feat: vitest 4

.github/.nvmrc

@@ -1 +1 @@
-24.13.0
+24.12.0

.github/workflows/build-mobile.yml

@@ -30,6 +30,18 @@ on:
         required: true
       IOS_CERTIFICATE_PASSWORD:
         required: true
+      IOS_PROVISIONING_PROFILE:
+        required: true
+      IOS_PROVISIONING_PROFILE_SHARE_EXTENSION:
+        required: true
+      IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION:
+        required: true
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE:
+        required: true
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION:
+        required: true
+      IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION:
+        required: true
       FASTLANE_TEAM_ID:
         required: true
   pull_request:
@@ -84,7 +96,7 @@ jobs:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           ref: ${{ inputs.ref || github.sha }}
           persist-credentials: false
@@ -103,7 +115,7 @@ jobs:
 
       - name: Restore Gradle Cache
         id: cache-gradle-restore
-        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: |
             ~/.gradle/caches
@@ -153,14 +165,14 @@ jobs:
           fi
 
       - name: Publish Android Artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: release-apk-signed
           path: mobile/build/app/outputs/flutter-apk/*.apk
 
       - name: Save Gradle Cache
         id: cache-gradle-save
-        uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         if: github.ref == 'refs/heads/main'
         with:
           path: |
@@ -182,7 +194,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
         with:
           ref: ${{ inputs.ref || github.sha }}
           persist-credentials: false
@@ -228,14 +240,35 @@ jobs:
           mkdir -p ~/.appstoreconnect/private_keys
           echo "$API_KEY_CONTENT" | base64 --decode > ~/.appstoreconnect/private_keys/AuthKey_${API_KEY_ID}.p8
 
-      - name: Import Certificate
+      - name: Import Certificate and Provisioning Profiles
         env:
           IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
+          IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
+          IOS_PROVISIONING_PROFILE: ${{ secrets.IOS_PROVISIONING_PROFILE }}
+          IOS_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_SHARE_EXTENSION }}
+          IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
+          IOS_DEVELOPMENT_PROVISIONING_PROFILE: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE }}
+          IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION }}
+          IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
+          ENVIRONMENT: ${{ inputs.environment || 'development' }}
         working-directory: ./mobile/ios
         run: |
           # Decode certificate
           echo "$IOS_CERTIFICATE_P12" | base64 --decode > certificate.p12
 
+          # Decode provisioning profiles based on environment
+          if [[ "$ENVIRONMENT" == "development" ]]; then
+            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE" | base64 --decode > profile_dev.mobileprovision
+            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION" | base64 --decode > profile_dev_share.mobileprovision
+            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION" | base64 --decode > profile_dev_widget.mobileprovision
+            ls -lh profile_dev*.mobileprovision
+          else
+            echo "$IOS_PROVISIONING_PROFILE" | base64 --decode > profile.mobileprovision
+            echo "$IOS_PROVISIONING_PROFILE_SHARE_EXTENSION" | base64 --decode > profile_share.mobileprovision
+            echo "$IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION" | base64 --decode > profile_widget.mobileprovision
+            ls -lh profile*.mobileprovision
+          fi
+
       - name: Create keychain and import certificate
         env:
           KEYCHAIN_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
@@ -286,7 +319,7 @@ jobs:
           security delete-keychain build.keychain || true
 
       - name: Upload IPA artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: ios-release-ipa
           path: mobile/ios/Runner.ipa

.github/workflows/cache-cleanup.yml

@@ -25,7 +25,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Check out code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}

.github/workflows/cli.yml

@@ -35,7 +35,7 @@ jobs:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -78,7 +78,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}

.github/workflows/codeql-analysis.yml

@@ -50,7 +50,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}

.github/workflows/docs-build.yml

@@ -60,11 +60,10 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
-          fetch-depth: 0
 
       - name: Setup pnpm
         uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
@@ -86,7 +85,7 @@ jobs:
         run: pnpm build
 
       - name: Upload build output
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: docs-build-output
           path: docs/build/

.github/workflows/docs-deploy.yml

@@ -125,13 +125,13 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@b868e6e7c8cc212beec876330b4059e661ee44bb # use-mise-action-v1.1.1
+        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0
 
       - name: Load parameters
         id: parameters

.github/workflows/docs-destroy.yml

@@ -23,13 +23,13 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
 
       - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@b868e6e7c8cc212beec876330b4059e661ee44bb # use-mise-action-v1.1.1
+        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0
 
       - name: Destroy Docs Subdomain
         env:

.github/workflows/fix-format.yml

@@ -22,7 +22,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: 'Checkout'
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/prepare-release.yml

@@ -56,7 +56,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: true
@@ -136,13 +136,13 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: false
 
       - name: Download APK
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           name: release-apk-signed
           github-token: ${{ steps.generate-token.outputs.token }}

.github/workflows/release-pr.yml

@@ -23,7 +23,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: true
@@ -159,7 +159,7 @@ jobs:
 
       - name: Create PR
         id: create-pr
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11
         with:
           token: ${{ steps.generate-token.outputs.token }}
           commit-message: 'chore: release ${{ steps.bump-type.outputs.next }}'

.github/workflows/release.yml

@@ -58,7 +58,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           token: ${{ steps.generate-token.outputs.token }}
           persist-credentials: false
@@ -74,7 +74,7 @@ jobs:
           echo "version=$VERSION" >> $GITHUB_OUTPUT
 
       - name: Download APK
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           name: release-apk-signed
           github-token: ${{ steps.generate-token.outputs.token }}

.github/workflows/sdk.yml

@@ -22,7 +22,7 @@ jobs:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}

.github/workflows/static_analysis.yml

@@ -55,7 +55,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}

.github/workflows/test.yml

@@ -69,7 +69,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -114,7 +114,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -161,7 +161,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -203,7 +203,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -247,7 +247,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -285,7 +285,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -333,7 +333,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -379,7 +379,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           submodules: 'recursive'
@@ -418,7 +418,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           submodules: 'recursive'
@@ -473,7 +473,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           submodules: 'recursive'
@@ -505,7 +505,7 @@ jobs:
         run: npx playwright test
         if: ${{ !cancelled() }}
       - name: Archive test results
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         if: success() || failure()
         with:
           name: e2e-web-test-results-${{ matrix.runner }}
@@ -534,7 +534,7 @@ jobs:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -566,14 +566,17 @@ jobs:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
       - name: Install uv
         uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        # TODO: add caching when supported (https://github.com/actions/setup-python/pull/818)
         with:
           python-version: 3.11
+          #cache: 'uv'
       - name: Install dependencies
         run: |
           uv sync --extra cpu
@@ -607,7 +610,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -636,7 +639,7 @@ jobs:
           app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -658,7 +661,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}
@@ -720,7 +723,7 @@ jobs:
           private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
           token: ${{ steps.token.outputs.token }}

cli/.nvmrc

@@ -1 +1 @@
-24.13.0
+24.12.0

cli/package.json

@@ -20,8 +20,8 @@
     "@types/lodash-es": "^4.17.12",
     "@types/micromatch": "^4.0.9",
     "@types/mock-fs": "^4.13.1",
-    "@types/node": "^24.10.8",
-    "@vitest/coverage-v8": "^3.0.0",
+    "@types/node": "^24.10.4",
+    "@vitest/coverage-v8": "^4.0.0",
     "byte-size": "^9.0.0",
     "cli-progress": "^3.12.0",
     "commander": "^12.0.0",
@@ -37,7 +37,7 @@
     "typescript-eslint": "^8.28.0",
     "vite": "^7.0.0",
     "vite-tsconfig-paths": "^6.0.0",
-    "vitest": "^3.0.0",
+    "vitest": "^4.0.0",
     "vitest-fetch-mock": "^0.4.0",
     "yaml": "^2.3.1"
   },
@@ -69,6 +69,6 @@
     "micromatch": "^4.0.8"
   },
   "volta": {
-    "node": "24.13.0"
+    "node": "24.12.0"
   }
 }

cli/vite.config.ts

@@ -1,4 +1,4 @@
-import { defineConfig } from 'vite';
+import { defineConfig, UserConfig } from 'vite';
 import tsconfigPaths from 'vite-tsconfig-paths';
 
 export default defineConfig({
@@ -17,4 +17,7 @@ export default defineConfig({
     noExternal: /^(?!node:).*$/,
   },
   plugins: [tsconfigPaths()],
-});
+  test: {
+    globals: true,
+  },
+} as UserConfig);

cli/vitest.config.ts

@@ -1,7 +0,0 @@
-import { defineConfig } from 'vitest/config';
-
-export default defineConfig({
-  test: {
-    globals: true,
-  },
-});

docker/docker-compose.prod.yml

@@ -85,7 +85,7 @@ services:
     container_name: immich_prometheus
     ports:
       - 9090:9090
-    image: prom/prometheus@sha256:1f0f50f06acaceb0f5670d2c8a658a599affe7b0d8e78b898c1035653849a702
+    image: prom/prometheus@sha256:2b6f734e372c1b4717008f7d0a0152316aedd4d13ae17ef1e3268dbfaf68041b
     volumes:
       - ./prometheus.yml:/etc/prometheus/prometheus.yml
       - prometheus-data:/prometheus

docs/.nvmrc

@@ -1 +1 @@
-24.13.0
+24.12.0

docs/docs/administration/backup-and-restore.md

@@ -5,7 +5,9 @@ import TabItem from '@theme/TabItem';
 
 A [3-2-1 backup strategy](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) is recommended to protect your data. You should keep copies of your uploaded photos/videos as well as the Immich database for a comprehensive backup solution. This page provides an overview on how to backup the database and the location of user-uploaded pictures and videos. A template bash script that can be run as a cron job is provided [here](/guides/template-backup-script.md)
 
-The instructions on this page show you how to prepare your Immich instance to be backed up, and which files to take a backup of. _You still need to take care of using an actual backup tool to make a backup yourself._
+:::danger
+The instructions on this page show you how to prepare your Immich instance to be backed up, and which files to take a backup of. You still need to take care of using an actual backup tool to make a backup yourself.
+:::
 
 ## Database
 

docs/docs/features/automatic-backup.md

@@ -1,42 +1,37 @@
 # Automatic Backup
 
-## Overview
-
 Immich supports uploading photos and videos from your mobile device to the server automatically.
 
