remove version flag

fix mutating config
add hw decode toggle
2026-05-16 04:22:17 -04:00 · 2024-05-14 20:40:36 -04:00 · 2024-05-14 20:40:36 -04:00 · 2024-05-14 20:40:36 -04:00 · 2024-05-14 20:40:36 -04:00 · 2024-05-14 20:40:36 -04:00
4883 changed files with 275309 additions and 748739 deletions
@@ -1,126 +0,0 @@
-{
-  "name": "Immich - Backend, Frontend and ML",
-  "service": "immich-server",
-  "runServices": [
-    "immich-init",
-    "immich-server",
-    "redis",
-    "database",
-    "immich-machine-learning"
-  ],
-  "dockerComposeFile": [
-    "../docker/docker-compose.dev.yml",
-    "./server/container-compose-overrides.yml"
-  ],
-  "customizations": {
-    "vscode": {
-      "extensions": [
-        "dbaeumer.vscode-eslint",
-        "esbenp.prettier-vscode",
-        "svelte.svelte-vscode",
-        "ms-vscode-remote.remote-containers",
-        "foxundermoon.shell-format",
-        "timonwong.shellcheck",
-        "rvest.vs-code-prettier-eslint",
-        "bluebrown.yamlfmt",
-        "vkrishna04.cspell-sync",
-        "vitest.explorer",
-        "ms-playwright.playwright",
-        "ms-azuretools.vscode-docker"
-      ],
-      "settings": {
-        "tasks": {
-          "version": "2.0.0",
-          "tasks": [
-            {
-              "label": "Immich API Server (Nest)",
-              "type": "shell",
-              "command": "[ -f /immich-devcontainer/container-start-backend.sh ] && /immich-devcontainer/container-start-backend.sh || exit 0",
-              "isBackground": true,
-              "presentation": {
-                "echo": true,
-                "reveal": "always",
-                "focus": false,
-                "panel": "dedicated",
-                "showReuseMessage": true,
-                "clear": false,
-                "group": "Devcontainer tasks",
-                "close": true
-              },
-              "runOptions": {
-                "runOn": "folderOpen"
-              },
-              "problemMatcher": []
-            },
-            {
-              "label": "Immich Web Server (Vite)",
-              "type": "shell",
-              "command": "[ -f /immich-devcontainer/container-start-frontend.sh ] && /immich-devcontainer/container-start-frontend.sh || exit 0",
-              "isBackground": true,
-              "presentation": {
-                "echo": true,
-                "reveal": "always",
-                "focus": false,
-                "panel": "dedicated",
-                "showReuseMessage": true,
-                "clear": false,
-                "group": "Devcontainer tasks",
-                "close": true
-              },
-              "runOptions": {
-                "runOn": "folderOpen"
-              },
-              "problemMatcher": []
-            },
-            {
-              "label": "Build Immich CLI",
-              "type": "shell",
-              "command": "pnpm --filter @immich/cli build:dev"
-            }
-          ]
-        }
-      }
-    }
-  },
-  "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      // https://github.com/devcontainers/features/issues/1466
-      "moby": false
-    }
-  },
-  "forwardPorts": [3000, 9231, 9230, 2283],
-  "portsAttributes": {
-    "3000": {
-      "label": "Immich - Frontend HTTP",
-      "description": "The frontend of the Immich project",
-      "onAutoForward": "openBrowserOnce"
-    },
-    "2283": {
-      "label": "Immich - API Server - HTTP",
-      "description": "The API server of the Immich project"
-    },
-    "9231": {
-      "label": "Immich - API Server - DEBUG",
-      "description": "The API server of the Immich project"
-    },
-    "9230": {
-      "label": "Immich - Workers - DEBUG",
-      "description": "The workers of the Immich project"
-    }
-  },
-  "overrideCommand": true,
-  "workspaceFolder": "/usr/src/app",
-  "remoteUser": "root",
-  "userEnvProbe": "loginInteractiveShell",
-  "remoteEnv": {
-    // The location where your uploaded files are stored
-    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./library}",
-    //  Connection secret for postgres. You should change it to a random password
-    //  Please use only the characters `A-Za-z0-9`, without special characters or spaces
-    "DB_PASSWORD": "${localEnv:DB_PASSWORD:postgres}",
-    //  The database username
-    "DB_USERNAME": "${localEnv:DB_USERNAME:postgres}",
-    //  The database name
-    "DB_DATABASE_NAME": "${localEnv:DB_DATABASE_NAME:immich}"
-  }
-}
@@ -1,34 +0,0 @@
-services:
-  immich-app-base:
-    image: busybox
-  immich-server:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
-    image: immich-server-dev:latest
-    build:
-      target: dev-container-mobile
-    environment:
-      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
-    volumes:
-      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
-      - /etc/localtime:/etc/localtime:ro
-  immich-web:
-    env_file: !reset []
-  immich-machine-learning:
-    env_file: !reset []
-  database:
-    env_file: !reset []
-    environment: !override
-      POSTGRES_PASSWORD: ${DB_PASSWORD-postgres}
-      POSTGRES_USER: ${DB_USERNAME-postgres}
-      POSTGRES_DB: ${DB_DATABASE_NAME-immich}
-      POSTGRES_INITDB_ARGS: '--data-checksums'
-      POSTGRES_HOST_AUTH_METHOD: md5
-    volumes:
-      - ${UPLOAD_LOCATION:-postgres-devcontainer-volume}${UPLOAD_LOCATION:+/postgres}:/var/lib/postgresql/data
-  redis:
-    env_file: !reset []
-volumes:
-  upload-devcontainer-volume:
-  postgres-devcontainer-volume:
@@ -1,53 +0,0 @@
-{
-  "name": "Immich - Mobile",
-  "service": "immich-server",
-  "runServices": [
-    "immich-init",
-    "immich-server",
-    "redis",
-    "database",
-    "immich-machine-learning"
-  ],
-  "dockerComposeFile": [
-    "../../docker/docker-compose.dev.yml",
-    "./container-compose-overrides.yml"
-  ],
-  "customizations": {
-    "vscode": {
-      "extensions": [
-        "Dart-Code.dart-code",
-        "Dart-Code.flutter",
-        "dcmdev.dcm-vscode-extension",
-        "esbenp.prettier-vscode",
-        "dbaeumer.vscode-eslint",
-        "esbenp.prettier-vscode",
-        "svelte.svelte-vscode",
-        "ms-vscode-remote.remote-containers",
-        "foxundermoon.shell-format",
-        "timonwong.shellcheck",
-        "rvest.vs-code-prettier-eslint",
-        "bluebrown.yamlfmt",
-        "vkrishna04.cspell-sync",
-        "vitest.explorer",
-        "ms-playwright.playwright",
-        "ms-azuretools.vscode-docker"
-      ]
-    }
-  },
-  "forwardPorts": [],
-  "overrideCommand": true,
-  "workspaceFolder": "/usr/src/app",
-  "remoteUser": "node",
-  "userEnvProbe": "loginInteractiveShell",
-  "remoteEnv": {
-    // The location where your uploaded files are stored
-    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./library}",
-    //  Connection secret for postgres. You should change it to a random password
-    //  Please use only the characters `A-Za-z0-9`, without special characters or spaces
-    "DB_PASSWORD": "${localEnv:DB_PASSWORD:postgres}",
-    //  The database username
-    "DB_USERNAME": "${localEnv:DB_USERNAME:postgres}",
-    //  The database name
-    "DB_DATABASE_NAME": "${localEnv:DB_DATABASE_NAME:immich}"
-  }
-}
@@ -1,32 +0,0 @@
-#!/bin/bash
-export IMMICH_PORT="${DEV_SERVER_PORT:-2283}"
-export DEV_PORT="${DEV_PORT:-3000}"
-
-IMMICH_DEVCONTAINER_LOG="$HOME/immich-devcontainer.log"
-
-log() {
-    # Display command on console, log with timestamp to file
-    echo "$*"
-    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" >>"$IMMICH_DEVCONTAINER_LOG"
-}
-
-run_cmd() {
-    # Ensure log directory exists
-    mkdir -p "$(dirname "$IMMICH_DEVCONTAINER_LOG")"
-
-    log "$@"
-
-    # Execute command: display normally on console, log with timestamps to file
-    "$@" 2>&1 | tee >(while IFS= read -r line; do
-        echo "[$(date '+%Y-%m-%d %H:%M:%S')] $line" >>"$IMMICH_DEVCONTAINER_LOG"
-    done)
-
-    # Preserve exit status
-    return "${PIPESTATUS[0]}"
-}
-
-export IMMICH_WORKSPACE="/usr/src/app"
-
-log "Found immich workspace in $IMMICH_WORKSPACE"
-log ""
-
@@ -1,38 +0,0 @@
-services:
-  immich-app-base:
-    image: busybox
-  immich-server:
-    extends:
-      service: immich-app-base
-    profiles: !reset []
-    image: immich-server-dev:latest
-    build:
-      target: dev-container-server
-    env_file: !reset []
-    hostname: immich-dev
-    environment:
-      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
-    volumes:
-      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
-      - /etc/localtime:/etc/localtime:ro
-      - pnpm_store_server:/buildcache/pnpm-store
-      - ../packages/plugins:/build/corePlugin
-  immich-web:
-    env_file: !reset []
-  immich-machine-learning:
-    env_file: !reset []
-  database:
-    env_file: !reset []
-    environment: !override
-      POSTGRES_PASSWORD: ${DB_PASSWORD-postgres}
-      POSTGRES_USER: ${DB_USERNAME-postgres}
-      POSTGRES_DB: ${DB_DATABASE_NAME-immich}
-      POSTGRES_INITDB_ARGS: '--data-checksums'
-      POSTGRES_HOST_AUTH_METHOD: md5
-    volumes:
-      - ${UPLOAD_LOCATION:-postgres-devcontainer-volume}${UPLOAD_LOCATION:+/postgres}:/var/lib/postgresql/data
-  redis:
-    env_file: !reset []
-volumes:
-  upload-devcontainer-volume:
-  postgres-devcontainer-volume:
@@ -1,22 +0,0 @@
-#!/bin/bash
-# shellcheck source=common.sh
-# shellcheck disable=SC1091
-source /immich-devcontainer/container-common.sh
-
-log "Preparing Immich Nest API Server"
-log ""
-export CI=1
-run_cmd pnpm --filter immich install
-
-log "Starting Nest API Server"
-log ""
-cd "${IMMICH_WORKSPACE}/server" || (
-    log "Immich workspace not found"
-    exit 1
-)
-
-while true; do
-    run_cmd pnpm --filter immich exec nest start --debug "0.0.0.0:9230" --watch
-    log "Nest API Server crashed with exit code $?.  Respawning in 3s ..."
-    sleep 3
-done
@@ -1,29 +0,0 @@
-#!/bin/bash
-# shellcheck source=common.sh
-# shellcheck disable=SC1091
-source /immich-devcontainer/container-common.sh
-
-export CI=1
-log "Preparing Immich Web Frontend"
-log ""
-run_cmd pnpm --filter @immich/sdk install
-run_cmd pnpm --filter @immich/sdk build
-run_cmd pnpm --filter immich-web install
-
-log "Starting Immich Web Frontend"
-log ""
-cd "${IMMICH_WORKSPACE}/web" || (
-    log "Immich Workspace not found"
-    exit 1
-)
-
-until curl --output /dev/null --silent --head --fail "http://127.0.0.1:${IMMICH_PORT}/api/server/config"; do
-    log "Waiting for api server..."
-    sleep 1
-done
-
-while true; do
-    run_cmd pnpm --filter immich-web exec vite dev --host 0.0.0.0 --port "${DEV_PORT}"
-    log "Web crashed with exit code $?.  Respawning in 3s ..."
-    sleep 3
-done
@@ -1,39 +1,30 @@
 .vscode/
 .github/
 .git/
-.env*
-*.log
-*.tmp
-*.temp
-
-**/Dockerfile
-**/node_modules/
-**/.pnpm-store/
-**/dist/
-**/coverage/
-**/build/

 design/
 docker/
-!docker/scripts
-
 docs/
-!docs/package.json
-!docs/package-lock.json
-
 e2e/
-!e2e/package.json
-!e2e/package-lock.json
-
 fastlane/
 machine-learning/
 misc/
 mobile/

-packages/sdk/build/
+cli/coverage/
+cli/dist/
+cli/node_modules/

+open-api/typescript-sdk/build/
+open-api/typescript-sdk/node_modules/
+
+server/coverage/
+server/node_modules/
 server/upload/
-server/src/queries
+server/dist/
 server/www/

+web/node_modules/
+web/coverage/
 web/.svelte-kit
+web/build/
@@ -2,29 +2,13 @@ mobile/openapi/**/*.md -diff -merge
 mobile/openapi/**/*.md linguist-generated=true
 mobile/openapi/**/*.dart -diff -merge
 mobile/openapi/**/*.dart linguist-generated=true
+mobile/openapi/.openapi-generator/FILES -diff -merge
+mobile/openapi/.openapi-generator/FILES linguist-generated=true

 mobile/lib/**/*.g.dart -diff -merge
 mobile/lib/**/*.g.dart linguist-generated=true

-mobile/android/**/*.g.kt -diff -merge
-mobile/android/**/*.g.kt linguist-generated=true
-
-mobile/ios/**/*.g.swift -diff -merge
-mobile/ios/**/*.g.swift linguist-generated=true
-
-mobile/lib/**/*.drift.dart -diff -merge
-mobile/lib/**/*.drift.dart linguist-generated=true
-
-mobile/drift_schemas/main/drift_schema_*.json -diff -merge
-mobile/drift_schemas/main/drift_schema_*.json linguist-generated=true
-
-mobile/lib/infrastructure/repositories/db.repository.steps.dart -diff -merge
-mobile/lib/infrastructure/repositories/db.repository.steps.dart linguist-generated=true
-
-mobile/test/drift/main/generated/** -diff -merge
-mobile/test/drift/main/generated/** linguist-generated=true
-
-packages/sdk/fetch-client.ts -diff -merge
-packages/sdk/fetch-client.ts linguist-generated=true
+open-api/typescript-sdk/fetch-client.ts -diff -merge
+open-api/typescript-sdk/fetch-client.ts linguist-generated=true

 *.sh text eol=lf
@@ -1,4 +0,0 @@
-# Ignore files for PNPM, NPM and YARN
-pnpm-lock.yaml
-package-lock.json
-yarn.lock
@@ -1,19 +1,18 @@
-title: '[Feature] feature-name-goes-here'
-labels: ['feature']
+title: "[Feature] <feature-name-goes-here>"
+labels: ["feature"]

 body:
  - type: markdown
    attributes:
      value: |
-        Please use this form to request new feature for Immich.
-        Stick to only a single feature per request. If you list multiple different features at once, 
-        your request will be closed.
+        Please use this form to request new feature for Immich

  - type: checkboxes
    attributes:
-      label: I have searched the existing feature requests, both open and closed, to make sure this is not a duplicate request.
+      label: I have searched the existing feature requests to make sure this is not a duplicate request.
      options:
-        - label: 'Yes'
+        - label: "Yes"
+          required: true

  - type: textarea
    id: feature
@@ -1 +0,0 @@
-custom: ['https://buy.immich.app', 'https://immich.store']
@@ -1,12 +1,6 @@
 name: Report an issue with Immich
 description: Report an issue with Immich
 body:
-  - type: checkboxes
-    attributes:
-      label: I have searched the existing issues, both open and closed, to make sure this is not a duplicate report.
-      options:
-        - label: 'Yes'
-
  - type: markdown
    attributes:
      value: |
@@ -64,11 +58,6 @@ body:
        - label: Web
        - label: Mobile

-  - type: input
-    attributes:
-      label: Device make and model
-      placeholder: Samsung S25 Android 16
-
  - type: textarea
    validations:
      required: true
@@ -88,12 +77,13 @@ body:
    id: repro
    attributes:
      label: Reproduction steps
-      description: 'How do you trigger this bug? Please walk us through it step by step.'
+      description: "How do you trigger this bug? Please walk us through it step by step."
      value: |
        1.
        2.
        3.
        ...
+      render: bash
    validations:
      required: true

