are preferred.
-
-### Synchronizing metadata
-
-When resolving duplicates, metadata from trashed assets is automatically synchronized to the kept assets. The following metadata is synchronized:
-
-| Name        | Description                                                                                                                     |
-| ----------- | ------------------------------------------------------------------------------------------------------------------------------- |
-| Album       | The kept assets will be added to _every_ album that the other assets in the group belong to.                                    |
-| Favorite    | If any of the assets in the group have been added to favorites, every kept asset will also be added to favorites.               |
-| Rating      | If one or more assets in the duplicate group have a rating, the highest rating is selected and synchronized to the kept assets. |
-| Description | Descriptions from each asset are combined together and synchronized to all the kept assets.                                     |
-| Visibility  | The most restrictive visibility is applied to the kept assets.                                                                  |
-| Location    | Latitude and longitude are copied if all assets with geolocation data in the group share the same coordinates.                  |
-| Tag         | Tags from all assets in the group are merged and applied to every kept asset.                                                   |

docs/docs/features/libraries.md

@@ -80,10 +80,6 @@ There is an automatic scan job that is scheduled to run once a day. Its schedule
 
 This job also cleans up any libraries stuck in deletion. It is possible to trigger the cleanup by clicking "Scan all libraries" in the library management page.
 
-### Deleting a Library
-
-When deleting an external library, all assets inside are immediately deleted along with the library. Note that while a library can take a long time to fully delete in the background, it is immediately removed from the library list. If the deletion process is interrupted (for example, due to server restart), it will be cleaned up in the next nightly cron job. The cleanup process can also be manually initiated by clicking the "Scan All Libraries" button in the library list.
-
 ## Usage
 
 Let's show a concrete example where we add an existing gallery to Immich. Here, we have the following folders we want to add:

docs/docs/features/ml-hardware-acceleration.md

@@ -50,7 +50,6 @@ You do not need to redo any machine learning jobs after enabling hardware accele
 - The GPU must be supported by ROCm. If it isn't officially supported, you can attempt to use the `HSA_OVERRIDE_GFX_VERSION` environmental variable: `HSA_OVERRIDE_GFX_VERSION=<a supported version, e.g. 10.3.0>`. If this doesn't work, you might need to also set `HSA_USE_SVM=0`.
 - The ROCm image is quite large and requires at least 35GiB of free disk space. However, pulling later updates to the service through Docker will generally only amount to a few hundred megabytes as the rest will be cached.
 - This backend is new and may experience some issues. For example, GPU power consumption can be higher than usual after running inference, even if the machine learning service is idle. In this case, it will only go back to normal after being idle for 5 minutes (configurable with the [MACHINE_LEARNING_MODEL_TTL](/install/environment-variables) setting).
-- MIGraphX is a new backend for AMD cards, which compiles models at runtime. As such, the first few inferences will be slow.
 
 #### OpenVINO
 

docs/docs/features/searching.md

@@ -26,7 +26,7 @@ You can search the following types of content:
 | Time frame                          | Start and end date of a specific time bucket          |
 | Media type                          | Image or video or both                                |
 | Display options                     | In Archive, in Favorites or Not in any album          |
-| Star rating                         | User-assigned star rating                             |
+| Start rating                        | User-assigned start rating                            |
 
 <img src={require('./img/advanced-search-filters.webp').default} width="70%" title='Advanced search filters' />
 

docs/docs/features/supported-formats.md

@@ -28,17 +28,16 @@ For the full list, refer to the [Immich source code](https://github.com/immich-a
 
 ## Video formats
 
-| Format      | Extension(s)                |     Supported?     | Notes |
-| :---------- | :-------------------------- | :----------------: | :---- |
-| `3GPP`      | `.3gp` `.3gpp`              | :white_check_mark: |       |
-| `AVI`       | `.avi`                      | :white_check_mark: |       |
-| `FLV`       | `.flv`                      | :white_check_mark: |       |
-| `M4V`       | `.m4v`                      | :white_check_mark: |       |
-| `MATROSKA`  | `.mkv`                      | :white_check_mark: |       |
-| `MP2T`      | `.mts` `.m2ts` `.m2t` `.ts` | :white_check_mark: |       |
-| `MP4`       | `.mp4` `.insv`              | :white_check_mark: |       |
-| `MPEG`      | `.mpg` `.mpe` `.mpeg`       | :white_check_mark: |       |
-| `MXF`       | `.mxf`                      | :white_check_mark: |       |
-| `QUICKTIME` | `.mov`                      | :white_check_mark: |       |
-| `WEBM`      | `.webm`                     | :white_check_mark: |       |
-| `WMV`       | `.wmv`                      | :white_check_mark: |       |
+| Format      | Extension(s)          |     Supported?     | Notes |
+| :---------- | :-------------------- | :----------------: | :---- |
+| `3GPP`      | `.3gp` `.3gpp`        | :white_check_mark: |       |
+| `AVI`       | `.avi`                | :white_check_mark: |       |
+| `FLV`       | `.flv`                | :white_check_mark: |       |
+| `M4V`       | `.m4v`                | :white_check_mark: |       |
+| `MATROSKA`  | `.mkv`                | :white_check_mark: |       |
+| `MP2T`      | `.mts` `.m2ts` `.m2t` | :white_check_mark: |       |
+| `MP4`       | `.mp4` `.insv`        | :white_check_mark: |       |
+| `MPEG`      | `.mpg` `.mpe` `.mpeg` | :white_check_mark: |       |
+| `QUICKTIME` | `.mov`                | :white_check_mark: |       |
+| `WEBM`      | `.webm`               | :white_check_mark: |       |
+| `WMV`       | `.wmv`                | :white_check_mark: |       |

docs/docs/guides/custom-map-styles.md

@@ -3,8 +3,8 @@
 You may decide that you'd like to modify the style document which is used to
 draw the maps in Immich. In addition to visual customization, this also allows
 you to pick your own map tile provider instead of the default one. The default
-`style.json` for [light theme](https://tiles.immich.cloud/v1/style/light.json)
-and [dark theme](https://tiles.immich.cloud/v1/style/dark.json)
+`style.json` for [light theme](https://github.com/immich-app/immich/tree/main/server/resources/style-light.json)
+and [dark theme](https://github.com/immich-app/immich/blob/main/server/resources/style-dark.json)
 can be used as a basis for creating your own style.
 
 There are several sources for already-made `style.json` map themes, as well as

docs/docs/guides/python-file-upload.md

@@ -20,6 +20,8 @@ def upload(file):
     }
 
     data = {
+        'deviceAssetId': f'{file}-{stats.st_mtime}',
+        'deviceId': 'python',
         'fileCreatedAt': datetime.fromtimestamp(stats.st_mtime),
         'fileModifiedAt': datetime.fromtimestamp(stats.st_mtime),
         'isFavorite': 'false',

docs/docs/install/config-file.md

@@ -8,8 +8,7 @@ A config file can be provided as an alternative to the UI configuration.
 
 ### Step 1 - Create a new config file
 
-In JSON format, create a new config file (e.g. `immich.json`) and put it in a location mounted in the container that can be accessed by Immich.
-YAML-formatted config files are also supported.
+In JSON format, create a new config file (e.g. `immich.json`) and put it in a location that can be accessed by Immich.
 The default configuration looks like this:
 
 <details>
@@ -27,7 +26,7 @@ The default configuration looks like this:
   "ffmpeg": {
     "accel": "disabled",
     "accelDecode": false,
-    "acceptedAudioCodecs": ["aac", "mp3", "opus"],
+    "acceptedAudioCodecs": ["aac", "mp3", "libopus"],
     "acceptedContainers": ["mov", "ogg", "webm"],
     "acceptedVideoCodecs": ["h264"],
     "bframes": -1,
@@ -193,7 +192,6 @@ The default configuration looks like this:
     "defaultStorageQuota": null,
     "enabled": false,
     "issuerUrl": "",
-    "endSessionEndpoint": "",
     "mobileOverrideEnabled": false,
     "mobileRedirectUri": "",
     "profileSigningAlgorithm": "none",
@@ -253,15 +251,6 @@ So you can just grab it from there, paste it into a file and you're pretty much
 In your `.env` file, set the variable `IMMICH_CONFIG_FILE` to the path of your config.
 For more information, refer to the [Environment Variables](/install/environment-variables.md) section.
 
