refactor(web): extract asset grid layout logic into AssetLayout component

- Extracts the asset grid rendering logic from `MonthSegment` into a dedicated `AssetLayout` component - Simplifies `MonthSegment` by delegating layout responsibilities while maintaining all existing functionality - Renames `customLayout` prop to `customThumbnailLayout` for clarity across Timeline components ## Changes - Created new `AssetLayout.svelte` component that handles: - Asset grid rendering with proper positioning - Animation transitions - Filtering of intersecting viewer assets - Updated `MonthSegment.svelte` to use `AssetLayout` via composition pattern - Renamed `customLayout` to `customThumbnailLayout` in Timeline and related components - Moved thumbnail click and selection logic to Timeline parent component using snippets
refactor(web): consolidate asset operations in PhotostreamManager base class
2026-01-22 01:18:54 -08:00 · 2025-09-30 00:08:14 +00:00 · 2025-09-30 00:00:50 +00:00 · 2025-09-29 01:26:59 +00:00 · 2025-09-28 19:41:41 +00:00 · 2025-09-28 19:41:41 +00:00
1799 changed files with 37321 additions and 163601 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -29,12 +29,6 @@
      ]
    }
  },
-  "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      // https://github.com/devcontainers/features/issues/1466
-      "moby": false
-    }
-  },
  "forwardPorts": [3000, 9231, 9230, 2283],
  "portsAttributes": {
    "3000": {
--- a/.devcontainer/mobile/container-compose-overrides.yml
+++ b/.devcontainer/mobile/container-compose-overrides.yml
@@ -6,35 +6,28 @@ services:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
    volumes: !override # bind mount host to /workspaces/immich
      - ..:/workspaces/immich
-      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
-      - pnpm-store:/usr/src/app/.pnpm-store
-      - server-node_modules:/usr/src/app/server/node_modules
-      - web-node_modules:/usr/src/app/web/node_modules
-      - github-node_modules:/usr/src/app/.github/node_modules
-      - cli-node_modules:/usr/src/app/cli/node_modules
-      - docs-node_modules:/usr/src/app/docs/node_modules
-      - e2e-node_modules:/usr/src/app/e2e/node_modules
-      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
-      - app-node_modules:/usr/src/app/node_modules
-      - sveltekit:/usr/src/app/web/.svelte-kit
-      - coverage:/usr/src/app/web/coverage
+      - cli_node_modules:/workspaces/immich/cli/node_modules
+      - e2e_node_modules:/workspaces/immich/e2e/node_modules
+      - open_api_node_modules:/workspaces/immich/open-api/typescript-sdk/node_modules
+      - server_node_modules:/workspaces/immich/server/node_modules
+      - web_node_modules:/workspaces/immich/web/node_modules
+      - ${UPLOAD_LOCATION}/photos:/data
      - /etc/localtime:/etc/localtime:ro
-  immich-web:
-    env_file: !reset []
-  immich-machine-learning:
-    env_file: !reset []
+
  database:
-    env_file: !reset []
-    environment: !override
-      POSTGRES_PASSWORD: ${DB_PASSWORD-postgres}
-      POSTGRES_USER: ${DB_USERNAME-postgres}
-      POSTGRES_DB: ${DB_DATABASE_NAME-immich}
-      POSTGRES_INITDB_ARGS: '--data-checksums'
-      POSTGRES_HOST_AUTH_METHOD: md5
    volumes:
-      - ${UPLOAD_LOCATION:-postgres-devcontainer-volume}${UPLOAD_LOCATION:+/postgres}:/var/lib/postgresql/data
-  redis:
-    env_file: !reset []
+      - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
+
 volumes:
-  upload-devcontainer-volume:
-  postgres-devcontainer-volume:
+  # Node modules for each service to avoid conflicts and ensure consistent dependencies
+  cli_node_modules:
+  e2e_node_modules:
+  open_api_node_modules:
+  server_node_modules:
+  web_node_modules:
+
+  # UPLOAD_LOCATION must be set to a absolute path or vol-upload
+  vol-upload:
+
+  # DB_DATA_LOCATION must be set to a absolute path or vol-database
+  vol-database:
--- a/.devcontainer/mobile/devcontainer.json
+++ b/.devcontainer/mobile/devcontainer.json
@@ -40,7 +40,7 @@
  "userEnvProbe": "loginInteractiveShell",
  "remoteEnv": {
    // The location where your uploaded files are stored
-    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./library}",
+    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./Library}",
    //  Connection secret for postgres. You should change it to a random password
    //  Please use only the characters `A-Za-z0-9`, without special characters or spaces
    "DB_PASSWORD": "${localEnv:DB_PASSWORD:postgres}",
--- a/.devcontainer/server/container-compose-overrides.yml
+++ b/.devcontainer/server/container-compose-overrides.yml
@@ -21,7 +21,6 @@ services:
      - app-node_modules:/usr/src/app/node_modules
      - sveltekit:/usr/src/app/web/.svelte-kit
      - coverage:/usr/src/app/web/coverage
-      - ../plugins:/build/corePlugin
  immich-web:
    env_file: !reset []
  immich-machine-learning:
--- a/.github/.nvmrc
+++ b/.github/.nvmrc
@@ -1 +1 @@
-24.13.0
+22.19.0
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -31,7 +31,7 @@ documentation:
 🧠machine-learning:
  - changed-files:
      - any-glob-to-any-file:
-          - machine-learning/**
+          - machine-learning/app/**

 changelog:translation:
  - head-branch: ['^chore/translations$']
--- a/.github/mise.toml
+++ b/.github/mise.toml
@@ -1,10 +0,0 @@
-[tasks.install]
-run = "pnpm install --filter github --frozen-lockfile"
-
-[tasks.format]
-env._.path = "./node_modules/.bin"
-run = "prettier --check ."
-
-[tasks."format-fix"]
-env._.path = "./node_modules/.bin"
-run = "prettier --write ."
--- a/.github/package.json
+++ b/.github/package.json
@@ -4,6 +4,6 @@
    "format:fix": "prettier --write ."
  },
  "devDependencies": {
-    "prettier": "^3.7.4"
+    "prettier": "^3.5.3"
  }
 }
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -1,16 +1,12 @@
 name: Build Mobile

 on:
+  workflow_dispatch:
  workflow_call:
    inputs:
      ref:
        required: false
        type: string
-      environment:
-        description: 'Target environment'
-        required: true
-        default: 'development'
-        type: string
    secrets:
      KEY_JKS:
        required: true
@@ -20,18 +16,6 @@ on:
        required: true
      ANDROID_STORE_PASSWORD:
        required: true
-      APP_STORE_CONNECT_API_KEY_ID:
-        required: true
-      APP_STORE_CONNECT_API_KEY_ISSUER_ID:
-        required: true
-      APP_STORE_CONNECT_API_KEY:
-        required: true
-      IOS_CERTIFICATE_P12:
-        required: true
-      IOS_CERTIFICATE_PASSWORD:
-        required: true
-      FASTLANE_TEAM_ID:
-        required: true
  pull_request:
  push:
    branches: [main]
@@ -50,17 +34,10 @@ jobs:
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            mobile:
              - 'mobile/**'
@@ -78,17 +55,10 @@ jobs:
    runs-on: mich

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Create the Keystore
        env:
@@ -96,14 +66,14 @@ jobs:
        working-directory: ./mobile
        run: printf "%s" $KEY_JKS | base64 -d > android/key.jks

-      - uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
+      - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: 'zulu'
          java-version: '17'

      - name: Restore Gradle Cache
        id: cache-gradle-restore
-        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
        with:
          path: |
            ~/.gradle/caches
@@ -153,14 +123,14 @@ jobs:
          fi

      - name: Publish Android Artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: release-apk-signed
          path: mobile/build/app/outputs/flutter-apk/*.apk

      - name: Save Gradle Cache
        id: cache-gradle-save
-        uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
        if: github.ref == 'refs/heads/main'
        with:
          path: |
@@ -170,123 +140,3 @@ jobs:
            mobile/android/.gradle
            mobile/.dart_tool
          key: ${{ steps.cache-gradle-restore.outputs.cache-primary-key }}
-
-  build-sign-ios:
-    name: Build and sign iOS
-    needs: pre-job
-    permissions:
-      contents: read
-    # Run on main branch or workflow_dispatch, or on PRs/other branches (build only, no upload)
-    if: ${{ !github.event.pull_request.head.repo.fork && fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
-    runs-on: macos-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
-        with:
-          ref: ${{ inputs.ref || github.sha }}
-          persist-credentials: false
-
-      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2
-        with:
-          channel: 'stable'
-          flutter-version-file: ./mobile/pubspec.yaml
-          cache: true
-
-      - name: Install Flutter dependencies
-        working-directory: ./mobile
-        run: flutter pub get
-
-      - name: Generate translation files
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
-        working-directory: ./mobile
-
-      - name: Generate platform APIs
-        run: make pigeon
-        working-directory: ./mobile
-
-      - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: '3.3'
-          bundler-cache: true
-          working-directory: ./mobile/ios
-
-      - name: Install CocoaPods dependencies
-        working-directory: ./mobile/ios
-        run: |
-          pod install
-
-      - name: Create API Key
-        env:
-          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
-          API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
-          API_KEY_CONTENT: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
-        working-directory: ./mobile/ios
-        run: |
-          mkdir -p ~/.appstoreconnect/private_keys
-          echo "$API_KEY_CONTENT" | base64 --decode > ~/.appstoreconnect/private_keys/AuthKey_${API_KEY_ID}.p8
-
-      - name: Import Certificate
-        env:
-          IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
-        working-directory: ./mobile/ios
-        run: |
-          # Decode certificate
-          echo "$IOS_CERTIFICATE_P12" | base64 --decode > certificate.p12
-
-      - name: Create keychain and import certificate
-        env:
-          KEYCHAIN_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-          CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-        working-directory: ./mobile/ios
-        run: |
-          # Create keychain
-          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
-          security default-keychain -s build.keychain
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
-          security set-keychain-settings -t 3600 -u build.keychain
-
-          # Import certificate
-          security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security
-          security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" build.keychain
-
-          # Verify certificate was imported
-          security find-identity -v -p codesigning build.keychain
-
-      - name: Build and deploy to TestFlight
-        env:
-          FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}
-          IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-          KEYCHAIN_NAME: build.keychain
-          KEYCHAIN_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
-          APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
-          ENVIRONMENT: ${{ inputs.environment || 'development' }}
-          BUNDLE_ID_SUFFIX: ${{ inputs.environment == 'production' && '' || 'development' }}
-          GITHUB_REF: ${{ github.ref }}
-        working-directory: ./mobile/ios
-        run: |
-          # Only upload to TestFlight on main branch
-          if [[ "$GITHUB_REF" == "refs/heads/main" ]]; then
-            if [[ "$ENVIRONMENT" == "development" ]]; then
-              bundle exec fastlane gha_testflight_dev
-            else
-              bundle exec fastlane gha_release_prod
-            fi
-          else
-            # Build only, no TestFlight upload for non-main branches
-            bundle exec fastlane gha_build_only
-          fi
-
-      - name: Clean up keychain
-        if: always()
-        run: |
-          security delete-keychain build.keychain || true
-
-      - name: Upload IPA artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-        with:
-          name: ios-release-ipa
-          path: mobile/ios/Runner.ipa
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -18,21 +18,14 @@ jobs:
      contents: read
      actions: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Check out code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Cleanup
        env:
-          GH_TOKEN: ${{ steps.token.outputs.token }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          REF: ${{ github.ref }}
        run: |
          gh extension install actions/gh-actions-cache
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -29,22 +29,15 @@ jobs:
        working-directory: ./cli

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
@@ -57,7 +50,7 @@ jobs:

      - run: pnpm install --frozen-lockfile
      - run: pnpm build
-      - run: pnpm publish --no-git-checks
+      - run: pnpm publish
        if: ${{ github.event_name == 'release' }}
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -71,26 +64,19 @@ jobs:
    needs: publish

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
@@ -105,7 +91,7 @@ jobs:

      - name: Generate docker image tags
        id: metadata
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
        with:
          flavor: |
            latest=false
--- a/.github/workflows/close-duplicates.yml
+++ b/.github/workflows/close-duplicates.yml
@@ -35,7 +35,7 @@ jobs:
    needs: [get_body, should_run]
    if: ${{ needs.should_run.outputs.should_run == 'true' }}
    container:
-      image: ghcr.io/immich-app/mdq:main@sha256:ab9f163cd5d5cec42704a26ca2769ecf3f10aa8e7bae847f1d527cdf075946e6
+      image: ghcr.io/immich-app/mdq:main@sha256:d8ae47cf2e6cf4e2559bd57a60b73674fe44f897cba2c2bddff2987a05be10a4
    outputs:
      checked: ${{ steps.get_checkbox.outputs.checked }}
    steps:
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -43,21 +43,14 @@ jobs:
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,7 +63,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/autobuild@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -83,6 +76,6 @@ jobs:
      #   ./location_of_script_within_repo/buildscript.sh