@@ -101,13 +91,12 @@ body:
    id: logs
    attributes:
      label: Relevant log output
-      description:
-        Please copy and paste any relevant logs below. (code formatting is
+      description: Please copy and paste any relevant logs below. (code formatting is
        enabled, no need for backticks)
      render: shell
    validations:
      required: false
-
+      
  - type: textarea
    attributes:
      label: Additional information
@@ -1,14 +1,11 @@
 blank_issues_enabled: false
 contact_links:
-  - name: ✋ I have a question or need support
-    url: https://discord.immich.app
+  - name: I have a question or need support
+    url: https://discord.gg/D8JsnBEuKb
    about: We use GitHub for tracking bugs, please check out our Discord channel for freaky fast support.
-  - name: 📷 My photo or video has a date, time, or timezone problem
-    url: https://github.com/immich-app/immich/discussions/12650
-    about: Upload a sample file to this discussion and we will take a look
-  - name: 🌟 Feature request
+  - name: Feature Request
    url: https://github.com/immich-app/immich/discussions/new?category=feature-request
    about: Please use our GitHub Discussion for making feature requests.
-  - name: 🫣 I'm unsure where to go
-    url: https://discord.immich.app
+  - name: I'm unsure where to go
+    url: https://discord.gg/D8JsnBEuKb
    about: If you are unsure where to go, then joining our Discord is recommended; Just ask!
@@ -1 +1,2 @@
+blank_issues_enabled: false
 blank_pull_request_template_enabled: false
@@ -0,0 +1,22 @@
+## Description
+<!--- Describe your changes in detail -->
+<!--- Why is this change required? What problem does it solve? -->
+<!--- If it fixes an open issue, please link to the issue here. -->
+
+Fixes # (issue)
+
+
+## How Has This Been Tested?
+
+<!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration -->
+
+- [ ] Test A
+- [ ] Test B
+
+## Screenshots (if appropriate):
+
+
+## Checklist:
+
+- [ ] I have performed a self-review of my own code
+- [ ] I have made corresponding changes to the documentation if applicable
@@ -0,0 +1,7 @@
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
@@ -1,37 +0,0 @@
-cli:
-  - changed-files:
-      - any-glob-to-any-file:
-          - packages/cli/src/**
-
-documentation:
-  - changed-files:
-      - any-glob-to-any-file:
-          - docs/docs/**
-          - docs/src/**
-          - docs/static/**
-
-🖥️web:
-  - changed-files:
-      - any-glob-to-any-file:
-          - web/src/**
-          - web/static/**
-
-📱mobile:
-  - changed-files:
-      - any-glob-to-any-file:
-          - mobile/lib/**
-          - mobile/test/**
-
-🗄️server:
-  - changed-files:
-      - any-glob-to-any-file:
-          - server/src/**
-          - server/test/**
-
-🧠machine-learning:
-  - changed-files:
-      - any-glob-to-any-file:
-          - machine-learning/**
-
-changelog:translation:
-  - head-branch: ['^chore/translations$']
@@ -1,10 +0,0 @@
-[tasks.install]
-run = "pnpm install --filter github --frozen-lockfile"
-
-[tasks.format]
-env._.path = "./node_modules/.bin"
-run = "prettier --check ."
-
-[tasks."format-fix"]
-env._.path = "./node_modules/.bin"
-run = "prettier --write ."
@@ -1,9 +0,0 @@
-{
-  "scripts": {
-    "format": "prettier --cache --check .",
-    "format:fix": "prettier --cache --write --list-different ."
-  },
-  "devDependencies": {
-    "prettier": "^3.7.4"
-  }
-}
@@ -1,41 +0,0 @@
-## Description
-
-<!--- Describe your changes in detail -->
-<!--- Why is this change required? What problem does it solve? -->
-<!--- If it fixes an open issue, please link to the issue here. -->
-
-Fixes # (issue)
-
-## How Has This Been Tested?
-
-<!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration -->
-
- [ ] Test A
- [ ] Test B
-
-<details><summary><h2>Screenshots (if appropriate)</h2></summary>
-
-<!-- Images go below this line. -->
-
-</details>
-
-<!-- API endpoint changes (if relevant)
-## API Changes
-The `/api/something` endpoint is now `/api/something-else`
-->
-
-## Checklist:
-
- [ ] I have carefully read CONTRIBUTING.md
- [ ] I have performed a self-review of my own code
- [ ] I have made corresponding changes to the documentation if applicable
- [ ] I have no unrelated changes in the PR.
- [ ] I have confirmed that any new dependencies are strictly necessary.
- [ ] I have written tests for new code (if applicable)
- [ ] I have followed naming conventions/patterns in the surrounding code
- [ ] All code in `src/services/` uses repositories implementations for database calls, filesystem operations, etc.
- [ ] All code in `src/repositories/` is pretty basic/simple and does not have any immich specific logic (that belongs in `src/services/`)
-
-## Please describe to which degree, if any, an LLM was used in creating this pull request.
-
-...
@@ -1,33 +1,41 @@
-changelog:
-  categories:
-    - title: 🚨 Breaking Changes
-      labels:
-        - changelog:breaking-change
-
-    - title: 🫥 Deprecated Changes
-      labels:
-        - changelog:deprecated
-
-    - title: 🔒 Security
-      labels:
-        - changelog:security
-
-    - title: 🚀 Features
-      labels:
-        - changelog:feature
-
-    - title: 🌟 Enhancements
-      labels:
-        - changelog:enhancement
-
-    - title: 🐛 Bug fixes
-      labels:
-        - changelog:bugfix
-
-    - title: 📚 Documentation
-      labels:
-        - changelog:documentation
-
-    - title: 🌐 Translations
-      labels:
-        - changelog:translation
+changelog:
+  categories:
+    - title: ⚠️ Breaking Changes
+      labels:
+        - breaking-change
+
+    - title: 🗄️ Server
+      labels:
+        - 🗄️server
+
+    - title: 📱 Mobile
+      labels:
+        - 📱mobile
+
+    - title: 🖥️ Web
+      labels:
+        - 🖥️web
+
+    - title: 🧠 Machine Learning
+      labels:
+        - 🧠machine-learning
+
+    - title: ⚡ CLI
+      labels:
+        - cli
+
+    - title: 📓 Documentation
+      labels:
+        - documentation
+
+    - title: 🔨 Maintenance
+      labels:
+        - deployment
+        - dependencies
+        - renovate
+        - maintenance
+        - tech-debt
+
+    - title: Other changes
+      labels:
+        - "*"
@@ -1,148 +0,0 @@
-name: Auto-close PRs
-
-on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers]
-    types: [opened, edited, labeled]
-
-permissions: {}
-
-jobs:
-  parse_template:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.action != 'labeled' && github.event.pull_request.head.repo.fork == true }}
-    permissions:
-      contents: read
-    outputs:
-      uses_template: ${{ steps.check.outputs.uses_template }}
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          sparse-checkout: .github/pull_request_template.md
-          sparse-checkout-cone-mode: false
-          persist-credentials: false
-
-      - name: Check required sections
-        id: check
-        env:
-          BODY: ${{ github.event.pull_request.body }}
-        run: |
-          OK=true
-          while IFS= read -r header; do
-            printf '%s\n' "$BODY" | grep -qF "$header" || OK=false
-          done < <(sed '/<!--/,/-->/d' .github/pull_request_template.md | grep "^## ")
-          echo "uses_template=$OK" | tee --append "$GITHUB_OUTPUT"
-
-  close_template:
-    runs-on: ubuntu-latest
-    needs: parse_template
-    if: >-
-      ${{
-        needs.parse_template.outputs.uses_template == 'false'
-        && github.event.pull_request.state != 'closed'
-        && !contains(github.event.pull_request.labels.*.name, 'auto-closed:template')
-      }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Comment and close
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.pull_request.node_id }}
-        run: |
-          gh api graphql \
-            -f prId="$NODE_ID" \
-            -f body="This PR has been automatically closed as the description doesn't follow [our template](https://github.com/immich-app/immich/blob/main/.github/pull_request_template.md). After you edit it to match the template, the PR will automatically be reopened." \
-            -f query='
-              mutation CommentAndClosePR($prId: ID!, $body: String!) {
-                addComment(input: {
-                  subjectId: $prId,
-                  body: $body
-                }) {
-                  __typename
-                }
-                closePullRequest(input: {
-                  pullRequestId: $prId
-                }) {
-                  __typename
-                }
-              }'
-
-      - name: Add label
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: gh pr edit "$PR_NUMBER" --repo "${{ github.repository }}" --add-label "auto-closed:template"
-
-  close_llm:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.action == 'labeled' && github.event.label.name == 'auto-closed:llm' }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Comment and close
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.pull_request.node_id }}
-        run: |
-          gh api graphql \
-            -f prId="$NODE_ID" \
-            -f body="Thank you for your interest in contributing to Immich! Unfortunately this PR looks like it was generated using an LLM. As noted in our [CONTRIBUTING.md](https://github.com/immich-app/immich/blob/main/CONTRIBUTING.md#use-of-generative-ai), we request that you don't use LLMs to generate PRs as those are not a good use of maintainer time." \
-            -f query='
-              mutation CommentAndClosePR($prId: ID!, $body: String!) {
-                addComment(input: {
-                  subjectId: $prId,
-                  body: $body
-                }) {
-                  __typename
-                }
-                closePullRequest(input: {
-                  pullRequestId: $prId
-                }) {
-                  __typename
-                }
-              }'
-
-  reopen:
-    runs-on: ubuntu-latest
-    needs: parse_template
-    if: >-
-      ${{
-        needs.parse_template.outputs.uses_template == 'true'
-        && github.event.pull_request.state == 'closed'
-        && contains(github.event.pull_request.labels.*.name, 'auto-closed:template')
-      }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Remove template label
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: gh pr edit "$PR_NUMBER" --repo "${{ github.repository }}" --remove-label "auto-closed:template" || true
-
-      - name: Check for remaining auto-closed labels
-        id: check_labels
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: |
-          REMAINING=$(gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" --json labels \
-            --jq '[.labels[].name | select(startswith("auto-closed:"))] | length')
-          echo "remaining=$REMAINING" | tee --append "$GITHUB_OUTPUT"
-
-      - name: Reopen PR
-        if: ${{ steps.check_labels.outputs.remaining == '0' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.pull_request.node_id }}
-        run: |
-          gh api graphql \
-            -f prId="$NODE_ID" \
-            -f query='
-              mutation ReopenPR($prId: ID!) {
-                reopenPullRequest(input: {
-                  pullRequestId: $prId
-                }) {
-                  __typename
-                }
-              }'
@@ -1,37 +1,12 @@
 name: Build Mobile

 on:
+  workflow_dispatch:
  workflow_call:
    inputs:
      ref:
        required: false
        type: string
-      environment:
-        description: 'Target environment'
-        required: true
-        default: 'development'
-        type: string
-    secrets:
-      KEY_JKS:
-        required: true
-      ALIAS:
-        required: true
-      ANDROID_KEY_PASSWORD:
-        required: true
-      ANDROID_STORE_PASSWORD:
-        required: true
-      APP_STORE_CONNECT_API_KEY_ID:
-        required: true
-      APP_STORE_CONNECT_API_KEY_ISSUER_ID:
-        required: true
-      APP_STORE_CONNECT_API_KEY:
-        required: true
-      IOS_CERTIFICATE_P12:
-        required: true
-      IOS_CERTIFICATE_PASSWORD:
-        required: true
-      FASTLANE_TEAM_ID:
-        required: true
  pull_request:
  push:
    branches: [main]
@@ -40,279 +15,61 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions: {}
-
 jobs:
-  pre-job:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@91f342bb4477c4bc10c576ae739da875d85aa164 # pre-job-action-v2.0.4
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          filters: |
-            mobile:
-              - 'mobile/**'
-          force-filters: |
-            - '.github/workflows/build-mobile.yml'
-          force-events: 'workflow_call,workflow_dispatch'
-
  build-sign-android:
    name: Build and sign Android
-    needs: pre-job
-    permissions:
-      contents: read
-      pull-requests: write
-    if: ${{ github.actor != 'dependabot[bot]' && fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
-    runs-on: mich
+    # Skip when PR from a fork
+    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
+    runs-on: macos-14

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+      - name: Determine ref
+        id: get-ref
+        run: |
+          input_ref="${{ inputs.ref }}"
+          github_ref="${{ github.sha }}"
+          ref="${input_ref:-$github_ref}"
+          echo "ref=$ref" >> $GITHUB_OUTPUT
+
+      - uses: actions/checkout@v4
        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+          ref: ${{ steps.get-ref.outputs.ref }}

-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          ref: ${{ inputs.ref }}
-          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
-        with:
-          github_token: ${{ steps.token.outputs.token }}
-
-      - name: Create the Keystore
-        if: ${{ !github.event.pull_request.head.repo.fork }}
-        env:
-          KEY_JKS: ${{ secrets.KEY_JKS }}
-        working-directory: ./mobile
-        run: printf "%s" $KEY_JKS | base64 -d > android/key.jks
-
-      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
+      - uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: '17'
+          cache: 'gradle'

-      - name: Restore Gradle Cache
-        id: cache-gradle-restore
-        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      - name: Setup Flutter SDK
+        uses: subosito/flutter-action@v2
        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-            ~/.android/sdk
-            mobile/android/.gradle
-          key: build-mobile-gradle-${{ runner.os }}-main
+          channel: 'stable'
+          flutter-version: '3.19.3'
+          cache: true

-      - name: Setup Android SDK
-        uses: android-actions/setup-android@40fd30fb8d7440372e1316f5d1809ec01dcd3699 # v4.0.1
-        with:
-          packages: ''
+      - name: Create the Keystore
+        env:
+          KEY_JKS: ${{ secrets.KEY_JKS }}
+        working-directory: ./mobile
+        run: echo $KEY_JKS | base64 -d > android/key.jks

      - name: Get Packages
        working-directory: ./mobile
        run: flutter pub get

-      - name: Generate translation file
-        run: mise //mobile:codegen:translation
-
-      - name: Generate platform APIs
-        run: mise //mobile:codegen:pigeon
-        working-directory: ./mobile
-
      - name: Build Android App Bundle
        working-directory: ./mobile
        env:
          ALIAS: ${{ secrets.ALIAS }}
          ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
          ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
-          IS_MAIN: ${{ github.ref == 'refs/heads/main' }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
        run: |
-          if [[ $IS_MAIN == 'true' ]]; then
-            flutter build apk --release
-            flutter build apk --release --split-per-abi --target-platform android-arm,android-arm64,android-x64
-          else
-            flutter build apk --release
-          fi
+          flutter build apk --release
+          flutter build apk --release --split-per-abi --target-platform android-arm,android-arm64,android-x64

      - name: Publish Android Artifact
-        id: upload-apk
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@v4
        with:
          name: release-apk-signed
          path: mobile/build/app/outputs/flutter-apk/*.apk
-
-      - name: Comment APK download link on PR
-        if: ${{ github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork }}
-        uses: mshick/add-pr-comment@8e4927817251f1ff60c001f04568532b38e0b4a0 # v3.11.0
-        env:
-          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
-          APK_URL: ${{ steps.upload-apk.outputs.artifact-url }}
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          message-id: 'mobile-android-apk'
-          message: |
-            📱 **Android release APK (universal)** — `${{ env.HEAD_SHA }}`
-
-            Download: ${{ env.APK_URL }}
-
-            <details>
-              <summary>QR code</summary>
-              <img src="https://api.qrserver.com/v1/create-qr-code/?size=240x240&data=${{ env.APK_URL }}" alt="QR code" />
-            </details>
-
-            Installs as a separate app (applicationId `app.alextran.immich.pr${{ github.event.pull_request.number }}`), so it coexists with the Play Store version and any other PR builds.
-
-      - name: Save Gradle Cache
-        id: cache-gradle-save
-        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-        if: github.ref == 'refs/heads/main'
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-            ~/.android/sdk
-            mobile/android/.gradle
-          key: ${{ steps.cache-gradle-restore.outputs.cache-primary-key }}
-
-  build-sign-ios:
-    name: Build and sign iOS
-    needs: pre-job
-    permissions:
-      contents: read
-    # Run on main branch or workflow_dispatch, or on PRs/other branches (build only, no upload)
-    if: ${{ !github.event.pull_request.head.repo.fork && fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
-    runs-on: macos-15
-
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Select Xcode 26
-        run: sudo xcode-select -s /Applications/Xcode_26.2.app/Contents/Developer
-
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          ref: ${{ inputs.ref || github.sha }}
-          persist-credentials: false
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
-        with:
-          github_token: ${{ steps.token.outputs.token }}
-
-      - name: Install Flutter dependencies
-        working-directory: ./mobile
-        run: flutter pub get
-
-      - name: Generate translation files
-        run: mise //mobile:codegen:translation
-
-      - name: Generate platform APIs
-        run: mise //mobile:codegen:pigeon
-
-      - name: Setup Ruby
-        uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
-        with:
-          ruby-version: '3.3'
-          bundler-cache: true
-          working-directory: ./mobile/ios
-
-      - name: Install CocoaPods dependencies
-        working-directory: ./mobile/ios
-        run: |
-          pod install
-
-      - name: Create API Key
-        env:
-          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
-          API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
-          API_KEY_CONTENT: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
-        working-directory: ./mobile/ios
-        run: |
-          mkdir -p ~/.appstoreconnect/private_keys
-          echo "$API_KEY_CONTENT" | base64 --decode > ~/.appstoreconnect/private_keys/AuthKey_${API_KEY_ID}.p8
-
-      - name: Import Certificate
-        env:
-          IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
-        working-directory: ./mobile/ios
-        run: |
-          # Decode certificate
-          echo "$IOS_CERTIFICATE_P12" | base64 --decode > certificate.p12
-
-      - name: Create keychain and import certificate
-        env:
-          KEYCHAIN_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-          CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-        working-directory: ./mobile/ios
-        run: |
-          # Create keychain
-          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
-          security default-keychain -s build.keychain
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
-          security set-keychain-settings -t 3600 -u build.keychain
-
-          # Import certificate
-          security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security
-          security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" build.keychain
-
-          # Verify certificate was imported
-          security find-identity -v -p codesigning build.keychain
-
-      - name: Build and deploy to TestFlight
-        env:
-          FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}
-          IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-          KEYCHAIN_NAME: build.keychain
-          KEYCHAIN_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
-          APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
-          ENVIRONMENT: ${{ inputs.environment || 'development' }}
-          BUNDLE_ID_SUFFIX: ${{ inputs.environment == 'production' && '' || 'development' }}
-          GITHUB_REF: ${{ github.ref }}
-          FASTLANE_XCODEBUILD_SETTINGS_TIMEOUT: 120
-          FASTLANE_XCODEBUILD_SETTINGS_RETRIES: 6
-        working-directory: ./mobile/ios
-        run: |
-          # Only upload to TestFlight on main branch
-          if [[ "$GITHUB_REF" == "refs/heads/main" ]]; then
-            if [[ "$ENVIRONMENT" == "development" ]]; then
-              bundle exec fastlane gha_testflight_dev
-            else
-              bundle exec fastlane gha_release_prod
-            fi
-          else
-            # Build only, no TestFlight upload for non-main branches
-            bundle exec fastlane gha_build_only
-          fi
-
-      - name: Clean up keychain
-        if: always()
-        run: |
-          security delete-keychain build.keychain || true
-
-      - name: Upload IPA artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-        with:
-          name: ios-release-ipa
-          path: mobile/ios/Runner.ipa
@@ -8,45 +8,31 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions: {}
-
 jobs:
  cleanup:
    name: Cleanup
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      actions: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Check out code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
+        uses: actions/checkout@v4