-:::info Docker Compose
-In your `.env` file, the variables `UPLOAD_LOCATION` and `DB_DATA_LOCATION` concern the location on the host.
-However, the variable `IMMICH_CONFIG_FILE` concerns the location inside the container, and informs the `immich-server` container that a configuration file is present.
-
-It is recommended to reuse this variable in your `docker-compose.yml`:
-
-```yaml
-volumes:
-  - ./configuration.yml:${IMMICH_CONFIG_FILE}
-```
-
-::
+:::tip
+YAML-formatted config files are also supported.
+:::

docs/docs/install/environment-variables.md

@@ -29,23 +29,22 @@ These environment variables are used by the `docker-compose.yml` file and do **N
 
 ## General
 
-| Variable                            | Description                                                                                                                                            |           Default            | Containers               | Workers            |
-| :---------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------: | :----------------------- | :----------------- |
-| `TZ`                                | Timezone                                                                                                                                               |        <sup>\*1</sup>        | server                   | microservices      |
-| `IMMICH_ENV`                        | Environment (production, development)                                                                                                                  |         `production`         | server, machine learning | api, microservices |
-| `IMMICH_LOG_LEVEL`                  | Log level (verbose, debug, log, warn, error)                                                                                                           |            `log`             | server, machine learning | api, microservices |
-| `IMMICH_LOG_FORMAT`                 | Log output format (`console`, `json`)                                                                                                                  |          `console`           | server                   | api, microservices |
-| `IMMICH_MEDIA_LOCATION`             | Media location inside the container ⚠️**You probably shouldn't set this**<sup>\*2</sup>⚠️                                                              |           `/data`            | server                   | api, microservices |
-| `IMMICH_CONFIG_FILE`                | Path to config file                                                                                                                                    |                              | server                   | api, microservices |
-| `IMMICH_HELMET_FILE`                | Path to a json file with [helmet](https://www.npmjs.com/package/helmet) options. Set to `false` to disable. Set to `true` to use `server/helmet.json`. |           `false`            | server                   | api                |
-| `NO_COLOR`                          | Set to `true` to disable color-coded log output                                                                                                        |           `false`            | server, machine learning |                    |
-| `CPU_CORES`                         | Number of cores available to the Immich server                                                                                                         | auto-detected CPU core count | server                   |                    |
-| `IMMICH_API_METRICS_PORT`           | Port for the OTEL metrics                                                                                                                              |            `8081`            | server                   | api                |
-| `IMMICH_MICROSERVICES_METRICS_PORT` | Port for the OTEL metrics                                                                                                                              |            `8082`            | server                   | microservices      |
-| `IMMICH_PROCESS_INVALID_IMAGES`     | When `true`, generate thumbnails for invalid images                                                                                                    |                              | server                   | microservices      |
-| `IMMICH_TRUSTED_PROXIES`            | List of comma-separated IPs set as trusted proxies                                                                                                     |                              | server                   | api                |
-| `IMMICH_IGNORE_MOUNT_CHECK_ERRORS`  | See [System Integrity](/administration/system-integrity)                                                                                               |                              | server                   | api, microservices |
-| `IMMICH_ALLOW_SETUP`                | When `false` disables the `/auth/admin-sign-up` endpoint                                                                                               |            `true`            | server                   | api                |
+| Variable                            | Description                                                                               |           Default            | Containers               | Workers            |
+| :---------------------------------- | :---------------------------------------------------------------------------------------- | :--------------------------: | :----------------------- | :----------------- |
+| `TZ`                                | Timezone                                                                                  |        <sup>\*1</sup>        | server                   | microservices      |
+| `IMMICH_ENV`                        | Environment (production, development)                                                     |         `production`         | server, machine learning | api, microservices |
+| `IMMICH_LOG_LEVEL`                  | Log level (verbose, debug, log, warn, error)                                              |            `log`             | server, machine learning | api, microservices |
+| `IMMICH_LOG_FORMAT`                 | Log output format (`console`, `json`)                                                     |          `console`           | server                   | api, microservices |
+| `IMMICH_MEDIA_LOCATION`             | Media location inside the container ⚠️**You probably shouldn't set this**<sup>\*2</sup>⚠️ |           `/data`            | server                   | api, microservices |
+| `IMMICH_CONFIG_FILE`                | Path to config file                                                                       |                              | server                   | api, microservices |
+| `NO_COLOR`                          | Set to `true` to disable color-coded log output                                           |           `false`            | server, machine learning |                    |
+| `CPU_CORES`                         | Number of cores available to the Immich server                                            | auto-detected CPU core count | server                   |                    |
+| `IMMICH_API_METRICS_PORT`           | Port for the OTEL metrics                                                                 |            `8081`            | server                   | api                |
+| `IMMICH_MICROSERVICES_METRICS_PORT` | Port for the OTEL metrics                                                                 |            `8082`            | server                   | microservices      |
+| `IMMICH_PROCESS_INVALID_IMAGES`     | When `true`, generate thumbnails for invalid images                                       |                              | server                   | microservices      |
+| `IMMICH_TRUSTED_PROXIES`            | List of comma-separated IPs set as trusted proxies                                        |                              | server                   | api                |
+| `IMMICH_IGNORE_MOUNT_CHECK_ERRORS`  | See [System Integrity](/administration/system-integrity)                                  |                              | server                   | api, microservices |
+| `IMMICH_ALLOW_SETUP`                | When `false` disables the `/auth/admin-sign-up` endpoint                                  |            `true`            | server                   | api                |
 
 \*1: `TZ` should be set to a `TZ identifier` from [this list][tz-list]. For example, `TZ="Etc/UTC"`.
 `TZ` is used by `exiftool` as a fallback in case the timezone cannot be determined from the image metadata. It is also used for logfile timestamps and cron job execution.
@@ -167,8 +166,6 @@ Redis (Sentinel) URL example JSON before encoding:
 | `MACHINE_LEARNING_PRELOAD__CLIP__VISUAL`                    | Comma-separated list of (visual) CLIP model(s) to preload and cache                                                                                          |                                 | machine learning |
 | `MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION__RECOGNITION` | Comma-separated list of (recognition) facial recognition model(s) to preload and cache                                                                       |                                 | machine learning |
 | `MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION__DETECTION`   | Comma-separated list of (detection) facial recognition model(s) to preload and cache                                                                         |                                 | machine learning |
-| `MACHINE_LEARNING_PRELOAD__OCR__RECOGNITION`                | Comma-separated list of (recognition) OCR model(s) to preload and cache                                                                                      |                                 | machine learning |
-| `MACHINE_LEARNING_PRELOAD__OCR__DETECTION`                  | Comma-separated list of (detection) OCR model(s) to preload and cache                                                                                        |                                 | machine learning |
 | `MACHINE_LEARNING_ANN`                                      | Enable ARM-NN hardware acceleration if supported                                                                                                             |             `True`              | machine learning |
 | `MACHINE_LEARNING_ANN_FP16_TURBO`                           | Execute operations in FP16 precision: increasing speed, reducing precision (applies only to ARM-NN)                                                          |             `False`             | machine learning |
 | `MACHINE_LEARNING_ANN_TUNING_LEVEL`                         | ARM-NN GPU tuning level (1: rapid, 2: normal, 3: exhaustive)                                                                                                 |               `2`               | machine learning |

docs/docs/install/requirements.md

@@ -8,7 +8,7 @@ Hardware and software requirements for Immich:
 
 ## Hardware
 
-- **OS**: Recommended Linux or \*nix 64-bit operating system (Ubuntu, Debian, etc).
+- **OS**: Recommended Linux or \*nix operating system (Ubuntu, Debian, etc).
   - Non-Linux OSes tend to provide a poor Docker experience and are strongly discouraged.
     Our ability to assist with setup or troubleshooting on non-Linux OSes will be severely reduced.
     If you still want to try to use a non-Linux OS, you can set it up as follows:
@@ -19,10 +19,6 @@ Hardware and software requirements for Immich:
     If you have issues, we recommend that you switch to a supported VM deployment.
 - **RAM**: Minimum 6GB, recommended 8GB.
 - **CPU**: Minimum 2 cores, recommended 4 cores.
-  - Immich runs on the `amd64` and `arm64` platforms.
-    Since `v2.6`, the machine learning container on `amd64` requires the `>= x86-64-v2` [microarchitecture level](https://en.wikipedia.org/wiki/X86-64#Microarchitecture_levels).
-    Most CPUs released since ~2012 support this microarchitecture.
-    If you are using a virtual machine, ensure you have selected a [supported microarchitecture](https://pve.proxmox.com/pve-docs/chapter-qm.html#_qemu_cpu_types).
 - **Storage**: Recommended Unix-compatible filesystem (EXT4, ZFS, APFS, etc.) with support for user/group ownership and permissions.
   - The generation of thumbnails and transcoded video can increase the size of the photo library by 10-20% on average.
 
@@ -49,7 +45,7 @@ Immich requires [**Docker**](https://docs.docker.com/get-started/get-docker/) wi
 The Compose plugin will be installed by both Docker Engine and Desktop by following the linked installation guides; it can also be [separately installed](https://docs.docker.com/compose/install/).
 
 :::note
-Immich requires the command `docker compose`; the similarly named `docker-compose` is [deprecated](https://docs.docker.com/retired/#docker-compose-v1-replaced-by-compose-v2) and is no longer supported by Immich.
+Immich requires the command `docker compose`; the similarly named `docker-compose` is [deprecated](https://docs.docker.com/compose/migrate/) and is no longer supported by Immich.
 :::
 
 ### Special requirements for Windows users

docs/docs/install/synology.md

@@ -8,6 +8,8 @@ sidebar_position: 85
 This is a community contribution and not officially supported by the Immich team, but included here for convenience.
 
 Community support can be found in the dedicated channel on the [Discord Server](https://discord.immich.app/).
+
+**Please report app issues to the corresponding [Github Repository](https://github.com/truenas/charts/tree/master/community/immich).**
 :::
 
 Immich can easily be installed on a Synology NAS using Container Manager within DSM. If you have not installed Container Manager already, you can install it in the Packages Center. Refer to the [Container Manager docs](https://kb.synology.com/en-us/DSM/help/ContainerManager/docker_desc?version=7) for more information on using Container Manager.

docs/docs/partials/_storage-template.md

@@ -6,8 +6,6 @@ You can read more about the differences between storage template engine on and o
 
 The admin user can set the template by using the template builder in the `Administration -> Settings -> Storage Template`. Immich provides a set of variables that you can use in constructing the template, along with additional custom text. If the template produces [multiple files with the same filename, they won't be overwritten](https://github.com/immich-app/immich/discussions/3324) as a sequence number is appended to the filename.
 