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -22,17 +22,10 @@ jobs:
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            server:
              - 'server/**'
@@ -60,12 +53,11 @@ jobs:
        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
-
      - name: Re-tag image
        env:
          REGISTRY_NAME: 'ghcr.io'
@@ -90,12 +82,11 @@ jobs:
        suffix: ['']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
-
      - name: Re-tag image
        env:
          REGISTRY_NAME: 'ghcr.io'
@@ -116,23 +107,24 @@ jobs:
      matrix:
        include:
          - device: cpu
+            tag-suffix: ''
          - device: cuda
-            suffixes: '-cuda'
+            tag-suffix: '-cuda'
            platforms: linux/amd64
          - device: openvino
-            suffixes: '-openvino'
+            tag-suffix: '-openvino'
            platforms: linux/amd64
          - device: armnn
-            suffixes: '-armnn'
+            tag-suffix: '-armnn'
            platforms: linux/arm64
          - device: rknn
-            suffixes: '-rknn'
+            tag-suffix: '-rknn'
            platforms: linux/arm64
          - device: rocm
-            suffixes: '-rocm'
+            tag-suffix: '-rocm'
            platforms: linux/amd64
            runner-mapping: '{"linux/amd64": "mich"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@0477486d82313fba68f7c82c034120a4b8981297 # multi-runner-build-workflow-v2.1.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
    permissions:
      contents: read
      actions: read
@@ -146,7 +138,7 @@ jobs:
      dockerfile: machine-learning/Dockerfile
      platforms: ${{ matrix.platforms }}
      runner-mapping: ${{ matrix.runner-mapping }}
-      suffixes: ${{ matrix.suffixes }}
+      tag-suffix: ${{ matrix.tag-suffix }}
      dockerhub-push: ${{ github.event_name == 'release' }}
      build-args: |
        DEVICE=${{ matrix.device }}
@@ -155,7 +147,7 @@ jobs:
    name: Build and Push Server
    needs: pre-job
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@0477486d82313fba68f7c82c034120a4b8981297 # multi-runner-build-workflow-v2.1.0
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
    permissions:
      contents: read
      actions: read
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -20,17 +20,10 @@ jobs:
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            docs:
              - 'docs/**'
@@ -53,24 +46,16 @@ jobs:
        working-directory: ./docs

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-          fetch-depth: 0

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './docs/.nvmrc'
          cache: 'pnpm'
@@ -86,7 +71,7 @@ jobs:
        run: pnpm build

      - name: Upload build output
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: docs-build-output
          path: docs/build/
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -5,9 +5,6 @@ on:
    types:
      - completed

-env:
-  TG_NON_INTERACTIVE: 'true'
-
 jobs:
  checks:
    name: Docs Deploy Checks
@@ -19,19 +16,12 @@ jobs:
      parameters: ${{ steps.parameters.outputs.result }}
      artifact: ${{ steps.get-artifact.outputs.result }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - if: ${{ github.event.workflow_run.conclusion != 'success' }}
        run: echo 'The triggering workflow did not succeed' && exit 1
      - name: Get artifact
        id: get-artifact
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        with:
-          github-token: ${{ steps.token.outputs.token }}
          script: |
            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
               owner: context.repo.owner,
@@ -48,11 +38,10 @@ jobs:
            return { found: true, id: matchArtifact.id };
      - name: Determine deploy parameters
        id: parameters
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        env:
          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        with:
-          github-token: ${{ steps.token.outputs.token }}
          script: |
            const eventType = context.payload.workflow_run.event;
            const isFork = context.payload.workflow_run.repository.fork;
@@ -118,28 +107,17 @@ jobs:
      pull-requests: write
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@b868e6e7c8cc212beec876330b4059e661ee44bb # use-mise-action-v1.1.1

      - name: Load parameters
        id: parameters
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        env:
          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
        with:
-          github-token: ${{ steps.token.outputs.token }}
          script: |
            const parameters = JSON.parse(process.env.PARAM_JSON);
            core.setOutput("event", parameters.event);
@@ -147,11 +125,10 @@ jobs:
            core.setOutput("shouldDeploy", parameters.shouldDeploy);

      - name: Download artifact
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        env:
          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
        with:
-          github-token: ${{ steps.token.outputs.token }}
          script: |
            let artifact = JSON.parse(process.env.ARTIFACT_JSON);
            let download = await github.rest.actions.downloadArtifact({
@@ -173,8 +150,12 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs'
-        run: 'mise run //deployment:tf apply'
+        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        with:
+          tg_version: '0.58.12'
+          tofu_version: '1.7.1'
+          tg_dir: 'deployment/modules/cloudflare/docs'
+          tg_command: 'apply'

      - name: Deploy Docs Subdomain Output
        id: docs-output
@@ -184,12 +165,20 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs'
+        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        with:
+          tg_version: '0.58.12'
+          tofu_version: '1.7.1'
+          tg_dir: 'deployment/modules/cloudflare/docs'
+          tg_command: 'output -json'
+
+      - name: Output Cleaning
+        id: clean
+        env:
+          TG_OUTPUT: ${{ steps.docs-output.outputs.tg_action_output }}
        run: |
-          mise run //deployment:tf output -- -json | jq -r '
-            "projectName=\(.pages_project_name.value)",
-            "subdomain=\(.immich_app_branch_subdomain.value)"
-          ' >> $GITHUB_OUTPUT
+          CLEANED=$(echo "$TG_OUTPUT" | sed 's|%0A|\n|g ; s|%3C|<|g' | jq -c .)
+          echo "output=$CLEANED" >> $GITHUB_OUTPUT

      - name: Publish to Cloudflare Pages
        # TODO: Action is deprecated
@@ -197,7 +186,7 @@ jobs:
        with:
          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          projectName: ${{ steps.docs-output.outputs.projectName }}
+          projectName: ${{ fromJson(steps.clean.outputs.output).pages_project_name.value }}
          workingDirectory: 'docs'
          directory: 'build'
          branch: ${{ steps.parameters.outputs.name }}
@@ -210,16 +199,19 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs-release'
-        run: 'mise run //deployment:tf apply'
+        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        with:
+          tg_version: '0.58.12'
+          tofu_version: '1.7.1'
+          tg_dir: 'deployment/modules/cloudflare/docs-release'
+          tg_command: 'apply'

      - name: Comment
        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
        if: ${{ steps.parameters.outputs.event == 'pr' }}
        with:
-          token: ${{ steps.token.outputs.token }}
          number: ${{ fromJson(needs.checks.outputs.parameters).pr_number }}
          body: |
-            📖 Documentation deployed to [${{ steps.docs-output.outputs.subdomain }}](https://${{ steps.docs-output.outputs.subdomain }})
+            📖 Documentation deployed to [${{ fromJson(steps.clean.outputs.output).immich_app_branch_subdomain.value }}](https://${{ fromJson(steps.clean.outputs.output).immich_app_branch_subdomain.value }})
          emojis: 'rocket'
          body-include: '<!-- Docs PR URL -->'
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -5,9 +5,6 @@ on:

 permissions: {}

-env:
-  TG_NON_INTERACTIVE: 'true'
-
 jobs:
  deploy:
    name: Docs Destroy
@@ -16,20 +13,10 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@b868e6e7c8cc212beec876330b4059e661ee44bb # use-mise-action-v1.1.1

      - name: Destroy Docs Subdomain
        env:
@@ -38,13 +25,16 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs'
-        run: 'mise run //deployment:tf destroy -- -refresh=false'
+        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        with:
+          tg_version: '0.58.12'
+          tofu_version: '1.7.1'
+          tg_dir: 'deployment/modules/cloudflare/docs'
+          tg_command: 'destroy -refresh=false'

      - name: Comment
        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
        with:
-          token: ${{ steps.token.outputs.token }}
          number: ${{ github.event.number }}
          delete: true
          body-include: '<!-- Docs PR URL -->'
--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -16,30 +16,30 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: 'Checkout'
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'

      - name: Fix formatting
-        run: pnpm --recursive install && pnpm run --recursive --parallel fix:format
+        run: make install-all && make format-all

      - name: Commit and push
        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
@@ -48,10 +48,9 @@ jobs:
          message: 'chore: fix formatting'

      - name: Remove label
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        if: always()
        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
            github.rest.issues.removeLabel({
              issue_number: context.payload.pull_request.number,
--- a/.github/workflows/merge-translations.yml
+++ b/.github/workflows/merge-translations.yml
@@ -28,19 +28,11 @@ jobs:
    permissions:
      pull-requests: write
    steps:
-      - name: Generate a token
-        id: generate_token
-        if: ${{ inputs.skip != true }}
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Find translation PR
        id: find_pr
        if: ${{ inputs.skip != true }}
        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GH_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -63,6 +55,14 @@ jobs:
            exit 1
          fi

+      - name: Generate a token
+        id: generate_token
+        if: ${{ inputs.skip != true }}
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        with:
+          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
+          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+
      - name: Lock weblate
        if: ${{ inputs.skip != true }}
        env:
--- a/.github/workflows/pr-label-validation.yml
+++ b/.github/workflows/pr-label-validation.yml
@@ -13,16 +13,9 @@ jobs:
      issues: write
      pull-requests: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Require PR to have a changelog label
        uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1
        with:
-          token: ${{ steps.token.outputs.token }}
          mode: exactly
          count: 1
          use_regex: true
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -11,12 +11,4 @@ jobs:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
-        with:
-          repo-token: ${{ steps.token.outputs.token }}
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -45,31 +45,30 @@ jobs:
    needs: [merge_translations]
    outputs:
      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
-      version: ${{ steps.output.outputs.version }}
    permissions: {} # No job-level permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
          ref: main

      - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -81,16 +80,13 @@ jobs:
          MOBILE_BUMP: ${{ inputs.mobileBump }}
        run: misc/release/pump-version.sh -s "${SERVER_BUMP}" -m "${MOBILE_BUMP}"

-      - id: output
-        run: echo "version=$IMMICH_VERSION" >> $GITHUB_OUTPUT
-
      - name: Commit and tag
        id: push-tag
        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
        with:
          default_author: github_actions
-          message: 'chore: version ${{ steps.output.outputs.version }}'
-          tag: ${{ steps.output.outputs.version }}
+          message: 'chore: version ${{ env.IMMICH_VERSION }}'
+          tag: ${{ env.IMMICH_VERSION }}
          push: true

  build_mobile:
@@ -103,55 +99,39 @@ jobs:
      ALIAS: ${{ secrets.ALIAS }}
      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
      ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
-      # iOS secrets
-      APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
-      APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
-      APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
-      IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
-      IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-      IOS_PROVISIONING_PROFILE: ${{ secrets.IOS_PROVISIONING_PROFILE }}
-      IOS_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_SHARE_EXTENSION }}
-      IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
-      IOS_DEVELOPMENT_PROVISIONING_PROFILE: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE }}
-      IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION }}
-      IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
-      FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}
-
    with:
      ref: ${{ needs.bump_version.outputs.ref }}
-      environment: production

  prepare_release:
    runs-on: ubuntu-latest
-    needs: [build_mobile, bump_version]
+    needs: build_mobile
    permissions:
      actions: read # To download the app artifact
      # No content permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false

      - name: Download APK
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          name: release-apk-signed
-          github-token: ${{ steps.generate-token.outputs.token }}

      - name: Create draft release
-        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
+        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
        with:
          draft: true
-          tag_name: ${{ needs.bump_version.outputs.version }}
+          tag_name: ${{ env.IMMICH_VERSION }}
          token: ${{ steps.generate-token.outputs.token }}
          generate_release_notes: true
          body_path: misc/release/notes.tmpl
--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -13,17 +13,10 @@ jobs:
    permissions:
      pull-requests: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        with:
-          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
-          message: 'Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.build/'
+          message: 'Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.cloud/'

  remove-label:
    runs-on: ubuntu-latest
@@ -31,15 +24,8 @@ jobs:
    permissions:
      pull-requests: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+      - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        with:
-          github-token: ${{ steps.token.outputs.token }}
          script: |
            github.rest.issues.removeLabel({
              issue_number: context.payload.pull_request.number,
@@ -51,13 +37,11 @@ jobs:
      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        if: ${{ github.event.pull_request.head.repo.fork }}
        with:
-          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
          message: 'PRs from forks cannot have preview environments.'