      - name: Cleanup
-        env:
-          GH_TOKEN: ${{ steps.token.outputs.token }}
-          REF: ${{ github.ref }}
        run: |
          gh extension install actions/gh-actions-cache

          REPO=${{ github.repository }}
+          BRANCH=${{ github.ref }}

          echo "Fetching list of cache keys"
-          cacheKeysForPR=$(gh actions-cache list -R $REPO -B ${REF} -L 100 | cut -f 1 )
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )

          ## Setting this to not fail the workflow while deleting cache keys.
          set +e
          echo "Deleting caches..."
          for cacheKey in $cacheKeysForPR
          do
-              gh actions-cache delete $cacheKey -R "$REPO" -B "${REF}" --confirm
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
          done
          echo "Done"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -1,31 +0,0 @@
-name: Check OpenAPI
-on:
-  workflow_dispatch:
-  pull_request:
-    paths:
-      - 'open-api/**'
-      - '.github/workflows/check-openapi.yml'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions: {}
-
-jobs:
-  check-openapi:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: Check for breaking API changes
-        uses: oasdiff/oasdiff-action/breaking@26ccb332c67a45ca649de9faf60552ef1b8260d9 # v0.0.46
-        with:
-          base: https://raw.githubusercontent.com/${{ github.repository }}/main/open-api/immich-openapi-specs.json
-          revision: open-api/immich-openapi-specs.json
-          fail-on: ERR
@@ -1,85 +1,67 @@
 name: CLI Build
 on:
+  workflow_dispatch:
  push:
    branches: [main]
    paths:
-      - 'packages/cli/**'
-      - '.github/workflows/cli.yml'
+      - "cli/**"
+      - ".github/workflows/cli.yml"
  pull_request:
+    branches: [main]
    paths:
-      - 'packages/cli/**'
-      - '.github/workflows/cli.yml'
-  release:
-    types: [published]
+      - "cli/**"
+      - ".github/workflows/cli.yml"

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions: {}
+permissions:
+  packages: write

 jobs:
  publish:
-    name: CLI Publish
+    name: Publish
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
    defaults:
      run:
-        working-directory: ./packages/cli
+        working-directory: ./cli
+
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+      - uses: actions/checkout@v4
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v4
        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
-        with:
-          github_token: ${{ steps.token.outputs.token }}
-
-      - name: Publish
-        if: ${{ github.event_name == 'release' }}
-        run: mise run ci-publish
+          node-version: "20.x"
+          registry-url: "https://registry.npmjs.org"
+      - name: Prepare SDK
+        run: npm ci --prefix ../open-api/typescript-sdk/
+      - name: Build SDK
+        run: npm run build --prefix ../open-api/typescript-sdk/
+      - run: npm ci
+      - run: npm run build
+      - run: npm publish
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

  docker:
    name: Docker
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
    needs: publish

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
+        uses: actions/checkout@v4

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
+        uses: docker/setup-qemu-action@v3.0.0

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@v3.3.0

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        uses: docker/login-action@v3
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
@@ -89,27 +71,27 @@ jobs:
      - name: Get package version
        id: package-version
        run: |
-          version=$(jq -r '.version' packages/cli/package.json)
+          version=$(jq -r '.version' cli/package.json)
          echo "version=$version" >> "$GITHUB_OUTPUT"

      - name: Generate docker image tags
        id: metadata
-        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
+        uses: docker/metadata-action@v5
        with:
          flavor: |
            latest=false
          images: |
            name=ghcr.io/${{ github.repository_owner }}/immich-cli
          tags: |
-            type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'release' }}
-            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+            type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'workflow_dispatch' }}
+            type=raw,value=latest,enable=${{ github.event_name == 'workflow_dispatch' }}

      - name: Build and push image
-        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        uses: docker/build-push-action@v5.3.0
        with:
-          file: packages/cli/Dockerfile
+          file: cli/Dockerfile
          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name == 'release' }}
+          push: ${{ github.event_name == 'workflow_dispatch' }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          tags: ${{ steps.metadata.outputs.tags }}
@@ -1,107 +0,0 @@
-on:
-  issues:
-    types: [opened]
-  discussion:
-    types: [created]
-
-name: Close likely duplicates
-permissions: {}
-
-jobs:
-  should_run:
-    runs-on: ubuntu-latest
-    outputs:
-      should_run: ${{ steps.should_run.outputs.run }}
-    steps:
-      - id: should_run
-        run: echo "run=${{ github.event_name == 'issues' || github.event.discussion.category.name == 'Feature Request' }}" >> $GITHUB_OUTPUT
-
-  get_body:
-    runs-on: ubuntu-latest
-    needs: should_run
-    if: ${{ needs.should_run.outputs.should_run == 'true' }}
-    env:
-      EVENT: ${{ toJSON(github.event) }}
-    outputs:
-      body: ${{ steps.get_body.outputs.body }}
-    steps:
-      - id: get_body
-        run: |
-          BODY=$(echo """$EVENT""" | jq -r '.issue // .discussion | .body' | base64 -w 0)
-          echo "body=$BODY" >> $GITHUB_OUTPUT
-
-  get_checkbox_json:
-    runs-on: ubuntu-latest
-    needs: [get_body, should_run]
-    if: ${{ needs.should_run.outputs.should_run == 'true' }}
-    container:
-      image: ghcr.io/immich-app/mdq:main@sha256:0a8b8867773a0f8368061f47578603f438349f8f1f28b0e16105f481e5c794e0
-    outputs:
-      checked: ${{ steps.get_checkbox.outputs.checked }}
-    steps:
-      - id: get_checkbox
-        env:
-          BODY: ${{ needs.get_body.outputs.body }}
-        run: |
-          CHECKED=$(echo "$BODY" | base64 -d | /mdq --output json '# I have searched | - [?] Yes' | jq '.items[0].list[0].checked // false')
-          echo "checked=$CHECKED" >> $GITHUB_OUTPUT
-
-  close_and_comment:
-    runs-on: ubuntu-latest
-    needs: [get_checkbox_json, should_run]
-    if: ${{ needs.should_run.outputs.should_run == 'true' && needs.get_checkbox_json.outputs.checked != 'true' }}
-    permissions:
-      issues: write
-      discussions: write
-    steps:
-      - name: Close issue
-        if: ${{ github.event_name == 'issues' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.issue.node_id }}
-        run: |
-          gh api graphql \
-            -f issueId="$NODE_ID" \
-            -f body="This issue has automatically been closed as it is likely a duplicate. We get a lot of duplicate threads each day, which is why we ask you in the template to confirm that you searched for duplicates before opening one. If you're sure this is not a duplicate, please leave a comment and we will reopen the thread if necessary." \
-            -f query='
-              mutation CommentAndCloseIssue($issueId: ID!, $body: String!) {
-                addComment(input: {
-                  subjectId: $issueId, 
-                  body: $body
-                }) {
-                  __typename
-                }
-              
-                closeIssue(input: {
-                  issueId: $issueId,
-                  stateReason: DUPLICATE
-                }) {
-                  __typename
-                }
-              }'
-
-      - name: Close discussion
-        if: ${{ github.event_name == 'discussion' && github.event.discussion.category.name == 'Feature Request' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.discussion.node_id }}
-        run: |
-          gh api graphql \
-            -f discussionId="$NODE_ID" \
-            -f body="This discussion has automatically been closed as it is likely a duplicate. We get a lot of duplicate threads each day, which is why we ask you in the template to confirm that you searched for duplicates before opening one. If you're sure this is not a duplicate, please leave a comment and we will reopen the thread if necessary." \
-            -f query='
-              mutation CommentAndCloseDiscussion($discussionId: ID!, $body: String!) {
-                addDiscussionComment(input: {
-                  discussionId: $discussionId,
-                  body: $body
-                }) {
-                  __typename
-                }
-              
-                closeDiscussion(input: {
-                  discussionId: $discussionId,
-                  reason: DUPLICATE
-                }) {
-                  __typename
-                }
-              }'
@@ -9,14 +9,14 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: 'CodeQL'
+name: "CodeQL"

 on:
  push:
-    branches: ['main']
+    branches: [ "main" ]
  pull_request:
    # The branches below must be a subset of the branches above
-    branches: ['main']
+    branches: [ "main" ]
  schedule:
    - cron: '20 13 * * 1'

@@ -24,8 +24,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions: {}
-
 jobs:
  analyze:
    name: Analyze
@@ -38,51 +36,43 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language: ['javascript', 'python']
+        language: [ 'javascript', 'python' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+    - name: Checkout repository
+      uses: actions/checkout@v4

-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.

-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
-        with:
-          languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality

-          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-          # queries: security-extended,security-and-quality

-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3

-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

-      #   If the Autobuild fails above, remove it and uncomment the following three lines.
-      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

-      # - run: |
-      #   echo "Run, Build Application using script"
-      #   ./location_of_script_within_repo/buildscript.sh
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh

-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
-        with:
-          category: '/language:${{matrix.language}}'
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
@@ -0,0 +1,73 @@
+# This workflow runs on certain conditions to check for and potentially
+# delete container images from the GHCR which no longer have an associated
+# code branch.
+# Requires a PAT with the correct scope set in the secrets.
+#
+# This workflow will not trigger runs on forked repos.
+
+name: Docker Cleanup
+
+on:
+  pull_request:
+    types:
+      - "closed"
+  push:
+    paths:
+      - ".github/workflows/docker-cleanup.yml"
+
+concurrency:
+  group: registry-tags-cleanup
+  cancel-in-progress: false
+
+jobs:
+  cleanup-images:
+    name: Cleanup Stale Images Tags for ${{ matrix.primary-name }}
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - primary-name: "immich-server"
+          - primary-name: "immich-machine-learning"
+    env:
+      # Requires a personal access token with the OAuth scope delete:packages
+      TOKEN: ${{ secrets.PACKAGE_DELETE_TOKEN }}
+    steps:
+      - name: Clean temporary images
+        if: "${{ env.TOKEN != '' }}"
+        uses: stumpylog/image-cleaner-action/ephemeral@v0.6.0
+        with:
+          token: "${{ env.TOKEN }}"
+          owner: "immich-app"
+          is_org: "true"
+          do_delete: "true"
+          package_name: "${{ matrix.primary-name }}"
+          scheme: "pull_request"
+          repo_name: "immich"
+          match_regex: '^pr-(\d+)$|^(\d+)$'
+
+  cleanup-untagged-images:
+    name: Cleanup Untagged Images Tags for ${{ matrix.primary-name }}
+    runs-on: ubuntu-22.04
+    needs:
+      - cleanup-images
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - primary-name: "immich-server"
+          - primary-name: "immich-machine-learning"
+          - primary-name: "immich-build-cache"
+    env:
+      # Requires a personal access token with the OAuth scope delete:packages
+      TOKEN: ${{ secrets.PACKAGE_DELETE_TOKEN }}
+    steps:
+      - name: Clean untagged images
+        if: "${{ env.TOKEN != '' }}"
+        uses: stumpylog/image-cleaner-action/untagged@v0.6.0
+        with:
+          token: "${{ env.TOKEN }}"
+          owner: "immich-app"
+          do_delete: "true"
+          is_org: "true"
+          package_name: "${{ matrix.primary-name }}"
@@ -5,6 +5,7 @@ on:
  push:
    branches: [main]
  pull_request:
+    branches: [main]
  release:
    types: [published]

@@ -12,183 +13,118 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions: {}
+permissions:
+  packages: write

 jobs:
-  pre-job:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@91f342bb4477c4bc10c576ae739da875d85aa164 # pre-job-action-v2.0.4
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          filters: |
-            server:
-              - 'server/**'
-              - 'openapi/**'
-              - 'web/**'
-              - 'i18n/**'
-            machine-learning:
-              - 'machine-learning/**'
-          force-filters: |
-            - '.github/workflows/docker.yml'
-            - '.github/workflows/multi-runner-build.yml'
-            - '.github/actions/image-build'
-          force-events: 'workflow_dispatch,release'
-
-  retag_ml:
-    name: Re-Tag ML
-    needs: pre-job
-    permissions:
-      contents: read
-      packages: write
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == false && !github.event.pull_request.head.repo.fork }}
+  build_and_push:
+    name: Build and Push
    runs-on: ubuntu-latest
    strategy:
-      matrix:
-        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
-    steps:
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Re-tag image
-        env:
-          REGISTRY_NAME: 'ghcr.io'
-          REPOSITORY: ${{ github.repository_owner }}/immich-machine-learning
-          TAG_OLD: main${{ matrix.suffix }}
-          TAG_PR: ${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }}
-          TAG_COMMIT: commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
-        run: |
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_PR}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_COMMIT}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
-
-  retag_server:
-    name: Re-Tag Server
-    needs: pre-job
-    permissions:
-      contents: read
-      packages: write
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == false && !github.event.pull_request.head.repo.fork }}
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        suffix: ['']
-    steps:
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Re-tag image
-        env:
-          REGISTRY_NAME: 'ghcr.io'
-          REPOSITORY: ${{ github.repository_owner }}/immich-server
-          TAG_OLD: main${{ matrix.suffix }}
-          TAG_PR: ${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }}
-          TAG_COMMIT: commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
-        run: |
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_PR}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
-          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_COMMIT}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
-
-  machine-learning:
-    name: Build and Push ML
-    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == true }}
-    strategy:
+      # Prevent a failure in one image from stopping the other builds
      fail-fast: false
      matrix:
        include:
-          - device: cpu
-          - device: cuda
-            suffixes: '-cuda'
+          - image: immich-machine-learning
+            context: machine-learning
+            file: machine-learning/Dockerfile
+            platforms: linux/amd64,linux/arm64
+            device: cpu
+
+          - image: immich-machine-learning
+            context: machine-learning
+            file: machine-learning/Dockerfile
            platforms: linux/amd64
-          - device: openvino
-            suffixes: '-openvino'
+            device: cuda
+            suffix: -cuda
+
+          - image: immich-machine-learning
+            context: machine-learning
+            file: machine-learning/Dockerfile
            platforms: linux/amd64
-          - device: armnn
-            suffixes: '-armnn'
+            device: openvino
+            suffix: -openvino
+
+          - image: immich-machine-learning
+            context: machine-learning
+            file: machine-learning/Dockerfile
            platforms: linux/arm64
-          - device: rknn
-            suffixes: '-rknn'
-            platforms: linux/arm64
-          - device: rocm
-            suffixes: '-rocm'
-            platforms: linux/amd64
-            runner-mapping: '{"linux/amd64": "pokedex-large"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@5813c7c4f7016c748ae7ac5d5f684846649d4d20 # multi-runner-build-workflow-v2.4.0
-    permissions:
-      contents: read
-      actions: read
-      packages: write
-    secrets:
-      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-    with:
-      image: immich-machine-learning
-      context: machine-learning
-      dockerfile: machine-learning/Dockerfile
-      platforms: ${{ matrix.platforms }}
-      runner-mapping: ${{ matrix.runner-mapping }}
-      suffixes: ${{ matrix.suffixes }}
-      dockerhub-push: ${{ github.event_name == 'release' }}
-      build-args: |
-        DEVICE=${{ matrix.device }}
+            device: armnn
+            suffix: -armnn

-  server:
-    name: Build and Push Server
-    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@5813c7c4f7016c748ae7ac5d5f684846649d4d20 # multi-runner-build-workflow-v2.4.0
-    permissions:
-      contents: read
-      actions: read
-      packages: write
-    secrets:
-      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-    with:
-      image: immich-server
-      context: .
-      dockerfile: server/Dockerfile
-      dockerhub-push: ${{ github.event_name == 'release' }}
-      build-args: |
-        DEVICE=cpu
+          - image: immich-server
+            context: .
+            file: server/Dockerfile
+            platforms: linux/amd64,linux/arm64
+            device: cpu