-Date and time variables in storage templates are rendered in the server's local timezone.
-
 ```bash title="Default template"
 Year/Year-Month-Day/Filename.Extension
 ```

docs/docusaurus.config.js

@@ -6,7 +6,7 @@ const prism = require('prism-react-renderer');
 /** @type {import('@docusaurus/types').Config} */
 const config = {
   title: 'Immich',
-  tagline: 'Self-hosted photo and video management solution',
+  tagline: 'High performance self-hosted photo and video backup solution directly from your mobile phone',
   url: 'https://docs.immich.app',
   baseUrl: '/',
   onBrokenLinks: 'throw',
@@ -93,15 +93,35 @@ const config = {
             position: 'right',
           },
           {
-            href: 'https://immich.app/',
+            to: '/overview/quick-start',
             position: 'right',
-            label: 'Home',
+            label: 'Docs',
+          },
+          {
+            href: 'https://immich.app/roadmap',
+            position: 'right',
+            label: 'Roadmap',
+          },
+          {
+            href: 'https://api.immich.app/',
+            position: 'right',
+            label: 'API',
+          },
+          {
+            href: 'https://immich.store',
+            position: 'right',
+            label: 'Merch',
           },
           {
             href: 'https://github.com/immich-app/immich',
             label: 'GitHub',
             position: 'right',
           },
+          {
+            href: 'https://discord.immich.app',
+            label: 'Discord',
+            position: 'right',
+          },
           {
             type: 'html',
             position: 'right',
@@ -114,78 +134,19 @@ const config = {
         style: 'light',
         links: [
           {
-            title: 'Download',
+            title: 'Overview',
             items: [
               {
-                label: 'Android',
-                href: 'https://get.immich.app/android',
+                label: 'Quick start',
+                to: '/overview/quick-start',
               },
               {
-                label: 'iOS',
-                href: 'https://get.immich.app/ios',
+                label: 'Installation',
+                to: '/install/requirements',
               },
               {
-                label: 'Server',
-                href: 'https://immich.app/download',
-              },
-            ],
-          },
-          {
-            title: 'Company',
-            items: [
-              {
-                label: 'FUTO',
-                href: 'https://futo.tech/',
-              },
-              {
-                label: 'Purchase',
-                href: 'https://buy.immich.app/',
-              },
-              {
-                label: 'Merch',
-                href: 'https://immich.store/',
-              },
-            ],
-          },
-          {
-            title: 'Sites',
-            items: [
-              {
-                label: 'Home',
-                href: 'https://immich.app',
-              },
-              {
-                label: 'My Immich',
-                href: 'https://my.immich.app/',
-              },
-              {
-                label: 'Awesome Immich',
-                href: 'https://awesome.immich.app/',
-              },
-              {
-                label: 'Immich API',
-                href: 'https://api.immich.app/',
-              },
-              {
-                label: 'Immich Data',
-                href: 'https://data.immich.app/',
-              },
-              {
-                label: 'Immich Datasets',
-                href: 'https://datasets.immich.app/',
-              },
-            ],
-          },
-          {
-            title: 'Miscellaneous',
-            items: [
-              {
-                label: 'Roadmap',
-                href: 'https://immich.app/roadmap',
-              },
-              {
-                label: 'Cursed Knowledge',
-                href: 'https://immich.app/cursed-knowledge',
+                label: 'Contributing',
+                to: '/overview/support-the-project',
               },
               {
                 label: 'Privacy Policy',
@@ -194,7 +155,24 @@ const config = {
             ],
           },
           {
-            title: 'Social',
+            title: 'Documentation',
+            items: [
+              {
+                label: 'Roadmap',
+                href: 'https://immich.app/roadmap',
+              },
+              {
+                label: 'API',
+                href: 'https://api.immich.app/',
+              },
+              {
+                label: 'Cursed Knowledge',
+                href: 'https://immich.app/cursed-knowledge',
+              },
+            ],
+          },
+          {
+            title: 'Links',
             items: [
               {
                 label: 'GitHub',

docs/mise.toml

@@ -23,9 +23,3 @@ run = "prettier --check ."
 [tasks."format-fix"]
 env._.path = "./node_modules/.bin"
 run = "prettier --write ."
-
-[tasks.deploy]
-run = "wrangler pages deploy build --project-name=${PROJECT_NAME} --branch=${BRANCH_NAME}"
-
-[tools]
-wrangler = "4.66.0"

docs/package.json

@@ -4,11 +4,11 @@
   "private": true,
   "scripts": {
     "docusaurus": "docusaurus",
-    "format": "prettier --cache --check .",
-    "format:fix": "prettier --cache --write --list-different .",
+    "format": "prettier --check .",
+    "format:fix": "prettier --write .",
     "start": "docusaurus start --port 3005",
     "copy:openapi": "jq -c < ../open-api/immich-openapi-specs.json > ./static/openapi.json || exit 0",
-    "build": "pnpm run copy:openapi && docusaurus build",
+    "build": "npm run copy:openapi && docusaurus build",
     "swizzle": "docusaurus swizzle",
     "deploy": "docusaurus deploy",
     "clear": "docusaurus clear",
@@ -30,17 +30,17 @@
     "postcss": "^8.4.25",
     "prism-react-renderer": "^2.3.1",
     "raw-loader": "^4.0.2",
-    "react": "^19.0.0",
-    "react-dom": "^19.0.0",
+    "react": "^18.0.0",
+    "react-dom": "^18.0.0",
     "tailwindcss": "^3.2.4",
     "url": "^0.11.0"
   },
   "devDependencies": {
     "@docusaurus/module-type-aliases": "~3.9.0",
-    "@docusaurus/tsconfig": "^3.10.0",
+    "@docusaurus/tsconfig": "^3.7.0",
     "@docusaurus/types": "^3.7.0",
     "prettier": "^3.7.4",
-    "typescript": "^6.0.0"
+    "typescript": "^5.1.6"
   },
   "browserslist": {
     "production": [
@@ -58,6 +58,6 @@
     "node": ">=20"
   },
   "volta": {
-    "node": "24.14.1"
+    "node": "24.13.0"
   }
 }

docs/static/_redirects

@@ -23,7 +23,6 @@
 /features/storage-template /administration/storage-template 307
 /features/user-management /administration/user-management 307
 /developer/contributing /developer/pr-checklist 307
-/developer/open-api /api 307
 /guides/machine-learning /guides/remote-machine-learning 307
 /administration/password-login /administration/system-settings 307
 /features/search /features/searching 307

docs/static/archived-versions.json

@@ -1,12 +1,4 @@
 [
-  {
-    "label": "v2.7.5",
-    "url": "https://docs.v2.7.5.archive.immich.app"
-  },
-  {
-    "label": "v2.6.3",
-    "url": "https://docs.v2.6.3.archive.immich.app"
-  },
   {
     "label": "v2.5.6",
     "url": "https://docs.v2.5.6.archive.immich.app"

docs/tsconfig.json

@@ -1,4 +1,8 @@
 {
   // This file is not used in compilation. It is here just for a nice editor experience.
-  "extends": "@docusaurus/tsconfig"
+  "extends": "@docusaurus/tsconfig",
+
+  "compilerOptions": {
+    "baseUrl": "."
+  }
 }

e2e-auth-server/auth-server.ts

@@ -1,12 +1,5 @@
-import {
-  calculateJwkThumbprint,
-  exportJWK,
-  importPKCS8,
-  importSPKI,
-  SignJWT,
-} from 'jose';
+import { exportJWK, generateKeyPair } from 'jose';
 import Provider from 'oidc-provider';
-import { PRIVATE_KEY_PEM, PUBLIC_KEY_PEM } from './test-keys';
 
 export enum OAuthClient {
   DEFAULT = 'client-default',
@@ -17,7 +10,6 @@ export enum OAuthClient {
 export enum OAuthUser {
   NO_EMAIL = 'no-email',
   NO_NAME = 'no-name',
-  ID_TOKEN_CLAIMS = 'id-token-claims',
   WITH_QUOTA = 'with-quota',
   WITH_USERNAME = 'with-username',
   WITH_ROLE = 'with-role',
@@ -51,29 +43,6 @@ const claims = [
   },
 ];
 
-const privateKey = await importPKCS8(PRIVATE_KEY_PEM, 'RS256', {
-  extractable: true,
-});
-const publicKey = await importSPKI(PUBLIC_KEY_PEM, 'RS256', {
-  extractable: true,
-});
-const kid = await calculateJwkThumbprint(await exportJWK(publicKey));
-
-export async function generateLogoutToken(iss: string, sub: string) {
-  return await new SignJWT({
-    iss: iss,
-    aud: OAuthClient.DEFAULT,
-    iat: Math.floor(Date.now() / 1000),
-    jti: crypto.randomUUID(),
-    sub: sub,
-    events: {
-      'http://schemas.openid.net/event/backchannel-logout': {},
-    },
-  })
-    .setProtectedHeader({ alg: 'RS256', typ: 'logout+jwt', kid: kid })
-    .sign(privateKey);
-}
-
 const withDefaultClaims = (sub: string) => ({
   sub,
   email: `${sub}@immich.app`,
@@ -83,23 +52,12 @@ const withDefaultClaims = (sub: string) => ({
   email_verified: true,
 });
 