-By enable the backup button, Immich will upload new photos and videos from selected albums when you open or resume the app, as well as periodically in the background (iOS), or when the a new photos or videos are taken (Android).
+---
 
-<img
-src={require('./img/enable-backup-button.webp').default}
-width="300px"
-title="Upload button"
-/>
+You can enable the settings by accessing the upload options from the upload page
 
-## Platform Specific Features
+<img src={require('./img/backup-settings-access.webp').default} width="50%" title="Backup option selection" />
 
-### General
+<img src={require('./img/background-foreground-backup.webp').default} width="50%" title="Foreground&Background Backup" />
 
-By default, Immich will only upload photos and videos when connected to Wi-Fi. You can change this behavior in the backup settings page.
+## Foreground backup
 
-<img
-src={require('./img/backup-options.webp').default}
-width="500px"
-title="Upload button"
-/>
+If foreground backup is enabled: whenever the app is opened or resumed, it will check if any photos or videos in the selected album(s) have yet to be uploaded to the cloud (the remainder count). If there are any, they will be uploaded.
 
-### Android
+## Background backup
 
-<img
-src={require('./img/android-backup-options.webp').default}
-width="500px"
-title="Upload button"
-/>
+This feature is intended for everyday use. For initial bulk uploading, please use the foreground upload feature. For more information on why background upload is not working as expected, please refer to the [FAQ](/FAQ#why-does-foreground-backup-stop-when-i-navigate-away-from-the-app-shouldnt-it-transfer-the-job-to-background-backup).
+
+If background backup is enabled. The app will periodically check if there are any new photos or videos in the selected album(s) to be uploaded to the server. If there are, it will upload them to the cloud in the background.
+
+:::info Note
+
+#### General
+
+- The app must be in the background for the backup worker to start running.
+- If you reopen the app and the first page you see is the backup page, the counts will not reflect the background uploaded result. You have to navigate out of the page and come back to see the updated counts.
+
+#### Android
 
 - It is a well-known problem that some Android models are very strict with battery optimization settings, which can cause a problem with the background worker. Please visit [Don't kill my app](https://dontkillmyapp.com/) for a guide on disabling this setting on your phone.
-- You can allow the background task to run when the device is charging.
-- You can set the minimum delay from the time a photo is taken to when the background upload task will run.
 
-### iOS
+#### iOS
 
 - You must enable **Background App Refresh** for the app to work in the background. You can enable it in the Settings app under General > Background App Refresh.
 
@@ -44,4 +39,4 @@ title="Upload button"
 <img src={require('./img/background-app-refresh.webp').default} width="30%" title="background-app-refresh" />
 </div>
 
-- iOS automatically manages background tasks, the app cannot control when the background upload task will run. It is known that the more frequently you open the app, the more often the background task will run.
+:::

docs/docs/features/command-line-interface.md

@@ -188,8 +188,6 @@ immich upload --dry-run . | tail -n +6 | jq .newFiles[]
 
 ### Obtain the API Key
 
-The API key can be obtained in the user setting panel on the web interface. You can also specify permissions for the key to limit its access.
+The API key can be obtained in the user setting panel on the web interface.
 
 ![Obtain Api Key](./img/obtain-api-key.webp)
-
-![Specify permission for the key](./img/obtain-api-key-2.webp)

docs/docs/features/facial-recognition.md

@@ -21,14 +21,14 @@ The asset detail view will also show the faces that are recognized in the asset.
 Additional actions you can do include:
 
 - Changing the feature photo of the person
-- Hiding the faces of a person from the Explore page and detail view
-- Setting a person's date of birth, so that the age of the person can be shown at the time the photo was taken
+- Setting a person's date of birth
 - Merging two or more detected faces into one person
-- Favoriting a person to pin them to the top of the list
+- Hiding the faces of a person from the Explore page and detail view
+- Assigning an unrecognized face to a person
 
 It can be found from the app bar when you access the detail view of a person.
 
-<img src={require('./img/facial-recognition-4.webp').default} title='Facial Recognition 4' />
+<img src={require('./img/facial-recognition-4.webp').default} title='Facial Recognition 4' width="70%"/>
 
 ## How Face Detection Works
 

docs/docs/features/mobile-app.mdx

@@ -20,6 +20,14 @@ Below are the SHA-256 fingerprints for the certificates signing the android appl
 
 :::
 
+:::info Beta Program
+The beta release channel allows users to test upcoming changes before they are officially released. To join the channel use the links below.
+
+- Android: Invitation link from [web](https://play.google.com/store/apps/details?id=app.alextran.immich) or from [mobile](https://play.google.com/store/apps/details?id=app.alextran.immich)
+- iOS: [TestFlight invitation link](https://testflight.apple.com/join/1vYsAa8P)
+
+:::
+
 ## Login
 
 <MobileAppLogin />
@@ -28,6 +36,10 @@ Below are the SHA-256 fingerprints for the certificates signing the android appl
 
 <MobileAppBackup />
 
+:::info
+You can enable automatic backup on supported devices. For more information see [Automatic Backup](/features/automatic-backup.md).
+:::
+
 ## Sync only selected photos
 
 If you have a large number of photos on the device, and you would prefer not to backup all the photos, then it might be prudent to only backup selected photos from device to the Immich server.
@@ -45,45 +57,17 @@ This will enable a small cloud icon on the bottom right corner of the asset tile
 
 Now make sure that the local album is selected in the backup screen (steps 1-2 above). You can find these albums listed in **<ins>Library -> On this device</ins>**. To selectively upload photos from these albums, simply select the local-only photos and tap on "Upload" button in the dynamic bottom menu.
 
+<img
+  src={require('./img/mobile-upload-open-photo.webp').default}
+  width="50%"
+  title="Upload button on local asset preview"
+/>
 <img
   src={require('./img/mobile-upload-selected-photos.webp').default}
   width="40%"
   title="Upload button after photos selection"
 />
 
-## Free Up Space
-
-The **Free Up Space** tool allows you to remove local media files from your device that have already been successfully backed up to your Immich server (and are not in the Immich trash). This helps reclaim storage on your mobile device without losing your memories.
-
-### How it works
-
-<img src={require('./img/free-up-space.webp').default} title="Free up space" />
-
-1.  **Configuration:**
-    - **Cutoff Date:** You can select a cutoff date. The tool will only look for photos and videos **on or before** this date.
-    - **Filter Options:** You can choose to remove **All** assets, or restrict removal to **Photos only** or **Videos only**.
-    - **Keep Favorites:** By default, local assets marked as favorites are preserved on your device, even if they match the cutoff date.
-2.  **Scan & Review:** Before any files are removed, you are presented with a review screen to verify which items will be deleted.
-3.  **Deletion:** Confirmed items are moved to your device's native Trash/Recycle Bin.
-
-:::info reclaim storage
-To permanently free up space, you must manually empty the system/gallery trash.
-:::
-
-### iCloud Photos
-
-If you use **iCloud Photos** alongside Immich, it is vital to understand how deletion affects your data. iCloud utilizes a two-way sync; this means deleting a photo from your iPhone to free up space will **also delete it from iCloud**.
-
-Assets that are part of an **iCloud Shared Album** are automatically excluded from the cleanup scan because iCloud does not allow removing the items from the device.
-
-### External App Dependencies (WhatsApp, etc.)
-
-Android applications like **WhatsApp** rely on local files to display media in chat history.
-
-If Immich backs up your WhatsApp folder and you run **Free Up Space**, the local copies of these images will be deleted. Consequently, **media in your WhatsApp chats will appear blurry or missing.** You will only be able to view these photos inside the Immich app; they will no longer be visible within the WhatsApp interface.
-
-**Recommendation:** If keeping chat history intact is important, please ensure you review the deletion list carefully or consider excluding WhatsApp folders from the backup if you intend to use this feature frequently.
-
 ## Album Sync
 
 You can sync or mirror an album from your phone to the Immich server on your account. For example, if you select Recents, Camera and Videos album for backup, the corresponding album with the same name will be created on the server. Once the assets from those albums are uploaded, they will be put into the target albums automatically.
@@ -111,3 +95,11 @@ Enter the cloud on the top right -> cog wheel on the top right -> select the syn
 If you delete/move photos in the local album on your device, it will not be reflected in the album on the server **even if** you click Sync albums
 It will only reflect files you add.
 :::
+
+If the same asset is in more than one album it will only sync to the first album it's in, after that it won't sync again even if the user clicks sync albums manually.
+To overcome this limitation, the files must be removed from the ignore list by
+App settings -> Advanced -> Duplicate Assets -> Clear
+
+:::info
+Cleaning duplicate assets from the list will cause all the previously uploaded duplicate files to be re-uploaded, the files will not actually be uploaded and will be rejected on the server side (due to duplication) but will be synchronized to the album and at the end will be added to the ignore list again at the end of the synchronization.
+:::

docs/docs/features/sharing.md

@@ -33,7 +33,7 @@ You can create a public link to share a group of photos or videos, or an album,
 The public shared link is generated with a random URL, which acts as as a secret to avoid the link being guessed by unwanted parties, for instance.
 
 ```
-https://my.immich.app/share/JUckRMxlgpo7F9BpyqGk_cZEwDzaU_U5LU5_oNZp1ETIBa9dpQ0b5ghNm_22QVJfn3k
+https://immich.yourdomain.com/share/JUckRMxlgpo7F9BpyqGk_cZEwDzaU_U5LU5_oNZp1ETIBa9dpQ0b5ghNm_22QVJfn3k
 ```
 
 ### Creating a public share link

docs/docs/install/environment-variables.md

@@ -17,11 +17,11 @@ If this does not work, try running `docker compose up -d --force-recreate`.
 