-  success-check-server:
-    name: Docker Build & Push Server Success
-    needs: [server, retag_server]
-    permissions: {}
-    runs-on: ubuntu-latest
-    if: always()
    steps:
-      - uses: immich-app/devtools/actions/success-check@81113db03f6d743efee81e0058c0b43f6cd6f36d # success-check-action-v0.0.6
-        with:
-          needs: ${{ toJSON(needs) }}
+      - name: Checkout
+        uses: actions/checkout@v4

-  success-check-ml:
-    name: Docker Build & Push ML Success
-    needs: [machine-learning, retag_ml]
-    permissions: {}
-    runs-on: ubuntu-latest
-    if: always()
-    steps:
-      - uses: immich-app/devtools/actions/success-check@81113db03f6d743efee81e0058c0b43f6cd6f36d # success-check-action-v0.0.6
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3.0.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.3.0
+
+      - name: Login to Docker Hub
+        # Only push to Docker Hub when making a release
+        if: ${{ github.event_name == 'release' }}
+        uses: docker/login-action@v3
        with:
-          needs: ${{ toJSON(needs) }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        # Skip when PR from a fork
+        if: ${{ !github.event.pull_request.head.repo.fork }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate docker image tags
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          flavor: |
+            # Disable latest tag
+            latest=false
+          images: |
+            name=ghcr.io/${{ github.repository_owner }}/${{matrix.image}}
+            name=altran1502/${{matrix.image}},enable=${{ github.event_name == 'release' }}
+          tags: |
+            # Tag with branch name
+            type=ref,event=branch,suffix=${{ matrix.suffix }}
+            # Tag with pr-number
+            type=ref,event=pr,suffix=${{ matrix.suffix }}
+            # Tag with git tag on release
+            type=ref,event=tag,suffix=${{ matrix.suffix }}
+            type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }}
+
+      - name: Determine build cache output
+        id: cache-target
+        run: |
+          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            # Essentially just ignore the cache output (PR can't write to registry cache)
+            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
+          else
+            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ matrix.image }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build and push image
+        uses: docker/build-push-action@v5.3.0
+        with:
+          context: ${{ matrix.context }}
+          file: ${{ matrix.file }}
+          platforms: ${{ matrix.platforms }}
+          # Skip pushing when PR from a fork
+          push: ${{ !github.event.pull_request.head.repo.fork }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{matrix.image}}
+          cache-to: ${{ steps.cache-target.outputs.cache-to }}
+          build-args: |
+            DEVICE=${{ matrix.device }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
@@ -1,88 +0,0 @@
-name: Docs build
-on:
-  push:
-    branches: [main]
-  pull_request:
-  release:
-    types: [published]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions: {}
-
-jobs:
-  pre-job:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@91f342bb4477c4bc10c576ae739da875d85aa164 # pre-job-action-v2.0.4
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          filters: |
-            docs:
-              - 'docs/**'
-            open-api:
-              - 'open-api/immich-openapi-specs.json'
-          force-filters: |
-            - '.github/workflows/docs-build.yml'
-          force-events: 'release'
-          force-branches: 'main'
-
-  build:
-    name: Docs Build
-    needs: pre-job
-    permissions:
-      contents: read
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).docs == true }}
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./docs
-
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
-        with:
-          github_token: ${{ steps.token.outputs.token }}
-
-      - name: Run install
-        run: pnpm install
-
-      - name: Check formatting
-        run: pnpm format
-
-      - name: Run build
-        run: pnpm build
-
-      - name: Upload build output
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-        with:
-          name: docs-build-output
-          path: docs/build/
-          include-hidden-files: true
-          retention-days: 1
@@ -1,224 +0,0 @@
-name: Docs deploy
-on:
-  workflow_run: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
-    workflows: ['Docs build']
-    types:
-      - completed
-
-env:
-  TG_NON_INTERACTIVE: 'true'
-
-jobs:
-  checks:
-    name: Docs Deploy Checks
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      pull-requests: read
-    outputs:
-      parameters: ${{ steps.parameters.outputs.result }}
-      artifact: ${{ steps.get-artifact.outputs.result }}
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - if: ${{ github.event.workflow_run.conclusion != 'success' }}
-        run: echo 'The triggering workflow did not succeed' && exit 1
-      - name: Get artifact
-        id: get-artifact
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          script: |
-            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: context.payload.workflow_run.id,
-            });
-            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "docs-build-output"
-            })[0];
-            if (!matchArtifact) {
-              console.log("No artifact found with the name docs-build-output, build job was skipped")
-              return { found: false };
-            }
-            return { found: true, id: matchArtifact.id };
-      - name: Determine deploy parameters
-        id: parameters
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        env:
-          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          script: |
-            const eventType = context.payload.workflow_run.event;
-            const isFork = context.payload.workflow_run.repository.fork;
-
-            let parameters;
-
-            console.log({eventType, isFork});
-
-            if (eventType == "push") {
-              const branch = context.payload.workflow_run.head_branch;
-              console.log({branch});
-              const shouldDeploy = !isFork && branch == "main";
-              parameters = {
-                event: "branch",
-                name: "main",
-                shouldDeploy
-              };
-            } else if (eventType == "pull_request") {
-              let pull_number = context.payload.workflow_run.pull_requests[0]?.number;
-              if(!pull_number) {
-                const {HEAD_SHA} = process.env;
-                const response = await github.rest.search.issuesAndPullRequests({q: `repo:${{ github.repository }} is:pr sha:${HEAD_SHA}`,per_page: 1,})
-                const items = response.data.items
-                if (items.length < 1) {
-                  throw new Error("No pull request found for the commit")
-                }
-                const pullRequestNumber = items[0].number
-                console.info("Pull request number is", pullRequestNumber)
-                pull_number = pullRequestNumber
-              }
-              const {data: pr} = await github.rest.pulls.get({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                pull_number
-              });
-
-              console.log({pull_number});
-
-              parameters = {
-                event: "pr",
-                name: `pr-${pull_number}`,
-                pr_number: pull_number,
-                shouldDeploy: true
-              };
-            } else if (eventType == "release") {
-              parameters = {
-                event: "release",
-                name: context.payload.workflow_run.head_branch,
-                shouldDeploy: !isFork
-              };
-            }
-
-            console.log(parameters);
-            return parameters;
-
-  deploy:
-    name: Docs Deploy
-    runs-on: ubuntu-latest
-    needs: checks
-    permissions:
-      contents: read
-      actions: read
-      pull-requests: write
-    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
-        with:
-          github_token: ${{ steps.token.outputs.token }}
-
-      - name: Load parameters
-        id: parameters
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        env:
-          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          script: |
-            const parameters = JSON.parse(process.env.PARAM_JSON);
-            core.setOutput("event", parameters.event);
-            core.setOutput("name", parameters.name);
-            core.setOutput("shouldDeploy", parameters.shouldDeploy);
-
-      - name: Download artifact
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        env:
-          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          script: |
-            let artifact = JSON.parse(process.env.ARTIFACT_JSON);
-            let download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: artifact.id,
-               archive_format: 'zip',
-            });
-            let fs = require('fs');
-            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/docs-build-output.zip`, Buffer.from(download.data));
-
-      - name: Unzip artifact
-        run: unzip "${{ github.workspace }}/docs-build-output.zip" -d "${{ github.workspace }}/docs/build"
-
-      - name: Deploy Docs Subdomain
-        env:
-          TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
-          TF_VAR_prefix_event_type: ${{ steps.parameters.outputs.event }}
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs'
-        run: 'mise run //deployment:tf apply'
-
-      - name: Deploy Docs Subdomain Output
-        id: docs-output
-        env:
-          TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
-          TF_VAR_prefix_event_type: ${{ steps.parameters.outputs.event }}
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs'
-        run: |
-          mise run //deployment:tf output -- -json | jq -r '
-            "projectName=\(.pages_project_name.value)",
-            "subdomain=\(.immich_app_branch_subdomain.value)"
-          ' >> $GITHUB_OUTPUT
-
-      - name: Publish to Cloudflare Pages
-        working-directory: docs
-        env:
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          PROJECT_NAME: ${{ steps.docs-output.outputs.projectName }}
-          BRANCH_NAME: ${{ steps.parameters.outputs.name }}
-        run: mise run //docs:deploy
-
-      - name: Deploy Docs Release Domain
-        if: ${{ steps.parameters.outputs.event == 'release' }}
-        env:
-          TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs-release'
-        run: 'mise run //deployment:tf apply'
-
-      - name: Comment
-        uses: actions-cool/maintain-one-comment@909842216bc8e8658364c572ec52100f4c2cc50a # v3.3.0
-        if: ${{ steps.parameters.outputs.event == 'pr' }}
-        with:
-          token: ${{ steps.token.outputs.token }}
-          number: ${{ fromJson(needs.checks.outputs.parameters).pr_number }}
-          body: |
-            📖 Documentation deployed to [${{ steps.docs-output.outputs.subdomain }}](https://${{ steps.docs-output.outputs.subdomain }})
-          emojis: 'rocket'
-          body-include: '<!-- Docs PR URL -->'
@@ -1,52 +0,0 @@
-name: Docs destroy
-on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
-    types: [closed]
-
-permissions: {}
-
-env:
-  TG_NON_INTERACTIVE: 'true'
-
-jobs:
-  deploy:
-    name: Docs Destroy
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
-        with:
-          github_token: ${{ steps.token.outputs.token }}
-
-      - name: Destroy Docs Subdomain
-        env:
-          TF_VAR_prefix_name: 'pr-${{ github.event.number }}'
-          TF_VAR_prefix_event_type: 'pr'
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs'
-        run: 'mise run //deployment:tf destroy -- -refresh=false'
-
-      - name: Comment
-        uses: actions-cool/maintain-one-comment@909842216bc8e8658364c572ec52100f4c2cc50a # v3.3.0
-        with:
-          token: ${{ steps.token.outputs.token }}
-          number: ${{ github.event.number }}
-          delete: true
-          body-include: '<!-- Docs PR URL -->'
@@ -1,55 +0,0 @@
-name: Fix formatting
-
-on:
-  pull_request:
-    types: [labeled]
-
-permissions: {}
-
-jobs:
-  fix-formatting:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.label.name == 'fix:formatting' }}
-    permissions:
-      contents: write
-      pull-requests: write
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          ref: ${{ github.event.pull_request.head.ref }}
-          persist-credentials: true
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
-        with:
-          github_token: ${{ steps.token.outputs.token }}
-
-      - name: Fix formatting
-        run: pnpm --recursive install && pnpm run --recursive --if-present --parallel format:fix
-
-      - name: Commit and push
-        uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10.0.0
-        with:
-          default_author: github_actions
-          message: 'chore: fix formatting'
-
-      - name: Remove label
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        if: always()
-        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
-          script: |
-            github.rest.issues.removeLabel({
-              issue_number: context.payload.pull_request.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              name: 'fix:formatting'
-            })
@@ -1,128 +0,0 @@
-name: Merge translations
-
-on:
-  workflow_dispatch:
-  workflow_call:
-    secrets:
-      PUSH_O_MATIC_APP_CLIENT_ID:
-        required: true
-      PUSH_O_MATIC_APP_KEY:
-        required: true
-      WEBLATE_TOKEN:
-        required: true
-    inputs:
-      skip:
-        description: 'Skip translations'
-        required: false
-        type: boolean
-
-permissions: {}
-
-env:
-  WEBLATE_HOST: 'https://hosted.weblate.org'
-  WEBLATE_COMPONENT: 'immich/immich'
-
-jobs:
-  merge:
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Generate a token
-        id: generate_token
-        if: ${{ inputs.skip != true }}
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Find translation PR
-        id: find_pr
-        if: ${{ inputs.skip != true }}
-        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-        run: |
-          set -euo pipefail
-
-          PR=$(gh pr list --repo $GITHUB_REPOSITORY --author weblate --json number,mergeable)
-          echo "$PR"
-
-          PR_NUMBER=$(echo "$PR" | jq '
-            if length == 1 then
-              .[0].number
-            else
-              error("Expected exactly 1 entry, got \(length)")
-            end
-          ' 2>&1) || exit 1
-
-          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT
-          echo "Selected PR $PR_NUMBER"
-
-          if ! echo "$PR" | jq -e '.[0].mergeable == "MERGEABLE"'; then
-            echo "PR is not mergeable"
-            exit 1
-          fi
-
-      - name: Lock weblate
-        if: ${{ inputs.skip != true }}
-        env:
-          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-        run: |
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=true
-
-      - name: Commit translations
-        if: ${{ inputs.skip != true }}
-        env:
-          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-        run: |
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/repository/" -d operation=commit
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/repository/" -d operation=push
-
-      - name: Merge PR
-        id: merge_pr
-        if: ${{ inputs.skip != true }}
-        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
-        run: |
-          set -euo pipefail
-
-          REVIEW_ID=$(gh api -X POST "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" --field event='APPROVE' --field body='Automatically merging translations PR' \
-            | jq '.id')
-          echo "REVIEW_ID=$REVIEW_ID" >> $GITHUB_OUTPUT
-          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --auto --squash
-
-      - name: Wait for PR to merge
-        if: ${{ inputs.skip != true }}
-        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
-          REVIEW_ID: ${{ steps.merge_pr.outputs.REVIEW_ID }}
-        run: |
-          # So we clean up no matter what
-          set +e
-
-          for i in {1..100}; do
-            if gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json state | jq -e '.state == "MERGED"'; then
-              echo "PR merged"
-              exit 0
-            else
-              echo "PR not merged yet, waiting..."
-              sleep 6
-            fi
-          done
-          echo "PR did not merge in time"
-          gh api -X PUT "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews/$REVIEW_ID/dismissals" --field message='Merge attempt timed out' --field event='DISMISS'
-          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --disable-auto
-          exit 1
-
-      - name: Unlock weblate
-        if: ${{ inputs.skip != true }}
-        env:
-          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-        run: |
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=false
-
-      - name: Report success
-        run: |
-          echo "Workflow completed successfully (or was skipped)"
@@ -1,12 +0,0 @@
-name: PR Conventional Commit
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, edited]
-
-jobs:
-  validate-pr-title:
-    name: Validate PR Title (conventional commit)
-    uses: immich-app/devtools/.github/workflows/shared-pr-require-conventional-commit.yml@main
-    permissions:
-      pull-requests: write
@@ -1,15 +0,0 @@
-name: Zizmor
-
-on:
-  pull_request:
-  push:
-    branches: [main]
-
-jobs:
-  zizmor:
-    name: Zizmor
-    uses: immich-app/devtools/.github/workflows/shared-zizmor.yml@main
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
@@ -1,31 +0,0 @@
-name: PR Label Validation
-
-on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
-    types: [opened, labeled, unlabeled, synchronize]
-
-permissions: {}
-
-jobs:
-  validate-release-label:
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Require PR to have a changelog label
-        uses: mheap/github-action-required-labels@0ac283b4e65c1fb28ce6079dea5546ceca98ccbe # v5.5.2
-        with:
-          token: ${{ steps.token.outputs.token }}
-          mode: exactly
-          count: 1
-          use_regex: true
-          labels: 'changelog:.*'
-          add_comment: true
-          message: 'Label error. Requires {{errorString}} {{count}} of: {{ provided }}. Found: {{ applied }}. A maintainer will add the required label.'
@@ -1,22 +0,0 @@
-name: 'Pull Request Labeler'
-on:
-  - pull_request_target # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
-
-permissions: {}
-
-jobs:
-  labeler:
-    permissions:
-      contents: read
-      pull-requests: write
-    runs-on: ubuntu-latest
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6.1.0
-        with:
-          repo-token: ${{ steps.token.outputs.token }}
@@ -0,0 +1,13 @@
+name: Enforce PR labels
+
+on:
+  pull_request:
+    types: [labeled, unlabeled, opened, edited, synchronize]
+jobs:
+  enforce-label:
+    name: Enforce label
+    runs-on: ubuntu-latest
+    steps:
+    - if: toJson(github.event.pull_request.labels) == '[]'
+      run: exit 1
+
@@ -10,143 +10,78 @@ on:
        type: choice
        options:
          - 'false'
-          - major
          - minor
          - patch
      mobileBump:
        description: 'Bump mobile build number'
        required: false
        type: boolean
-      skipTranslations:
-        description: 'Skip translations'
-        required: false
-        type: boolean

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-root
  cancel-in-progress: true

-permissions: {}
-
 jobs:
-  merge_translations:
-    uses: ./.github/workflows/merge-translations.yml
-    with:
-      skip: ${{ inputs.skipTranslations }}
-    permissions:
-      pull-requests: write
-    secrets:
-      PUSH_O_MATIC_APP_CLIENT_ID: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-      PUSH_O_MATIC_APP_KEY: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-      WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-
  bump_version:
    runs-on: ubuntu-latest
-    needs: [merge_translations]
+
    outputs:
      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
-      version: ${{ steps.output.outputs.version }}
-    permissions: {} # No job-level permissions are needed because it uses the app-token
+
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+      - name: Checkout
+        uses: actions/checkout@v4
        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+          token: ${{ secrets.ORG_RELEASE_TOKEN }}

-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          token: ${{ steps.token.outputs.token }}
-          persist-credentials: true
-          ref: main
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
-        with:
-          github_token: ${{ steps.token.outputs.token }}
-
-      # TODO move to mise
-      - name: Install uv
-        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
+      - name: Install Poetry
+        run: pipx install poetry