-const getClaims = (sub: string, use?: string) => {
-  if (sub === OAuthUser.ID_TOKEN_CLAIMS) {
-    return {
-      sub,
-      email: `oauth-${sub}@immich.app`,
-      email_verified: true,
-      name: use === 'id_token' ? 'ID Token User' : 'Userinfo User',
-    };
-  }
-  return claims.find((user) => user.sub === sub) || withDefaultClaims(sub);
-};
+const getClaims = (sub: string) => claims.find((user) => user.sub === sub) || withDefaultClaims(sub);
 
 const setup = async () => {
-  const redirectUris = [
-    'http://127.0.0.1:2285/auth/login',
-    'https://photos.immich.app/oauth/mobile-redirect',
-  ];
+  const { privateKey, publicKey } = await generateKeyPair('RS256');
+
+  const redirectUris = ['http://127.0.0.1:2285/auth/login', 'https://photos.immich.app/oauth/mobile-redirect'];
   const port = 2286;
   const host = '0.0.0.0';
   const oidc = new Provider(`http://${host}:${port}`, {
@@ -108,10 +66,7 @@ const setup = async () => {
       console.error(error);
       ctx.body = 'Internal Server Error';
     },
-    findAccount: (ctx, sub) => ({
-      accountId: sub,
-      claims: (use) => getClaims(sub, use),
-    }),
+    findAccount: (ctx, sub) => ({ accountId: sub, claims: () => getClaims(sub) }),
     scopes: ['openid', 'email', 'profile'],
     claims: {
       openid: ['sub'],
@@ -139,7 +94,6 @@ const setup = async () => {
         state: 'oidc.state',
       },
     },
-    conformIdTokenClaims: false,
     pkce: {
       required: () => false,
     },
@@ -171,10 +125,7 @@ const setup = async () => {
     ],
   });
 
-  const onStart = () =>
-    console.log(
-      `[e2e-auth-server] http://${host}:${port}/.well-known/openid-configuration`,
-    );
+  const onStart = () => console.log(`[e2e-auth-server] http://${host}:${port}/.well-known/openid-configuration`);
   const app = oidc.listen(port, host, onStart);
   return () => app.close();
 };

e2e-auth-server/package.json

@@ -7,7 +7,7 @@
     "start": "tsx startup.ts"
   },
   "devDependencies": {
-    "jose": "^6.0.0",
+    "jose": "^5.6.3",
     "@types/oidc-provider": "^9.0.0",
     "oidc-provider": "^9.0.0",
     "tsx": "^4.20.6"

e2e-auth-server/test-keys.ts

@@ -1,38 +0,0 @@
-export const PRIVATE_KEY_PEM = `-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCVj5C7hzN3E2HO
-TcJ+DN/e2NSTQFj4rPylz4J8xjm8Es7l0k2kK5EEGvUNVGZbw7s055c+6kwP9eqg
-B5XFE7+26Fcq1sou6Tbm310kU4dnMW5l2CgwrhaGyb1pNysao0AMLT60dFYqtUwn
-ha9ceCsa+ZU1JrknVf3rONtppBvhWoI7CO9XX1keVQ0unHPzCWUjpXTzC8OGEbmB
-2w7ZIUf8OfJkd5RZ4OtIpML71W9n13aDxT50x2/EW/pFLFtQ/oaleOKHpvlRXDRX
-W86G4moUJym3gHMXMUj2aOcFG2UJnpLruKz3i5qZwYiTRlBP6O9EIQNCVtYxchuN
-V1CCcBU1AgMBAAECggEAJLfXMu8Nx89ynPVyyUMMaFfoEpHC9iR0L5obQVpiPMYK
-VRqVVLecdftPS9s7eQ58BNBRzdC0ZVu841aRYs3HLNbsZZhPkYZQpAxU//Dg5okY
-fzj7Hv5yidt4HN9+Pd8z/3lRMnj4WapifLaBt8xJ2ujJBMBRxzJBsXDnT0+Kx7+y
-bYDeuVfyUTEikaK3QZTbuRF3D3eiuN16GG+hv8UqTF2eYbPxdiLjYpTSHa4mH88C
-qfJz2Xt4SEzmyeo3G+MO17wDFOwtEe8ojlJfULHnHJSFdUwTfYIFM1bg5/fJ9MOS
-/fO3TSG+wkQqjQa6eoGssAzP87fL2XNLzlDtGY/7uQKBgQDHuJHOtf1EjOvNYiP7
-EN+8QGs41ghzt9CQRQxWbHpusR3IW3P83KMXwYmrlG70oOUXBRGSB/ESXUofXc5W
-pu5+Y55S44aUnu/a9yOBttYW0dtHZSL0zFT+PlVASwUzFZ2zcH1KXlUkSpfL5OAD
-PyDDTnBZ2AWh45fRO9wLo6PPuQKBgQC/tI03RqU3mOjqukKbquYeIpXHfRU5Z0DM
-u9ru1THYEl6fmkMXycxo/mvW3awyFuyKy/VodqIgKnFgumEqCHZh6OAMm/LC7TfA
-l9tjFSs/MyOqQVD4kbX+z6Oq4c4GccDoXfsQ3gzECoBapegi/F+6/25y+/C8ghXb
-J/Jg1GQXXQKBgQDFgWbfzuVZZyrBfu4qGLPJDMN7/114YizknwPma3xf/tN/EcGQ
-K/k1QvWMMkvPq1UiAKcxjJ0AFjV482FcG9T6NDWbrtmmG88C8Sex3Ue2ZW2+GuwI
-vhDHJIlV/Vp0/Elp7DJa2xLDwuh+gCZvz3vs6KL+ljxrrhCyn8mp0PfsMQKBgFFZ
-KnuETOO0zVGdzFoGQTQUdP58A5+iQwsdxB+I9Ge+E80iRso3ZbhADj7VPhbbR3D2
-b6LuhImluQrUzBpsEOAnU7vGCVPSGdBuIDiBaSKebsn2gYeZPWNtdQQ0YZq2dqek
-Cb/0mfIuipzsvf7qnSza62F7q4IyqVegMegI+Jg5AoGATM3NMy7JZeKzSkm+3ohU
-3xZOwgqKV9SH+0OeYWpuBxT7D7FlrKKI4NJ3XN3hg2f/DJAF6dH11CPe7pk94yol
-HMbh+PQUQ6GYvAzxIOvagWboQ3lzeyubNMpyFjfOrIE/WOQCUBZ9tIwCHIarIuyi
-QRuNOj3+U8T/n1Ww352HBdw=
------END PRIVATE KEY-----`;
-
-export const PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlY+Qu4czdxNhzk3Cfgzf
-3tjUk0BY+Kz8pc+CfMY5vBLO5dJNpCuRBBr1DVRmW8O7NOeXPupMD/XqoAeVxRO/
-tuhXKtbKLuk25t9dJFOHZzFuZdgoMK4Whsm9aTcrGqNADC0+tHRWKrVMJ4WvXHgr
-GvmVNSa5J1X96zjbaaQb4VqCOwjvV19ZHlUNLpxz8wllI6V08wvDhhG5gdsO2SFH
-/DnyZHeUWeDrSKTC+9VvZ9d2g8U+dMdvxFv6RSxbUP6GpXjih6b5UVw0V1vOhuJq
-FCcpt4BzFzFI9mjnBRtlCZ6S67is94uamcGIk0ZQT+jvRCEDQlbWMXIbjVdQgnAV
-NQIDAQAB
------END PUBLIC KEY-----`;

e2e/.nvmrc

@@ -1 +1 @@
-24.14.1
+24.13.0

e2e/docker-compose.dev.yml

@@ -1,77 +1,86 @@
 name: immich-e2e
 
 services:
-  immich-app-base:
-    extends:
-      file: ../docker/docker-compose.dev.yml
-      service: immich-app-base
-
-  immich-init:
-    extends:
-      file: ../docker/docker-compose.dev.yml
-      service: immich-init
-    container_name: immich-e2e-init
-
   immich-server:
-    extends:
-      file: ../docker/docker-compose.dev.yml
-      service: immich-server
     container_name: immich-e2e-server
-    ports: !reset []
-    env_file: !reset []
+    command: ['immich-dev']
+    image: immich-server-dev:latest
+    build:
+      context: ../
+      dockerfile: server/Dockerfile.dev
+      target: dev
     environment:
-      DB_HOSTNAME: database
-      DB_USERNAME: postgres
-      DB_PASSWORD: postgres
-      DB_DATABASE_NAME: immich
-      IMMICH_MACHINE_LEARNING_ENABLED: 'false'
-      IMMICH_TELEMETRY_INCLUDE: all
-      IMMICH_ENV: testing
-      IMMICH_PORT: '2285'
-      IMMICH_IGNORE_MOUNT_CHECK_ERRORS: 'true'
+      - DB_HOSTNAME=database
+      - DB_USERNAME=postgres
+      - DB_PASSWORD=postgres
+      - DB_DATABASE_NAME=immich
+      - IMMICH_MACHINE_LEARNING_ENABLED=false
+      - IMMICH_TELEMETRY_INCLUDE=all
+      - IMMICH_ENV=testing
+      - IMMICH_PORT=2285
+      - IMMICH_IGNORE_MOUNT_CHECK_ERRORS=true
     volumes:
       - ./test-assets:/test-assets
+      - ..:/usr/src/app
+      - ${UPLOAD_LOCATION}/photos:/data
+      - /etc/localtime:/etc/localtime:ro
+      - pnpm-store:/usr/src/app/.pnpm-store
+      - server-node_modules:/usr/src/app/server/node_modules
+      - web-node_modules:/usr/src/app/web/node_modules
+      - github-node_modules:/usr/src/app/.github/node_modules
+      - cli-node_modules:/usr/src/app/cli/node_modules
+      - docs-node_modules:/usr/src/app/docs/node_modules
+      - e2e-node_modules:/usr/src/app/e2e/node_modules
+      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
+      - app-node_modules:/usr/src/app/node_modules
+      - sveltekit:/usr/src/app/web/.svelte-kit
+      - coverage:/usr/src/app/web/coverage
+      - ../plugins:/build/corePlugin
     depends_on:
-      immich-init:
-        condition: service_healthy
       redis:
         condition: service_started
       database:
         condition: service_healthy
 