 ## Docker Compose
 
-| Variable           | Description                     | Default | Containers               |
-| :----------------- | :------------------------------ | :-----: | :----------------------- |
-| `IMMICH_VERSION`   | Image tags                      |  `v2`   | server, machine learning |
-| `UPLOAD_LOCATION`  | Host path for uploads           |         | server                   |
-| `DB_DATA_LOCATION` | Host path for Postgres database |         | database                 |
+| Variable           | Description                     |  Default  | Containers               |
+| :----------------- | :------------------------------ | :-------: | :----------------------- |
+| `IMMICH_VERSION`   | Image tags                      | `release` | server, machine learning |
+| `UPLOAD_LOCATION`  | Host path for uploads           |           | server                   |
+| `DB_DATA_LOCATION` | Host path for Postgres database |           | database                 |
 
 :::tip
 These environment variables are used by the `docker-compose.yml` file and do **NOT** affect the containers directly.

docs/docs/install/requirements.md

@@ -17,17 +17,12 @@ Hardware and software requirements for Immich:
   - Immich runs well in a virtualized environment when running in a full virtual machine.
     The use of Docker in LXC containers is [not recommended](https://pve.proxmox.com/wiki/Linux_Container), but may be possible for advanced users.
     If you have issues, we recommend that you switch to a supported VM deployment.
-- **RAM**: Minimum 6GB, recommended 8GB.
+- **RAM**: Minimum 4GB, recommended 6GB.
 - **CPU**: Minimum 2 cores, recommended 4 cores.
 - **Storage**: Recommended Unix-compatible filesystem (EXT4, ZFS, APFS, etc.) with support for user/group ownership and permissions.
   - The generation of thumbnails and transcoded video can increase the size of the photo library by 10-20% on average.
 
-:::note RAM requirements
-For a smooth experience, especially during asset upload, Immich requires at least 6GB of RAM.
-For systems with only 4GB of RAM, Immich can be run with machine learning features disabled.
-:::
-
-:::tip Postgres setup
+:::tip
 Good performance and a stable connection to the Postgres database is critical to a smooth Immich experience.
 The Postgres database files are typically between 1-3 GB in size.
 For this reason, the Postgres database (`DB_DATA_LOCATION`) should ideally use local SSD storage, and never a network share of any kind.

docs/docs/overview/quick-start.mdx

@@ -10,7 +10,7 @@ to install and use it.
 
 ## Requirements
 
-- A system with at least 6GB of RAM and 2 CPU cores.
+- A system with at least 4GB of RAM and 2 CPU cores.
 - [Docker](https://docs.docker.com/engine/install/)
 
 > For a more detailed list of requirements, see the [requirements page](/install/requirements).
@@ -63,9 +63,9 @@ The backup time differs depending on how many photos are on your mobile device.
 take quite a while.
 To quickly get going, you can selectively upload few photos first, by following this [guide](/features/mobile-app#sync-only-selected-photos).
 
-You can select the **Job Queues** tab to see Immich processing your photos.
+You can select the **Jobs** tab to see Immich processing your photos.
 
-<img src={require('/docs/guides/img/jobs-tab.webp').default} title="Job Queues Tah" width={300} />
+<img src={require('/docs/guides/img/jobs-tab.webp').default} title="Jobs tab" width={300} />
 
 ---
 

docs/docs/partials/_mobile-app-backup.md

@@ -6,4 +6,4 @@
 
 <img src={require('./img/album-selection.webp').default} width='50%' title='Backup button' />
 
-3. Scroll down to the bottom and press "**Enable Backup**" to start the backup process. This will upload all the assets in the selected albums.
+3. Scroll down to the bottom and press "**Start Backup**" to start the backup process. This will upload all the assets in the selected albums.

docs/docs/partials/_user-create.md

@@ -2,6 +2,6 @@ If you have friends or family members who want to use the application as well, y
 
 <img src={require('./img/create-new-user.webp').default} width="90%" title='New User Registration' />
 
-In the **Administration > Users** page, you can click on the **Create user** button, and you'll be presented with the following dialog:
+In the Administration panel, you can click on the **Create user** button, and you'll be presented with the following dialog:
 
-<img src={require('./img/create-new-user-dialog.webp').default} width="40%" title='New User Registration Dialog' />
+<img src={require('./img/create-new-user-dialog.webp').default} width="90%" title='New User Registration Dialog' />

docs/docusaurus.config.js

@@ -26,12 +26,6 @@ const config = {
     locales: ['en'],
   },
 
-  // Mermaid diagrams
-  markdown: {
-    mermaid: true,
-  },
-  themes: ['@docusaurus/theme-mermaid'],
-
   plugins: [
     async function myPlugin(context, options) {
       return {

docs/package.json

@@ -20,7 +20,6 @@
     "@docusaurus/core": "~3.9.0",
     "@docusaurus/preset-classic": "~3.9.0",
     "@docusaurus/theme-common": "~3.9.0",
-    "@docusaurus/theme-mermaid": "~3.9.0",
     "@mdi/js": "^7.3.67",
     "@mdi/react": "^1.6.1",
     "@mdx-js/react": "^3.0.0",
@@ -58,6 +57,6 @@
     "node": ">=20"
   },
   "volta": {
-    "node": "24.13.0"
+    "node": "24.12.0"
   }
 }

docs/src/css/custom.css

@@ -8,19 +8,19 @@
 @tailwind utilities;
 
 @font-face {
-  font-family: 'GoogleSans';
-  src: url('/fonts/GoogleSans/GoogleSans.ttf') format('truetype-variations');
-  font-weight: 410 900;
+  font-family: 'Overpass';
+  src: url('/fonts/overpass/Overpass.ttf') format('truetype-variations');
+  font-weight: 1 999;
   font-style: normal;
   ascent-override: 106.25%;
   size-adjust: 106.25%;
 }
 
 @font-face {
-  font-family: 'GoogleSansCode';
-  src: url('/fonts/GoogleSansCode/GoogleSansCode.ttf') format('truetype-variations');
-  font-weight: 1 900;
-  font-style: monospace;
+  font-family: 'Overpass Mono';
+  src: url('/fonts/overpass/OverpassMono.ttf') format('truetype-variations');
+  font-weight: 1 999;
+  font-style: normal;
   ascent-override: 106.25%;
   size-adjust: 106.25%;
 }
@@ -37,8 +37,7 @@ img {
 
 /* You can override the default Infima variables here. */
 :root {
-  font-family: 'GoogleSans', sans-serif;
-  letter-spacing: 0.1px;
+  font-family: 'Overpass', sans-serif;
   --ifm-color-primary: #4250af;
   --ifm-color-primary-dark: #4250af;
   --ifm-color-primary-darker: #4250af;
@@ -49,16 +48,6 @@ img {
   --docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.1);
 }
 
-h1,
-h2,
-h3,
-h4,
-h5,
-h6 {
-  font-family: 'GoogleSans', sans-serif;
-  letter-spacing: 0.1px;
-}
-
 /* For readability concerns, you should choose a lighter palette in dark mode. */
 [data-theme='dark'] {
   --ifm-color-primary: #adcbfa;
@@ -82,22 +71,15 @@ div[class^='announcementBar_'] {
   padding: 10px 10px 10px 16px;
   border-radius: 24px;
   margin-right: 16px;
-  font-weight: 500;
 }
 
 .menu__list-item-collapsible {
   margin-right: 16px;
   border-radius: 24px;
-  font-weight: 500;
 }
 
 .menu__link--active {
-  font-weight: 600;
-}
-
-.table-of-contents__link {
-  font-size: 14px;
-  font-weight: 450;
+  font-weight: 500;
 }
 
 /* workaround for version switcher PR 15894 */
@@ -106,14 +88,13 @@ div[class*='navbar__items'] > li:has(a[class*='version-switcher-34ab39']) {
 }
 
 code {
-  font-weight: 500;
-  font-family: 'GoogleSansCode';
+  font-weight: 600;
 }
 