      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
-          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
          message: 'Preview environment has been removed.'
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@@ -1,170 +0,0 @@
-name: Manage release PR
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-
-concurrency:
-  group: ${{ github.workflow }}
-  cancel-in-progress: true
-
-permissions: {}
-
-jobs:
-  bump:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          persist-credentials: true
-          ref: main
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
-
-      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
-
-      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
-        with:
-          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-
-      - name: Determine release type
-        id: bump-type
-        uses: ietf-tools/semver-action@c90370b2958652d71c06a3484129a4d423a6d8a8 # v1.11.0
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-
-      - name: Bump versions
-        env:
-          TYPE: ${{ steps.bump-type.outputs.bump }}
-        run: |
-          if [ "$TYPE" == "none" ]; then
-            exit 1 # TODO: Is there a cleaner way to abort the workflow?
-          fi
-          misc/release/pump-version.sh -s $TYPE -m true
-
-      - name: Manage Outline release document
-        id: outline
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        env:
-          OUTLINE_API_KEY: ${{ secrets.OUTLINE_API_KEY }}
-          NEXT_VERSION: ${{ steps.bump-type.outputs.next }}
-        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
-          script: |
-            const fs = require('fs');
-
-            const outlineKey = process.env.OUTLINE_API_KEY;
-            const parentDocumentId = 'da856355-0844-43df-bd71-f8edce5382d9'
-            const collectionId = 'e2910656-714c-4871-8721-447d9353bd73';
-            const baseUrl = 'https://outline.immich.cloud';
-
-            const listResponse = await fetch(`${baseUrl}/api/documents.list`, {
-              method: 'POST',
-              headers: {
-                'Authorization': `Bearer ${outlineKey}`,
-                'Content-Type': 'application/json'
-              },
-              body: JSON.stringify({ parentDocumentId })
-            });
-
-            if (!listResponse.ok) {
-              throw new Error(`Outline list failed: ${listResponse.statusText}`);
-            }
-
-            const listData = await listResponse.json();
-            const allDocuments = listData.data || [];
-
-            const document = allDocuments.find(doc => doc.title === 'next');
-
-            let documentId;
-            let documentUrl;
-            let documentText;
-
-            if (!document) {
-              // Create new document
-              console.log('No existing document found. Creating new one...');
-              const notesTmpl = fs.readFileSync('misc/release/notes.tmpl', 'utf8');
-              const createResponse = await fetch(`${baseUrl}/api/documents.create`, {
-                method: 'POST',
-                headers: {
-                  'Authorization': `Bearer ${outlineKey}`,
-                  'Content-Type': 'application/json'
-                },
-                body: JSON.stringify({
-                  title: 'next',
-                  text: notesTmpl,
-                  collectionId: collectionId,
-                  parentDocumentId: parentDocumentId,
-                  publish: true
-                })
-              });
-
-              if (!createResponse.ok) {
-                throw new Error(`Failed to create document: ${createResponse.statusText}`);
-              }
-
-              const createData = await createResponse.json();
-              documentId = createData.data.id;
-              const urlId = createData.data.urlId;
-              documentUrl = `${baseUrl}/doc/next-${urlId}`;
-              documentText = createData.data.text || '';
-              console.log(`Created new document: ${documentUrl}`);
-            } else {
-              documentId = document.id;
-              const docPath = document.url;
-              documentUrl = `${baseUrl}${docPath}`;
-              documentText = document.text || '';
-              console.log(`Found existing document: ${documentUrl}`);
-            }
-
-            // Generate GitHub release notes
-            console.log('Generating GitHub release notes...');
-            const releaseNotesResponse = await github.rest.repos.generateReleaseNotes({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              tag_name: `${process.env.NEXT_VERSION}`,
-            });
-
-            // Combine the content
-            const changelog = `
-            # ${process.env.NEXT_VERSION}
-
-            ${documentText}
-
-            ${releaseNotesResponse.data.body}
-
-            ---
-
-            `
-
-            const existingChangelog = fs.existsSync('CHANGELOG.md') ? fs.readFileSync('CHANGELOG.md', 'utf8') : '';
-            fs.writeFileSync('CHANGELOG.md', changelog + existingChangelog, 'utf8');
-
-            core.setOutput('document_url', documentUrl);
-
-      - name: Create PR
-        id: create-pr
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          commit-message: 'chore: release ${{ steps.bump-type.outputs.next }}'
-          title: 'chore: release ${{ steps.bump-type.outputs.next }}'
-          body: 'Release notes: ${{ steps.outline.outputs.document_url }}'
-          labels: 'changelog:skip'
-          branch: 'release/next'
-          draft: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,148 +0,0 @@
-name: release.yml
-on:
-  pull_request:
-    types: [closed]
-    paths:
-      - CHANGELOG.md
-
-jobs:
-  # Maybe double check PR source branch?
-
-  merge_translations:
-    uses: ./.github/workflows/merge-translations.yml
-    permissions:
-      pull-requests: write
-    secrets:
-      PUSH_O_MATIC_APP_ID: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-      PUSH_O_MATIC_APP_KEY: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-      WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-
-  build_mobile:
-    uses: ./.github/workflows/build-mobile.yml
-    needs: merge_translations
-    permissions:
-      contents: read
-    secrets:
-      KEY_JKS: ${{ secrets.KEY_JKS }}
-      ALIAS: ${{ secrets.ALIAS }}
-      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
-      ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
-      # iOS secrets
-      APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
-      APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
-      APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
-      IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
-      IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-      IOS_PROVISIONING_PROFILE: ${{ secrets.IOS_PROVISIONING_PROFILE }}
-      IOS_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_SHARE_EXTENSION }}misc/release/notes.tmpl
-      IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
-      IOS_DEVELOPMENT_PROVISIONING_PROFILE: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE }}
-      IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION }}
-      IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
-      FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}
-    with:
-      ref: main
-      environment: production
-
-  prepare_release:
-    runs-on: ubuntu-latest
-    needs: build_mobile
-    permissions:
-      actions: read # To download the app artifact
-    steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          persist-credentials: false
-          ref: main
-
-      - name: Extract changelog
-        id: changelog
-        run: |
-          CHANGELOG_PATH=$RUNNER_TEMP/changelog.md
-          sed -n '1,/^---$/p' CHANGELOG.md | head -n -1 > $CHANGELOG_PATH
-          echo "path=$CHANGELOG_PATH" >> $GITHUB_OUTPUT
-          VERSION=$(sed -n 's/^# //p' $CHANGELOG_PATH)
-          echo "version=$VERSION" >> $GITHUB_OUTPUT
-
-      - name: Download APK
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
-        with:
-          name: release-apk-signed
-          github-token: ${{ steps.generate-token.outputs.token }}
-
-      - name: Create draft release
-        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
-        with:
-          tag_name: ${{ steps.version.outputs.result }}
-          token: ${{ steps.generate-token.outputs.token }}
-          body_path: ${{ steps.changelog.outputs.path }}
-          draft: true
-          files: |
-            docker/docker-compose.yml
-            docker/example.env
-            docker/hwaccel.ml.yml
-            docker/hwaccel.transcoding.yml
-            docker/prometheus.yml
-            *.apk
-
-      - name: Rename Outline document
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        continue-on-error: true
-        env:
-          OUTLINE_API_KEY: ${{ secrets.OUTLINE_API_KEY }}
-          VERSION: ${{ steps.changelog.outputs.version }}
-        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
-          script: |
-            const outlineKey = process.env.OUTLINE_API_KEY;
-            const version = process.env.VERSION;
-            const parentDocumentId = 'da856355-0844-43df-bd71-f8edce5382d9';
-            const baseUrl = 'https://outline.immich.cloud';
-
-            const listResponse = await fetch(`${baseUrl}/api/documents.list`, {
-              method: 'POST',
-              headers: {
-                'Authorization': `Bearer ${outlineKey}`,
-                'Content-Type': 'application/json'
-              },
-              body: JSON.stringify({ parentDocumentId })
-            });
-
-            if (!listResponse.ok) {
-              throw new Error(`Outline list failed: ${listResponse.statusText}`);
-            }
-
-            const listData = await listResponse.json();
-            const allDocuments = listData.data || [];
-            const document = allDocuments.find(doc => doc.title === 'next');
-
-            if (document) {
-              console.log(`Found document 'next', renaming to '${version}'...`);
-
-              const updateResponse = await fetch(`${baseUrl}/api/documents.update`, {
-                method: 'POST',
-                headers: {
-                  'Authorization': `Bearer ${outlineKey}`,
-                  'Content-Type': 'application/json'
-                },
-                body: JSON.stringify({
-                  id: document.id,
-                  title: version
-                })
-              });
-
-              if (!updateResponse.ok) {
-                throw new Error(`Failed to rename document: ${updateResponse.statusText}`);
-              }
-            } else {
-              console.log('No document titled "next" found to rename');
-            }
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -16,22 +16,15 @@ jobs:
      run:
        working-directory: ./open-api/typescript-sdk
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './open-api/typescript-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
@@ -42,6 +35,6 @@ jobs:
      - name: Build
        run: pnpm build
      - name: Publish
-        run: pnpm publish --no-git-checks
+        run: pnpm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -19,17 +19,10 @@ jobs:
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            mobile:
              - 'mobile/**'
@@ -48,17 +41,10 @@ jobs:
      run:
        working-directory: ./mobile
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Setup Flutter SDK
        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
@@ -72,7 +58,7 @@ jobs:
      - name: Install DCM
        uses: CQLabs/setup-dcm@8697ae0790c0852e964a6ef1d768d62a6675481a # v2.0.1
        with:
-          github-token: ${{ steps.token.outputs.token }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
          version: auto
          working-directory: ./mobile

--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -16,17 +16,10 @@ jobs:
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            i18n:
              - 'i18n/**'
@@ -62,22 +55,14 @@ jobs:
      run:
        working-directory: ./server
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -107,21 +92,14 @@ jobs:
      run:
        working-directory: ./cli
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          cache: 'pnpm'
@@ -154,21 +132,14 @@ jobs:
      run:
        working-directory: ./cli
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          cache: 'pnpm'
@@ -196,21 +167,14 @@ jobs:
      run:
        working-directory: ./web
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
@@ -221,7 +185,7 @@ jobs:
      - name: Run pnpm install
        run: pnpm rebuild && pnpm install --frozen-lockfile
      - name: Run linter
-        run: pnpm lint
+        run: pnpm lint:p
        if: ${{ !cancelled() }}
      - name: Run formatter
        run: pnpm format
@@ -240,21 +204,14 @@ jobs:
      run:
        working-directory: ./web
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
@@ -278,29 +235,22 @@ jobs:
    permissions:
      contents: read
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'
      - name: Install dependencies
-        run: pnpm --filter=immich-i18n install --frozen-lockfile
+        run: pnpm --filter=immich-web install --frozen-lockfile
      - name: Format
-        run: pnpm --filter=immich-i18n format:fix
+        run: pnpm --filter=immich-web format:i18n
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
@@ -326,21 +276,14 @@ jobs:
      run:
        working-directory: ./e2e
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -372,22 +315,14 @@ jobs:
      run:
        working-directory: ./server
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          submodules: 'recursive'
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -411,22 +346,15 @@ jobs:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
          submodules: 'recursive'
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -466,22 +394,15 @@ jobs:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
          submodules: 'recursive'
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -500,16 +421,8 @@ jobs:
        run: docker compose build
        if: ${{ !cancelled() }}
      - name: Run e2e tests (web)
-        env:
-          CI: true
        run: npx playwright test
        if: ${{ !cancelled() }}
-      - name: Archive test results
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-        if: success() || failure()
-        with:
-          name: e2e-web-test-results-${{ matrix.runner }}
-          path: e2e/playwright-report/
  success-check-e2e:
    name: End-to-End Tests Success
    needs: [e2e-tests-server-cli, e2e-tests-web]
@@ -528,16 +441,9 @@ jobs:
    permissions:
      contents: read
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup Flutter SDK
        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
        with:
@@ -560,20 +466,16 @@ jobs:
      run:
        working-directory: ./machine-learning
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
-        with:
-          python-version: 3.11
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        # TODO: add caching when supported (https://github.com/actions/setup-python/pull/818)
+        # with:
+        #   python-version: 3.11
+        #   cache: 'uv'
      - name: Install dependencies
        run: |
          uv sync --extra cpu
@@ -600,21 +502,14 @@ jobs:
      run:
        working-directory: ./.github
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './.github/.nvmrc'
          cache: 'pnpm'
@@ -630,16 +525,9 @@ jobs:
    permissions:
      contents: read
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Run ShellCheck
        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
        with:
@@ -651,21 +539,14 @@ jobs:
    permissions:
      contents: read
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -700,7 +581,7 @@ jobs:
      contents: read
    services:
      postgres:
-        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3@sha256:dbf18b3ffea4a81434c65b71e20d27203baf903a0275f4341e4c16dfd901fd67
+        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3@sha256:da52bbead5d818adaa8077c8dcdaad0aaf93038c31ad8348b51f9f0ec1310a4d
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
@@ -713,21 +594,14 @@ jobs:
      run:
        working-directory: ./server
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
--- a/.github/workflows/weblate-lock.yml
+++ b/.github/workflows/weblate-lock.yml
@@ -23,20 +23,14 @@ jobs:
    outputs:
      should_run: ${{ steps.check.outputs.should_run }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Check what should run
        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+        uses: immich-app/devtools/actions/pre-job@5f91b52dfbb92b8d96ca411ab59c896cd59714ca # pre-job-action-v1.1.0
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            i18n:
-              - modified: 'i18n/!(en)**\.json'
+              - 'i18n/!(en)**\.json'
+          exclude-branches: 'chore/translations'
          skip-force-logic: 'true'