      - name: Bump version
-        env:
-          SERVER_BUMP: ${{ inputs.serverBump }}
-          MOBILE_BUMP: ${{ inputs.mobileBump }}
-        run: misc/release/pump-version.sh -s "${SERVER_BUMP}" -m "${MOBILE_BUMP}"
-
-      - id: output
-        run: echo "version=$IMMICH_VERSION" >> $GITHUB_OUTPUT
+        run: misc/release/pump-version.sh -s "${{ inputs.serverBump }}" -m "${{ inputs.mobileBump }}"

      - name: Commit and tag
        id: push-tag
-        uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10.0.0
+        uses: EndBug/add-and-commit@v9
        with:
-          default_author: github_actions
-          message: 'chore: version ${{ steps.output.outputs.version }}'
-          tag: ${{ steps.output.outputs.version }}
+          author_name: Alex The Bot
+          author_email: alex.tran1502@gmail.com
+          default_author: user_info
+          message: 'Version ${{ env.IMMICH_VERSION }}'
+          tag: ${{ env.IMMICH_VERSION }}
          push: true

  build_mobile:
    uses: ./.github/workflows/build-mobile.yml
    needs: bump_version
-    permissions:
-      contents: read
-    secrets:
-      KEY_JKS: ${{ secrets.KEY_JKS }}
-      ALIAS: ${{ secrets.ALIAS }}
-      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
-      ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
-      # iOS secrets
-      APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
-      APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
-      APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
-      IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
-      IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-      FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}
-
+    secrets: inherit
    with:
      ref: ${{ needs.bump_version.outputs.ref }}
-      environment: production

  prepare_release:
    runs-on: ubuntu-latest
-    needs: [build_mobile, bump_version]
-    permissions:
-      actions: read # To download the app artifact
-      # No content permissions are needed because it uses the app-token
-    steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+    needs: build_mobile

+    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v4
        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          persist-credentials: false
+          token: ${{ secrets.ORG_RELEASE_TOKEN }}

      - name: Download APK
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        uses: actions/download-artifact@v4
        with:
          name: release-apk-signed
-          github-token: ${{ steps.generate-token.outputs.token }}

      - name: Create draft release
-        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2
+        uses: softprops/action-gh-release@v2
        with:
          draft: true
-          tag_name: ${{ needs.bump_version.outputs.version }}
-          token: ${{ steps.generate-token.outputs.token }}
+          tag_name: ${{ env.IMMICH_VERSION }}
          generate_release_notes: true
          body_path: misc/release/notes.tmpl
          files: |
            docker/docker-compose.yml
-            docker/docker-compose.rootless.yml
            docker/example.env
            docker/hwaccel.ml.yml
            docker/hwaccel.transcoding.yml
@@ -1,63 +0,0 @@
-name: Preview label
-
-on:
-  pull_request:
-    types: [labeled, closed]
-
-permissions: {}
-
-jobs:
-  comment-status:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.action == 'labeled' && github.event.label.name == 'preview' }}
-    permissions:
-      pull-requests: write
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: mshick/add-pr-comment@8e4927817251f1ff60c001f04568532b38e0b4a0 # v3.11.0
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          message-id: 'preview-status'
-          message: 'Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.build/'
-
-  remove-label:
-    runs-on: ubuntu-latest
-    if: ${{ (github.event.action == 'closed' || github.event.pull_request.head.repo.fork) && contains(github.event.pull_request.labels.*.name, 'preview') }}
-    permissions:
-      pull-requests: write
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          script: |
-            github.rest.issues.removeLabel({
-              issue_number: context.payload.pull_request.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              name: 'preview'
-            })
-
-      - uses: mshick/add-pr-comment@8e4927817251f1ff60c001f04568532b38e0b4a0 # v3.11.0
-        if: ${{ github.event.pull_request.head.repo.fork }}
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          message-id: 'preview-status'
-          message: 'PRs from forks cannot have preview environments.'
-
-      - uses: mshick/add-pr-comment@8e4927817251f1ff60c001f04568532b38e0b4a0 # v3.11.0
-        if: ${{ !github.event.pull_request.head.repo.fork }}
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          message-id: 'preview-status'
-          message: 'Preview environment has been removed.'
@@ -4,39 +4,28 @@ on:
  release:
    types: [published]

-permissions: {}
+permissions:
+  packages: write

 jobs:
  publish:
    name: Publish `@immich/sdk`
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
+    defaults:
+      run:
+        working-directory: ./open-api/typescript-sdk
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
+      - uses: actions/checkout@v4
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v4
        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
-        with:
-          github_token: ${{ steps.token.outputs.token }}
-
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
      - name: Install deps
-        run: pnpm --filter @immich/sdk install --frozen-lockfile
-
+        run: npm ci
      - name: Build
-        run: pnpm --filter @immich/sdk build
-
+        run: npm run build
      - name: Publish
-        run: pnpm --filter @immich/sdk publish --provenance --no-git-checks
+        run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -9,106 +9,35 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions: {}
-
 jobs:
-  pre-job:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@91f342bb4477c4bc10c576ae739da875d85aa164 # pre-job-action-v2.0.4
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          filters: |
-            mobile:
-              - 'mobile/**'
-          force-filters: |
-            - '.github/workflows/static_analysis.yml'
-          force-events: 'workflow_dispatch,release'
-
  mobile-dart-analyze:
    name: Run Dart Code Analysis
-    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    defaults:
-      run:
-        working-directory: ./mobile
+
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
+        uses: actions/checkout@v4

-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cf6e190bacde3d7bda59372a786b36ac7d01536a # use-mise-action-v2.0.1
+      - name: Setup Flutter SDK
+        uses: subosito/flutter-action@v2
        with:
-          github_token: ${{ steps.token.outputs.token }}
+          channel: "stable"
+          flutter-version: "3.19.3"

      - name: Install dependencies
-        run: flutter pub get
+        run: dart pub get
+        working-directory: ./mobile

-      - name: Install dependencies for UI package
-        run: flutter pub get
-        working-directory: ./mobile/packages/ui
+      - name: Run dart analyze
+        run: dart analyze --fatal-infos
+        working-directory: ./mobile

-      - name: Install dependencies for UI Showcase
-        run: flutter pub get
-        working-directory: ./mobile/packages/ui/showcase
+      - name: Run dart format
+        run: dart format lib/ --set-exit-if-changed
+        working-directory: ./mobile

-      - name: Generate translation files
-        run: mise //mobile:codegen:translation
-
-      - name: Run Build Runner
-        run: mise //mobile:codegen:dart
-
-      - name: Generate platform API
-        run: mise //mobile:codegen:pigeon
-
-      - name: Find file changes
-        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
-        id: verify-changed-files
-        with:
-          files: |
-            mobile/**/*.g.dart
-            mobile/**/*.gr.dart
-            mobile/**/*.drift.dart
-
-      - name: Verify files have not changed
-        if: steps.verify-changed-files.outputs.files_changed == 'true'
-        env:
-          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
-        run: |
-          echo "ERROR: Generated files not up to date! Run 'mise //mobile:codegen:dart' and 'mise //mobile:codegen:pigeon'"
-          echo "Changed files: ${CHANGED_FILES}"
-          exit 1
-
-      - name: Run analyze
-        run: mise //mobile:analyze
-
-      - name: Run format
-        run: mise //mobile:format
-
-      # TODO: Re-enable after upgrading custom_lint
-      # - name: Run dart custom_lint
+      # Enable after riverpod generator migration is completed
+      # - name: Run dart custom lint
      #   run: dart run custom_lint
+      #   working-directory: ./mobile
@@ -1,73 +0,0 @@
-name: Weblate checks
-
-on:
-  pull_request:
-    branches: [main]
-    types:
-      - opened
-      - synchronize
-      - ready_for_review
-      - auto_merge_enabled
-      - auto_merge_disabled
-
-permissions: {}
-
-env:
-  BOT_NAME: immich-push-o-matic
-
-jobs:
-  pre-job:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@91f342bb4477c4bc10c576ae739da875d85aa164 # pre-job-action-v2.0.4
-        with:
-          github-token: ${{ steps.token.outputs.token }}
-          filters: |
-            i18n:
-              - modified: 'i18n/!(en)**\.json'
-          skip-force-logic: 'true'
-
-  enforce-lock:
-    name: Check Weblate Lock
-    needs: [pre-job]
-    runs-on: ubuntu-latest
-    permissions: {}
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
-    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
-        with:
-          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Bot review status
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number || github.event.pull_request_review.pull_request.number }}
-          GH_TOKEN: ${{ steps.token.outputs.token }}
-        run: |
-          # Then check for APPROVED by the bot, if absent fail
-          gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json reviews | jq -e '.reviews | map(select(.author.login == env.BOT_NAME and .state == "APPROVED")) | length > 0' \
-            || (echo "The push-o-matic bot has not approved this PR yet" && exit 1)
-
-  success-check-lock:
-    name: Weblate Lock Check Success
-    needs: [enforce-lock]
-    runs-on: ubuntu-latest
-    permissions: {}
-    if: always()
-    steps:
-      - uses: immich-app/devtools/actions/success-check@81113db03f6d743efee81e0058c0b43f6cd6f36d # success-check-action-v0.0.6
-        with:
-          needs: ${{ toJSON(needs) }}
@@ -3,7 +3,6 @@
 .DS_Store
 .vscode/*
 !.vscode/launch.json
-!.vscode/extensions.json
 .idea

 docker/upload
@@ -15,18 +14,7 @@ mobile/gradle.properties
 mobile/openapi/pubspec.lock
 mobile/*.jks
 mobile/libisar.dylib
-mobile/openapi/test
-mobile/openapi/doc
-mobile/openapi/.openapi-generator/FILES
-mobile/ios/build

-packages/**/build
+open-api/typescript-sdk/build
 mobile/android/fastlane/report.xml
-mobile/ios/fastlane/report.xml
-
-vite.config.js.timestamp-*
-.pnpm-store
-.devcontainer/library
-.devcontainer/.env*
-*.tsbuildinfo
-*.tsbuildInfo
+mobile/ios/fastlane/report.xml
@@ -1,3 +1,6 @@
-[submodule "e2e/test-assets"]
+[submodule "mobile/.isar"]
+	path = mobile/.isar
+	url = https://github.com/isar/isar
+[submodule "server/test/assets"]
 	path = e2e/test-assets
 	url = https://github.com/immich-app/test-assets
@@ -1 +0,0 @@
-24.15.0
@@ -1,24 +0,0 @@
-module.exports = {
-  hooks: {
-    readPackage: (pkg) => {
-      if (!pkg.name) {
-        return pkg;
-      }
-      // make exiftool-vendored.pl a regular dependency since Docker prod
-      // images build with --no-optional to reduce image size
-      if (pkg.name === "exiftool-vendored") {
-        const binaryPackage =
-          process.platform === "win32"
-            ? "exiftool-vendored.exe"
-            : "exiftool-vendored.pl";
-
-        if (pkg.optionalDependencies[binaryPackage]) {
-          pkg.dependencies[binaryPackage] =
-            pkg.optionalDependencies[binaryPackage];
-          delete pkg.optionalDependencies[binaryPackage];
-        }
-      }
-      return pkg;
-    },
-  },
-};
@@ -1,5 +0,0 @@
-{
-  "jsonRecursiveSort": true,
-  "jsonSortOrder": "{\"/.*/\": \"lexical\"}",
-  "plugins": ["prettier-plugin-sort-json"]
-}
@@ -1,17 +0,0 @@
-{
-  "recommendations": [
-    "esbenp.prettier-vscode",
-    "svelte.svelte-vscode",
-    "dbaeumer.vscode-eslint",
-    "dart-code.flutter",
-    "dart-code.dart-code",
-    "dcmdev.dcm-vscode-extension",
-    "bradlc.vscode-tailwindcss",
-    "ms-playwright.playwright",
-    "vitest.explorer",
-    "editorconfig.editorconfig",
-    "foxundermoon.shell-format",
-    "timonwong.shellcheck",
-    "bluebrown.yamlfmt"
-  ]
-}
@@ -5,35 +5,19 @@
      "type": "node",
      "request": "attach",
      "restart": true,
-      "port": 9231,
-      "name": "Immich API Server",
-      "remoteRoot": "/usr/src/app/server",
+      "port": 9230,
+      "name": "Immich Server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    },
    {
      "type": "node",
      "request": "attach",
      "restart": true,
-      "port": 9230,
-      "name": "Immich Workers",
-      "remoteRoot": "/usr/src/app/server",
+      "port": 9231,
+      "name": "Immich Microservices",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
-    },
-    {
-      "type": "node",
-      "request": "launch",
-      "name": "Immich CLI",
-      "program": "${workspaceFolder}/packages/cli/dist/index.js",
-      "args": ["upload", "--help"],
-      "runtimeArgs": ["--enable-source-maps"],
-      "console": "integratedTerminal",
-      "resolveSourceMapLocations": [
-        "${workspaceFolder}/packages/cli/dist/**/*.js.map"
-      ],
-      "sourceMaps": true,
-      "outFiles": ["${workspaceFolder}/packages/cli/dist/**/*.js"],
-      "skipFiles": ["<node_internals>/**"],
-      "preLaunchTask": "Build @immich/cli"
    }
  ]
 }
@@ -1,78 +1,34 @@
 {
-  "[css]": {
+  "editor.formatOnSave": true,
+  "[javascript][typescript][css]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
+    "editor.tabSize": 2,
    "editor.formatOnSave": true
  },
+  "[svelte]": {
+    "editor.defaultFormatter": "svelte.svelte-vscode",
+    "editor.tabSize": 2
+  },
+  "svelte.enable-ts-plugin": true,
+  "eslint.validate": [
+    "javascript",
+    "svelte"
+  ],
+  "typescript.preferences.importModuleSpecifier": "non-relative",
  "[dart]": {
-    "editor.defaultFormatter": "Dart-Code.dart-code",
    "editor.formatOnSave": true,
    "editor.selectionHighlight": false,
    "editor.suggest.snippetsPreventQuickSuggestions": false,
    "editor.suggestSelection": "first",
    "editor.tabCompletion": "onlySnippets",
-    "editor.wordBasedSuggestions": "off"
+    "editor.wordBasedSuggestions": "off",
+    "editor.defaultFormatter": "Dart-Code.dart-code"
  },
-  "[javascript]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true
-  },
-  "[json]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true
-  },
-  "[jsonc]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true
-  },
-  "[svelte]": {
-    "editor.defaultFormatter": "svelte.svelte-vscode",
-    "editor.formatOnSave": true,
-    "tailwindCSS.lint.suggestCanonicalClasses": "ignore"
-  },
-  "svelte.plugin.svelte.compilerWarnings": {
-    "state_referenced_locally": "ignore"
-  },
-  "[typescript]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.formatOnSave": true
-  },
-  "cSpell.words": ["immich"],
-  "css.lint.unknownAtRules": "ignore",
-  "editor.bracketPairColorization.enabled": true,
-  "editor.formatOnSave": true,
-  "eslint.useFlatConfig": true,
-  "eslint.validate": ["javascript", "typescript", "svelte"],
-  "eslint.workingDirectories": [
-    { "directory": "cli", "changeProcessCWD": true },
-    { "directory": "e2e", "changeProcessCWD": true },
-    { "directory": "server", "changeProcessCWD": true },
-    { "directory": "web", "changeProcessCWD": true }
+  "cSpell.words": [
+    "immich"
  ],
-  "files.watcherExclude": {
-    "**/.jj/**": true,
-    "**/.git/**": true,
-    "**/node_modules/**": true,
-    "**/build/**": true,
-    "**/dist/**": true,
-    "**/.svelte-kit/**": true
-  },
  "explorer.fileNesting.enabled": true,
  "explorer.fileNesting.patterns": {
-    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
-    "*.ts": "${capture}.spec.ts,${capture}.mock.ts",
-    "package.json": "package-lock.json, yarn.lock, pnpm-lock.yaml, bun.lockb, bun.lock, pnpm-workspace.yaml, .pnpmfile.cjs"
-  },
-  "search.exclude": {
-    "**/node_modules": true,
-    "**/build": true,
-    "**/dist": true,
-    "**/.svelte-kit": true,
-    "**/open-api/typescript-sdk/src": true
-  },
-  "svelte.enable-ts-plugin": true,
-  "tailwindCSS.experimental.configFile": {
-    "web/src/app.css": "web/src/**"
-  },
-  "js/ts.preferences.importModuleSpecifier": "non-relative",
-  "vitest.maximumConfigs": 10
-}
+    "*.ts": "${capture}.spec.ts,${capture}.mock.ts"
+  }
+}
@@ -1,7 +1,5 @@
 /.github/ @bo0tzz
 /docker/ @bo0tzz
 /server/ @danieldietzler
-/web/ @danieldietzler
 /machine-learning/ @mertalev
 /e2e/ @danieldietzler
-/mobile/ @shenlong-tanwen
@@ -131,4 +131,4 @@ conduct enforcement ladder](https://github.com/mozilla/diversity).