 .buy-button {
   padding: 8px 14px;
   border: 1px solid transparent;
-  font-family: 'GoogleSans', sans-serif;
+  font-family: 'Overpass', sans-serif;
   font-weight: 500;
   cursor: pointer;
   box-shadow: 0 0 5px 2px rgba(181, 206, 254, 0.4);

e2e-auth-server/Dockerfile

@@ -1,6 +0,0 @@
-FROM node:24.1.0-alpine3.20@sha256:8fe019e0d57dbdce5f5c27c0b63d2775cf34b00e3755a7dea969802d7e0c2b25
-RUN corepack enable
-ADD package.json *.ts ./
-RUN pnpm install
-EXPOSE 2286
-CMD ["pnpm", "run", "start"]

e2e-auth-server/package.json

@@ -1,15 +0,0 @@
-{
-  "name": "@immich/e2e-auth-server",
-  "version": "0.1.0",
-  "type": "module",
-  "main": "auth-server.ts",
-  "scripts": {
-    "start": "tsx startup.ts"
-  },
-  "devDependencies": {
-    "jose": "^5.6.3",
-    "@types/oidc-provider": "^9.0.0",
-    "oidc-provider": "^9.0.0",
-    "tsx": "^4.20.6"
-  }
-}

e2e-auth-server/startup.ts

@@ -1,8 +0,0 @@
-import setup from './auth-server'
-
-const teardown = await setup()
-process.on('exit', () => {
-  teardown()
-  console.log('[e2e-auth-server] stopped')
-  process.exit(0)
-})

e2e/.nvmrc

@@ -1 +1 @@
-24.13.0
+24.12.0

e2e/docker-compose.yml

@@ -1,12 +1,6 @@
 name: immich-e2e
 
 services:
-  e2e-auth-server:
-    build:
-      context: ../e2e-auth-server
-    ports:
-      - 2286:2286
-
   immich-server:
     container_name: immich-e2e-server
     image: immich-server:latest
@@ -33,6 +27,8 @@ services:
       - IMMICH_IGNORE_MOUNT_CHECK_ERRORS=true
     volumes:
       - ./test-assets:/test-assets
+    extra_hosts:
+      - 'auth-server:host-gateway'
     depends_on:
       redis:
         condition: service_started

e2e/package.json

@@ -22,12 +22,12 @@
     "@eslint/js": "^9.8.0",
     "@faker-js/faker": "^10.1.0",
     "@immich/cli": "file:../cli",
-    "@immich/e2e-auth-server": "file:../e2e-auth-server",
     "@immich/sdk": "file:../open-api/typescript-sdk",
     "@playwright/test": "^1.44.1",
     "@socket.io/component-emitter": "^3.1.2",
     "@types/luxon": "^3.4.2",
-    "@types/node": "^24.10.8",
+    "@types/node": "^24.10.4",
+    "@types/oidc-provider": "^9.0.0",
     "@types/pg": "^8.15.1",
     "@types/pngjs": "^6.0.4",
     "@types/supertest": "^6.0.2",
@@ -38,7 +38,9 @@
     "eslint-plugin-unicorn": "^62.0.0",
     "exiftool-vendored": "^34.3.0",
     "globals": "^16.0.0",
+    "jose": "^5.6.3",
     "luxon": "^3.4.4",
+    "oidc-provider": "^9.0.0",
     "pg": "^8.11.3",
     "pngjs": "^7.0.0",
     "prettier": "^3.7.4",
@@ -49,9 +51,9 @@
     "typescript": "^5.3.3",
     "typescript-eslint": "^8.28.0",
     "utimes": "^5.2.1",
-    "vitest": "^3.0.0"
+    "vitest": "^4.0.0"
   },
   "volta": {
-    "node": "24.13.0"
+    "node": "24.12.0"
   }
 }

e2e/playwright.config.ts

@@ -8,7 +8,7 @@ dotenv.config({ path: resolve(import.meta.dirname, '.env') });
 export const playwrightHost = process.env.PLAYWRIGHT_HOST ?? '127.0.0.1';
 export const playwrightDbHost = process.env.PLAYWRIGHT_DB_HOST ?? '127.0.0.1';
 export const playwriteBaseUrl = process.env.PLAYWRIGHT_BASE_URL ?? `http://${playwrightHost}:2285`;
-export const playwriteSlowMo = Number.parseInt(process.env.PLAYWRIGHT_SLOW_MO ?? '0');
+export const playwriteSlowMo = parseInt(process.env.PLAYWRIGHT_SLOW_MO ?? '0');
 export const playwrightDisableWebserver = process.env.PLAYWRIGHT_DISABLE_WEBSERVER;
 
 process.env.PW_EXPERIMENTAL_SERVICE_WORKER_NETWORK_EVENTS = '1';
@@ -39,13 +39,13 @@ const config: PlaywrightTestConfig = {
       testMatch: /.*\.e2e-spec\.ts/,
       workers: 1,
     },
-    // {
-    //   name: 'parallel tests',
-    //   use: { ...devices['Desktop Chrome'] },
-    //   testMatch: /.*\.parallel-e2e-spec\.ts/,
-    //   fullyParallel: true,
-    //   workers: process.env.CI ? 3 : Math.max(1, Math.round(cpus().length * 0.75) - 1),
-    // },
+    {
+      name: 'parallel tests',
+      use: { ...devices['Desktop Chrome'] },
+      testMatch: /.*\.parallel-e2e-spec\.ts/,
+      fullyParallel: true,
+      workers: process.env.CI ? 3 : Math.max(1, Math.round(cpus().length * 0.75) - 1),
+    },
 