  enforce-lock:
@@ -46,16 +40,10 @@ jobs:
    permissions: {}
    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Bot review status
        env:
          PR_NUMBER: ${{ github.event.pull_request.number || github.event.pull_request_review.pull_request.number }}
-          GH_TOKEN: ${{ steps.token.outputs.token }}
+          GH_TOKEN: ${{ github.token }}
        run: |
          # Then check for APPROVED by the bot, if absent fail
          gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json reviews | jq -e '.reviews | map(select(.author.login == env.BOT_NAME and .state == "APPROVED")) | length > 0' \
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -18,20 +18,6 @@
      "name": "Immich Workers",
      "remoteRoot": "/usr/src/app/server",
      "localRoot": "${workspaceFolder}/server"
-    },
-    {
-      "type": "node",
-      "request": "launch",
-      "name": "Immich CLI",
-      "program": "${workspaceFolder}/cli/dist/index.js",
-      "args": ["upload", "--help"],
-      "runtimeArgs": ["--enable-source-maps"],
-      "console": "integratedTerminal",
-      "resolveSourceMapLocations": ["${workspaceFolder}/cli/dist/**/*.js.map"],
-      "sourceMaps": true,
-      "outFiles": ["${workspaceFolder}/cli/dist/**/*.js"],
-      "skipFiles": ["<node_internals>/**"],
-      "preLaunchTask": "Build Immich CLI"
    }
  ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -52,7 +52,7 @@
  },
  "cSpell.words": ["immich"],
  "editor.formatOnSave": true,
-  "eslint.validate": ["javascript", "typescript", "svelte"],
+  "eslint.validate": ["javascript", "svelte"],
  "explorer.fileNesting.enabled": true,
  "explorer.fileNesting.patterns": {
    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -5,7 +5,6 @@
      "label": "Fix Permissions, Install Dependencies",
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start.sh ] && /immich-devcontainer/container-start.sh || exit 0",
-      "isBackground": true,
      "presentation": {
        "echo": true,
        "reveal": "always",
@@ -26,7 +25,6 @@
      "dependsOn": ["Fix Permissions, Install Dependencies"],
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start-backend.sh ] && /immich-devcontainer/container-start-backend.sh || exit 0",
-      "isBackground": true,
      "presentation": {
        "echo": true,
        "reveal": "always",
@@ -47,7 +45,6 @@
      "dependsOn": ["Fix Permissions, Install Dependencies"],
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start-frontend.sh ] && /immich-devcontainer/container-start-frontend.sh || exit 0",
-      "isBackground": true,
      "presentation": {
        "echo": true,
        "reveal": "always",
@@ -70,11 +67,6 @@
        "runOn": "folderOpen"
      },
      "problemMatcher": []
-    },
-    {
-      "label": "Build Immich CLI",
-      "type": "shell",
-      "command": "pnpm --filter cli build:dev"
    }
  ]
 }
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,31 +0,0 @@
-# Contributing to Immich
-
-We appreciate every contribution, and we're happy about every new contributor. So please feel invited to help make Immich a better product!
-
-## Getting started
-
-To get you started quickly we have detailed guides for the dev setup on our [website](https://docs.immich.app/developer/setup). If you prefer, you can also use [Devcontainers](https://docs.immich.app/developer/devcontainers).
-There are also additional resources about Immich's architecture, database migrations, the use of OpenAPI, and more in our [developer documentation](https://docs.immich.app/developer/architecture).
-
-## General
-
-Please try to keep pull requests as focused as possible. A PR should do exactly one thing and not bleed into other, unrelated areas. The smaller a PR, the fewer changes are likely needed, and the quicker it will likely be merged. For larger/more impactful PRs, please reach out to us first to discuss your plans. The best way to do this is through our [Discord](https://discord.immich.app). We have a dedicated `#contributing` channel there. Additionally, please fill out the entire template when opening a PR.
-
-## Finding work
-
-If you are looking for something to work on, there are discussions and issues with a `good-first-issue` label on them. These are always a good starting point. If none of them sound interesting or fit your skill set, feel free to reach out on our Discord. We're happy to help you find something to work on!
-
-## Use of generative AI
-
-We generally discourage PRs entirely generated by an LLM. For any part generated by an LLM, please put extra effort into your self-review. By using generative AI without proper self-review, the time you save ends up being more work we need to put in for proper reviews and code cleanup. Please keep that in mind when submitting code by an LLM. Clearly state the use of LLMs/(generative) AI in your pull request as requested by the template.
-
-## Feature freezes
-
-From time to time, we put a feature freeze on parts of the codebase. For us, this means we won't accept most PRs that make changes in that area. Exempted from this are simple bug fixes that require only minor changes. We will close feature PRs that target a feature-frozen area, even if that feature is highly requested and you put a lot of work into it. Please keep that in mind, and if you're ever uncertain if a PR would be accepted, reach out to us first (e.g., in the aforementioned `#contributing` channel). We hate to throw away work. Currently, we have feature freezes on:
-
-* Sharing/Asset ownership
-* (External) libraries
-
-## Non-code contributions
-
-If you want to contribute to Immich but you don't feel comfortable programming in our tech stack, there are other ways you can help the team. All our translations are done through [Weblate](https://hosted.weblate.org/projects/immich). These rely entirely on the community; if you speak a language that isn't fully translated yet, submitting translations there is greatly appreciated! If you like helping others, answering Q&A discussions here on GitHub and replying to people on our Discord is also always appreciated.
--- a/5
+++ b/5
@@ -17,9 +17,6 @@ dev-docs:
 e2e:
 	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --remove-orphans

-e2e-dev:
-	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.dev.yml up --remove-orphans
-
 e2e-update:
 	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans

@@ -94,6 +91,8 @@ format-%:
 	pnpm --filter $(call map-package,$*) run format:fix
 lint-%:
 	pnpm --filter $(call map-package,$*) run lint:fix
+lint-web:
+	pnpm --filter $(call map-package,$*) run lint:p
 check-%:
 	pnpm --filter $(call map-package,$*) run check
 check-web:
--- a/README.md
+++ b/README.md
@@ -28,8 +28,7 @@
  <a href="readme_i18n/README_de_DE.md">Deutsch</a>
  <a href="readme_i18n/README_nl_NL.md">Nederlands</a>
  <a href="readme_i18n/README_tr_TR.md">Türkçe</a>
-  <a href="readme_i18n/README_zh_CN.md">简体中文</a>
-  <a href="readme_i18n/README_zh_TW.md">正體中文</a>
+  <a href="readme_i18n/README_zh_CN.md">中文</a>
  <a href="readme_i18n/README_uk_UA.md">Українська</a>
  <a href="readme_i18n/README_ru_RU.md">Русский</a>
  <a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
@@ -39,25 +38,26 @@
  <a href="readme_i18n/README_th_TH.md">ภาษาไทย</a>
 </p>

+## Disclaimer

-> [!WARNING]
-> ⚠️ Always follow [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) backup plan for your precious photos and videos!
-> 
- 
+- ⚠️ The project is under **very active** development.
+- ⚠️ Expect bugs and breaking changes.
+- ⚠️ **Do not use the app as the only way to store your photos and videos.**
+- ⚠️ Always follow [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) backup plan for your precious photos and videos!

 > [!NOTE]
 > You can find the main documentation, including installation guides, at https://immich.app/.

 ## Links

- [Documentation](https://docs.immich.app/)
- [About](https://docs.immich.app/overview/introduction)
- [Installation](https://docs.immich.app/install/requirements)
+- [Documentation](https://immich.app/docs)
+- [About](https://immich.app/docs/overview/introduction)
+- [Installation](https://immich.app/docs/install/requirements)
 - [Roadmap](https://immich.app/roadmap)
 - [Demo](#demo)
 - [Features](#features)
- [Translations](https://docs.immich.app/developer/translations)
- [Contributing](https://docs.immich.app/overview/support-the-project)
+- [Translations](https://immich.app/docs/developer/translations)
+- [Contributing](https://immich.app/docs/overview/support-the-project)

 ## Demo

@@ -106,7 +106,7 @@ Access the demo [here](https://demo.immich.app). For the mobile app, you can use

 ## Translations

-Read more about translations [here](https://docs.immich.app/developer/translations).
+Read more about translations [here](https://immich.app/docs/developer/translations).

 <a href="https://hosted.weblate.org/engage/immich/">
 <img src="https://hosted.weblate.org/widget/immich/immich/multi-auto.svg" alt="Translation status" />
@@ -118,16 +118,16 @@ Read more about translations [here](https://docs.immich.app/developer/translatio

 ## Star history

-<a href="https://star-history.com/#immich-app/immich&type=date&legend=top-left">
+<a href="https://star-history.com/#immich-app/immich&Date">
 <picture>
-   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=date&theme=dark" />
-   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=date" />
-   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=immich-app/immich&type=date" width="100%" />
+   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=Date&theme=dark" />
+   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" />
+   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" width="100%" />
 </picture>
 </a>

 ## Contributors

-<a href="https://github.com/immich-app/immich/graphs/contributors">
+<a href="https://github.com/alextran1502/immich/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=immich-app/immich" width="100%"/>
 </a>
--- a/cli/.nvmrc
+++ b/cli/.nvmrc
@@ -1 +1 @@
-24.13.0
+22.19.0
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:24.1.0-alpine3.20@sha256:8fe019e0d57dbdce5f5c27c0b63d2775cf34b00e3755a7dea969802d7e0c2b25 AS core
+FROM node:22.16.0-alpine3.20@sha256:2289fb1fba0f4633b08ec47b94a89c7e20b829fc5679f9b7b298eaa2f1ed8b7e AS core

 WORKDIR /usr/src/app
 COPY package* pnpm* .pnpmfile.cjs ./
--- a/cli/README.md
+++ b/cli/README.md
@@ -1,38 +1,30 @@
 A command-line interface for interfacing with the self-hosted photo manager [Immich](https://immich.app/).

-Please see the [Immich CLI documentation](https://docs.immich.app/features/command-line-interface).
+Please see the [Immich CLI documentation](https://immich.app/docs/features/command-line-interface).

 # For developers

 Before building the CLI, you must build the immich server and the open-api client. To build the server run the following in the server folder:

-    $ pnpm install
-    $ pnpm run build
+    $ npm install
+    $ npm run build

 Then, to build the open-api client run the following in the open-api folder:

    $ ./bin/generate-open-api.sh

-## Run from build
+To run the Immich CLI from source, run the following in the cli folder:

-Go to the cli folder and build it:
+    $ npm install
+    $ npm run build
+    $ ts-node .

-    $ pnpm install
-    $ pnpm run build
-    $ node dist/index.js
+You'll need ts-node, the easiest way to install it is to use npm:

-## Run and Debug from source (VSCode)
-
-With VScode you can run and debug the Immich CLI. Go to the launch.json file, find the Immich CLI config and change this with the command you need to debug
-
-`"args": ["upload", "--help"],`
-
-replace that for the command of your choice.
-
-## Install from build
+    $ npm i -g ts-node

 You can also build and install the CLI using

-    $ pnpm run build
-    $ pnpm install -g .
+    $ npm run build
+    $ npm install -g .
 ****
--- a/cli/mise.toml
+++ b/cli/mise.toml
@@ -1,29 +0,0 @@
-[tasks.install]
-run = "pnpm install --filter @immich/cli --frozen-lockfile"
-
-[tasks.build]
-env._.path = "./node_modules/.bin"
-run = "vite build"
-
-[tasks.test]
-env._.path = "./node_modules/.bin"
-run = "vite"
-
-[tasks.lint]
-env._.path = "./node_modules/.bin"
-run = "eslint \"src/**/*.ts\" --max-warnings 0"
-
-[tasks."lint-fix"]
-run = { task = "lint --fix" }
-
-[tasks.format]
-env._.path = "./node_modules/.bin"
-run = "prettier --check ."
-
-[tasks."format-fix"]
-env._.path = "./node_modules/.bin"
-run = "prettier --write ."
-
-[tasks.check]
-env._.path = "./node_modules/.bin"
-run = "tsc --noEmit"
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@immich/cli",
-  "version": "2.2.105",
+  "version": "2.2.92",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
@@ -20,7 +20,7 @@
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^24.10.8",
+    "@types/node": "^22.18.1",
    "@vitest/coverage-v8": "^3.0.0",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
@@ -28,22 +28,21 @@
    "eslint": "^9.14.0",
    "eslint-config-prettier": "^10.1.8",
    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^62.0.0",
+    "eslint-plugin-unicorn": "^60.0.0",
    "globals": "^16.0.0",
    "mock-fs": "^5.2.0",
-    "prettier": "^3.7.4",
+    "prettier": "^3.2.5",
    "prettier-plugin-organize-imports": "^4.0.0",
    "typescript": "^5.3.3",
    "typescript-eslint": "^8.28.0",
    "vite": "^7.0.0",
-    "vite-tsconfig-paths": "^6.0.0",
+    "vite-tsconfig-paths": "^5.0.0",
    "vitest": "^3.0.0",
    "vitest-fetch-mock": "^0.4.0",
    "yaml": "^2.3.1"
  },
  "scripts": {
    "build": "vite build",
-    "build:dev": "vite build --sourcemap true",
    "lint": "eslint \"src/**/*.ts\" --max-warnings 0",
    "lint:fix": "npm run lint -- --fix",
    "prepack": "npm run build",
@@ -69,6 +68,6 @@
    "micromatch": "^4.0.8"
  },
  "volta": {
-    "node": "24.13.0"
+    "node": "22.19.0"
  }
 }
--- a/cli/src/commands/asset.spec.ts
+++ b/cli/src/commands/asset.spec.ts
@@ -271,7 +271,7 @@ describe('startWatch', () => {
    });
  });