   immich-web:
-    extends:
-      file: ../docker/docker-compose.dev.yml
-      service: immich-web
     container_name: immich-e2e-web
-    ports: !override
+    image: immich-web-dev:latest
+    build:
+      context: ../
+      dockerfile: server/Dockerfile.dev
+      target: dev
+    command: ['immich-web']
+    ports:
       - 2285:3000
     environment:
-      IMMICH_SERVER_URL: http://immich-server:2285/
-    depends_on:
-      immich-init:
-        condition: service_healthy
+      - IMMICH_SERVER_URL=http://immich-server:2285/
+    volumes:
+      - ..:/usr/src/app
+      - pnpm-store:/usr/src/app/.pnpm-store
+      - server-node_modules:/usr/src/app/server/node_modules
+      - web-node_modules:/usr/src/app/web/node_modules
+      - github-node_modules:/usr/src/app/.github/node_modules
+      - cli-node_modules:/usr/src/app/cli/node_modules
+      - docs-node_modules:/usr/src/app/docs/node_modules
+      - e2e-node_modules:/usr/src/app/e2e/node_modules
+      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
+      - app-node_modules:/usr/src/app/node_modules
+      - sveltekit:/usr/src/app/web/.svelte-kit
+      - coverage:/usr/src/app/web/coverage
     restart: unless-stopped
 
   redis:
-    extends:
-      file: ../docker/docker-compose.dev.yml
-      service: redis
-    container_name: immich-e2e-redis
+    image: redis:6.2-alpine@sha256:46884be93652d02a96a176ccf173d1040bef365c5706aa7b6a1931caec8bfeef
 
   database:
-    extends:
-      file: ../docker/docker-compose.dev.yml
-      service: database
-    container_name: immich-e2e-postgres
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0@sha256:6f3e9d2c2177af16c2988ff71425d79d89ca630ec2f9c8db03209ab716542338
     command: -c fsync=off -c shared_preload_libraries=vchord.so -c config_file=/var/lib/postgresql/data/postgresql.conf
-    env_file: !reset []
-    ports: !override
-      - 5435:5432
     environment:
       POSTGRES_PASSWORD: postgres
       POSTGRES_USER: postgres
       POSTGRES_DB: immich
+    ports:
+      - 5435:5432
     healthcheck:
       test: ['CMD-SHELL', 'pg_isready -U postgres -d immich']
       interval: 1s
@@ -80,19 +89,17 @@ services:
       start_period: 10s
 
 volumes:
-  model_cache:
-  prometheus_data:
-  grafana_data:
-  pnpm_cache:
-  pnpm_store_server:
-  pnpm_store_web:
-  server_node_modules:
-  web_node_modules:
-  github_node_modules:
-  cli_node_modules:
-  docs_node_modules:
-  e2e_node_modules:
-  sdk_node_modules:
-  app_node_modules:
+  model-cache:
+  prometheus-data:
+  grafana-data:
+  pnpm-store:
+  server-node_modules:
+  web-node_modules:
+  github-node_modules:
+  cli-node_modules:
+  docs-node_modules:
+  e2e-node_modules:
+  sdk-node_modules:
+  app-node_modules:
   sveltekit:
   coverage:

e2e/docker-compose.yml

@@ -2,7 +2,6 @@ name: immich-e2e
 
 services:
   e2e-auth-server:
-    container_name: immich-e2e-auth-server
     build:
       context: ../e2e-auth-server
     ports:
@@ -23,15 +22,15 @@ services:
         - BUILD_SOURCE_REF=e2e
         - BUILD_SOURCE_COMMIT=e2eeeeeeeeeeeeeeeeee
     environment:
-      DB_HOSTNAME: database
-      DB_USERNAME: postgres
-      DB_PASSWORD: postgres
-      DB_DATABASE_NAME: immich
-      IMMICH_MACHINE_LEARNING_ENABLED: 'false'
-      IMMICH_TELEMETRY_INCLUDE: all
-      IMMICH_ENV: testing
-      IMMICH_PORT: '2285'
-      IMMICH_IGNORE_MOUNT_CHECK_ERRORS: 'true'
+      - DB_HOSTNAME=database
+      - DB_USERNAME=postgres
+      - DB_PASSWORD=postgres
+      - DB_DATABASE_NAME=immich
+      - IMMICH_MACHINE_LEARNING_ENABLED=false
+      - IMMICH_TELEMETRY_INCLUDE=all
+      - IMMICH_ENV=testing
+      - IMMICH_PORT=2285
+      - IMMICH_IGNORE_MOUNT_CHECK_ERRORS=true
     volumes:
       - ./test-assets:/test-assets
     depends_on:
@@ -43,14 +42,10 @@ services:
       - 2285:2285
 
   redis:
-    container_name: immich-e2e-redis
-    image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
-    healthcheck:
-      test: redis-cli ping || exit 1
+    image: redis:6.2-alpine@sha256:46884be93652d02a96a176ccf173d1040bef365c5706aa7b6a1931caec8bfeef
 
   database:
-    container_name: immich-e2e-postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0@sha256:6f3e9d2c2177af16c2988ff71425d79d89ca630ec2f9c8db03209ab716542338
     command: -c fsync=off -c shared_preload_libraries=vchord.so -c config_file=/var/lib/postgresql/data/postgresql.conf
     environment:
       POSTGRES_PASSWORD: postgres
@@ -58,7 +53,6 @@ services:
       POSTGRES_DB: immich
     ports:
       - 5435:5432
-    shm_size: 128mb
     healthcheck:
       test: ['CMD-SHELL', 'pg_isready -U postgres -d immich']
       interval: 1s

e2e/package.json

@@ -1,48 +1,43 @@
 {
   "name": "immich-e2e",
-  "version": "2.7.5",
+  "version": "2.5.6",
   "description": "",
   "main": "index.js",
   "type": "module",
   "scripts": {
     "test": "vitest --run",
     "test:watch": "vitest",
-    "test:maintenance": "vitest --run --config vitest.maintenance.config.ts",
-    "test:web": "pnpm exec playwright test --project=web",
-    "test:web:maintenance": "pnpm exec playwright test --project=maintenance",
-    "test:web:ui": "pnpm exec playwright test --project=ui",
-    "start:web": "pnpm exec playwright test --ui --project=web",
-    "start:web:maintenance": "pnpm exec playwright test --ui --project=maintenance",
-    "start:web:ui": "pnpm exec playwright test --ui --project=ui",
-    "format": "prettier --cache --check .",
-    "format:fix": "prettier --cache --write --list-different .",
+    "test:web": "npx playwright test",
+    "start:web": "npx playwright test --ui",
+    "format": "prettier --check .",
+    "format:fix": "prettier --write .",
     "lint": "eslint \"src/**/*.ts\" --max-warnings 0",
-    "lint:fix": "pnpm run lint --fix",
+    "lint:fix": "npm run lint -- --fix",
     "check": "tsc --noEmit"
   },
   "keywords": [],
   "author": "",
   "license": "GNU Affero General Public License version 3",
   "devDependencies": {
-    "@eslint/js": "^10.0.0",
+    "@eslint/js": "^9.8.0",
     "@faker-js/faker": "^10.1.0",
-    "@immich/cli": "workspace:*",
-    "@immich/e2e-auth-server": "workspace:*",
-    "@immich/sdk": "workspace:*",
+    "@immich/cli": "file:../cli",
+    "@immich/e2e-auth-server": "file:../e2e-auth-server",
+    "@immich/sdk": "file:../open-api/typescript-sdk",
     "@playwright/test": "^1.44.1",
     "@socket.io/component-emitter": "^3.1.2",
     "@types/luxon": "^3.4.2",
-    "@types/node": "^24.12.2",
+    "@types/node": "^24.10.11",
     "@types/pg": "^8.15.1",
     "@types/pngjs": "^6.0.4",
-    "@types/supertest": "^7.0.0",
+    "@types/supertest": "^6.0.2",
     "dotenv": "^17.2.3",
-    "eslint": "^10.0.0",
+    "eslint": "^9.14.0",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^64.0.0",
-    "exiftool-vendored": "^35.0.0",
-    "globals": "^17.0.0",
+    "eslint-plugin-unicorn": "^62.0.0",
+    "exiftool-vendored": "^34.3.0",
+    "globals": "^16.0.0",
     "luxon": "^3.4.4",
     "pg": "^8.11.3",
     "pngjs": "^7.0.0",
@@ -51,13 +46,12 @@
     "sharp": "^0.34.5",
     "socket.io-client": "^4.7.4",
     "supertest": "^7.0.0",
-    "typescript": "^6.0.0",
+    "typescript": "^5.3.3",
     "typescript-eslint": "^8.28.0",
     "utimes": "^5.2.1",
-    "vite-tsconfig-paths": "^6.1.1",
-    "vitest": "^4.0.0"
+    "vitest": "^3.0.0"
   },
   "volta": {
-    "node": "24.14.1"
+    "node": "24.13.0"
   }
 }

e2e/playwright.config.ts

@@ -3,7 +3,7 @@ import dotenv from 'dotenv';
 import { cpus } from 'node:os';
 import { resolve } from 'node:path';
 