     // {
     //   name: 'firefox',

e2e/src/api/specs/database-backups.e2e-spec.ts

@@ -1,350 +0,0 @@
-import { LoginResponseDto, ManualJobName } from '@immich/sdk';
-import { errorDto } from 'src/responses';
-import { app, utils } from 'src/utils';
-import request from 'supertest';
-import { afterAll, beforeAll, describe, expect, it } from 'vitest';
-
-describe('/admin/database-backups', () => {
-  let cookie: string | undefined;
-  let admin: LoginResponseDto;
-
-  beforeAll(async () => {
-    await utils.resetDatabase();
-    admin = await utils.adminSetup();
-    await utils.resetBackups(admin.accessToken);
-  });
-
-  describe('GET /', async () => {
-    it('should succeed and be empty', async () => {
-      const { status, body } = await request(app)
-        .get('/admin/database-backups')
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-      expect(status).toBe(200);
-      expect(body).toEqual({
-        backups: [],
-      });
-    });
-
-    it('should contain a created backup', async () => {
-      await utils.createJob(admin.accessToken, {
-        name: ManualJobName.BackupDatabase,
-      });
-
-      await utils.waitForQueueFinish(admin.accessToken, 'backupDatabase');
-
-      await expect
-        .poll(
-          async () => {
-            const { status, body } = await request(app)
-              .get('/admin/database-backups')
-              .set('Authorization', `Bearer ${admin.accessToken}`);
-
-            expect(status).toBe(200);
-            return body;
-          },
-          {
-            interval: 500,
-            timeout: 10_000,
-          },
-        )
-        .toEqual(
-          expect.objectContaining({
-            backups: [
-              expect.objectContaining({
-                filename: expect.stringMatching(/immich-db-backup-\d{8}T\d{6}-v.*-pg.*\.sql\.gz$/),
-                filesize: expect.any(Number),
-              }),
-            ],
-          }),
-        );
-    });
-  });
-
-  describe('DELETE /', async () => {
-    it('should delete backup', async () => {
-      const filename = await utils.createBackup(admin.accessToken);
-
-      const { status } = await request(app)
-        .delete(`/admin/database-backups`)
-        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({ backups: [filename] });
-
-      expect(status).toBe(200);
-
-      const { status: listStatus, body } = await request(app)
-        .get('/admin/database-backups')
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-
-      expect(listStatus).toBe(200);
-      expect(body).toEqual(
-        expect.objectContaining({
-          backups: [],
-        }),
-      );
-    });
-  });
-
-  // => action: restore database flow
-
-  describe.sequential('POST /start-restore', () => {
-    afterAll(async () => {
-      await request(app).post('/admin/maintenance').set('cookie', cookie!).send({ action: 'end' });
-      await utils.poll(
-        () => request(app).get('/server/config'),
-        ({ status, body }) => status === 200 && !body.maintenanceMode,
-      );
-
-      admin = await utils.adminSetup();
-    });
-
-    it.sequential('should not work when the server is configured', async () => {
-      const { status, body } = await request(app).post('/admin/database-backups/start-restore').send();
-
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest('The server already has an admin'));
-    });
-
-    it.sequential('should enter maintenance mode in "database restore mode"', async () => {
-      await utils.resetDatabase(); // reset database before running this test
-
-      const { status, headers } = await request(app).post('/admin/database-backups/start-restore').send();
-
-      expect(status).toBe(201);
-
-      cookie = headers['set-cookie'][0].split(';')[0];
-
-      await expect
-        .poll(
-          async () => {
-            const { status, body } = await request(app).get('/server/config');
-            expect(status).toBe(200);
-            return body.maintenanceMode;
-          },
-          {
-            interval: 500,
-            timeout: 10_000,
-          },
-        )
-        .toBeTruthy();
-
-      const { status: status2, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
-      expect(status2).toBe(200);
-      expect(body).toEqual({
-        active: true,
-        action: 'select_database_restore',
-      });
-    });
-  });
-
-  // => action: restore database
-
-  describe.sequential('POST /backups/restore', () => {
-    beforeAll(async () => {
-      await utils.disconnectDatabase();
-    });
-
-    afterAll(async () => {
-      await utils.connectDatabase();
-    });
-
-    it.sequential('should restore a backup', { timeout: 60_000 }, async () => {
-      let filename = await utils.createBackup(admin.accessToken);
-
-      // work-around until test is running on released version
-      await utils.move(
-        `/data/backups/${filename}`,
-        '/data/backups/immich-db-backup-20260114T184016-v2.5.0-pg14.19.sql.gz',
-      );
-      filename = 'immich-db-backup-20260114T184016-v2.5.0-pg14.19.sql.gz';
-
-      const { status } = await request(app)
-        .post('/admin/maintenance')
-        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({
-          action: 'restore_database',
-          restoreBackupFilename: filename,
-        });
-
-      expect(status).toBe(201);
-
-      await expect
-        .poll(
-          async () => {
-            const { status, body } = await request(app).get('/server/config');
-            expect(status).toBe(200);
-            return body.maintenanceMode;
-          },
-          {
-            interval: 500,
-            timeout: 10_000,
-          },
-        )
-        .toBeTruthy();
-
-      const { status: status2, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
-      expect(status2).toBe(200);
-      expect(body).toEqual(
-        expect.objectContaining({
-          active: true,
-          action: 'restore_database',
-        }),
-      );
-
-      await expect
-        .poll(
-          async () => {
-            const { status, body } = await request(app).get('/server/config');
-            expect(status).toBe(200);
-            return body.maintenanceMode;
-          },
-          {
-            interval: 500,
-            timeout: 60_000,
-          },
-        )
-        .toBeFalsy();
-    });
-
-    it.sequential('fail to restore a corrupted backup', { timeout: 60_000 }, async () => {
-      await utils.prepareTestBackup('corrupted');
-
-      const { status, headers } = await request(app)
-        .post('/admin/maintenance')
-        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({
-          action: 'restore_database',
-          restoreBackupFilename: 'development-corrupted.sql.gz',
-        });
-
-      expect(status).toBe(201);
-      cookie = headers['set-cookie'][0].split(';')[0];
-
-      await expect
-        .poll(
-          async () => {
-            const { status, body } = await request(app).get('/server/config');
-            expect(status).toBe(200);
-            return body.maintenanceMode;
-          },
-          {
-            interval: 500,
-            timeout: 10_000,
-          },
-        )
-        .toBeTruthy();
-
-      await expect
-        .poll(
-          async () => {
-            const { status, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
-            expect(status).toBe(200);
-            return body;
-          },
-          {
-            interval: 500,
-            timeout: 10_000,
-          },
-        )
-        .toEqual(
-          expect.objectContaining({
-            active: true,
-            action: 'restore_database',
-            error: 'Something went wrong, see logs!',
-          }),
-        );
-
-      const { status: status2, body: body2 } = await request(app)
-        .get('/admin/maintenance/status')
-        .set('cookie', cookie!)
-        .send({ token: 'token' });
-      expect(status2).toBe(200);
-      expect(body2).toEqual(
-        expect.objectContaining({
-          active: true,
-          action: 'restore_database',
-          error: expect.stringContaining('IM CORRUPTED'),
-        }),
-      );
-
-      await request(app).post('/admin/maintenance').set('cookie', cookie!).send({
-        action: 'end',
-      });
-
-      await utils.poll(
-        () => request(app).get('/server/config'),
-        ({ status, body }) => status === 200 && !body.maintenanceMode,
-      );
-    });
-
-    it.sequential('rollback to restore point if backup is missing admin', { timeout: 60_000 }, async () => {
-      await utils.prepareTestBackup('empty');
-
-      const { status, headers } = await request(app)
-        .post('/admin/maintenance')
-        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({
-          action: 'restore_database',
-          restoreBackupFilename: 'development-empty.sql.gz',
-        });
-
-      expect(status).toBe(201);
-      cookie = headers['set-cookie'][0].split(';')[0];
-
-      await expect
-        .poll(
-          async () => {
-            const { status, body } = await request(app).get('/server/config');
-            expect(status).toBe(200);
-            return body.maintenanceMode;
-          },
-          {
-            interval: 500,
-            timeout: 10_000,
-          },
-        )
-        .toBeTruthy();
-
-      await expect
-        .poll(
-          async () => {
-            const { status, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
-            expect(status).toBe(200);
-            return body;
-          },
-          {
-            interval: 500,
-            timeout: 30_000,
-          },
-        )
-        .toEqual(
-          expect.objectContaining({
-            active: true,
-            action: 'restore_database',
-            error: 'Something went wrong, see logs!',
-          }),
-        );
-
-      const { status: status2, body: body2 } = await request(app)
-        .get('/admin/maintenance/status')
-        .set('cookie', cookie!)
-        .send({ token: 'token' });
-      expect(status2).toBe(200);
-      expect(body2).toEqual(
-        expect.objectContaining({
-          active: true,
-          action: 'restore_database',
-          error: expect.stringContaining('Server health check failed, no admin exists.'),
-        }),
-      );
-
-      await request(app).post('/admin/maintenance').set('cookie', cookie!).send({
-        action: 'end',
-      });
-
-      await utils.poll(
-        () => request(app).get('/server/config'),
-        ({ status, body }) => status === 200 && !body.maintenanceMode,
-      );
-    });
-  });
-});

e2e/src/api/specs/maintenance.e2e-spec.ts

@@ -14,7 +14,6 @@ describe('/admin/maintenance', () => {
     await utils.resetDatabase();
     admin = await utils.adminSetup();
     nonAdmin = await utils.userSetup(admin.accessToken, createUserDto.user1);
-    await utils.resetBackups(admin.accessToken);
   });
 
   // => outside of maintenance mode
@@ -27,17 +26,6 @@ describe('/admin/maintenance', () => {
     });
   });
 
-  describe('GET /status', async () => {
-    it('to always indicate we are not in maintenance mode', async () => {
-      const { status, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
-      expect(status).toBe(200);
-      expect(body).toEqual({
-        active: false,
-        action: 'end',
-      });
-    });
-  });
-
   describe('POST /login', async () => {
     it('should not work out of maintenance mode', async () => {
       const { status, body } = await request(app).post('/admin/maintenance/login').send({ token: 'token' });
@@ -51,7 +39,6 @@ describe('/admin/maintenance', () => {
   describe.sequential('POST /', () => {
     it('should require authentication', async () => {
       const { status, body } = await request(app).post('/admin/maintenance').send({
-        active: false,
         action: 'end',
       });
       expect(status).toBe(401);
@@ -82,7 +69,6 @@ describe('/admin/maintenance', () => {
         .send({
           action: 'start',
         });
-
       expect(status).toBe(201);
 
       cookie = headers['set-cookie'][0].split(';')[0];
@@ -93,13 +79,12 @@ describe('/admin/maintenance', () => {
       await expect
         .poll(
           async () => {
-            const { status, body } = await request(app).get('/server/config');
-            expect(status).toBe(200);
+            const { body } = await request(app).get('/server/config');
             return body.maintenanceMode;
           },
           {
-            interval: 500,
-            timeout: 10_000,
+            interval: 5e2,
+            timeout: 1e4,
           },
         )
         .toBeTruthy();
@@ -117,17 +102,6 @@ describe('/admin/maintenance', () => {
       });
     });
 
-    describe('GET /status', async () => {
-      it('to indicate we are in maintenance mode', async () => {
-        const { status, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
-        expect(status).toBe(200);
-        expect(body).toEqual({
-          active: true,
-          action: 'start',
-        });
-      });
-    });
-
     describe('POST /login', async () => {
       it('should fail without cookie or token in body', async () => {
         const { status, body } = await request(app).post('/admin/maintenance/login').send({});
@@ -184,13 +158,12 @@ describe('/admin/maintenance', () => {
       await expect
         .poll(
           async () => {
-            const { status, body } = await request(app).get('/server/config');
-            expect(status).toBe(200);
+            const { body } = await request(app).get('/server/config');
             return body.maintenanceMode;
           },
           {
-            interval: 500,
-            timeout: 10_000,
+            interval: 5e2,
+            timeout: 1e4,
           },
         )
         .toBeFalsy();

e2e/src/api/specs/oauth.e2e-spec.ts

@@ -1,4 +1,3 @@
-import { OAuthClient, OAuthUser } from '@immich/e2e-auth-server';
 import {
   LoginResponseDto,
   SystemConfigOAuthDto,
@@ -9,12 +8,13 @@ import {
 } from '@immich/sdk';
 import { createHash, randomBytes } from 'node:crypto';
 import { errorDto } from 'src/responses';
+import { OAuthClient, OAuthUser } from 'src/setup/auth-server';
 import { app, asBearerAuth, baseUrl, utils } from 'src/utils';
 import request from 'supertest';
 import { beforeAll, describe, expect, it } from 'vitest';
 
 const authServer = {
-  internal: 'http://e2e-auth-server:2286',
+  internal: 'http://auth-server:2286',
   external: 'http://127.0.0.1:2286',
 };
 

e2e/src/generators.ts

@@ -26,5 +26,6 @@ export const makeRandomImage = () => {
   if (!value) {
     throw new Error('Ran out of random asset data');
   }
+
   return value;
 };

e2e/src/generators/timeline/rest-response.ts

@@ -346,9 +346,6 @@ export function toAssetResponseDto(asset: MockTimelineAsset, owner?: UserRespons
     duplicateId: null,
     resized: true,
     checksum: asset.checksum,
-    width: exifInfo.exifImageWidth ?? 1,
-    height: exifInfo.exifImageHeight ?? 1,
-    isEdited: false,
   };
 }
 