 For answers to common questions about this code of conduct, see the
 FAQ at https://www.contributor-covenant.org/faq. Translations are
-available at https://www.contributor-covenant.org/translations.
+available at https://www.contributor-covenant.org/translations.
@@ -1,45 +0,0 @@
-# Contributing to Immich
-
-We appreciate every contribution, and we're happy about every new contributor. So please feel invited to help make Immich a better product!
-
-## Getting started
-
-To get you started quickly we have detailed guides for the dev setup on our [website](https://docs.immich.app/developer/setup). If you prefer, you can also use [Devcontainers](https://docs.immich.app/developer/devcontainers).
-There are also additional resources about Immich's architecture, database migrations, the use of OpenAPI, and more in our [developer documentation](https://docs.immich.app/developer/architecture).
-
-## General
-
-Please try to keep pull requests as focused as possible. A PR should do exactly one thing and not bleed into other, unrelated areas. The smaller a PR, the fewer changes are likely needed, and the quicker it will likely be merged. For larger/more impactful PRs, please reach out to us first to discuss your plans. The best way to do this is through our [Discord](https://discord.immich.app). We have a dedicated `#contributing` channel there. Additionally, please fill out the entire template when opening a PR.
-
-## Finding work
-
-If you are looking for something to work on, there are discussions and issues with a `good-first-issue` label on them. These are always a good starting point. If none of them sound interesting or fit your skill set, feel free to reach out on our Discord. We're happy to help you find something to work on!
-
-We usually do not assign issues to new contributors, since it happens often that a PR is never even opened. Again, reach out on Discord if you fear putting a lot of time into fixing an issue, but ending up with a duplicate PR.
-
-## Use of generative AI
-
-We ask you not to open PRs generated with an LLM. We find that code generated like this tends to need a large amount of back-and-forth, which is a very inefficient use of our time. If we want LLM-generated code, it's much faster for us to use an LLM ourselves than to go through an intermediary via a pull request.
-
-## Feature freezes
-
-From time to time, we put a feature freeze on parts of the codebase. For us, this means we won't accept most PRs that make changes in that area. Exempted from this are simple bug fixes that require only minor changes. We will close feature PRs that target a feature-frozen area, even if that feature is highly requested and you put a lot of work into it. Please keep that in mind, and if you're ever uncertain if a PR would be accepted, reach out to us first (e.g., in the aforementioned `#contributing` channel). We hate to throw away work. Currently, we have feature freezes on:
-
- Sharing/Asset ownership
- (External) libraries
-
-## Non-code contributions
-
-If you want to contribute to Immich but you don't feel comfortable programming in our tech stack, there are other ways you can help the team.
-
-### Translations
-
-All our translations are done through [Weblate](https://hosted.weblate.org/projects/immich). These rely entirely on the community; if you speak a language that isn't fully translated yet, submitting translations there is greatly appreciated!
-
-### Datasets
-
-Help us improve our [Immich Datasets](https://datasets.immich.app) by submitting photos and videos taken from a variety of devices, including smartphones, DSLRs, and action cameras, as well as photos with unique features, such as panoramas, burst photos, and photo spheres. These datasets will be publically available for anyone to use, do not submit private/sensitive photos.
-
-### Community support
-
-If you like helping others, answering Q&A discussions here on GitHub and replying to people on our Discord is also always appreciated.
@@ -1,67 +1,43 @@
 dev:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans || make dev-down

 dev-down:
 	docker compose -f ./docker/docker-compose.dev.yml down --remove-orphans

 dev-update:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans

 dev-scale:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --scale immich-server=3 --remove-orphans
+	docker compose -f ./docker/docker-compose.dev.yml up --build -V  --scale immich-server=3 --remove-orphans

-dev-docs:
-	npm --prefix docs run start
+stage:
+	docker compose -f ./docker/docker-compose.staging.yml up --build -V --remove-orphans
+
+pull-stage:
+	docker compose -f ./docker/docker-compose.staging.yml pull

 .PHONY: e2e
 e2e:
-	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --remove-orphans
-
-e2e-dev:
-	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.dev.yml up --remove-orphans
-
-e2e-update:
-	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
-
-e2e-down:
-	docker compose -f ./e2e/docker-compose.yml down --remove-orphans
+	docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans

 prod:
-	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
-
-prod-down:
-	docker compose -f ./docker/docker-compose.prod.yml down --remove-orphans
+	docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans

 prod-scale:
-	@trap 'make prod-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
+	docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans

 .PHONY: open-api
 open-api:
-	@printf "This command has been removed. Please use:\n\n    mise open-api          # or mise //:open-api from another directory\n\n"\n\n >&2 && exit 1
+	cd ./open-api && bash ./bin/generate-open-api.sh
+
+open-api-dart:
+	cd ./open-api && bash ./bin/generate-open-api.sh dart
+
+open-api-typescript:
+	cd ./open-api && bash ./bin/generate-open-api.sh typescript

 sql:
-	@printf "This command has been removed. Please use:\n\n    mise sql               # or mise //:sql from another directory\n\n"\n\n >&2 && exit 1
+	npm --prefix server run sql:generate

-
-renovate:
-  LOG_LEVEL=debug pnpm exec renovate --platform=local --repository-cache=reset
-
-# Include .env file if it exists
-include docker/.env
-
-MODULES = e2e server web cli sdk docs .github
-
-test-e2e:
-	docker compose -f ./e2e/docker-compose.yml build
-	pnpm --filter immich-e2e run test
-	pnpm --filter immich-e2e run test:web
-
-clean:
-	find . -name "node_modules" -type d -prune -exec rm -rf {} +
-	find . -name "dist" -type d -prune -exec rm -rf '{}' +
-	find . -name "build" -type d -prune -exec rm -rf '{}' +
-	find . -name ".svelte-kit" -type d -prune -exec rm -rf '{}' +
-	find . -name "coverage" -type d -prune -exec rm -rf '{}' +
-	find . -name ".pnpm-store" -type d -prune -exec rm -rf '{}' +
-	command -v docker >/dev/null 2>&1 && docker compose -f ./docker/docker-compose.dev.yml down -v --remove-orphans || true
-	command -v docker >/dev/null 2>&1 && docker compose -f ./e2e/docker-compose.yml down -v --remove-orphans || true
+attach-server:
+	docker exec -it docker_immich-server_1 sh
@@ -1,11 +1,11 @@
 <p align="center"> 
-  <br/>
+  <br/>  
  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
-  <a href="https://discord.immich.app">
+  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" alt="Discord"/>
  </a>
-  <br/>
-  <br/>
+  <br/>  
+  <br/>   
 </p>

 <p align="center">
@@ -17,8 +17,8 @@
 <img src="design/immich-screenshots.png" title="Main Screenshot">
 </a>
 <br/>
-
 <p align="center">
+
  <a href="readme_i18n/README_ca_ES.md">Català</a>
  <a href="readme_i18n/README_es_ES.md">Español</a>
  <a href="readme_i18n/README_fr_FR.md">Français</a>
@@ -28,51 +28,58 @@
  <a href="readme_i18n/README_de_DE.md">Deutsch</a>
  <a href="readme_i18n/README_nl_NL.md">Nederlands</a>
  <a href="readme_i18n/README_tr_TR.md">Türkçe</a>
-  <a href="readme_i18n/README_zh_CN.md">简体中文</a>
-  <a href="readme_i18n/README_zh_TW.md">正體中文</a>
-  <a href="readme_i18n/README_uk_UA.md">Українська</a>
+  <a href="readme_i18n/README_zh_CN.md">中文</a>
  <a href="readme_i18n/README_ru_RU.md">Русский</a>
  <a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
-  <a href="readme_i18n/README_sv_SE.md">Svenska</a>
  <a href="readme_i18n/README_ar_JO.md">العربية</a>
-  <a href="readme_i18n/README_vi_VN.md">Tiếng Việt</a>
-  <a href="readme_i18n/README_th_TH.md">ภาษาไทย</a>
 </p>

+## Disclaimer

-> [!WARNING]
-> ⚠️ Always follow [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) backup plan for your precious photos and videos!
-> 
- 
+- ⚠️ The project is under **very active** development.
+- ⚠️ Expect bugs and breaking changes.
+- ⚠️ **Do not use the app as the only way to store your photos and videos.**
+- ⚠️ Always follow [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) backup plan for your precious photos and videos!

-> [!NOTE]
-> You can find the main documentation, including installation guides, at https://immich.app/.
+## Content

-## Links
-
- [Documentation](https://docs.immich.app/)
- [About](https://docs.immich.app/overview/introduction)
- [Installation](https://docs.immich.app/install/requirements)
- [Roadmap](https://immich.app/roadmap)
+- [Official Documentation](https://immich.app/docs)
+- [Roadmap](https://github.com/orgs/immich-app/projects/1)
 - [Demo](#demo)
 - [Features](#features)
- [Translations](https://docs.immich.app/developer/translations)
- [Contributing](https://docs.immich.app/overview/support-the-project)
+- [Introduction](https://immich.app/docs/overview/introduction)
+- [Installation](https://immich.app/docs/install/requirements)
+- [Contribution Guidelines](https://immich.app/docs/overview/support-the-project)
+
+## Documentation
+
+You can find the main documentation, including installation guides, at https://immich.app/.

 ## Demo

-Access the demo [here](https://demo.immich.app). For the mobile app, you can use `https://demo.immich.app` for the `Server Endpoint URL`.
+You can access the web demo at https://demo.immich.app

-### Login credentials
+For the mobile app, you can use `https://demo.immich.app/api` for the `Server Endpoint URL`

-| Email           | Password |
-| --------------- | -------- |
-| demo@immich.app | demo     |
+```bash title="Demo Credential"
+The credential
+email: demo@immich.app
+password: demo
+```
+
+```
+Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
+```
+
+## Activities
+
+![Activities](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Repobeats analytics image")

 ## Features

+
 | Features                                     | Mobile | Web |
-| :------------------------------------------- | ------ | --- |
+| :--------------------------------------------- | -------- | ----- |
 | Upload and view videos and photos            | Yes    | Yes |
 | Auto backup when the app is opened           | Yes    | N/A |
 | Prevent duplication of assets                | Yes    | Yes |
@@ -92,7 +99,7 @@ Access the demo [here](https://demo.immich.app). For the mobile app, you can use
 | LivePhoto/MotionPhoto backup and playback    | Yes    | Yes |
 | Support 360 degree image display             | No     | Yes |
 | User-defined storage structure               | Yes    | Yes |
-| Public Sharing                               | Yes    | Yes |
+| Public Sharing                               | No     | Yes |
 | Archive and Favorites                        | Yes    | Yes |
 | Global Map                                   | Yes    | Yes |
 | Partner Sharing                              | Yes    | Yes |
@@ -101,33 +108,19 @@ Access the demo [here](https://demo.immich.app). For the mobile app, you can use
 | Offline support                              | Yes    | No  |
 | Read-only gallery                            | Yes    | Yes |
 | Stacked Photos                               | Yes    | Yes |
-| Tags                                         | No     | Yes |
-| Folder View                                  | Yes    | Yes |
-
-## Translations
-
-Read more about translations [here](https://docs.immich.app/developer/translations).
-
-<a href="https://hosted.weblate.org/engage/immich/">
-<img src="https://hosted.weblate.org/widget/immich/immich/multi-auto.svg" alt="Translation status" />
-</a>
-
-## Repository activity
-
-![Activities](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Repobeats analytics image")
-
-## Star history
-
-<a href="https://star-history.com/#immich-app/immich&type=date&legend=top-left">
- <picture>
-   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=date&theme=dark" />
-   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=date" />
-   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=immich-app/immich&type=date" width="100%" />
- </picture>
-</a>

 ## Contributors

-<a href="https://github.com/immich-app/immich/graphs/contributors">
+<a href="https://github.com/alextran1502/immich/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=immich-app/immich" width="100%"/>
 </a>
+
+## Star History
+
+<a href="https://star-history.com/#immich-app/immich&Date">
+ <picture>
+   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=Date&theme=dark" />
+   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" />
+   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" width="100%" />
+ </picture>
+</a>
@@ -2,4 +2,4 @@