-dotenv.config({ quiet: true, path: resolve(import.meta.dirname, '.env') });
+dotenv.config({ path: resolve(import.meta.dirname, '.env') });
 
 export const playwrightHost = process.env.PLAYWRIGHT_HOST ?? '127.0.0.1';
 export const playwrightDbHost = process.env.PLAYWRIGHT_DB_HOST ?? '127.0.0.1';
@@ -48,7 +48,7 @@ const config: PlaywrightTestConfig = {
     {
       name: 'maintenance',
       use: { ...devices['Desktop Chrome'] },
-      testDir: './src/specs/maintenance/web',
+      testDir: './src/specs/maintenance',
       workers: 1,
     },
   ],

e2e/src/api/specs/duplicate.e2e-spec.ts

@@ -1,651 +0,0 @@
-import { LoginResponseDto } from '@immich/sdk';
-import { createUserDto, uuidDto } from 'src/fixtures';
-import { errorDto } from 'src/responses';
-import { app, utils } from 'src/utils';
-import request from 'supertest';
-import { beforeAll, beforeEach, describe, expect, it } from 'vitest';
-
-describe('/duplicates', () => {
-  let admin: LoginResponseDto;
-  let user1: LoginResponseDto;
-  let user2: LoginResponseDto;
-
-  beforeAll(async () => {
-    await utils.resetDatabase();
-
-    admin = await utils.adminSetup();
-
-    [user1, user2] = await Promise.all([
-      utils.userSetup(admin.accessToken, createUserDto.user1),
-      utils.userSetup(admin.accessToken, createUserDto.user2),
-    ]);
-  });
-
-  beforeEach(async () => {
-    // Reset assets, albums, tags, and stacks between tests to ensure clean state for repeated test runs
-    // Note: We don't reset users since they're set up once in beforeAll
-    // Stack must be reset before asset due to foreign key constraint
-    await utils.resetDatabase(['stack', 'asset', 'album', 'tag']);
-  });
-
-  describe('GET /duplicates', () => {
-    it('should return empty array when no duplicates', async () => {
-      const { status, body } = await request(app)
-        .get('/duplicates')
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toEqual([]);
-    });
-
-    it('should return duplicate groups with suggestedKeepAssetIds', async () => {
-      // Create assets with different file sizes for duplicate detection
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Manually set duplicateId on both assets to create a duplicate group
-      const duplicateId = '00000000-0000-4000-8000-000000000001';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .get('/duplicates')
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toEqual([
-        {
-          duplicateId,
-          assets: expect.arrayContaining([
-            expect.objectContaining({ id: asset1.id }),
-            expect.objectContaining({ id: asset2.id }),
-          ]),
-          suggestedKeepAssetIds: expect.any(Array),
-        },
-      ]);
-      expect(body[0].suggestedKeepAssetIds.length).toBe(1);
-    });
-  });
-
-  describe('POST /duplicates/resolve', () => {
-    it('should require authentication', async () => {
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .send({
-          groups: [{ duplicateId: uuidDto.dummy, keepAssetIds: [], trashAssetIds: [] }],
-        });
-
-      expect(status).toBe(401);
-      expect(body).toEqual(errorDto.unauthorized);
-    });
-
-    it('should return failure for non-existent duplicate group', async () => {
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId: uuidDto.dummy, keepAssetIds: [], trashAssetIds: [] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body).toEqual({
-        status: 'COMPLETED',
-        results: [
-          {
-            duplicateId: uuidDto.dummy,
-            status: 'FAILED',
-            reason: expect.stringContaining('not found or access denied'),
-          },
-        ],
-      });
-    });
-
-    it('should resolve duplicate group with keepers', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000002';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body).toEqual({
-        status: 'COMPLETED',
-        results: [
-          {
-            duplicateId,
-            status: 'SUCCESS',
-          },
-        ],
-      });
-
-      // Verify side effects: duplicateId cleared on kept asset
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.duplicateId).toBeNull();
-
-      // Verify side effects: trashed asset is trashed and duplicateId cleared
-      const trashedAsset = await utils.getAssetInfo(user1.accessToken, asset2.id);
-      expect(trashedAsset.isTrashed).toBe(true);
-      expect(trashedAsset.duplicateId).toBeNull();
-    });
-
-    it('should reject when keepAssetIds and trashAssetIds overlap', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000003';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset1.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('FAILED');
-      expect(body.results[0].reason).toContain('disjoint');
-    });
-
-    it('should require keepAssetIds when partially trashing', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000004';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [], trashAssetIds: [asset1.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('FAILED');
-      expect(body.results[0].reason).toContain('must cover all assets');
-    });
-
-    it('should reject partial resolution (not all assets covered)', async () => {
-      const [asset1, asset2, asset3] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000010';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset3.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('FAILED');
-      expect(body.results[0].reason).toContain('must cover all assets');
-    });
-
-    it('should reject asset not in duplicate group', async () => {
-      const [asset1, asset2, outsideAsset] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000011';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [outsideAsset.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('FAILED');
-      expect(body.results[0].reason).toContain('not a member of duplicate group');
-    });
-
-    it('should allow trash-all without keepers', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000012';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [], trashAssetIds: [asset1.id, asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body).toEqual({
-        status: 'COMPLETED',
-        results: [
-          {
-            duplicateId,
-            status: 'SUCCESS',
-          },
-        ],
-      });
-
-      // Verify both assets are trashed
-      const [asset1Info, asset2Info] = await Promise.all([
-        utils.getAssetInfo(user1.accessToken, asset1.id),
-        utils.getAssetInfo(user1.accessToken, asset2.id),
-      ]);
-
-      expect(asset1Info.isTrashed).toBe(true);
-      expect(asset1Info.duplicateId).toBeNull();
-      expect(asset2Info.isTrashed).toBe(true);
-      expect(asset2Info.duplicateId).toBeNull();
-    });
-
-    it('should reject cross-user duplicate group access', async () => {
-      const asset1 = await utils.createAsset(user1.accessToken);
-      const asset2 = await utils.createAsset(user2.accessToken);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000013';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user2.accessToken, asset2.id, duplicateId);
-
-      // User1 tries to resolve a group containing user2's asset
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('FAILED');
-      expect(body.results[0].reason).toContain('not a member of duplicate group');
-    });
-
-    it('should synchronize favorites when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Mark one asset as favorite
-      await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [asset2.id], isFavorite: true });
-
-      const duplicateId = '00000000-0000-4000-8000-000000000020';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify favorite was synchronized to keeper
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.isFavorite).toBe(true);
-      expect(keptAsset.duplicateId).toBeNull();
-    });
-
-    it('should synchronize visibility when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Archive one asset
-      await utils.archiveAssets(user1.accessToken, [asset2.id]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000021';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify visibility was synchronized to keeper
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.visibility).toBe('archive');
-      expect(keptAsset.duplicateId).toBeNull();
-    });
-
-    it('should synchronize rating when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Set rating on one asset
-      await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [asset2.id], rating: 5 });
-
-      const duplicateId = '00000000-0000-4000-8000-000000000022';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify rating was synchronized to keeper
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.exifInfo?.rating).toBe(5);
-      expect(keptAsset.duplicateId).toBeNull();
-    });
-
-    it('should synchronize description when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Set description on one asset
-      await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [asset2.id], description: 'Test description for duplicate' });
-
-      const duplicateId = '00000000-0000-4000-8000-000000000023';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify description was synchronized to keeper
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.exifInfo?.description).toBe('Test description for duplicate');
-      expect(keptAsset.duplicateId).toBeNull();
-    });
-
-    it('should synchronize location when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Set location on one asset
-      await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [asset2.id], latitude: 40.7128, longitude: -74.006 });
-
-      const duplicateId = '00000000-0000-4000-8000-000000000024';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify location was synchronized to keeper
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.exifInfo?.latitude).toBe(40.7128);
-      expect(keptAsset.exifInfo?.longitude).toBe(-74.006);
-      expect(keptAsset.duplicateId).toBeNull();
-    });
-
-    it('should synchronize albums when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Create albums and add assets to different albums
-      const album1 = await utils.createAlbum(user1.accessToken, {
-        albumName: 'Album 1',
-        assetIds: [asset1.id],
-      });
-      const album2 = await utils.createAlbum(user1.accessToken, {
-        albumName: 'Album 2',
-        assetIds: [asset2.id],
-      });
-
-      const duplicateId = '00000000-0000-4000-8000-000000000025';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify keeper is now in both albums
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.duplicateId).toBeNull();
-
-      // Check albums directly
-      const { status: album1Status, body: album1Body } = await request(app)
-        .get(`/albums/${album1.id}`)
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-      const { status: album2Status, body: album2Body } = await request(app)
-        .get(`/albums/${album2.id}`)
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(album1Status).toBe(200);
-      expect(album2Status).toBe(200);
-      expect(album1Body.assets.map((a: any) => a.id)).toContain(asset1.id);
-      expect(album2Body.assets.map((a: any) => a.id)).toContain(asset1.id);
-    });
-
-    it('should synchronize tags when enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      // Wait for metadata extraction to complete before adding tags
-      // Otherwise, metadata jobs will race and overwrite our tags
-      await utils.waitForQueueFinish(admin.accessToken, 'metadataExtraction');
-
-      // Create tags and tag assets differently
-      const tags = await utils.upsertTags(user1.accessToken, ['tag1', 'tag2']);
-      await utils.tagAssets(user1.accessToken, tags[0].id, [asset1.id]);
-      await utils.tagAssets(user1.accessToken, tags[1].id, [asset2.id]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000026';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify keeper has both tags
-      const keptAsset = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(keptAsset.duplicateId).toBeNull();
-      expect(keptAsset.tags).toBeDefined();
-      const tagIds = keptAsset.tags?.map((t) => t.id) || [];
-      expect(tagIds).toContain(tags[0].id);
-      expect(tagIds).toContain(tags[1].id);
-    });
-
-    it('should handle batch resolve with mixed success and failure', async () => {
-      // Create first group that will succeed
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-      const duplicateId1 = '00000000-0000-4000-8000-000000000027';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId1);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId1);
-
-      // Create second group with non-existent duplicate ID (will fail)
-      const fakeId = '00000000-0000-4000-8000-000000000099';
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [
-            { duplicateId: duplicateId1, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] },
-            { duplicateId: fakeId, keepAssetIds: [], trashAssetIds: [] },
-          ],
-        });
-
-      expect(status).toBe(200);
-      expect(body.status).toBe('COMPLETED');
-      expect(body.results).toHaveLength(2);
-
-      // First group should succeed
-      expect(body.results[0].duplicateId).toBe(duplicateId1);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Second group should fail
-      expect(body.results[1].duplicateId).toBe(fakeId);
-      expect(body.results[1].status).toBe('FAILED');
-      expect(body.results[1].reason).toContain('not found or access denied');
-
-      // Verify first group was actually resolved despite second failure
-      const asset1Info = await utils.getAssetInfo(user1.accessToken, asset1.id);
-      expect(asset1Info.duplicateId).toBeNull();
-      const asset2Info = await utils.getAssetInfo(user1.accessToken, asset2.id);
-      expect(asset2Info.isTrashed).toBe(true);
-    });
-
-    it('should trash assets when trash is enabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000028';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      // Ensure trash is enabled (default)
-      const config = await utils.getSystemConfig(admin.accessToken);
-      expect(config.trash.enabled).toBe(true);
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Verify asset is trashed (not deleted)
-      const trashedAsset = await utils.getAssetInfo(user1.accessToken, asset2.id);
-      expect(trashedAsset.isTrashed).toBe(true);
-    });
-
-    it('should delete assets when trash is disabled', async () => {
-      const [asset1, asset2] = await Promise.all([
-        utils.createAsset(user1.accessToken),
-        utils.createAsset(user1.accessToken),
-      ]);
-
-      const duplicateId = '00000000-0000-4000-8000-000000000029';
-      await utils.setAssetDuplicateId(user1.accessToken, asset1.id, duplicateId);
-      await utils.setAssetDuplicateId(user1.accessToken, asset2.id, duplicateId);
-
-      // Disable trash
-      await request(app)
-        .put('/system-config')
-        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({
-          trash: { enabled: false, days: 30 },
-        });
-
-      const { status, body } = await request(app)
-        .post('/duplicates/resolve')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({
-          groups: [{ duplicateId, keepAssetIds: [asset1.id], trashAssetIds: [asset2.id] }],
-        });
-
-      expect(status).toBe(200);
-      expect(body.results[0].status).toBe('SUCCESS');
-
-      // Asset should be marked as deleted (force delete)
-      const { status: getStatus } = await request(app)
-        .get(`/assets/${asset2.id}`)
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      // Asset should still be accessible (soft deleted) but marked as deleted
-      expect(getStatus).toBe(200);
-
-      // Re-enable trash for other tests
-      await utils.resetAdminConfig(admin.accessToken);
-    });
-  });
-});