e2e/src/mock-network/timeline-network.ts

@@ -1,4 +1,3 @@
-import { AssetResponseDto } from '@immich/sdk';
 import { BrowserContext, Page, Request, Route } from '@playwright/test';
 import { basename } from 'node:path';
 import {
@@ -64,33 +63,15 @@ export const setupTimelineMockApiRoutes = async (
   });
 
   await context.route('**/api/assets/*', async (route, request) => {
-    if (request.method() === 'GET') {
-      const url = new URL(request.url());
-      const pathname = url.pathname;
-      const assetId = basename(pathname);
-      let asset = getAsset(timelineRestData, assetId);
-      if (changes.assetDeletions.includes(asset!.id)) {
-        asset = {
-          ...asset,
-          isTrashed: true,
-        } as AssetResponseDto;
-      }
-      return route.fulfill({
-        status: 200,
-        contentType: 'application/json',
-        json: asset,
-      });
-    }
-    await route.fallback();
-  });
-
-  await context.route('**/api/assets', async (route, request) => {
-    if (request.method() === 'DELETE') {
-      return route.fulfill({
-        status: 204,
-      });
-    }
-    await route.fallback();
+    const url = new URL(request.url());
+    const pathname = url.pathname;
+    const assetId = basename(pathname);
+    const asset = getAsset(timelineRestData, assetId);
+    return route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      json: asset,
+    });
   });
 
   await context.route('**/api/assets/*/ocr', async (route) => {
@@ -136,28 +117,17 @@ export const setupTimelineMockApiRoutes = async (
   });
 
   await context.route('**/api/albums/**', async (route, request) => {
-    const albumsMatch = request.url().match(/\/api\/albums\/(?<albumId>[^/?]+)/);
-    if (albumsMatch) {
-      const album = getAlbum(timelineRestData, testContext.adminId, albumsMatch.groups?.albumId, changes);
-      return route.fulfill({
-        status: 200,
-        contentType: 'application/json',
-        json: album,
-      });
+    const pattern = /\/api\/albums\/(?<albumId>[^/?]+)/;
+    const match = request.url().match(pattern);
+    if (!match) {
+      return route.continue();
     }
-    return route.fallback();
-  });
-
-  await context.route('**/api/albums**', async (route, request) => {
-    const allAlbums = request.url().match(/\/api\/albums\?assetId=(?<assetId>[^&]+)/);
-    if (allAlbums) {
-      return route.fulfill({
-        status: 200,
-        contentType: 'application/json',
-        json: [],
-      });
-    }
-    return route.fallback();
+    const album = getAlbum(timelineRestData, testContext.adminId, match.groups?.albumId, changes);
+    return route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      json: album,
+    });
   });
 };
 

e2e/src/setup/auth-server.ts

@@ -125,7 +125,7 @@ const setup = async () => {
     ],
   });
 
-  const onStart = () => console.log(`[e2e-auth-server] http://${host}:${port}/.well-known/openid-configuration`);
+  const onStart = () => console.log(`[auth-server] http://${host}:${port}/.well-known/openid-configuration`);
   const app = oidc.listen(port, host, onStart);
   return () => app.close();
 };

e2e/src/utils.ts

@@ -6,9 +6,7 @@ import {
   CheckExistingAssetsDto,
   CreateAlbumDto,
   CreateLibraryDto,
-  JobCreateDto,
   MaintenanceAction,
-  ManualJobName,
   MetadataSearchDto,
   Permission,
   PersonCreateDto,
@@ -23,7 +21,6 @@ import {
   checkExistingAssets,
   createAlbum,
   createApiKey,
-  createJob,
   createLibrary,
   createPartner,
   createPerson,
@@ -31,12 +28,10 @@ import {
   createStack,
   createUserAdmin,
   deleteAssets,
-  deleteDatabaseBackup,
   getAssetInfo,
   getConfig,
   getConfigDefaults,
   getQueuesLegacy,
-  listDatabaseBackups,
   login,
   runQueueCommandLegacy,
   scanLibrary,
@@ -57,15 +52,11 @@ import {
 import { BrowserContext } from '@playwright/test';
 import { exec, spawn } from 'node:child_process';
 import { createHash } from 'node:crypto';
-import { createWriteStream, existsSync, mkdirSync, renameSync, rmSync, writeFileSync } from 'node:fs';
-import { mkdtemp } from 'node:fs/promises';
+import { existsSync, mkdirSync, renameSync, rmSync, writeFileSync } from 'node:fs';
 import { tmpdir } from 'node:os';
-import { dirname, join, resolve } from 'node:path';
-import { Readable } from 'node:stream';
-import { pipeline } from 'node:stream/promises';
+import { dirname, resolve } from 'node:path';
 import { setTimeout as setAsyncTimeout } from 'node:timers/promises';
 import { promisify } from 'node:util';
-import { createGzip } from 'node:zlib';
 import pg from 'pg';
 import { io, type Socket } from 'socket.io-client';
 import { loginDto, signupDto } from 'src/fixtures';
@@ -93,9 +84,8 @@ export const asBearerAuth = (accessToken: string) => ({ Authorization: `Bearer $
 export const asKeyAuth = (key: string) => ({ 'x-api-key': key });
 export const immichCli = (args: string[]) =>
   executeCommand('pnpm', ['exec', 'immich', '-d', `/${tempDir}/immich/`, ...args], { cwd: '../cli' }).promise;
-export const dockerExec = (args: string[]) =>
-  executeCommand('docker', ['exec', '-i', 'immich-e2e-server', '/bin/bash', '-c', args.join(' ')]);
-export const immichAdmin = (args: string[]) => dockerExec([`immich-admin ${args.join(' ')}`]);
+export const immichAdmin = (args: string[]) =>
+  executeCommand('docker', ['exec', '-i', 'immich-e2e-server', '/bin/bash', '-c', `immich-admin ${args.join(' ')}`]);
 export const specialCharStrings = ["'", '"', ',', '{', '}', '*'];
 export const TEN_TIMES = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9];
 
@@ -159,26 +149,12 @@ const onEvent = ({ event, id }: { event: EventType; id: string }) => {
 };
 
 export const utils = {
-  connectDatabase: async () => {
-    if (!client) {
-      client = new pg.Client(dbUrl);
-      client.on('end', () => (client = null));
-      client.on('error', () => (client = null));
-      await client.connect();
-    }
-
-    return client;
-  },
-
-  disconnectDatabase: async () => {
-    if (client) {
-      await client.end();
-    }
-  },
-
   resetDatabase: async (tables?: string[]) => {
     try {
-      client = await utils.connectDatabase();
+      if (!client) {
+        client = new pg.Client(dbUrl);
+        await client.connect();
+      }
 
       tables = tables || [
         // TODO e2e test for deleting a stack, since it is quite complex
@@ -505,9 +481,6 @@ export const utils = {
   tagAssets: (accessToken: string, tagId: string, assetIds: string[]) =>
     tagAssets({ id: tagId, bulkIdsDto: { ids: assetIds } }, { headers: asBearerAuth(accessToken) }),
 
-  createJob: async (accessToken: string, jobCreateDto: JobCreateDto) =>
-    createJob({ jobCreateDto }, { headers: asBearerAuth(accessToken) }),
-
   queueCommand: async (accessToken: string, name: QueueName, queueCommandDto: QueueCommandDto) =>
     runQueueCommandLegacy({ name, queueCommandDto }, { headers: asBearerAuth(accessToken) }),
 
@@ -586,45 +559,6 @@ export const utils = {
     mkdirSync(`${testAssetDir}/temp`, { recursive: true });
   },
 
-  async move(source: string, dest: string) {
-    return executeCommand('docker', ['exec', 'immich-e2e-server', 'mv', source, dest]).promise;
-  },
-
-  createBackup: async (accessToken: string) => {
-    await utils.createJob(accessToken, {
-      name: ManualJobName.BackupDatabase,
-    });
-
-    return utils.poll(
-      () => request(app).get('/admin/database-backups').set('Authorization', `Bearer ${accessToken}`),
-      ({ status, body }) => status === 200 && body.backups.length === 1,
-      ({ body }) => body.backups[0].filename,
-    );
-  },
-
-  resetBackups: async (accessToken: string) => {
-    const { backups } = await listDatabaseBackups({ headers: asBearerAuth(accessToken) });
-
-    const backupFiles = backups.map((b) => b.filename);
-    await deleteDatabaseBackup(
-      { databaseBackupDeleteDto: { backups: backupFiles } },
-      { headers: asBearerAuth(accessToken) },
-    );
-  },
-
-  prepareTestBackup: async (generate: 'empty' | 'corrupted') => {
-    const dir = await mkdtemp(join(tmpdir(), 'test-'));
-    const fn = join(dir, 'file');
-
-    const sql = Readable.from(generate === 'corrupted' ? 'IM CORRUPTED;' : 'SELECT 1;');
-    const gzip = createGzip();
-    const writeStream = createWriteStream(fn);
-    await pipeline(sql, gzip, writeStream);
-
-    await executeCommand('docker', ['cp', fn, `immich-e2e-server:/data/backups/development-${generate}.sql.gz`])
-      .promise;
-  },
-
   resetAdminConfig: async (accessToken: string) => {
     const defaultConfig = await getConfigDefaults({ headers: asBearerAuth(accessToken) });
     await updateConfig({ systemConfigDto: defaultConfig }, { headers: asBearerAuth(accessToken) });
@@ -667,25 +601,6 @@ export const utils = {
     await utils.waitForQueueFinish(accessToken, 'sidecar');
     await utils.waitForQueueFinish(accessToken, 'metadataExtraction');
   },
-
-  async poll<T>(cb: () => Promise<T>, validate: (value: T) => boolean, map?: (value: T) => any) {
-    let timeout = 0;
-    while (true) {
-      try {
-        const data = await cb();
-        if (validate(data)) {
-          return map ? map(data) : data;
-        }
-        timeout++;
-        if (timeout >= 10) {
-          throw 'Could not clean up test.';
-        }
-        await new Promise((resolve) => setTimeout(resolve, 5e2));
-      } catch {
-        // no-op
-      }
-    }
-  },
 };
 