-  it('should filter out ignored patterns', async () => {
+  it('should filger out ignored patterns', async () => {
    const testFilePath = path.join(testFolder, 'test.jpg');
    const ignoredPattern = 'ignored';
    const ignoredFolder = path.join(testFolder, ignoredPattern);
--- a/cli/src/commands/asset.ts
+++ b/cli/src/commands/asset.ts
@@ -37,7 +37,6 @@ export interface UploadOptionsDto {
  dryRun?: boolean;
  skipHash?: boolean;
  delete?: boolean;
-  deleteDuplicates?: boolean;
  album?: boolean;
  albumName?: string;
  includeHidden?: boolean;
@@ -71,8 +70,10 @@ const uploadBatch = async (files: string[], options: UploadOptionsDto) => {
    console.log(JSON.stringify({ newFiles, duplicates, newAssets }, undefined, 4));
  }
  await updateAlbums([...newAssets, ...duplicates], options);
-
-  await deleteFiles(newAssets, duplicates, options);
+  await deleteFiles(
+    newAssets.map(({ filepath }) => filepath),
+    options,
+  );
 };

 export const startWatch = async (
@@ -405,46 +406,28 @@ const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaRespon
  return response.json();
 };

-const deleteFiles = async (uploaded: Asset[], duplicates: Asset[], options: UploadOptionsDto): Promise<void> => {
-  let fileCount = 0;
-  if (options.delete) {
-    fileCount += uploaded.length;
-  }
-
-  if (options.deleteDuplicates) {
-    fileCount += duplicates.length;
-  }
-
-  if (options.dryRun) {
-    console.log(`Would have deleted ${fileCount} local asset${s(fileCount)}`);
+const deleteFiles = async (files: string[], options: UploadOptionsDto): Promise<void> => {
+  if (!options.delete) {
    return;
  }

-  if (fileCount === 0) {
+  if (options.dryRun) {
+    console.log(`Would have deleted ${files.length} local asset${s(files.length)}`);
    return;
  }

  console.log('Deleting assets that have been uploaded...');
+
  const deletionProgress = new SingleBar(
    { format: 'Deleting local assets | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
    Presets.shades_classic,
  );
-  deletionProgress.start(fileCount, 0);
-
-  const chunkDelete = async (files: Asset[]) => {
-    for (const assetBatch of chunk(files, options.concurrency)) {
-      await Promise.all(assetBatch.map((input: Asset) => unlink(input.filepath)));
-      deletionProgress.update(assetBatch.length);
-    }
-  };
+  deletionProgress.start(files.length, 0);

  try {
-    if (options.delete) {
-      await chunkDelete(uploaded);
-    }
-
-    if (options.deleteDuplicates) {
-      await chunkDelete(duplicates);
+    for (const assetBatch of chunk(files, options.concurrency)) {
+      await Promise.all(assetBatch.map((input: string) => unlink(input)));
+      deletionProgress.update(assetBatch.length);
    }
  } finally {
    deletionProgress.stop();
--- a/cli/src/index.ts
+++ b/cli/src/index.ts
@@ -8,7 +8,6 @@ import { serverInfo } from 'src/commands/server-info';
 import { version } from '../package.json';

 const defaultConfigDirectory = path.join(os.homedir(), '.config/immich/');
-const defaultConcurrency = Math.max(1, os.cpus().length - 1);

 const program = new Command()
  .name('immich')
@@ -67,7 +66,7 @@ program
  .addOption(
    new Option('-c, --concurrency <number>', 'Number of assets to upload at the same time')
      .env('IMMICH_UPLOAD_CONCURRENCY')
-      .default(defaultConcurrency),
+      .default(4),
  )
  .addOption(
    new Option('-j, --json-output', 'Output detailed information in json format')
@@ -75,11 +74,6 @@ program
      .default(false),
  )
  .addOption(new Option('--delete', 'Delete local assets after upload').env('IMMICH_DELETE_ASSETS'))
-  .addOption(
-    new Option('--delete-duplicates', 'Delete local assets that are duplicates (already exist on server)').env(
-      'IMMICH_DELETE_DUPLICATES',
-    ),
-  )
  .addOption(new Option('--no-progress', 'Hide progress bars').env('IMMICH_PROGRESS_BAR').default(true))
  .addOption(
    new Option('--watch', 'Watch for changes and upload automatically')
--- a/cli/src/utils.spec.ts
+++ b/cli/src/utils.spec.ts
@@ -299,7 +299,7 @@ describe('crawl', () => {
          .map(([file]) => file);

        // Compare file's content instead of path since a file can be represent in multiple ways.
-        expect(actual.map((path) => readContent(path)).toSorted()).toEqual(expected.toSorted());
+        expect(actual.map((path) => readContent(path)).sort()).toEqual(expected.sort());
      });
    }
  });
--- a/cli/src/utils.ts
+++ b/cli/src/utils.ts
@@ -160,7 +160,7 @@ export const crawl = async (options: CrawlOptions): Promise<string[]> => {
    ignore: [`**/${exclusionPattern}`],
  });
  globbedFiles.push(...crawledFiles);
-  return globbedFiles.toSorted();
+  return globbedFiles.sort();
 };

 export const sha1 = (filepath: string) => {
--- a/cli/tsconfig.json
+++ b/cli/tsconfig.json
@@ -9,7 +9,7 @@
    "experimentalDecorators": true,
    "allowSyntheticDefaultImports": true,
    "resolveJsonModule": true,
-    "target": "es2023",
+    "target": "es2022",
    "sourceMap": true,
    "outDir": "./dist",
    "incremental": true,
--- a/deployment/mise.toml
+++ b/deployment/mise.toml
@@ -1,20 +0,0 @@
-[tools]
-terragrunt = "0.93.10"
-opentofu = "1.10.7"
-
-[tasks."tg:fmt"]
-run = "terragrunt hclfmt"
-description = "Format terragrunt files"
-
-[tasks.tf]
-run = "terragrunt run --all"
-description = "Wrapper for terragrunt run-all"
-dir = "{{cwd}}"
-
-[tasks."tf:fmt"]
-run = "tofu fmt -recursive tf/"
-description = "Format terraform files"
-
-[tasks."tf:init"]
-run = { task = "tf init -- -reconfigure" }
-dir = "{{cwd}}"
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -1,5 +1,5 @@
 #
-# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+# WARNING: To install Immich, follow our guide: https://immich.app/docs/install/docker-compose
 #
 # Make sure to use the docker-compose.yml of the current release:
 #
@@ -8,8 +8,8 @@
 # The compose file on main may not be compatible with the latest release.

 # For development see:
-# - https://docs.immich.app/developer/setup
-# - https://docs.immich.app/developer/troubleshooting
+# - https://immich.app/docs/developer/setup
+# - https://immich.app/docs/developer/troubleshooting

 name: immich-dev

@@ -41,7 +41,6 @@ services:
      - app-node_modules:/usr/src/app/node_modules
      - sveltekit:/usr/src/app/web/.svelte-kit
      - coverage:/usr/src/app/web/coverage
-      - ../plugins:/build/corePlugin
    env_file:
      - .env
    environment:
@@ -56,8 +55,12 @@ services:
      IMMICH_BUILD_IMAGE_URL: https://github.com/immich-app/immich/pkgs/container/immich-server
      IMMICH_THIRD_PARTY_SOURCE_URL: https://github.com/immich-app/immich/
      IMMICH_THIRD_PARTY_BUG_FEATURE_URL: https://github.com/immich-app/immich/issues
-      IMMICH_THIRD_PARTY_DOCUMENTATION_URL: https://docs.immich.app
-      IMMICH_THIRD_PARTY_SUPPORT_URL: https://docs.immich.app/community-guides
+      IMMICH_THIRD_PARTY_DOCUMENTATION_URL: https://immich.app/docs
+      IMMICH_THIRD_PARTY_SUPPORT_URL: https://immich.app/docs/community-guides
+    ulimits:
+      nofile:
+        soft: 1048576
+        hard: 1048576
    ports:
      - 9230:9230
      - 9231:9231
@@ -96,6 +99,10 @@ services:
      - app-node_modules:/usr/src/app/node_modules
      - sveltekit:/usr/src/app/web/.svelte-kit
      - coverage:/usr/src/app/web/coverage
+    ulimits:
+      nofile:
+        soft: 1048576
+        hard: 1048576
    restart: unless-stopped
    depends_on:
      immich-server:
@@ -115,7 +122,7 @@ services:
    ports:
      - 3003:3003
    volumes:
-      - ../machine-learning/immich_ml:/usr/src/immich_ml
+      - ../machine-learning:/usr/src/app
      - model-cache:/cache
    env_file:
      - .env
@@ -127,13 +134,13 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:546304417feac0874c3dd576e0952c6bb8f06bb4093ea0c9ca303c73cf458f63
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
    healthcheck:
      test: redis-cli ping || exit 1

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84
    env_file:
      - .env
    environment:
@@ -146,8 +153,6 @@ services:
    ports:
      - 5432:5432
    shm_size: 128mb
-    healthcheck:
-      disable: false
  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
  # immich-prometheus:
  #   container_name: immich_prometheus
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -1,5 +1,5 @@
 #
-# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+# WARNING: To install Immich, follow our guide: https://immich.app/docs/install/docker-compose
 #
 # Make sure to use the docker-compose.yml of the current release:
 #
@@ -56,14 +56,14 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:546304417feac0874c3dd576e0952c6bb8f06bb4093ea0c9ca303c73cf458f63
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84
    env_file:
      - .env
    environment:
@@ -77,15 +77,13 @@ services:
      - 5432:5432
    shm_size: 128mb
    restart: always
-    healthcheck:
-      disable: false

  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
  immich-prometheus:
    container_name: immich_prometheus
    ports:
      - 9090:9090
-    image: prom/prometheus@sha256:1f0f50f06acaceb0f5670d2c8a658a599affe7b0d8e78b898c1035653849a702
+    image: prom/prometheus@sha256:63805ebb8d2b3920190daf1cb14a60871b16fd38bed42b857a3182bc621f4996
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
@@ -97,7 +95,7 @@ services:
    command: ['./run.sh', '-disable-reporting']
    ports:
      - 3000:3000
-    image: grafana/grafana:12.3.1-ubuntu@sha256:d57f1365197aec34c4d80869d8ca45bb7787c7663904950dab214dfb40c1c2fd
+    image: grafana/grafana:12.1.1-ubuntu@sha256:d1da838234ff2de93e0065ee1bf0e66d38f948dcc5d718c25fa6237e14b4424a
    volumes:
      - grafana-data:/var/lib/grafana

--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -1,5 +1,5 @@
 #
-# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+# WARNING: To install Immich, follow our guide: https://immich.app/docs/install/docker-compose
 #
 # Make sure to use the docker-compose.yml of the current release:
 #
@@ -36,7 +36,7 @@ services:
    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
    # Example tag: ${IMMICH_VERSION:-release}-cuda
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
-    # extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
+    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
    #   file: hwaccel.ml.yml
    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
    volumes:
@@ -49,14 +49,14 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:546304417feac0874c3dd576e0952c6bb8f06bb4093ea0c9ca303c73cf458f63
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
@@ -69,8 +69,6 @@ services:
      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
    shm_size: 128mb
    restart: always
-    healthcheck:
-      disable: false

 volumes:
  model-cache:
--- a/docker/example.env
+++ b/docker/example.env
@@ -1,4 +1,4 @@
-# You can find documentation for all the supported env variables at https://docs.immich.app/install/environment-variables
+# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables

 # The location where your uploaded files are stored
 UPLOAD_LOCATION=./library
@@ -9,8 +9,8 @@ DB_DATA_LOCATION=./postgres
 # To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
 # TZ=Etc/UTC

-# The Immich version to use. You can pin this to a specific version like "v2.1.0"
-IMMICH_VERSION=v2
+# The Immich version to use. You can pin this to a specific version like "v1.71.0"
+IMMICH_VERSION=release

 # Connection secret for postgres. You should change it to a random password
 # Please use only the characters `A-Za-z0-9`, without special characters or spaces
--- a/docker/hwaccel.ml.yml
+++ b/docker/hwaccel.ml.yml
@@ -4,7 +4,7 @@
 # you can inline the config for a backend by copying its contents
 # into the immich-machine-learning service in the docker-compose.yml file.

-# See https://docs.immich.app/features/ml-hardware-acceleration for info on usage.
+# See https://immich.app/docs/features/ml-hardware-acceleration for info on usage.

 services:
  armnn:
--- a/docker/hwaccel.transcoding.yml
+++ b/docker/hwaccel.transcoding.yml
@@ -4,7 +4,7 @@
 # you can inline the config for a backend by copying its contents
 # into the immich-microservices service in the docker-compose.yml file.

-# See https://docs.immich.app/features/hardware-transcoding for more info on using hardware transcoding.
+# See https://immich.app/docs/features/hardware-transcoding for more info on using hardware transcoding.

 services:
  cpu: {}
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-24.13.0
+22.19.0
--- a/docs/docs/FAQ.mdx
+++ b/docs/docs/FAQ.mdx
@@ -22,7 +22,7 @@ For organizations seeking to resell Immich, we have established the following gu

 - Do not misrepresent your reseller site or services as being officially affiliated with or endorsed by Immich or our development team.