e2e/src/fixtures.ts

@@ -2,8 +2,6 @@ export const uuidDto = {
   invalid: 'invalid-uuid',
   // valid uuid v4
   notFound: '00000000-0000-4000-a000-000000000000',
-  dummy: '00000000-0000-4000-a000-000000000001',
-  dummy2: '00000000-0000-4000-a000-000000000002',
 };
 
 const adminLoginDto = {

e2e/src/specs/server/api/album.e2e-spec.ts

@@ -130,11 +130,12 @@ describe('/albums', () => {
   describe('GET /albums', () => {
     it("should not show other users' favorites", async () => {
       const { status, body } = await request(app)
-        .get(`/albums/${user1Albums[0].id}`)
+        .get(`/albums/${user1Albums[0].id}?withoutAssets=false`)
         .set('Authorization', `Bearer ${user2.accessToken}`);
       expect(status).toEqual(200);
       expect(body).toEqual({
         ...user1Albums[0],
+        assets: [expect.objectContaining({ isFavorite: false })],
         contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
         lastModifiedAssetTimestamp: expect.any(String),
         startDate: expect.any(String),
@@ -303,12 +304,13 @@ describe('/albums', () => {
   describe('GET /albums/:id', () => {
     it('should return album info for own album', async () => {
       const { status, body } = await request(app)
-        .get(`/albums/${user1Albums[0].id}`)
+        .get(`/albums/${user1Albums[0].id}?withoutAssets=false`)
         .set('Authorization', `Bearer ${user1.accessToken}`);
 
       expect(status).toBe(200);
       expect(body).toEqual({
         ...user1Albums[0],
+        assets: [expect.objectContaining({ id: user1Albums[0].assets[0].id })],
         contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
         lastModifiedAssetTimestamp: expect.any(String),
         startDate: expect.any(String),
@@ -320,7 +322,7 @@ describe('/albums', () => {
 
     it('should return album info for shared album (editor)', async () => {
       const { status, body } = await request(app)
-        .get(`/albums/${user2Albums[0].id}`)
+        .get(`/albums/${user2Albums[0].id}?withoutAssets=false`)
         .set('Authorization', `Bearer ${user1.accessToken}`);
 
       expect(status).toBe(200);
@@ -329,14 +331,14 @@ describe('/albums', () => {
 
     it('should return album info for shared album (viewer)', async () => {
       const { status, body } = await request(app)
-        .get(`/albums/${user1Albums[3].id}`)
+        .get(`/albums/${user1Albums[3].id}?withoutAssets=false`)
         .set('Authorization', `Bearer ${user2.accessToken}`);
 
       expect(status).toBe(200);
       expect(body).toMatchObject({ id: user1Albums[3].id });
     });
 
-    it('should return album info', async () => {
+    it('should return album info with assets when withoutAssets is undefined', async () => {
       const { status, body } = await request(app)
         .get(`/albums/${user1Albums[0].id}`)
         .set('Authorization', `Bearer ${user1.accessToken}`);
@@ -344,6 +346,25 @@ describe('/albums', () => {
       expect(status).toBe(200);
       expect(body).toEqual({
         ...user1Albums[0],
+        assets: [expect.objectContaining({ id: user1Albums[0].assets[0].id })],
+        contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
+        lastModifiedAssetTimestamp: expect.any(String),
+        startDate: expect.any(String),
+        endDate: expect.any(String),
+        albumUsers: expect.any(Array),
+        shared: true,
+      });
+    });
+
+    it('should return album info without assets when withoutAssets is true', async () => {
+      const { status, body } = await request(app)
+        .get(`/albums/${user1Albums[0].id}?withoutAssets=true`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        ...user1Albums[0],
+        assets: [],
         contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
         assetCount: 1,
         lastModifiedAssetTimestamp: expect.any(String),
@@ -358,12 +379,13 @@ describe('/albums', () => {
       await utils.deleteAssets(user1.accessToken, [user1Asset2.id]);
 
       const { status, body } = await request(app)
-        .get(`/albums/${user2Albums[0].id}`)
+        .get(`/albums/${user2Albums[0].id}?withoutAssets=true`)
         .set('Authorization', `Bearer ${user1.accessToken}`);
 
       expect(status).toBe(200);
       expect(body).toEqual({
         ...user2Albums[0],
+        assets: [],
         contributorCounts: [{ userId: user1.userId, assetCount: 1 }],
         assetCount: 1,
         lastModifiedAssetTimestamp: expect.any(String),
@@ -404,6 +426,7 @@ describe('/albums', () => {
         shared: false,
         albumUsers: [],
         hasSharedLink: false,
+        assets: [],
         assetCount: 0,
         owner: expect.objectContaining({ email: user1.userEmail }),
         isActivityEnabled: true,
@@ -501,19 +524,14 @@ describe('/albums', () => {
       expect(body).toEqual(errorDto.badRequest('Not found or no album.update access'));
     });
 