 utils.initSdk();

e2e/src/web/specs/asset-viewer/asset-viewer.parallel-e2e-spec.ts

@@ -1,269 +0,0 @@
-import { faker } from '@faker-js/faker';
-import { expect, test } from '@playwright/test';
-import {
-  Changes,
-  createDefaultTimelineConfig,
-  generateTimelineData,
-  SeededRandom,
-  selectRandom,
-  TimelineAssetConfig,
-  TimelineData,
-} from 'src/generators/timeline';
-import { setupBaseMockApiRoutes } from 'src/mock-network/base-network';
-import { setupTimelineMockApiRoutes, TimelineTestContext } from 'src/mock-network/timeline-network';
-import { utils } from 'src/utils';
-import { assetViewerUtils } from 'src/web/specs/timeline/utils';
-
-test.describe.configure({ mode: 'parallel' });
-test.describe('asset-viewer', () => {
-  const rng = new SeededRandom(529);
-  let adminUserId: string;
-  let timelineRestData: TimelineData;
-  const assets: TimelineAssetConfig[] = [];
-  const yearMonths: string[] = [];
-  const testContext = new TimelineTestContext();
-  const changes: Changes = {
-    albumAdditions: [],
-    assetDeletions: [],
-    assetArchivals: [],
-    assetFavorites: [],
-  };
-
-  test.beforeAll(async () => {
-    utils.initSdk();
-    adminUserId = faker.string.uuid();
-    testContext.adminId = adminUserId;
-    timelineRestData = generateTimelineData({ ...createDefaultTimelineConfig(), ownerId: adminUserId });
-    for (const timeBucket of timelineRestData.buckets.values()) {
-      assets.push(...timeBucket);
-    }
-    for (const yearMonth of timelineRestData.buckets.keys()) {
-      const [year, month] = yearMonth.split('-');
-      yearMonths.push(`${year}-${Number(month)}`);
-    }
-  });
-
-  test.beforeEach(async ({ context }) => {
-    await setupBaseMockApiRoutes(context, adminUserId);
-    await setupTimelineMockApiRoutes(context, timelineRestData, changes, testContext);
-  });
-
-  test.afterEach(() => {
-    testContext.slowBucket = false;
-    changes.albumAdditions = [];
-    changes.assetDeletions = [];
-    changes.assetArchivals = [];
-    changes.assetFavorites = [];
-  });
-
-  test.describe('/photos/:id', () => {
-    test('Navigate to next asset via button', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-      await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${asset.id}`);
-
-      await page.getByLabel('View next asset').click();
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 1]);
-      await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${assets[index + 1].id}`);
-    });
-
-    test('Navigate to previous asset via button', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-      await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${asset.id}`);
-
-      await page.getByLabel('View previous asset').click();
-      await assetViewerUtils.waitForViewerLoad(page, assets[index - 1]);
-      await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${assets[index - 1].id}`);
-    });
-
-    test('Navigate to next asset via keyboard (ArrowRight)', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-      await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${asset.id}`);
-
-      await page.keyboard.press('ArrowRight');
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 1]);
-      await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${assets[index + 1].id}`);
-    });
-
-    test('Navigate to previous asset via keyboard (ArrowLeft)', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-      await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${asset.id}`);
-
-      await page.keyboard.press('ArrowLeft');
-      await assetViewerUtils.waitForViewerLoad(page, assets[index - 1]);
-      await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${assets[index - 1].id}`);
-    });
-
-    test('Navigate forward 5 times via button', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-
-      for (let i = 1; i <= 5; i++) {
-        await page.getByLabel('View next asset').click();
-        await assetViewerUtils.waitForViewerLoad(page, assets[index + i]);
-        await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${assets[index + i].id}`);
-      }
-    });
-
-    test('Navigate backward 5 times via button', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-
-      for (let i = 1; i <= 5; i++) {
-        await page.getByLabel('View previous asset').click();
-        await assetViewerUtils.waitForViewerLoad(page, assets[index - i]);
-        await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${assets[index - i].id}`);
-      }
-    });
-
-    test('Navigate forward then backward via keyboard', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-
-      // Navigate forward 3 times
-      for (let i = 1; i <= 3; i++) {
-        await page.keyboard.press('ArrowRight');
-        await assetViewerUtils.waitForViewerLoad(page, assets[index + i]);
-      }
-
-      // Navigate backward 3 times to return to original
-      for (let i = 2; i >= 0; i--) {
-        await page.keyboard.press('ArrowLeft');
-        await assetViewerUtils.waitForViewerLoad(page, assets[index + i]);
-      }
-
-      // Verify we're back at the original asset
-      await expect.poll(() => new URL(page.url()).pathname).toBe(`/photos/${asset.id}`);
-    });
-
-    test('Verify no next button on last asset', async ({ page }) => {
-      const lastAsset = assets.at(-1)!;
-      await page.goto(`/photos/${lastAsset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, lastAsset);
-
-      // Verify next button doesn't exist
-      await expect(page.getByLabel('View next asset')).toHaveCount(0);
-    });
-
-    test('Verify no previous button on first asset', async ({ page }) => {
-      const firstAsset = assets[0];
-      await page.goto(`/photos/${firstAsset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, firstAsset);
-
-      // Verify previous button doesn't exist
-      await expect(page.getByLabel('View previous asset')).toHaveCount(0);
-    });
-
-    test('Delete photo advances to next', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-      await page.getByLabel('Delete').click();
-      const index = assets.indexOf(asset);
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 1]);
-    });
-    test('Delete photo advances to next (2x)', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-      await page.getByLabel('Delete').click();
-      const index = assets.indexOf(asset);
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 1]);
-      await page.getByLabel('Delete').click();
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 2]);
-    });
-    test('Delete last photo advances to prev', async ({ page }) => {
-      const asset = assets.at(-1)!;
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-      await page.getByLabel('Delete').click();
-      const index = assets.indexOf(asset);
-      await assetViewerUtils.waitForViewerLoad(page, assets[index - 1]);
-    });
-    test('Delete last photo advances to prev (2x)', async ({ page }) => {
-      const asset = assets.at(-1)!;
-      await page.goto(`/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-      await page.getByLabel('Delete').click();
-      const index = assets.indexOf(asset);
-      await assetViewerUtils.waitForViewerLoad(page, assets[index - 1]);
-      await page.getByLabel('Delete').click();
-      await assetViewerUtils.waitForViewerLoad(page, assets[index - 2]);
-    });
-  });
-  test.describe('/trash/photos/:id', () => {
-    test('Delete trashed photo advances to next', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      const deletedAssets = assets.slice(index - 10, index + 10).map((asset) => asset.id);
-      changes.assetDeletions.push(...deletedAssets);
-      await page.goto(`/trash/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-      await page.getByLabel('Delete').click();
-      // confirm dialog
-      await page.getByRole('button').getByText('Delete').click();
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 1]);
-    });
-    test('Delete trashed photo advances to next 2x', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      const deletedAssets = assets.slice(index - 10, index + 10).map((asset) => asset.id);
-      changes.assetDeletions.push(...deletedAssets);
-      await page.goto(`/trash/photos/${asset.id}`);
-      await assetViewerUtils.waitForViewerLoad(page, asset);
-      await page.getByLabel('Delete').click();
-      // confirm dialog
-      await page.getByRole('button').getByText('Delete').click();
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 1]);
-      await page.getByLabel('Delete').click();
-      // confirm dialog
-      await page.getByRole('button').getByText('Delete').click();
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 2]);
-    });
-    test('Delete trashed photo advances to prev', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      const deletedAssets = assets.slice(index - 10, index + 10).map((asset) => asset.id);
-      changes.assetDeletions.push(...deletedAssets);
-      await page.goto(`/trash/photos/${assets[index + 9].id}`);
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 9]);
-      await page.getByLabel('Delete').click();
-      // confirm dialog
-      await page.getByRole('button').getByText('Delete').click();
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 8]);
-    });
-    test('Delete trashed photo advances to prev 2x', async ({ page }) => {
-      const asset = selectRandom(assets, rng);
-      const index = assets.indexOf(asset);
-      const deletedAssets = assets.slice(index - 10, index + 10).map((asset) => asset.id);
-      changes.assetDeletions.push(...deletedAssets);
-      await page.goto(`/trash/photos/${assets[index + 9].id}`);
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 9]);
-      await page.getByLabel('Delete').click();
-      // confirm dialog
-      await page.getByRole('button').getByText('Delete').click();
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 8]);
-      await page.getByLabel('Delete').click();
-      // confirm dialog
-      await page.getByRole('button').getByText('Delete').click();
-      await assetViewerUtils.waitForViewerLoad(page, assets[index + 7]);
-    });
-  });
-});