 ## Reporting a Vulnerability

-Please report security issues to `security@immich.app`
+Please report security issues to `alex.tran1502@gmail.com`
@@ -0,0 +1 @@
+/dist
@@ -0,0 +1,28 @@
+module.exports = {
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    project: 'tsconfig.json',
+    sourceType: 'module',
+    tsconfigRootDir: __dirname,
+  },
+  plugins: ['@typescript-eslint/eslint-plugin'],
+  extends: ['plugin:@typescript-eslint/recommended', 'plugin:prettier/recommended', 'plugin:unicorn/recommended'],
+  root: true,
+  env: {
+    node: true,
+  },
+  ignorePatterns: ['.eslintrc.js'],
+  rules: {
+    '@typescript-eslint/interface-name-prefix': 'off',
+    '@typescript-eslint/explicit-function-return-type': 'off',
+    '@typescript-eslint/explicit-module-boundary-types': 'off',
+    '@typescript-eslint/no-explicit-any': 'off',
+    '@typescript-eslint/no-floating-promises': 'error',
+    'unicorn/prefer-module': 'off',
+    'unicorn/prevent-abbreviations': 'off',
+    'unicorn/no-process-exit': 'off',
+    'unicorn/import-style': 'off',
+    curly: 2,
+    'prettier/prettier': 0,
+  },
+};
@@ -0,0 +1 @@
+20.13
@@ -0,0 +1,19 @@
+FROM node:20-alpine3.19@sha256:291e84d956f1aff38454bbd3da38941461ad569a185c20aa289f71f37ea08e23 as core
+
+WORKDIR /usr/src/open-api/typescript-sdk
+COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
+RUN npm ci
+COPY open-api/typescript-sdk/ ./
+RUN npm run build
+
+WORKDIR /usr/src/app
+
+COPY cli/package.json cli/package-lock.json ./
+RUN npm ci
+
+COPY cli .
+RUN npm run build
+
+WORKDIR /import
+
+ENTRYPOINT ["node", "/usr/src/app/dist"]
@@ -0,0 +1,19 @@
+A command-line interface for interfacing with the self-hosted photo manager [Immich](https://immich.app/).
+
+Please see the [Immich CLI documentation](https://immich.app/docs/features/command-line-interface).
+
+# For developers
+
+To run the Immich CLI from source, run the following in the cli folder:
+
+    $ npm run build
+    $ ts-node .
+
+You'll need ts-node, the easiest way to install it is to use npm:
+
+    $ npm i -g ts-node
+
+You can also build and install the CLI using
+
+    $ npm run build
+    $ npm install -g .
@@ -0,0 +1,67 @@
+{
+  "name": "@immich/cli",
+  "version": "2.2.0",
+  "description": "Command Line Interface (CLI) for Immich",
+  "type": "module",
+  "exports": "./dist/index.js",
+  "bin": {
+    "immich": "dist/index.js"
+  },
+  "license": "GNU Affero General Public License version 3",
+  "keywords": [
+    "immich",
+    "cli"
+  ],
+  "devDependencies": {
+    "@immich/sdk": "file:../open-api/typescript-sdk",
+    "@types/byte-size": "^8.1.0",
+    "@types/cli-progress": "^3.11.0",
+    "@types/lodash-es": "^4.17.12",
+    "@types/mock-fs": "^4.13.1",
+    "@types/node": "^20.3.1",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
+    "@typescript-eslint/parser": "^7.0.0",
+    "@vitest/coverage-v8": "^1.2.2",
+    "byte-size": "^8.1.1",
+    "cli-progress": "^3.12.0",
+    "commander": "^12.0.0",
+    "eslint": "^8.56.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-prettier": "^5.1.3",
+    "eslint-plugin-unicorn": "^52.0.0",
+    "mock-fs": "^5.2.0",
+    "prettier": "^3.2.5",
+    "prettier-plugin-organize-imports": "^3.2.4",
+    "typescript": "^5.3.3",
+    "vite": "^5.0.12",
+    "vite-tsconfig-paths": "^4.3.2",
+    "vitest": "^1.2.2",
+    "yaml": "^2.3.1"
+  },
+  "scripts": {
+    "build": "vite build",
+    "lint": "eslint \"src/**/*.ts\" --max-warnings 0",
+    "lint:fix": "npm run lint -- --fix",
+    "prepack": "npm run build",
+    "test": "vitest",
+    "test:cov": "vitest --coverage",
+    "format": "prettier --check .",
+    "format:fix": "prettier --write .",
+    "check": "tsc --noEmit"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/immich-app/immich.git",
+    "directory": "cli"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "dependencies": {
+    "fast-glob": "^3.3.2",
+    "lodash-es": "^4.17.21"
+  },
+  "volta": {
+    "node": "20.13.1"
+  }
+}
@@ -0,0 +1,351 @@
+import {
+  Action,
+  AssetBulkUploadCheckResult,
+  AssetFileUploadResponseDto,
+  addAssetsToAlbum,
+  checkBulkUpload,
+  createAlbum,
+  defaults,
+  getAllAlbums,
+  getSupportedMediaTypes,
+} from '@immich/sdk';
+import byteSize from 'byte-size';
+import { Presets, SingleBar } from 'cli-progress';
+import { chunk } from 'lodash-es';
+import { Stats, createReadStream } from 'node:fs';
+import { stat, unlink } from 'node:fs/promises';
+import os from 'node:os';
+import path, { basename } from 'node:path';
+import { BaseOptions, authenticate, crawl, sha1 } from 'src/utils';
+
+const s = (count: number) => (count === 1 ? '' : 's');
+
+// TODO figure out why `id` is missing
+type AssetBulkUploadCheckResults = Array<AssetBulkUploadCheckResult & { id: string }>;
+type Asset = { id: string; filepath: string };
+
+interface UploadOptionsDto {
+  recursive?: boolean;
+  ignore?: string;
+  dryRun?: boolean;
+  skipHash?: boolean;
+  delete?: boolean;
+  album?: boolean;
+  albumName?: string;
+  includeHidden?: boolean;
+  concurrency: number;
+}
+
+class UploadFile extends File {
+  constructor(
+    private filepath: string,
+    private _size: number,
+  ) {
+    super([], basename(filepath));
+  }
+
+  get size() {
+    return this._size;
+  }
+
+  stream() {
+    return createReadStream(this.filepath) as any;
+  }
+}
+
+export const upload = async (paths: string[], baseOptions: BaseOptions, options: UploadOptionsDto) => {
+  await authenticate(baseOptions);
+
+  const scanFiles = await scan(paths, options);
+  if (scanFiles.length === 0) {
+    console.log('No files found, exiting');
+    return;
+  }
+
+  const { newFiles, duplicates } = await checkForDuplicates(scanFiles, options);
+  const newAssets = await uploadFiles(newFiles, options);
+  await updateAlbums([...newAssets, ...duplicates], options);
+  await deleteFiles(newFiles, options);
+};
+
+const scan = async (pathsToCrawl: string[], options: UploadOptionsDto) => {
+  const { image, video } = await getSupportedMediaTypes();
+
+  console.log('Crawling for assets...');
+  const files = await crawl({
+    pathsToCrawl,
+    recursive: options.recursive,
+    exclusionPattern: options.ignore,
+    includeHidden: options.includeHidden,
+    extensions: [...image, ...video],
+  });
+
+  return files;
+};
+
+const checkForDuplicates = async (files: string[], { concurrency, skipHash }: UploadOptionsDto) => {
+  if (skipHash) {
+    console.log('Skipping hash check, assuming all files are new');
+    return { newFiles: files, duplicates: [] };
+  }
+
+  const progressBar = new SingleBar(
+    { format: 'Checking files | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
+    Presets.shades_classic,
+  );
+
+  progressBar.start(files.length, 0);
+
+  const newFiles: string[] = [];
+  const duplicates: Asset[] = [];
+
+  try {
+    // TODO refactor into a queue
+    for (const items of chunk(files, concurrency)) {
+      const dto = await Promise.all(items.map(async (filepath) => ({ id: filepath, checksum: await sha1(filepath) })));
+      const { results } = await checkBulkUpload({ assetBulkUploadCheckDto: { assets: dto } });
+
+      for (const { id: filepath, assetId, action } of results as AssetBulkUploadCheckResults) {
+        if (action === Action.Accept) {
+          newFiles.push(filepath);
+        } else {
+          // rejects are always duplicates
+          duplicates.push({ id: assetId as string, filepath });
+        }
+        progressBar.increment();
+      }
+    }
+  } finally {
+    progressBar.stop();
+  }
+
+  console.log(`Found ${newFiles.length} new files and ${duplicates.length} duplicate${s(duplicates.length)}`);
+
+  return { newFiles, duplicates };
+};
+
+const uploadFiles = async (files: string[], { dryRun, concurrency }: UploadOptionsDto): Promise<Asset[]> => {
+  if (files.length === 0) {
+    console.log('All assets were already uploaded, nothing to do.');
+    return [];
+  }
+
+  // Compute total size first
+  let totalSize = 0;
+  const statsMap = new Map<string, Stats>();
+  for (const filepath of files) {
+    const stats = await stat(filepath);
+    statsMap.set(filepath, stats);
+    totalSize += stats.size;
+  }
+
+  if (dryRun) {
+    console.log(`Would have uploaded ${files.length} asset${s(files.length)} (${byteSize(totalSize)})`);
+    return files.map((filepath) => ({ id: '', filepath }));
+  }
+
+  const uploadProgress = new SingleBar(
+    { format: 'Uploading assets | {bar} | {percentage}% | ETA: {eta_formatted} | {value_formatted}/{total_formatted}' },
+    Presets.shades_classic,
+  );
+  uploadProgress.start(totalSize, 0);
+  uploadProgress.update({ value_formatted: 0, total_formatted: byteSize(totalSize) });
+
+  let duplicateCount = 0;
+  let duplicateSize = 0;
+  let successCount = 0;
+  let successSize = 0;
+
+  const newAssets: Asset[] = [];
+
+  try {
+    for (const items of chunk(files, concurrency)) {
+      await Promise.all(
+        items.map(async (filepath) => {
+          const stats = statsMap.get(filepath) as Stats;
+          const response = await uploadFile(filepath, stats);
+
+          newAssets.push({ id: response.id, filepath });
+
+          if (response.duplicate) {
+            duplicateCount++;
+            duplicateSize += stats.size ?? 0;
+          } else {
+            successCount++;
+            successSize += stats.size ?? 0;
+          }
+
+          uploadProgress.update(successSize, { value_formatted: byteSize(successSize + duplicateSize) });
+
+          return response;
+        }),
+      );
+    }
+  } finally {
+    uploadProgress.stop();
+  }
+
+  console.log(`Successfully uploaded ${successCount} new asset${s(successCount)} (${byteSize(successSize)})`);
+  if (duplicateCount > 0) {
+    console.log(`Skipped ${duplicateCount} duplicate asset${s(duplicateCount)} (${byteSize(duplicateSize)})`);
+  }
+  return newAssets;
+};
+
+const uploadFile = async (input: string, stats: Stats): Promise<AssetFileUploadResponseDto> => {
+  const { baseUrl, headers } = defaults;
+
+  const assetPath = path.parse(input);
+  const noExtension = path.join(assetPath.dir, assetPath.name);
+
+  const sidecarsFiles = await Promise.all(
+    // XMP sidecars can come in two filename formats. For a photo named photo.ext, the filenames are photo.ext.xmp and photo.xmp
+    [`${noExtension}.xmp`, `${input}.xmp`].map(async (sidecarPath) => {
+      try {
+        const stats = await stat(sidecarPath);
+        return new UploadFile(sidecarPath, stats.size);
+      } catch {
+        return false;
+      }
+    }),
+  );
+
+  const sidecarData = sidecarsFiles.find((file): file is UploadFile => file !== false);
+
+  const formData = new FormData();
+  formData.append('deviceAssetId', `${basename(input)}-${stats.size}`.replaceAll(/\s+/g, ''));
+  formData.append('deviceId', 'CLI');
+  formData.append('fileCreatedAt', stats.mtime.toISOString());
+  formData.append('fileModifiedAt', stats.mtime.toISOString());
+  formData.append('fileSize', String(stats.size));
+  formData.append('isFavorite', 'false');
+  formData.append('assetData', new UploadFile(input, stats.size));
+
+  if (sidecarData) {
+    formData.append('sidecarData', sidecarData);
+  }
+
+  const response = await fetch(`${baseUrl}/asset/upload`, {
+    method: 'post',
+    redirect: 'error',
+    headers: headers as Record<string, string>,
+    body: formData,
+  });
+  if (response.status !== 200 && response.status !== 201) {
+    throw new Error(await response.text());
+  }
+
+  return response.json();
+};
+
+const deleteFiles = async (files: string[], options: UploadOptionsDto): Promise<void> => {
+  if (!options.delete) {
+    return;
+  }
+
+  if (options.dryRun) {
+    console.log(`Would have deleted ${files.length} local asset${s(files.length)}`);
+    return;
+  }
+
+  console.log('Deleting assets that have been uploaded...');
+
+  const deletionProgress = new SingleBar(
+    { format: 'Deleting local assets | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
+    Presets.shades_classic,
+  );
+  deletionProgress.start(files.length, 0);
+
+  try {
+    for (const assetBatch of chunk(files, options.concurrency)) {
+      await Promise.all(assetBatch.map((input: string) => unlink(input)));
+      deletionProgress.update(assetBatch.length);
+    }
+  } finally {
+    deletionProgress.stop();
+  }
+};
+
+const updateAlbums = async (assets: Asset[], options: UploadOptionsDto) => {
+  if (!options.album && !options.albumName) {
+    return;
+  }
+  const { dryRun, concurrency } = options;
+
+  const albums = await getAllAlbums({});
+  const existingAlbums = new Map(albums.map((album) => [album.albumName, album.id]));
+  const newAlbums: Set<string> = new Set();
+  for (const { filepath } of assets) {
+    const albumName = getAlbumName(filepath, options);
+    if (albumName && !existingAlbums.has(albumName)) {
+      newAlbums.add(albumName);
+    }
+  }
+
+  if (dryRun) {
+    // TODO print asset counts for new albums
+    console.log(`Would have created ${newAlbums.size} new album${s(newAlbums.size)}`);
+    console.log(`Would have updated albums of ${assets.length} asset${s(assets.length)}`);
+    return;
+  }
+
+  const progressBar = new SingleBar(
+    { format: 'Creating albums | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} albums' },
+    Presets.shades_classic,
+  );
+  progressBar.start(newAlbums.size, 0);
+
+  try {
+    for (const albumNames of chunk([...newAlbums], concurrency)) {
+      const items = await Promise.all(
+        albumNames.map((albumName: string) => createAlbum({ createAlbumDto: { albumName } })),
+      );
+      for (const { id, albumName } of items) {
+        existingAlbums.set(albumName, id);
+      }
+      progressBar.increment(albumNames.length);
+    }
+  } finally {
+    progressBar.stop();
+  }
+
+  console.log(`Successfully created ${newAlbums.size} new album${s(newAlbums.size)}`);
+  console.log(`Successfully updated ${assets.length} asset${s(assets.length)}`);
+
+  const albumToAssets = new Map<string, string[]>();
+  for (const asset of assets) {
+    const albumName = getAlbumName(asset.filepath, options);
+    if (!albumName) {
+      continue;
+    }
+    const albumId = existingAlbums.get(albumName);
+    if (albumId) {
+      if (!albumToAssets.has(albumId)) {
+        albumToAssets.set(albumId, []);
+      }
+      albumToAssets.get(albumId)?.push(asset.id);
+    }
+  }
+
+  const albumUpdateProgress = new SingleBar(
+    { format: 'Adding assets to albums | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
+    Presets.shades_classic,
+  );
+  albumUpdateProgress.start(assets.length, 0);
+
+  try {
+    for (const [albumId, assets] of albumToAssets.entries()) {
+      for (const assetBatch of chunk(assets, Math.min(1000 * concurrency, 65_000))) {
+        await addAssetsToAlbum({ id: albumId, bulkIdsDto: { ids: assetBatch } });
+        albumUpdateProgress.increment(assetBatch.length);
+      }
+    }
+  } finally {
+    albumUpdateProgress.stop();
+  }
+};
+
+const getAlbumName = (filepath: string, options: UploadOptionsDto) => {
+  const folderName = os.platform() === 'win32' ? filepath.split('\\').at(-2) : filepath.split('/').at(-2);
+  return options.albumName ?? folderName;
+};
@@ -1,15 +1,7 @@
-import { getMyUser, Permission } from '@immich/sdk';
+import { getMyUserInfo } from '@immich/sdk';
 import { existsSync } from 'node:fs';
 import { mkdir, unlink } from 'node:fs/promises';
-import {
-  BaseOptions,
-  connect,
-  getAuthFilePath,
-  logError,
-  requirePermissions,
-  withError,
-  writeAuthFile,
-} from 'src/utils';
+import { BaseOptions, connect, getAuthFilePath, logError, withError, writeAuthFile } from 'src/utils';

 export const login = async (url: string, key: string, options: BaseOptions) => {
  console.log(`Logging in to ${url}`);
@@ -17,15 +9,14 @@ export const login = async (url: string, key: string, options: BaseOptions) => {
  const { configDirectory: configDir } = options;

  await connect(url, key);
-  await requirePermissions([Permission.UserRead]);

-  const [error, user] = await withError(getMyUser());
+  const [error, userInfo] = await withError(getMyUserInfo());
  if (error) {
    logError(error, 'Failed to load user info');
    process.exit(1);
  }

-  console.log(`Logged in as ${user.email}`);
+  console.log(`Logged in as ${userInfo.email}`);