- For small resellers who wish to contribute financially to Immich's development, we recommend directing your customers to purchase product keys directly from us rather than attempting to broker revenue-sharing arrangements. We ask that you refrain from misrepresenting reseller activities as directly supporting our development work.
+- For small resellers who wish to contribute financially to Immich's development, we recommend directing your customers to purchase licenses directy from us rather than attempting to broker revenue-sharing arrangements. We ask that you refrain from misrepresenting reseller activities as directly supporting our development work.

 When in doubt or if you have an edge case scenario, we encourage you to contact us directly via email to discuss the use of our trademark. We can provide clear guidance on what is acceptable and what is not. You can reach out at: questions@immich.app

@@ -133,9 +133,9 @@ There are a few different scenarios that can lead to this situation. The solutio
 The job is only automatically run once per asset after upload. If metadata extraction originally failed, the jobs were cleared/canceled, etc.,
 the job may not have run automatically the first time.

-### How can I hide a photo or video from the timeline?
+### How can I hide photos from the timeline?

-You can _archive_ them. This will hide the asset from the main timeline and folder view, but it will still show up in searches. All archived assets can be found in the _Archive_ view
+You can _archive_ them.

 ### How can I backup data from Immich?

--- a/docs/docs/administration/backup-and-restore.md
+++ b/docs/docs/administration/backup-and-restore.md
@@ -5,104 +5,58 @@ import TabItem from '@theme/TabItem';

 A [3-2-1 backup strategy](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) is recommended to protect your data. You should keep copies of your uploaded photos/videos as well as the Immich database for a comprehensive backup solution. This page provides an overview on how to backup the database and the location of user-uploaded pictures and videos. A template bash script that can be run as a cron job is provided [here](/guides/template-backup-script.md)

+:::danger
+The instructions on this page show you how to prepare your Immich instance to be backed up, and which files to take a backup of. You still need to take care of using an actual backup tool to make a backup yourself.
+:::
+
 ## Database

-Immich stores [file paths in the database](https://github.com/immich-app/immich/discussions/3299), users metadata in the database, it does not scan the library folder, so database backups are essential
+:::caution
+Immich saves [file paths in the database](https://github.com/immich-app/immich/discussions/3299), it does not scan the library folder to update the database so backups are crucial.
+:::

-### Automatic Database Backups
-
-Immich automatically creates database backups for disaster-recovery purposes. These backups are stored in `UPLOAD_LOCATION/backups` and can be managed through the web interface.
-
-You can adjust the backup schedule and retention settings in **Administration > Settings > Backup** (default: keep last 14 backups, create daily at 2:00 AM).
+:::info
+Refer to the official [postgres documentation](https://www.postgresql.org/docs/current/backup.html) for details about backing up and restoring a postgres database.
+:::

 :::caution
-Database backups do **NOT** contain photos or videos — only metadata. They must be used together with a copy of the files in `UPLOAD_LOCATION` as outlined below.
+It is not recommended to directly backup the `DB_DATA_LOCATION` folder. Doing so while the database is running can lead to a corrupted backup that cannot be restored.
 :::

-#### Creating a Backup
-
-You can trigger a database backup manually:
-
-1. Go to **Administration > Queues**
-2. Click **Create job** in the top right
-3. Select **Create Database Backup** and click **Confirm**
-
-The backup will appear in `UPLOAD_LOCATION/backups` and counts toward your retention limit.
-
-### Restoring a Database Backup
-
-Immich provides two ways to restore a database backup: through the web interface or via the command line. The web interface is the recommended method for most users.
-
-### Restore from Settings {#restore-from-settings}
-
-If you have an existing Immich installation:
-
-1. Go to **Administration > Maintenance**
-2. Expand the **Restore database backup** section
-3. You'll see a list of available backups with their version and creation date
-4. Click **Restore** next to the backup you want to restore
-5. Confirm the restore operation
+### Automatic Database Dumps

 :::warning
-Restoring a backup will wipe the current database and replace it with the backup. A restore point is automatically created before the operation begins, allowing rollback if the restore fails.
+The automatic database dumps can be used to restore the database in the event of damage to the Postgres database files.
+There is no monitoring for these dumps and you will not be notified if they are unsuccessful.
 :::

-### Restore from Onboarding {#restore-from-onboarding}
-
-If you're setting up Immich on a fresh installation and want to restore from an existing backup:
-
-1. On the welcome screen, click **Restore from backup**
-2. Immich will enter maintenance mode and display integrity checks for your storage folders
-3. Review the folder status to ensure your library files are accessible
-4. Click **Next** to proceed to backup selection
-5. Select a backup from the list or upload a backup file (`.sql.gz`)
-6. Click **Restore** to begin the restoration process
-
-:::tip
-Before restoring, ensure your `UPLOAD_LOCATION` folders contain the same files that existed when the backup was created. The integrity check will show you which folders are readable/writable and how many files they contain.
+:::caution
+The database dumps do **NOT** contain any pictures or videos, only metadata. They are only usable with a copy of the other files in `UPLOAD_LOCATION` as outlined below.
 :::

-### Uploading a Backup File {#uploading-backup}
+For disaster-recovery purposes, Immich will automatically create database dumps. The dumps are stored in `UPLOAD_LOCATION/backups`.
+Please be sure to make your own, independent backup of the database together with the asset folders as noted below.
+You can adjust the schedule and amount of kept database dumps in the [admin settings](http://my.immich.app/admin/system-settings?isOpen=backup).
+By default, Immich will keep the last 14 database dumps and create a new dump every day at 2:00 AM.

-You can upload a database backup file directly:
+#### Trigger Dump

-1. In the **Restore database backup** section, click **Select from computer**
-2. Choose a `.sql.gz` file
-3. The uploaded backup will appear in the list with an "uploaded-" prefix
-4. Click **Restore** to restore from the uploaded file
+You are able to trigger a database dump in the [admin job status page](http://my.immich.app/admin/jobs-status).
+Visit the page, open the "Create job" modal from the top right, select "Create Database Dump" and click "Confirm".
+A job will run and trigger a dump, you can verify this worked correctly by checking the logs or the `backups/` folder.
+This dumps will count towards the last `X` dumps that will be kept based on your settings.

-### Backup Version Compatibility {#backup-compatibility}
+#### Restoring

-When viewing backups, Immich displays compatibility indicators:
+We hope to make restoring simpler in future versions, for now you can find the database dumps in the `UPLOAD_LOCATION/backups` folder on your host.
+Then please follow the steps in the following section for restoring the database.

- ✅ **Green checkmark**: Backup version matches current Immich version
- ⚠️ **Warning**: Backup was created with a different Immich version
- ❌ **Error**: Could not determine backup version
-
-:::warning
-Restoring a backup from a different Immich version may require database migrations. The restore process will attempt to run migrations automatically, but you should ensure you're restoring to a compatible version when possible.
-:::
-
-### Restore Process {#restore-process}
-
-During restoration, Immich will:
-
-1. Create a backup of the current database (restore point)
-2. Restore the selected backup
-3. Run database migrations if needed
-4. Perform a health check to verify the restore succeeded
-
-If the restore fails (e.g., corrupted backup or missing admin user), Immich will automatically roll back to the restore point.
-
-### Restore via Command Line {#restore-cli}
-
-For advanced users or automated recovery scenarios, you can restore a database backup using the command line.
+### Manual Backup and Restore

 <Tabs>
  <TabItem value="Linux system" label="Linux system" default>

 ```bash title='Backup'
-# Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
 docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME> | gzip > "/path/to/backup/dump.sql.gz"
 ```

@@ -115,18 +69,16 @@ docker compose create           # Create Docker containers for Immich apps witho
 docker start immich_postgres    # Start Postgres server
 sleep 10                        # Wait for Postgres server to start up
 # Check the database user if you deviated from the default
-# Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
 gunzip --stdout "/path/to/backup/dump.sql.gz" \
 | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" \
 | docker exec -i immich_postgres psql --dbname=postgres --username=<DB_USERNAME>  # Restore Backup
 docker compose up -d            # Start remainder of Immich apps
 ```

-  </TabItem>
+</TabItem>
  <TabItem value="Windows system (PowerShell)" label="Windows system (PowerShell)">

 ```powershell title='Backup'
-# Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
 [System.IO.File]::WriteAllLines("C:\absolute\path\to\backup\dump.sql", (docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME>))
 ```

@@ -140,23 +92,19 @@ docker compose create                             # Create Docker containers for
 docker start immich_postgres                      # Start Postgres server
 sleep 10                                          # Wait for Postgres server to start up
 docker exec -it immich_postgres bash              # Enter the Docker shell and run the following command
-# If your backup ends in `.gz`, replace `cat` with `gunzip --stdout`
-# Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
-
+# Check the database user if you deviated from the default. If your backup ends in `.gz`, replace `cat` with `gunzip --stdout`
 cat "/dump.sql" | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" | psql --dbname=postgres --username=<DB_USERNAME>
 exit                                              # Exit the Docker shell
 docker compose up -d                              # Start remainder of Immich apps
 ```

-  </TabItem>
+</TabItem>
 </Tabs>

-:::note
-For the database restore to proceed properly, it requires a completely fresh install (i.e., the Immich server has never run since creating the Docker containers). If the Immich app has run, you may encounter Postgres conflicts (relation already exists, violated foreign key constraints, etc.). In this case, delete the `DB_DATA_LOCATION` folder to reset the database.
-:::
+Note that for the database restore to proceed properly, it requires a completely fresh install (i.e. the Immich server has never run since creating the Docker containers). If the Immich app has run, Postgres conflicts may be encountered upon database restoration (relation already exists, violated foreign key constraints, multiple primary keys, etc.), in which case you need to delete the `DB_DATA_LOCATION` folder to reset the database.

 :::tip
-Some deployment methods make it difficult to start the database without also starting the server. In these cases, set the environment variable `DB_SKIP_MIGRATIONS=true` before starting the services. This prevents the server from running migrations that interfere with the restore process. Remove this variable and restart services after the database is restored.
+Some deployment methods make it difficult to start the database without also starting the server. In these cases, you may set the environment variable `DB_SKIP_MIGRATIONS=true` before starting the services. This will prevent the server from running migrations that interfere with the restore process. Be sure to remove this variable and restart the services after the database is restored.
 :::

 ## Filesystem
--- a/docs/docs/administration/jobs-workers.md
+++ b/docs/docs/administration/jobs-workers.md
@@ -55,19 +55,3 @@ Additionally, some jobs (such as memories generation) run on a schedule, which i
 :::note
 Some jobs ([External Libraries](/features/libraries) scanning, Database Dump) are configured in their own sections in System Settings.
 :::
-
-## Job processing order
-
-The below diagram shows the job run order for newly uploaded files
-
-```mermaid
-graph TD
-    A[Asset Upload] --> B[Metadata Extraction]
-    B --> C[Storage Template Migration]
-    C --> D["Thumbnail Generation (Large, small, blurred and person)"]
-    D --> E[Smart Search]
-    D --> F[Face Detection]
-    D --> G[Video Transcoding]
-    E --> H[Duplicate Detection]
-    F --> I[Facial Recognition]
-```
--- a/docs/docs/administration/maintenance-mode.md
+++ b/docs/docs/administration/maintenance-mode.md
@@ -1,18 +0,0 @@
-# Maintenance Mode
-
-Maintenance mode is used to perform administrative tasks such as restoring backups to Immich.
-
-You can enter maintenance mode by either:
-
- Selecting "enable maintenance mode" in system settings in administration.
- Running the enable maintenance mode [administration command](./server-commands.md).
-
-## Logging in during maintenance
-
-Maintenance mode uses a separate login system which is handled automatically behind the scenes in most cases. Enabling maintenance mode in settings will automatically log you into maintenance mode when the server comes back up.
-
-If you find that you've been logged out, you can:
-
- Open the logs for the Immich server and look for _"🚧 Immich is in maintenance mode, you can log in using the following URL:"_
- Run the enable maintenance mode [administration command](./server-commands.md) again, this will give you a new URL to login with.
- Run the disable maintenance mode [administration command](./server-commands.md) then re-enter through system settings.
--- a/docs/docs/administration/postgres-standalone.md
+++ b/docs/docs/administration/postgres-standalone.md
@@ -10,19 +10,16 @@ Running with a pre-existing Postgres server can unlock powerful administrative f

 ## Prerequisites

-You must install pgvector as it is a prerequisite for VectorChord.
+You must install `pgvector` (`>= 0.7.0, < 1.0.0`), as it is a prerequisite for `vchord`.
 The easiest way to do this on Debian/Ubuntu is by adding the [PostgreSQL Apt repository][pg-apt] and then
 running `apt install postgresql-NN-pgvector`, where `NN` is your Postgres version (e.g., `16`).

 You must install VectorChord into your instance of Postgres using their [instructions][vchord-install]. After installation, add `shared_preload_libraries = 'vchord.so'` to your `postgresql.conf`. If you already have some `shared_preload_libraries` set, you can separate each extension with a comma. For example, `shared_preload_libraries = 'pg_stat_statements, vchord.so'`.

-:::note Supported versions
-Immich is known to work with Postgres versions `>= 14, < 19`.
+:::note
+Immich is known to work with Postgres versions `>= 14, < 18`.