e2e/src/web/specs/database-backups.e2e-spec.ts

@@ -1,105 +0,0 @@
-import { LoginResponseDto } from '@immich/sdk';
-import { expect, test } from '@playwright/test';
-import { utils } from 'src/utils';
-
-test.describe.configure({ mode: 'serial' });
-
-test.describe('Database Backups', () => {
-  let admin: LoginResponseDto;
-
-  test.beforeAll(async () => {
-    utils.initSdk();
-    await utils.resetDatabase();
-    admin = await utils.adminSetup();
-  });
-
-  test('restore a backup from settings', async ({ context, page }) => {
-    test.setTimeout(60_000);
-
-    await utils.resetBackups(admin.accessToken);
-    const filename = await utils.createBackup(admin.accessToken);
-    await utils.setAuthCookies(context, admin.accessToken);
-
-    // work-around until test is running on released version
-    await utils.move(
-      `/data/backups/${filename}`,
-      '/data/backups/immich-db-backup-20260114T184016-v2.5.0-pg14.19.sql.gz',
-    );
-
-    await page.goto('/admin/maintenance?isOpen=backups');
-    await page.getByRole('button', { name: 'Restore', exact: true }).click();
-    await page.getByRole('dialog').getByRole('button', { name: 'Restore' }).click();
-
-    await page.waitForURL('/maintenance?**');
-    await page.waitForURL('/admin/maintenance**', { timeout: 60_000 });
-  });
-
-  test('handle backup restore failure', async ({ context, page }) => {
-    test.setTimeout(60_000);
-
-    await utils.resetBackups(admin.accessToken);
-    await utils.prepareTestBackup('corrupted');
-    await utils.setAuthCookies(context, admin.accessToken);
-
-    await page.goto('/admin/maintenance?isOpen=backups');
-    await page.getByRole('button', { name: 'Restore', exact: true }).click();
-    await page.getByRole('dialog').getByRole('button', { name: 'Restore' }).click();
-
-    await page.waitForURL('/maintenance?**');
-    await expect(page.getByText('IM CORRUPTED')).toBeVisible({ timeout: 60_000 });
-    await page.getByRole('button', { name: 'End maintenance mode' }).click();
-    await page.waitForURL('/admin/maintenance**');
-  });
-
-  test('rollback to restore point if backup is missing admin', async ({ context, page }) => {
-    test.setTimeout(60_000);
-
-    await utils.resetBackups(admin.accessToken);
-    await utils.prepareTestBackup('empty');
-    await utils.setAuthCookies(context, admin.accessToken);
-
-    await page.goto('/admin/maintenance?isOpen=backups');
-    await page.getByRole('button', { name: 'Restore', exact: true }).click();
-    await page.getByRole('dialog').getByRole('button', { name: 'Restore' }).click();
-
-    await page.waitForURL('/maintenance?**');
-    await expect(page.getByText('Server health check failed, no admin exists.')).toBeVisible({ timeout: 60_000 });
-    await page.getByRole('button', { name: 'End maintenance mode' }).click();
-    await page.waitForURL('/admin/maintenance**');
-  });
-
-  test('restore a backup from onboarding', async ({ context, page }) => {
-    test.setTimeout(60_000);
-
-    await utils.resetBackups(admin.accessToken);
-    const filename = await utils.createBackup(admin.accessToken);
-    await utils.setAuthCookies(context, admin.accessToken);
-
-    // work-around until test is running on released version
-    await utils.move(
-      `/data/backups/${filename}`,
-      '/data/backups/immich-db-backup-20260114T184016-v2.5.0-pg14.19.sql.gz',
-    );
-
-    await utils.resetDatabase();
-
-    await page.goto('/');
-    await page.getByRole('button', { name: 'Restore from backup' }).click();
-
-    try {
-      await page.waitForURL('/maintenance**');
-    } catch {
-      // when chained with the rest of the tests
-      // this navigation may fail..? not sure why...
-      await page.goto('/maintenance');
-      await page.waitForURL('/maintenance**');
-    }
-
-    await page.getByRole('button', { name: 'Next' }).click();
-    await page.getByRole('button', { name: 'Restore', exact: true }).click();
-    await page.getByRole('dialog').getByRole('button', { name: 'Restore' }).click();
-
-    await page.waitForURL('/maintenance?**');
-    await page.waitForURL('/photos', { timeout: 60_000 });
-  });
-});

e2e/src/web/specs/maintenance.e2e-spec.ts

@@ -16,12 +16,12 @@ test.describe('Maintenance', () => {
   test('enter and exit maintenance mode', async ({ context, page }) => {
     await utils.setAuthCookies(context, admin.accessToken);
 
-    await page.goto('/admin/maintenance');
-    await page.getByRole('button', { name: 'Switch to maintenance mode' }).click();
+    await page.goto('/admin/system-settings?isOpen=maintenance');
+    await page.getByRole('button', { name: 'Start maintenance mode' }).click();
 
     await expect(page.getByText('Temporarily Unavailable')).toBeVisible({ timeout: 10_000 });
     await page.getByRole('button', { name: 'End maintenance mode' }).click();
-    await page.waitForURL('**/admin/maintenance*', { timeout: 10_000 });
+    await page.waitForURL('**/admin/system-settings*', { timeout: 10_000 });
   });
 
   test('maintenance shows no options to users until they authenticate', async ({ page }) => {

e2e/src/web/specs/photo-viewer.e2e-spec.ts

@@ -3,7 +3,7 @@ import { Page, expect, test } from '@playwright/test';
 import { utils } from 'src/utils';
 
 function imageLocator(page: Page) {
-  return page.getByAltText('Image taken').locator('visible=true');
+  return page.getByAltText('Image taken on').locator('visible=true');
 }
 test.describe('Photo Viewer', () => {
   let admin: LoginResponseDto;

e2e/src/web/specs/timeline/timeline.parallel-e2e-spec.ts

@@ -18,6 +18,7 @@ import { pageRoutePromise, setupTimelineMockApiRoutes, TimelineTestContext } fro
 import { utils } from 'src/utils';
 import {
   assetViewerUtils,
+  cancelAllPollers,
   padYearMonth,
   pageUtils,
   poll,
@@ -63,6 +64,7 @@ test.describe('Timeline', () => {
   });
 
   test.afterEach(() => {
+    cancelAllPollers();
     testContext.slowBucket = false;
     changes.albumAdditions = [];
     changes.assetDeletions = [];
@@ -461,7 +463,7 @@ test.describe('Timeline', () => {
         });
         changes.albumAdditions.push(...requestJson.ids);
       });
-      await page.getByText('Add assets').click();
+      await page.getByText('Done').click();
       await expect(put).resolves.toEqual({
         ids: [
           'c077ea7b-cfa1-45e4-8554-f86c00ee5658',

e2e/src/web/specs/timeline/utils.ts

@@ -23,6 +23,13 @@ export async function throttlePage(context: BrowserContext, page: Page) {
   await session.send('Emulation.setCPUThrottlingRate', { rate: 10 });
 }
 
+let activePollsAbortController = new AbortController();
+
+export const cancelAllPollers = () => {
+  activePollsAbortController.abort();
+  activePollsAbortController = new AbortController();
+};
+
 export const poll = async <T>(
   page: Page,
   query: () => Promise<T>,
@@ -30,14 +37,21 @@ export const poll = async <T>(
 ) => {
   let result;
   const timeout = Date.now() + 10_000;
+  const signal = activePollsAbortController.signal;
 
   const terminate = callback || ((result: Awaited<T> | undefined) => !!result);
   while (!terminate(result) && Date.now() < timeout) {
+    if (signal.aborted) {
+      return;
+    }
     try {
       result = await query();
     } catch {
       // ignore
     }
+    if (signal.aborted) {
+      return;
+    }
     if (page.isClosed()) {
       return;
     }
@@ -167,12 +181,8 @@ export const assetViewerUtils = {
   },
   async waitForViewerLoad(page: Page, asset: TimelineAssetConfig) {
     await page
-      .locator(
-        `img[draggable="false"][src="/api/assets/${asset.id}/thumbnail?size=preview&c=${asset.thumbhash}&edited=true"]`,
-      )
-      .or(
-        page.locator(`video[poster="/api/assets/${asset.id}/thumbnail?size=preview&c=${asset.thumbhash}&edited=true"]`),
-      )
+      .locator(`img[draggable="false"][src="/api/assets/${asset.id}/thumbnail?size=preview&c=${asset.thumbhash}"]`)
+      .or(page.locator(`video[poster="/api/assets/${asset.id}/thumbnail?size=preview&c=${asset.thumbhash}"]`))
       .waitFor();
   },
   async expectActiveAssetToBe(page: Page, assetId: string) {

e2e/src/web/specs/user-admin.e2e-spec.ts

@@ -56,7 +56,7 @@ test.describe('User Administration', () => {
     await expect(page.getByLabel('Admin User')).not.toBeChecked();
     await page.getByLabel('Admin User').click();
     await expect(page.getByLabel('Admin User')).toBeChecked();
-    await page.getByRole('button', { name: 'Save' }).click();
+    await page.getByRole('button', { name: 'Confirm' }).click();
 
     await expect
       .poll(async () => {
@@ -85,7 +85,7 @@ test.describe('User Administration', () => {
     await expect(page.getByLabel('Admin User')).toBeChecked();
     await page.getByLabel('Admin User').click();
     await expect(page.getByLabel('Admin User')).not.toBeChecked();
-    await page.getByRole('button', { name: 'Save' }).click();
+    await page.getByRole('button', { name: 'Confirm' }).click();
 
     await expect
       .poll(async () => {