-    it('should be able to update as an editor', async () => {
+    it('should not be able to update as an editor', async () => {
       const { status, body } = await request(app)
         .patch(`/albums/${user1Albums[0].id}`)
         .set('Authorization', `Bearer ${user2.accessToken}`)
         .send({ albumName: 'New album name' });
 
-      expect(status).toBe(200);
-      expect(body).toEqual(
-        expect.objectContaining({
-          id: user1Albums[0].id,
-          albumName: 'New album name',
-        }),
-      );
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('Not found or no album.update access'));
     });
   });
 

e2e/src/specs/server/api/asset.e2e-spec.ts

@@ -1,6 +1,7 @@
 import {
   AssetMediaResponseDto,
   AssetMediaStatus,
+  AssetResponseDto,
   AssetTypeEnum,
   AssetVisibility,
   getAssetInfo,
@@ -18,7 +19,7 @@ import { Socket } from 'socket.io-client';
 import { createUserDto, uuidDto } from 'src/fixtures';
 import { makeRandomImage } from 'src/generators';
 import { errorDto } from 'src/responses';
-import { app, asBearerAuth, tempDir, testAssetDir, utils } from 'src/utils';
+import { app, asBearerAuth, tempDir, TEN_TIMES, testAssetDir, utils } from 'src/utils';
 import request from 'supertest';
 import { afterAll, beforeAll, describe, expect, it } from 'vitest';
 
@@ -94,8 +95,8 @@ describe('/asset', () => {
       utils.createAsset(user1.accessToken),
       utils.createAsset(user1.accessToken, {
         isFavorite: true,
-        fileCreatedAt: yesterday.toUTC().toISO(),
-        fileModifiedAt: yesterday.toUTC().toISO(),
+        fileCreatedAt: yesterday.toISO(),
+        fileModifiedAt: yesterday.toISO(),
         assetData: { filename: 'example.mp4' },
       }),
       utils.createAsset(user1.accessToken),
@@ -252,8 +253,7 @@ describe('/asset', () => {
 
         expect(status).toBe(200);
         expect(body.id).toEqual(facesAsset.id);
-        const sortedPeople = body.people.toSorted((a: any, b: any) => a.name.localeCompare(b.name));
-        expect(sortedPeople).toMatchObject(expectedFaces);
+        expect(body.people).toMatchObject(expectedFaces);
       });
     });
 
@@ -379,12 +379,62 @@ describe('/asset', () => {
     });
   });
 
+  describe('GET /assets/random', () => {
+    beforeAll(async () => {
+      await Promise.all([
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+      ]);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'thumbnailGeneration');
+    });
+
+    it.each(TEN_TIMES)('should return 1 random assets', async () => {
+      const { status, body } = await request(app)
+        .get('/assets/random')
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+
+      const assets: AssetResponseDto[] = body;
+      expect(assets.length).toBe(1);
+      expect(assets[0].ownerId).toBe(user1.userId);
+    });
+
+    it.each(TEN_TIMES)('should return 2 random assets', async () => {
+      const { status, body } = await request(app)
+        .get('/assets/random?count=2')
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+
+      const assets: AssetResponseDto[] = body;
+      expect(assets.length).toBe(2);
+
+      for (const asset of assets) {
+        expect(asset.ownerId).toBe(user1.userId);
+      }
+    });
+
+    it.skip('should return 1 asset if there are 10 assets in the database but user 2 only has 1', async () => {
+      const { status, body } = await request(app)
+        .get('/assets/random')
+        .set('Authorization', `Bearer ${user2.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual([expect.objectContaining({ id: user2Assets[0].id })]);
+    });
+  });
+
   describe('PUT /assets/:id', () => {
     it('should require access', async () => {
       const { status, body } = await request(app)
         .put(`/assets/${user2Assets[0].id}`)
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({});
+        .set('Authorization', `Bearer ${user1.accessToken}`);
       expect(status).toBe(400);
       expect(body).toEqual(errorDto.noPermission);
     });
@@ -1091,6 +1141,8 @@ describe('/asset', () => {
       const { body, status } = await request(app)
         .post('/assets')
         .set('Authorization', `Bearer ${quotaUser.accessToken}`)
+        .field('deviceAssetId', 'example-image')
+        .field('deviceId', 'e2e')
         .field('fileCreatedAt', new Date().toISOString())
         .field('fileModifiedAt', new Date().toISOString())
         .attach('assetData', makeRandomImage(), 'example.jpg');
@@ -1107,6 +1159,8 @@ describe('/asset', () => {
       const { body, status } = await request(app)
         .post('/assets')
         .set('Authorization', `Bearer ${quotaUser.accessToken}`)
+        .field('deviceAssetId', 'example-image')
+        .field('deviceId', 'e2e')
         .field('fileCreatedAt', new Date().toISOString())
         .field('fileModifiedAt', new Date().toISOString())
         .attach('assetData', randomBytes(2014), 'example.jpg');
@@ -1160,4 +1214,29 @@ describe('/asset', () => {
       expect(video.checksum).toStrictEqual(checksum);
     });
   });
+
+  describe('POST /assets/exist', () => {
+    it('ignores invalid deviceAssetIds', async () => {
+      const response = await utils.checkExistingAssets(user1.accessToken, {
+        deviceId: 'test-assets-exist',
+        deviceAssetIds: ['invalid', 'INVALID'],
+      });
+
+      expect(response.existingIds).toHaveLength(0);
+    });
+
+    it('returns the IDs of existing assets', async () => {
+      await utils.createAsset(user1.accessToken, {
+        deviceId: 'test-assets-exist',
+        deviceAssetId: 'test-asset-0',
+      });
+
+      const response = await utils.checkExistingAssets(user1.accessToken, {
+        deviceId: 'test-assets-exist',
+        deviceAssetIds: ['test-asset-0'],
+      });
+
+      expect(response.existingIds).toEqual(['test-asset-0']);
+    });
+  });
 });

e2e/src/specs/server/api/database-backups.e2e-spec.ts

@@ -10,9 +10,7 @@ describe('/admin/database-backups', () => {
 
   beforeAll(async () => {
     await utils.resetDatabase();
-    admin = await utils.adminSetup({
-      onboarding: false,
-    });
+    admin = await utils.adminSetup();
     await utils.resetBackups(admin.accessToken);
   });
 
@@ -96,9 +94,7 @@ describe('/admin/database-backups', () => {
         ({ status, body }) => status === 200 && !body.maintenanceMode,
       );
 
-      admin = await utils.adminSetup({
-        onboarding: false,
-      });
+      admin = await utils.adminSetup();
     });
 
     it.sequential('should not work when the server is configured', async () => {

e2e/src/specs/server/api/library.e2e-spec.ts

@@ -110,7 +110,7 @@ describe('/libraries', () => {
         });
 
       expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[importPaths] Array must have unique items']));
+      expect(body).toEqual(errorDto.badRequest(["All importPaths's elements must be unique"]));
     });
 
     it('should not create an external library with duplicate exclusion patterns', async () => {
@@ -125,7 +125,7 @@ describe('/libraries', () => {
         });
 
       expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[exclusionPatterns] Array must have unique items']));
+      expect(body).toEqual(errorDto.badRequest(["All exclusionPatterns's elements must be unique"]));
     });
   });
 
@@ -157,7 +157,7 @@ describe('/libraries', () => {
         .send({ name: '' });
 
       expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[name] Too small: expected string to have >=1 characters']));
+      expect(body).toEqual(errorDto.badRequest(['name should not be empty']));
     });
 
     it('should change the import paths', async () => {
@@ -181,7 +181,7 @@ describe('/libraries', () => {
         .send({ importPaths: [''] });
 
       expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[importPaths] Array items must not be empty']));
+      expect(body).toEqual(errorDto.badRequest(['each value in importPaths should not be empty']));
     });
 
     it('should reject duplicate import paths', async () => {
@@ -191,7 +191,7 @@ describe('/libraries', () => {
         .send({ importPaths: ['/path', '/path'] });
 
       expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[importPaths] Array must have unique items']));
+      expect(body).toEqual(errorDto.badRequest(["All importPaths's elements must be unique"]));
     });
 
     it('should change the exclusion pattern', async () => {
@@ -215,7 +215,7 @@ describe('/libraries', () => {
         .send({ exclusionPatterns: ['**/*.jpg', '**/*.jpg'] });
 
       expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[exclusionPatterns] Array must have unique items']));
+      expect(body).toEqual(errorDto.badRequest(["All exclusionPatterns's elements must be unique"]));
     });
 
     it('should reject an empty exclusion pattern', async () => {
@@ -225,7 +225,7 @@ describe('/libraries', () => {
         .send({ exclusionPatterns: [''] });
 
       expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['[exclusionPatterns] Array items must not be empty']));
+      expect(body).toEqual(errorDto.badRequest(['each value in exclusionPatterns should not be empty']));
     });
   });