-VectorChord is known to work with pgvector versions `>= 0.7, < 0.9`.
-
-The Immich server will check the VectorChord version on startup to ensure compatibility, and refuse to start if a compatible version is not found.
-The current accepted range for VectorChord is `>= 0.3, < 2.0`.
+Make sure the installed version of VectorChord is compatible with your version of Immich. The current accepted range for VectorChord is `>= 0.3.0, < 0.5.0`.
 :::

 ## Specifying the connection URL
--- a/docs/docs/administration/reverse-proxy.md
+++ b/docs/docs/administration/reverse-proxy.md
@@ -6,10 +6,6 @@ Users can deploy a custom reverse proxy that forwards requests to Immich. This w
 Immich does not support being served on a sub-path such as `location /immich {`. It has to be served on the root path of a (sub)domain.
 :::

-:::info
-If your reverse proxy uses the [Let's Encrypt](https://letsencrypt.org/) [http-01 challenge](https://letsencrypt.org/docs/challenge-types/#http-01-challenge), you may want to verify that the Immich well-known endpoint (`/.well-known/immich`) gets correctly routed to Immich, otherwise it will likely be routed elsewhere and the mobile app may run into connection issues.
-:::
-
 ### Nginx example config

 Below is an example config for nginx. Make sure to set `public_url` to the front-facing URL of your instance, and `backend_url` to the path of the Immich server.
@@ -21,12 +17,6 @@ server {
    # allow large file uploads
    client_max_body_size 50000M;

-    # disable buffering uploads to prevent OOM on reverse proxy server and make uploads twice as fast (no pause)
-    proxy_request_buffering off;
-
-    # increase body buffer to avoid limiting upload speed
-    client_body_buffer_size 1024k;
-
    # Set headers
    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
@@ -35,6 +25,8 @@ server {

    # enable websockets: http://nginx.org/en/docs/http/websocket.html
    proxy_http_version 1.1;
+    proxy_set_header   Upgrade    $http_upgrade;
+    proxy_set_header   Connection "upgrade";
    proxy_redirect     off;

    # set timeout
@@ -44,17 +36,30 @@ server {

    location / {
        proxy_pass http://<backend_url>:2283;
-        proxy_set_header   Upgrade    $http_upgrade;
-        proxy_set_header   Connection "upgrade";
    }
-
-    # useful when using Let's Encrypt http-01 challenge
-    # location = /.well-known/immich {
-    #     proxy_pass http://<backend_url>:2283;
-    # }
 }
 ```

+#### Compatibility with Let's Encrypt
+
+In the event that your nginx configuration includes a section for Let's Encrypt, it's likely that you have a segment similar to the following:
+
+```nginx
+location ~ /.well-known {
+    ...
+}
+```
+
+This particular `location` directive can inadvertently prevent mobile clients from reaching the `/.well-known/immich` path, which is crucial for discovery. Usual error message for this case is: "Your app major version is not compatible with the server". To remedy this, you should introduce an additional location block specifically for this path, ensuring that requests are correctly proxied to the Immich server:
+
+```nginx
+location = /.well-known/immich {
+    proxy_pass http://<backend_url>:2283;
+}
+```
+
+By doing so, you'll maintain the functionality of Let's Encrypt while allowing mobile clients to access the necessary Immich path without obstruction.
+
 ### Caddy example config

 As an alternative to nginx, you can also use [Caddy](https://caddyserver.com/) as a reverse proxy (with automatic HTTPS configuration). Below is an example config.
--- a/docs/docs/administration/server-commands.md
+++ b/docs/docs/administration/server-commands.md
@@ -2,19 +2,17 @@

 The `immich-server` docker image comes preinstalled with an administrative CLI (`immich-admin`) that supports the following commands:

-| Command                    | Description                                                   |
-| -------------------------- | ------------------------------------------------------------- |
-| `help`                     | Display help                                                  |
-| `reset-admin-password`     | Reset the password for the admin user                         |
-| `disable-password-login`   | Disable password login                                        |
-| `enable-password-login`    | Enable password login                                         |
-| `disable-maintenance-mode` | Disable maintenance mode                                      |
-| `enable-maintenance-mode`  | Enable maintenance mode                                       |
-| `enable-oauth-login`       | Enable OAuth login                                            |
-| `disable-oauth-login`      | Disable OAuth login                                           |
-| `list-users`               | List Immich users                                             |
-| `version`                  | Print Immich version                                          |
-| `change-media-location`    | Change database file paths to align with a new media location |
+| Command                  | Description                                                   |
+| ------------------------ | ------------------------------------------------------------- |
+| `help`                   | Display help                                                  |
+| `reset-admin-password`   | Reset the password for the admin user                         |
+| `disable-password-login` | Disable password login                                        |
+| `enable-password-login`  | Enable password login                                         |
+| `enable-oauth-login`     | Enable OAuth login                                            |
+| `disable-oauth-login`    | Disable OAuth login                                           |
+| `list-users`             | List Immich users                                             |
+| `version`                | Print Immich version                                          |
+| `change-media-location`  | Change database file paths to align with a new media location |

 ## How to run a command

@@ -49,23 +47,6 @@ immich-admin enable-password-login
 Password login has been enabled.
 ```

-Disable Maintenance Mode
-
-```
-immich-admin disable-maintenance-mode
-Maintenance mode has been disabled.
-```
-
-Enable Maintenance Mode
-
-```
-immich-admin enable-maintenance-mode
-Maintenance mode has been enabled.
-
-Log in using the following URL:
-https://my.immich.app/maintenance?token=<token>
-```
-
 Enable OAuth login

 ```
--- a/docs/docs/community-guides.mdx
+++ b/docs/docs/community-guides.mdx
@@ -0,0 +1,12 @@
+# Community Guides
+
+This page lists community guides that are written around Immich, but not officially supported by the development team.
+
+:::warning
+This list comes with no guarantees about security, performance, reliability, or accuracy. Use at your own risk.
+:::
+
+import CommunityGuides from '../src/components/community-guides.tsx';
+import React from 'react';
+
+<CommunityGuides />
--- a/docs/docs/community-projects.mdx
+++ b/docs/docs/community-projects.mdx
@@ -0,0 +1,12 @@
+# Community Projects
+
+This page lists community projects that are built around Immich, but not officially supported by the development team.
+
+:::warning
+This list comes with no guarantees about security, performance, reliability, or accuracy. Use at your own risk.
+:::
+
+import CommunityProjects from '../src/components/community-projects.tsx';
+import React from 'react';
+
+<CommunityProjects />
--- a/docs/docs/developer/database-migrations.md
+++ b/docs/docs/developer/database-migrations.md
@@ -12,13 +12,3 @@ pnpm run migrations:generate <migration-name>
 3. Move the migration file to folder `./server/src/schema/migrations` in your code editor.

 The server will automatically detect `*.ts` file changes and restart. Part of the server start-up process includes running any new migrations, so it will be applied immediately.
-
-## Reverting a Migration
-
-If you need to undo the most recently applied migration—for example, when developing or testing on schema changes—run:
-
-```bash
-pnpm run migrations:revert
-```
-
-This command rolls back the latest migration and brings the database schema back to its previous state.
--- a/docs/docs/developer/devcontainers.md
+++ b/docs/docs/developer/devcontainers.md
@@ -256,7 +256,7 @@ The Dev Container supports multiple ways to run tests:

 ```bash
 # Run tests for specific components
-make test-server        # Server unit tests
+make test-server         # Server unit tests
 make test-web           # Web unit tests
 make test-e2e           # End-to-end tests
 make test-cli           # CLI tests
@@ -268,13 +268,12 @@ make test-all           # Runs tests for all components
 make test-medium-dev    # End-to-end tests
 ```

-#### Using PNPM Directly
+#### Using NPM Directly

 ```bash
 # Server tests
 cd /workspaces/immich/server
-pnpm test               # Run all tests
-pnpm run test:medium    # Medium tests (integration tests)
+pnpm test                # Run all tests
 pnpm run test:watch     # Watch mode
 pnpm run test:cov       # Coverage report

@@ -294,21 +293,21 @@ pnpm run test:web       # Run web UI tests
 ```bash
 # Linting
 make lint-server        # Lint server code
-make lint-web           # Lint web code
-make lint-all           # Lint all components
+make lint-web          # Lint web code
+make lint-all          # Lint all components

 # Formatting
 make format-server      # Format server code
-make format-web         # Format web code
-make format-all         # Format all code
+make format-web        # Format web code
+make format-all        # Format all code

 # Type checking
 make check-server       # Type check server
-make check-web          # Type check web
-make check-all          # Check all components
+make check-web         # Type check web
+make check-all         # Check all components

 # Complete hygiene check
-make hygiene-all        # Run lint, format, check, SQL sync, and audit
+make hygiene-all       # Runs lint, format, check, SQL sync, and audit
 ```

 ### Additional Make Commands
@@ -316,21 +315,21 @@ make hygiene-all        # Run lint, format, check, SQL sync, and audit
 ```bash
 # Build commands
 make build-server       # Build server
-make build-web          # Build web app
-make build-all          # Build everything
+make build-web         # Build web app
+make build-all         # Build everything

 # API generation
-make open-api           # Generate OpenAPI specs
+make open-api          # Generate OpenAPI specs
 make open-api-typescript # Generate TypeScript SDK
-make open-api-dart      # Generate Dart SDK
+make open-api-dart     # Generate Dart SDK

 # Database
-make sql                # Sync database schema
+make sql               # Sync database schema

 # Dependencies
-make install-server     # Install server dependencies
-make install-web        # Install web dependencies
-make install-all        # Install all dependencies
+make install-server    # Install server dependencies
+make install-web      # Install web dependencies
+make install-all      # Install all dependencies
 ```

 ### Debugging
--- a/docs/docs/developer/pr-checklist.md
+++ b/docs/docs/developer/pr-checklist.md
@@ -14,15 +14,15 @@ When contributing code through a pull request, please check the following:
 - [ ] `pnpm run check:typescript` (check typescript)
 - [ ] `pnpm test` (unit tests)

-:::tip AIO
-Run all web checks with `pnpm run check:all`
-:::
-
 ## Documentation

 - [ ] `pnpm run format` (formatting via Prettier)
 - [ ] Update the `_redirects` file if you have renamed a page or removed it from the documentation.

+:::tip AIO
+Run all web checks with `pnpm run check:all`
+:::
+
 ## Server Checks

 - [ ] `pnpm run lint` (linting via ESLint)
--- a/docs/docs/developer/setup.md
+++ b/docs/docs/developer/setup.md
@@ -4,12 +4,8 @@ sidebar_position: 2

 # Setup

-:::warning
-Make sure to read the [`CONTRIBUTING.md`](https://github.com/immich-app/immich/blob/main/CONTRIBUTING.md) before you dive into the code.
-:::
-
 :::note
-If there's a feature you're planning to work on, just give us a heads up in [#contributing](https://discord.com/channels/979116623879368755/1071165397228855327) on [our Discord](https://discord.immich.app) so we can:
+If there's a feature you're planning to work on, just give us a heads up in [Discord](https://discord.com/channels/979116623879368755/1071165397228855327) so we can:

 1. Let you know if it's something we would accept into Immich
 2. Provide any guidance on how something like that would ideally be implemented
@@ -52,6 +48,7 @@ You can access the web from `http://your-machine-ip:3000` or `http://localhost:3
 **Notes:**

 - The "web" development container runs with uid 1000. If that uid does not have read/write permissions on the mounted volumes, you may encounter errors
+- In case of rootless docker setup, you need to use root within the container, otherwise you will encounter read/write permission related errors, see comments in `docker/docker-compose.dev.yml`.

 #### Connect web to a remote backend

--- a/docs/docs/developer/testing.md
+++ b/docs/docs/developer/testing.md
@@ -18,7 +18,6 @@ make e2e
 Before you can run the tests, you need to run the following commands _once_:

 - `pnpm install` (in `e2e/`)
- `pnpm run build` (in `cli/`)
 - `make open-api` (in the project root `/`)

 Once the test environment is running, the e2e tests can be run via:
--- a/docs/docs/features/automatic-backup.md
+++ b/docs/docs/features/automatic-backup.md
@@ -1,42 +1,37 @@
 # Automatic Backup

-## Overview
-
 Immich supports uploading photos and videos from your mobile device to the server automatically.

-By enable the backup button, Immich will upload new photos and videos from selected albums when you open or resume the app, as well as periodically in the background (iOS), or when the a new photos or videos are taken (Android).
+---

-<img
-src={require('./img/enable-backup-button.webp').default}
-width="300px"
-title="Upload button"
-/>
+You can enable the settings by accessing the upload options from the upload page

-## Platform Specific Features
+<img src={require('./img/backup-settings-access.webp').default} width="50%" title="Backup option selection" />

-### General
+<img src={require('./img/background-foreground-backup.webp').default} width="50%" title="Foreground&Background Backup" />

-By default, Immich will only upload photos and videos when connected to Wi-Fi. You can change this behavior in the backup settings page.
+## Foreground backup

-<img
-src={require('./img/backup-options.webp').default}
-width="500px"
-title="Upload button"
-/>
+If foreground backup is enabled: whenever the app is opened or resumed, it will check if any photos or videos in the selected album(s) have yet to be uploaded to the cloud (the remainder count). If there are any, they will be uploaded.

-### Android
+## Background backup

-<img
-src={require('./img/android-backup-options.webp').default}
-width="500px"
-title="Upload button"
-/>
+This feature is intended for everyday use. For initial bulk uploading, please use the foreground upload feature. For more information on why background upload is not working as expected, please refer to the [FAQ](/FAQ#why-does-foreground-backup-stop-when-i-navigate-away-from-the-app-shouldnt-it-transfer-the-job-to-background-backup).
+
+If background backup is enabled. The app will periodically check if there are any new photos or videos in the selected album(s) to be uploaded to the server. If there are, it will upload them to the cloud in the background.
+
+:::info Note
+
+#### General
+
+- The app must be in the background for the backup worker to start running.
+- If you reopen the app and the first page you see is the backup page, the counts will not reflect the background uploaded result. You have to navigate out of the page and come back to see the updated counts.
+
+#### Android

 - It is a well-known problem that some Android models are very strict with battery optimization settings, which can cause a problem with the background worker. Please visit [Don't kill my app](https://dontkillmyapp.com/) for a guide on disabling this setting on your phone.
- You can allow the background task to run when the device is charging.
- You can set the minimum delay from the time a photo is taken to when the background upload task will run.

-### iOS
+#### iOS

 - You must enable **Background App Refresh** for the app to work in the background. You can enable it in the Settings app under General > Background App Refresh.

@@ -44,4 +39,4 @@ title="Upload button"
 <img src={require('./img/background-app-refresh.webp').default} width="30%" title="background-app-refresh" />
 </div>

- iOS automatically manages background tasks, the app cannot control when the background upload task will run. It is known that the more frequently you open the app, the more often the background task will run.
+:::
--- a/docs/docs/features/casting.md
+++ b/docs/docs/features/casting.md
@@ -4,7 +4,7 @@ Immich supports the Google's Cast protocol so that photos and videos can be cast

 ## Enable Google Cast Support

-Google Cast support is disabled by default. The web UI uses Google-provided scripts and must retrieve them from Google servers when the page loads. This is a privacy concern for some and is thus opt-in.
+Google Cast support is disabled by default. The web UI uses Google-provided scripts and must retreive them from Google servers when the page loads. This is a privacy concern for some and is thus opt-in.

 You can enable Google Cast support through `Account Settings > Features > Cast > Google Cast`

--- a/docs/docs/features/command-line-interface.md
+++ b/docs/docs/features/command-line-interface.md
@@ -103,7 +103,6 @@ Options:
  -c, --concurrency <number>  Number of assets to upload at the same time (default: 4, env: IMMICH_UPLOAD_CONCURRENCY)
  -j, --json-output           Output detailed information in json format (default: false, env: IMMICH_JSON_OUTPUT)
  --delete                    Delete local assets after upload (env: IMMICH_DELETE_ASSETS)
-  --delete-duplicates         Delete local assets that are duplicates (already exist on server) (env: IMMICH_DELETE_DUPLICATES)
  --no-progress               Hide progress bars (env: IMMICH_PROGRESS_BAR)
  --watch                     Watch for changes and upload automatically (default: false, env: IMMICH_WATCH_CHANGES)
  --help                      display help for command
@@ -183,13 +182,11 @@ For example to get a list of files that would be uploaded for further
 processing:

 ```bash
-immich upload --dry-run . | tail -n +6 | jq .newFiles[]
+immich upload --dry-run . | tail -n +4 | jq .newFiles[]
 ```

 ### Obtain the API Key

-The API key can be obtained in the user setting panel on the web interface. You can also specify permissions for the key to limit its access.
+The API key can be obtained in the user setting panel on the web interface.

 ![Obtain Api Key](./img/obtain-api-key.webp)
-
-![Specify permission for the key](./img/obtain-api-key-2.webp)
--- a/docs/docs/features/facial-recognition.md
+++ b/docs/docs/features/facial-recognition.md
@@ -21,14 +21,14 @@ The asset detail view will also show the faces that are recognized in the asset.
 Additional actions you can do include:

 - Changing the feature photo of the person
- Hiding the faces of a person from the Explore page and detail view
- Setting a person's date of birth, so that the age of the person can be shown at the time the photo was taken
+- Setting a person's date of birth
 - Merging two or more detected faces into one person
- Favoriting a person to pin them to the top of the list
+- Hiding the faces of a person from the Explore page and detail view
+- Assigning an unrecognized face to a person

 It can be found from the app bar when you access the detail view of a person.

-<img src={require('./img/facial-recognition-4.webp').default} title='Facial Recognition 4' />
+<img src={require('./img/facial-recognition-4.webp').default} title='Facial Recognition 4' width="70%"/>

 ## How Face Detection Works

--- a/docs/docs/features/hardware-transcoding.md
+++ b/docs/docs/features/hardware-transcoding.md
@@ -71,22 +71,6 @@ For RKMPP to work:

 5. (Optional) Enable hardware decoding for optimal performance.

-<details>
-<summary>immich.json</summary>
-
-If you use a [configuration file](/install/config-file.md), use the `accel` option to select the hardware (e.g. `qsv` for Intel or `nvenc` for Nvidia). Set `accelDecode` to `true` if you want hardware decoding.
-
-```json
-{
-  "ffmpeg": {
-    "accel": "qsv",
-    "accelDecode": true
-  }
-}
-```
-
-</details>
-
 #### Single Compose File

 Some platforms, including Unraid and Portainer, do not support multiple Compose files as of writing. As an alternative, you can "inline" the relevant contents of the [`hwaccel.transcoding.yml`][hw-file] file into the `immich-server` service directly.
--- a/docs/docs/features/img/android-backup-options.webp
+++ b/docs/docs/features/img/android-backup-options.webp
--- a/docs/docs/features/img/background-foreground-backup.webp
+++ b/docs/docs/features/img/background-foreground-backup.webp
--- a/docs/docs/features/img/backup-options.webp
+++ b/docs/docs/features/img/backup-options.webp
--- a/docs/docs/features/img/enable-backup-button.webp
+++ b/docs/docs/features/img/enable-backup-button.webp
--- a/docs/docs/features/img/facial-recognition-1.webp
+++ b/docs/docs/features/img/facial-recognition-1.webp
--- a/docs/docs/features/img/facial-recognition-2.webp
+++ b/docs/docs/features/img/facial-recognition-2.webp
--- a/docs/docs/features/img/facial-recognition-3.webp
+++ b/docs/docs/features/img/facial-recognition-3.webp
--- a/docs/docs/features/img/facial-recognition-4.webp
+++ b/docs/docs/features/img/facial-recognition-4.webp
--- a/docs/docs/features/img/folder-view-enable.webp
+++ b/docs/docs/features/img/folder-view-enable.webp
--- a/docs/docs/features/img/free-up-space.webp
+++ b/docs/docs/features/img/free-up-space.webp
--- a/docs/docs/features/img/gcast-enable.webp
+++ b/docs/docs/features/img/gcast-enable.webp
--- a/docs/docs/features/img/mobile-upload-selected-photos.webp
+++ b/docs/docs/features/img/mobile-upload-selected-photos.webp
--- a/docs/docs/features/img/obtain-api-key-2.webp
+++ b/docs/docs/features/img/obtain-api-key-2.webp
--- a/docs/docs/features/img/obtain-api-key.webp
+++ b/docs/docs/features/img/obtain-api-key.webp
--- a/docs/docs/features/img/partner-sharing-1.webp
+++ b/docs/docs/features/img/partner-sharing-1.webp
--- a/docs/docs/features/img/partner-sharing-2.webp
+++ b/docs/docs/features/img/partner-sharing-2.webp
--- a/docs/docs/features/img/partner-sharing-3.webp
+++ b/docs/docs/features/img/partner-sharing-3.webp
--- a/docs/docs/features/img/partner-sharing-4.webp
+++ b/docs/docs/features/img/partner-sharing-4.webp
--- a/docs/docs/features/img/partner-sharing-5.webp
+++ b/docs/docs/features/img/partner-sharing-5.webp
--- a/docs/docs/features/img/partner-sharing-7.webp
+++ b/docs/docs/features/img/partner-sharing-7.webp
--- a/docs/docs/features/img/public-shared-link-album.webp
+++ b/docs/docs/features/img/public-shared-link-album.webp
--- a/docs/docs/features/img/public-shared-link-form.webp
+++ b/docs/docs/features/img/public-shared-link-form.webp
--- a/docs/docs/features/img/public-shared-link-individual.webp
+++ b/docs/docs/features/img/public-shared-link-individual.webp
--- a/docs/docs/features/img/reverse-geocoding-mobile1.webp
+++ b/docs/docs/features/img/reverse-geocoding-mobile1.webp
--- a/docs/docs/features/img/reverse-geocoding-mobile2.webp
+++ b/docs/docs/features/img/reverse-geocoding-mobile2.webp
--- a/docs/docs/features/img/reverse-geocoding-mobile3.webp
+++ b/docs/docs/features/img/reverse-geocoding-mobile3.webp
--- a/docs/docs/features/img/shared-album-mobile.webp
+++ b/docs/docs/features/img/shared-album-mobile.webp
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
midzelis	0168353c2d	refactor(web): extract asset grid layout logic into AssetLayout component - Extracts the asset grid rendering logic from `MonthSegment` into a dedicated `AssetLayout` component - Simplifies `MonthSegment` by delegating layout responsibilities while maintaining all existing functionality - Renames `customLayout` prop to `customThumbnailLayout` for clarity across Timeline components ## Changes - Created new `AssetLayout.svelte` component that handles: - Asset grid rendering with proper positioning - Animation transitions - Filtering of intersecting viewer assets - Updated `MonthSegment.svelte` to use `AssetLayout` via composition pattern - Renamed `customLayout` to `customThumbnailLayout` in Timeline and related components - Moved thumbnail click and selection logic to Timeline parent component using snippets	2025-09-30 00:08:14 +00:00
midzelis	c44b315117	refactor(web): consolidate asset operations in PhotostreamManager base class Moves common asset operation methods (upsertAssets, removeAssets, updateAssetOperation) from TimelineManager into PhotostreamManager base class, making them available to all photostream implementations. Updates all consuming components to use the more accurate 'upsertAssets' naming instead of separate 'addAssets' and 'updateAssets' methods. - Move asset operation methods to PhotostreamManager base class - Replace addAssets/updateAssets calls with unified upsertAssets method - Update type imports to use PhotostreamManager instead of TimelineManager - Remove operations-support.svelte.ts (functionality moved to base class) - Add abstract upsertAssetIntoSegment method for subclass customization	2025-09-30 00:00:50 +00:00
midzelis	98ab224791	refactor: adjust favorite, delete, and archive actions for timeline - Pass TimelineManager instance to timeline action components instead of callbacks - Move asset update logic (delete, archive, favorite) into action components	2025-09-29 01:26:59 +00:00
midzelis	e5fce47c0c	Rename TimelineDateGroup to MonthSegment	2025-09-28 19:41:41 +00:00
midzelis	3a468a3f50	refactor(web): extract common timeline functionality into PhotostreamManager base classes Create abstract PhotostreamManager and PhotostreamSegment base classes to enable reusable timeline-like components. This refactoring extracts common viewport management, scroll handling, and segment operations from TimelineManager and MonthGroup into reusable abstractions. Changes: - Add PhotostreamManager.svelte.ts with viewport and scroll management - Add PhotostreamSegment.svelte.ts with segment positioning and intersection logic - Refactor TimelineManager to extend PhotostreamManager - Refactor MonthGroup to extend PhotostreamSegment - Add utility functions for segment identification and date formatting - Update tests to reflect new inheritance structure	2025-09-28 19:41:41 +00:00
midzelis	e600cf64b0	refactor(web): extract asset viewer logic from Timeline into TimelineAssetViewer component - Extracted asset viewer navigation and action handling logic from Timeline.svelte into a dedicated TimelineAssetViewer component - Reduces Timeline.svelte complexity by ~150 lines and improves separation of concerns - No functional changes - purely a refactoring to improve code organization ## Changes - Created new TimelineAssetViewer.svelte component containing all asset viewer-related logic - Moved handlePrevious, handleNext, handleRandom, handleClose, handlePreAction, and handleAction methods - Timeline.svelte now only passes required props to the new component - Maintained all existing functionality including navigation, asset actions, and stack management	2025-09-28 19:41:41 +00:00
midzelis	41066b1c31	refactor(web): extract timeline keyboard actions into separate component Extracts keyboard shortcuts and related functionality from Timeline component into a dedicated TimelineKeyboardActions component for better separation of concerns and maintainability.	2025-09-28 19:41:41 +00:00
midzelis	9051fa6949	refactor(web): Clarify property names in Timeline and Scrubber Renamed properties across Timeline/Scrubber components for clarity: - scrubOverallPercent → timelineScrollPercent - scrubberMonthPercent → viewportTopMonthScrollPercent - scrubberMonth → viewportTopMonth - leadout → isInLeadOutSection Additional changes: - Updated ScrubberListener signature to accept object parameter - Added detailed JSDoc comments for all Scrubber props - Fixed callback invocations to use new object syntax - Aligned Timeline's local state variables with Scrubber prop names	2025-09-28 19:41:41 +00:00
@@ -1 +1 @@
 .13.0
 .19.0