  if (!existsSync(configDir)) {
    // Create config folder if it doesn't exist
@@ -0,0 +1,24 @@
+import { getAssetStatistics, getMyUserInfo, getServerVersion, getSupportedMediaTypes } from '@immich/sdk';
+import { BaseOptions, authenticate } from 'src/utils';
+
+export const serverInfo = async (options: BaseOptions) => {
+  const { url } = await authenticate(options);
+
+  const [versionInfo, mediaTypes, stats, userInfo] = await Promise.all([
+    getServerVersion(),
+    getSupportedMediaTypes(),
+    getAssetStatistics({}),
+    getMyUserInfo(),
+  ]);
+
+  console.log(`Server Info (via ${userInfo.email})`);
+  console.log(`  Url: ${url}`);
+  console.log(`  Version: ${versionInfo.major}.${versionInfo.minor}.${versionInfo.patch}`);
+  console.log(`  Formats:`);
+  console.log(`    Images: ${mediaTypes.image.map((extension) => extension.replace('.', ''))}`);
+  console.log(`    Videos: ${mediaTypes.video.map((extension) => extension.replace('.', ''))}`);
+  console.log(`  Statistics:`);
+  console.log(`    Images: ${stats.images}`);
+  console.log(`    Videos: ${stats.videos}`);
+  console.log(`    Total: ${stats.total}`);
+};
@@ -0,0 +1,75 @@
+#! /usr/bin/env node
+import { Command, Option } from 'commander';
+import os from 'node:os';
+import path from 'node:path';
+import { upload } from 'src/commands/asset';
+import { login, logout } from 'src/commands/auth';
+import { serverInfo } from 'src/commands/server-info';
+import { version } from '../package.json';
+
+const defaultConfigDirectory = path.join(os.homedir(), '.config/immich/');
+
+const program = new Command()
+  .name('immich')
+  .version(version)
+  .description('Command line interface for Immich')
+  .addOption(
+    new Option('-d, --config-directory <directory>', 'Configuration directory where auth.yml will be stored')
+      .env('IMMICH_CONFIG_DIR')
+      .default(defaultConfigDirectory),
+  )
+  .addOption(new Option('-u, --url [url]', 'Immich server URL').env('IMMICH_INSTANCE_URL'))
+  .addOption(new Option('-k, --key [key]', 'Immich API key').env('IMMICH_API_KEY'));
+
+program
+  .command('login')
+  .alias('login-key')
+  .description('Login using an API key')
+  .argument('url', 'Immich server URL')
+  .argument('key', 'Immich API key')
+  .action((url, key) => login(url, key, program.opts()));
+
+program
+  .command('logout')
+  .description('Remove stored credentials')
+  .action(() => logout(program.opts()));
+
+program
+  .command('server-info')
+  .description('Display server information')
+  .action(() => serverInfo(program.opts()));
+
+program
+  .command('upload')
+  .description('Upload assets')
+  .usage('[paths...] [options]')
+  .addOption(new Option('-r, --recursive', 'Recursive').env('IMMICH_RECURSIVE').default(false))
+  .addOption(new Option('-i, --ignore <pattern>', 'Pattern to ignore').env('IMMICH_IGNORE_PATHS'))
+  .addOption(new Option('-h, --skip-hash', "Don't hash files before upload").env('IMMICH_SKIP_HASH').default(false))
+  .addOption(new Option('-H, --include-hidden', 'Include hidden folders').env('IMMICH_INCLUDE_HIDDEN').default(false))
+  .addOption(
+    new Option('-a, --album', 'Automatically create albums based on folder name')
+      .env('IMMICH_AUTO_CREATE_ALBUM')
+      .default(false),
+  )
+  .addOption(
+    new Option('-A, --album-name <name>', 'Add all assets to specified album')
+      .env('IMMICH_ALBUM_NAME')
+      .conflicts('album'),
+  )
+  .addOption(
+    new Option('-n, --dry-run', "Don't perform any actions, just show what will be done")
+      .env('IMMICH_DRY_RUN')
+      .default(false)
+      .conflicts('skipHash'),
+  )
+  .addOption(
+    new Option('-c, --concurrency <number>', 'Number of assets to upload at the same time')
+      .env('IMMICH_UPLOAD_CONCURRENCY')
+      .default(4),
+  )
+  .addOption(new Option('--delete', 'Delete local assets after upload').env('IMMICH_DELETE_ASSETS'))
+  .argument('[paths...]', 'One or more paths to assets to be uploaded')
+  .action((paths, options) => upload(paths, program.opts(), options));
+
+program.parse(process.argv);
@@ -0,0 +1,290 @@
+import mockfs from 'mock-fs';
+import { CrawlOptions, crawl } from 'src/utils';
+
+interface Test {
+  test: string;
+  options: Omit<CrawlOptions, 'extensions'>;
+  files: Record<string, boolean>;
+}
+
+const cwd = process.cwd();
+
+const extensions = [
+  '.jpg',
+  '.jpeg',
+  '.png',
+  '.heif',
+  '.heic',
+  '.tif',
+  '.nef',
+  '.webp',
+  '.tiff',
+  '.dng',
+  '.gif',
+  '.mov',
+  '.mp4',
+  '.webm',
+];
+
+const tests: Test[] = [
+  {
+    test: 'should return empty when crawling an empty path list',
+    options: {
+      pathsToCrawl: [],
+    },
+    files: {},
+  },
+  {
+    test: 'should crawl a single folder',
+    options: {
+      pathsToCrawl: ['/photos/'],
+    },
+    files: {
+      '/photos/image.jpg': true,
+    },
+  },
+  {
+    test: 'should crawl a single file',
+    options: {
+      pathsToCrawl: ['/photos/image.jpg'],
+    },
+    files: {
+      '/photos/image.jpg': true,
+    },
+  },
+  {
+    test: 'should crawl a single file and a folder',
+    options: {
+      pathsToCrawl: ['/photos/image.jpg', '/images/'],
+    },
+    files: {
+      '/photos/image.jpg': true,
+      '/images/image2.jpg': true,
+    },
+  },
+  {
+    test: 'should exclude by file extension',
+    options: {
+      pathsToCrawl: ['/photos/'],
+      exclusionPattern: '**/*.tif',
+    },
+    files: {
+      '/photos/image.jpg': true,
+      '/photos/image.tif': false,
+    },
+  },
+  {
+    test: 'should exclude by file extension without case sensitivity',
+    options: {
+      pathsToCrawl: ['/photos/'],
+      exclusionPattern: '**/*.TIF',
+    },
+    files: {
+      '/photos/image.jpg': true,
+      '/photos/image.tif': false,
+    },
+  },
+  {
+    test: 'should exclude by folder',
+    options: {
+      pathsToCrawl: ['/photos/'],
+      exclusionPattern: '**/raw/**',
+      recursive: true,
+    },
+    files: {
+      '/photos/image.jpg': true,
+      '/photos/raw/image.jpg': false,
+      '/photos/raw2/image.jpg': true,
+      '/photos/folder/raw/image.jpg': false,
+      '/photos/crawl/image.jpg': true,
+    },
+  },
+  {
+    test: 'should crawl multiple paths',
+    options: {
+      pathsToCrawl: ['/photos/', '/images/', '/albums/'],
+    },
+    files: {
+      '/photos/image1.jpg': true,
+      '/images/image2.jpg': true,
+      '/albums/image3.jpg': true,
+    },
+  },
+  {
+    test: 'should support globbing paths',
+    options: {
+      pathsToCrawl: ['/photos*'],
+    },
+    files: {
+      '/photos1/image1.jpg': true,
+      '/photos2/image2.jpg': true,
+      '/images/image3.jpg': false,
+    },
+  },
+  {
+    test: 'should crawl a single path without trailing slash',
+    options: {
+      pathsToCrawl: ['/photos'],
+    },
+    files: {
+      '/photos/image.jpg': true,
+    },
+  },
+  {
+    test: 'should crawl a single path',
+    options: {
+      pathsToCrawl: ['/photos/'],
+      recursive: true,
+    },
+    files: {
+      '/photos/image.jpg': true,
+      '/photos/subfolder/image1.jpg': true,
+      '/photos/subfolder/image2.jpg': true,
+      '/image1.jpg': false,
+    },
+  },
+  {
+    test: 'should filter file extensions',
+    options: {
+      pathsToCrawl: ['/photos/'],
+    },
+    files: {
+      '/photos/image.jpg': true,
+      '/photos/image.txt': false,
+      '/photos/1': false,
+    },
+  },
+  {
+    test: 'should include photo and video extensions',
+    options: {
+      pathsToCrawl: ['/photos/', '/videos/'],
+    },
+    files: {
+      '/photos/image.jpg': true,
+      '/photos/image.jpeg': true,
+      '/photos/image.heic': true,
+      '/photos/image.heif': true,
+      '/photos/image.png': true,
+      '/photos/image.gif': true,
+      '/photos/image.tif': true,
+      '/photos/image.tiff': true,
+      '/photos/image.webp': true,
+      '/photos/image.dng': true,
+      '/photos/image.nef': true,
+      '/videos/video.mp4': true,
+      '/videos/video.mov': true,
+      '/videos/video.webm': true,
+    },
+  },
+  {
+    test: 'should check file extensions without case sensitivity',
+    options: {
+      pathsToCrawl: ['/photos/'],
+    },
+    files: {
+      '/photos/image.jpg': true,
+      '/photos/image.Jpg': true,
+      '/photos/image.jpG': true,
+      '/photos/image.JPG': true,
+      '/photos/image.jpEg': true,
+      '/photos/image.TIFF': true,
+      '/photos/image.tif': true,
+      '/photos/image.dng': true,
+      '/photos/image.NEF': true,
+    },
+  },
+  {
+    test: 'should normalize the path',
+    options: {
+      pathsToCrawl: ['/photos/1/../2'],
+    },
+    files: {
+      '/photos/1/image.jpg': false,
+      '/photos/2/image.jpg': true,
+    },
+  },
+  {
+    test: 'should return absolute paths',
+    options: {
+      pathsToCrawl: ['photos'],
+    },
+    files: {
+      [`${cwd}/photos/1.jpg`]: true,
+      [`${cwd}/photos/2.jpg`]: true,
+      [`/photos/3.jpg`]: false,
+    },
+  },
+  {
+    test: 'should support ignoring full filename',
+    options: {
+      pathsToCrawl: ['/photos'],
+      exclusionPattern: '**/image2.jpg',
+    },
+    files: {
+      '/photos/image1.jpg': true,
+      '/photos/image2.jpg': false,
+      '/photos/image3.jpg': true,
+    },
+  },
+  {
+    test: 'should support ignoring file extensions',
+    options: {
+      pathsToCrawl: ['/photos'],
+      exclusionPattern: '**/*.png',
+    },
+    files: {
+      '/photos/image1.jpg': true,
+      '/photos/image2.png': false,
+      '/photos/image3.jpg': true,
+    },
+  },
+  {
+    test: 'should support ignoring folder names',
+    options: {
+      pathsToCrawl: ['/photos'],
+      recursive: true,
+      exclusionPattern: '**/raw/**',
+    },
+    files: {
+      '/photos/image1.jpg': true,
+      '/photos/image/image1.jpg': true,
+      '/photos/raw/image2.dng': false,
+      '/photos/raw/image3.dng': false,
+      '/photos/notraw/image3.jpg': true,
+    },
+  },
+  {
+    test: 'should support ignoring absolute paths',
+    options: {
+      pathsToCrawl: ['/'],
+      recursive: true,
+      exclusionPattern: '/images/**',
+    },
+    files: {
+      '/photos/image1.jpg': true,
+      '/images/image2.jpg': false,
+      '/assets/image3.jpg': true,
+    },
+  },
+];
+
+describe('crawl', () => {
+  afterEach(() => {
+    mockfs.restore();
+  });
+
+  describe('crawl', () => {
+    for (const { test, options, files } of tests) {
+      it(test, async () => {
+        mockfs(Object.fromEntries(Object.keys(files).map((file) => [file, ''])));
+
+        const actual = await crawl({ ...options, extensions });
+        const expected = Object.entries(files)
+          .filter((entry) => entry[1])
+          .map(([file]) => file);
+
+        expect(actual.sort()).toEqual(expected.sort());
+      });
+    }
+  });
+});
@@ -0,0 +1,173 @@
+import { defaults, getMyUserInfo, isHttpError } from '@immich/sdk';
+import { glob } from 'fast-glob';
+import { createHash } from 'node:crypto';
+import { createReadStream } from 'node:fs';
+import { readFile, stat, writeFile } from 'node:fs/promises';
+import { join, resolve } from 'node:path';
+import yaml from 'yaml';
+
+export interface BaseOptions {
+  configDirectory: string;
+  key?: string;
+  url?: string;
+}
+
+export type AuthDto = { url: string; key: string };
+type OldAuthDto = { instanceUrl: string; apiKey: string };
+
+export const authenticate = async (options: BaseOptions): Promise<AuthDto> => {
+  const { configDirectory: configDir, url, key } = options;
+
+  // provided in command
+  if (url && key) {
+    return connect(url, key);
+  }
+
+  // fallback to auth file
+  const config = await readAuthFile(configDir);
+  const auth = await connect(config.url, config.key);
+  if (auth.url !== config.url) {
+    await writeAuthFile(configDir, auth);
+  }
+
+  return auth;
+};
+
+export const connect = async (url: string, key: string) => {
+  const wellKnownUrl = new URL('.well-known/immich', url);
+  try {
+    const wellKnown = await fetch(wellKnownUrl).then((response) => response.json());
+    const endpoint = new URL(wellKnown.api.endpoint, url).toString();
+    if (endpoint !== url) {
+      console.debug(`Discovered API at ${endpoint}`);
+    }
+    url = endpoint;
+  } catch {
+    // noop
+  }
+
+  defaults.baseUrl = url;
+  defaults.headers = { 'x-api-key': key };
+
+  const [error] = await withError(getMyUserInfo());
+  if (isHttpError(error)) {
+    logError(error, 'Failed to connect to server');
+    process.exit(1);
+  }
+
+  return { url, key };
+};
+
+export const logError = (error: unknown, message: string) => {
+  if (isHttpError(error)) {
+    console.error(`${message}: ${error.status}`);
+    console.error(JSON.stringify(error.data, undefined, 2));
+  } else {
+    console.error(`${message} - ${error}`);
+  }
+};
+
+export const getAuthFilePath = (dir: string) => join(dir, 'auth.yml');
+
+export const readAuthFile = async (dir: string) => {
+  try {
+    const data = await readFile(getAuthFilePath(dir));
+    // TODO add class-transform/validation
+    const auth = yaml.parse(data.toString()) as AuthDto | OldAuthDto;
+    const { instanceUrl, apiKey } = auth as OldAuthDto;
+    if (instanceUrl && apiKey) {
+      return { url: instanceUrl, key: apiKey };
+    }
+    return auth as AuthDto;
+  } catch (error: Error | any) {
+    if (error.code === 'ENOENT' || error.code === 'ENOTDIR') {
+      console.log('No auth file exists. Please login first.');
+      process.exit(1);
+    }
+    throw error;
+  }
+};
+
+export const writeAuthFile = async (dir: string, auth: AuthDto) =>
+  writeFile(getAuthFilePath(dir), yaml.stringify(auth), { mode: 0o600 });
+
+export const withError = async <T>(promise: Promise<T>): Promise<[Error, undefined] | [undefined, T]> => {
+  try {
+    const result = await promise;
+    return [undefined, result];
+  } catch (error: Error | any) {
+    return [error, undefined];
+  }
+};
+
+export interface CrawlOptions {
+  pathsToCrawl: string[];
+  recursive?: boolean;
+  includeHidden?: boolean;
+  exclusionPattern?: string;
+  extensions: string[];
+}
+export const crawl = async (options: CrawlOptions): Promise<string[]> => {
+  const { extensions: extensionsWithPeriod, recursive, pathsToCrawl, exclusionPattern, includeHidden } = options;
+  const extensions = extensionsWithPeriod.map((extension) => extension.replace('.', ''));
+
+  if (pathsToCrawl.length === 0) {
+    return [];
+  }
+
+  const patterns: string[] = [];
+  const crawledFiles: string[] = [];
+
+  for await (const currentPath of pathsToCrawl) {
+    try {
+      const absolutePath = resolve(currentPath);
+      const stats = await stat(absolutePath);
+      if (stats.isFile() || stats.isSymbolicLink()) {
+        crawledFiles.push(absolutePath);
+      } else {
+        patterns.push(absolutePath);
+      }
+    } catch (error: any) {
+      if (error.code === 'ENOENT') {
+        patterns.push(currentPath);
+      } else {
+        throw error;
+      }
+    }
+  }
+
+  let searchPattern: string;
+  if (patterns.length === 1) {
+    searchPattern = patterns[0];
+  } else if (patterns.length === 0) {
+    return crawledFiles;
+  } else {
+    searchPattern = '{' + patterns.join(',') + '}';
+  }
+
+  if (recursive) {
+    searchPattern = searchPattern + '/**/';
+  }
+
+  searchPattern = `${searchPattern}/*.{${extensions.join(',')}}`;
+
+  const globbedFiles = await glob(searchPattern, {
+    absolute: true,
+    caseSensitiveMatch: false,
+    onlyFiles: true,
+    dot: includeHidden,
+    ignore: [`**/${exclusionPattern}`],
+  });
+  globbedFiles.push(...crawledFiles);
+  return globbedFiles.sort();
+};
+
+export const sha1 = (filepath: string) => {
+  const hash = createHash('sha1');
+  return new Promise<string>((resolve, reject) => {
+    const rs = createReadStream(filepath);
+    rs.on('error', reject);
+    rs.on('data', (chunk) => hash.update(chunk));
+    rs.on('end', () => resolve(hash.digest('hex')));
+  });
+};
@@ -0,0 +1,37 @@
+import { version } from '../package.json';
+
+export interface ICliVersion {
+  major: number;
+  minor: number;
+  patch: number;
+}
+
+export class CliVersion implements ICliVersion {
+  constructor(
+    public readonly major: number,
+    public readonly minor: number,
+    public readonly patch: number,
+  ) {}
+
+  toString() {
+    return `${this.major}.${this.minor}.${this.patch}`;
+  }
+
+  toJSON() {
+    const { major, minor, patch } = this;
+    return { major, minor, patch };
+  }
+
+  static fromString(version: string): CliVersion {
+    const regex = /v?(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)/i;
+    const matchResult = version.match(regex);
+    if (matchResult) {
+      const [, major, minor, patch] = matchResult.map(Number);
+      return new CliVersion(major, minor, patch);
+    } else {
+      throw new Error(`Invalid version format: ${version}`);
+    }
+  }
+}
+
+export const cliVersion = CliVersion.fromString(version);
@@ -0,0 +1,22 @@
+{
+  "compilerOptions": {
+    "module": "esnext",
+    "moduleResolution": "bundler",
+    "strict": true,
+    "declaration": true,
+    "removeComments": true,
+    "emitDecoratorMetadata": true,
+    "experimentalDecorators": true,
+    "allowSyntheticDefaultImports": true,
+    "resolveJsonModule": true,
+    "target": "es2022",
+    "sourceMap": true,
+    "outDir": "./dist",
+    "incremental": true,
+    "skipLibCheck": true,
+    "esModuleInterop": true,
+    "baseUrl": "./",
+    "types": ["vitest/globals"]
+  },
+  "exclude": ["dist", "node_modules"]
+}
@@ -0,0 +1,19 @@
+import { defineConfig } from 'vite';
+import tsconfigPaths from 'vite-tsconfig-paths';
+
+export default defineConfig({
+  build: {
+    rollupOptions: {
+      input: 'src/index.ts',
+      output: {
+        dir: 'dist',
+      },
+    },
+    ssr: true,
+  },
+  ssr: {
+    // bundle everything except for Node built-ins
+    noExternal: /^(?!node:).*$/,
+  },
+  plugins: [tsconfigPaths()],
+});
@@ -0,0 +1,7 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    globals: true,
+  },
+});
@@ -1,4 +0,0 @@
-export CLOUDFLARE_ACCOUNT_ID="op://tf/cloudflare/account_id"
-export CLOUDFLARE_API_TOKEN="op://tf/cloudflare/api_token"
-export TF_STATE_POSTGRES_CONN_STR="op://tf/tf_state/postgres_conn_str"
-export TF_VAR_env=$ENVIRONMENT
@@ -1,38 +0,0 @@
-# OpenTofu
-
-# Local .terraform directories
-**/.terraform/*
-
-# .tfstate files
-*.tfstate
-*.tfstate.*
-
-# Crash log files
-crash.log
-crash.*.log
-
-# Ignore override files as they are usually used to override resources locally and so
-# are not checked in
-override.tf
-override.tf.json
-*_override.tf
-*_override.tf.json
-
-# Include override files you do wish to add to version control using negated pattern
-# !example_override.tf
-
-# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
-# example: *tfplan*
-
-# Ignore CLI configuration files
-.terraformrc
-terraform.rc
-
-# Terragrunt
-
-# terragrunt cache directories
-**/.terragrunt-cache/*
-
-# Terragrunt debug output file (when using `--terragrunt-debug` option)
-# See: https://terragrunt.gruntwork.io/docs/reference/cli-options/#terragrunt-debug
-terragrunt-debug.tfvars.json
@@ -1,20 +0,0 @@
-[tools]
-terragrunt = "1.0.3"
-opentofu = "1.11.6"
-
-[tasks."tg:fmt"]
-run = "terragrunt hclfmt"
-description = "Format terragrunt files"
-
-[tasks.tf]
-run = "terragrunt run --all"
-description = "Wrapper for terragrunt run-all"
-dir = "{{cwd}}"
-
-[tasks."tf:fmt"]
-run = "tofu fmt -recursive tf/"
-description = "Format terraform files"
-
-[tasks."tf:init"]
-run = { task = "tf init -- -reconfigure" }
-dir = "{{cwd}}"
@@ -1,38 +0,0 @@
-# This file is maintained automatically by "tofu init".
-# Manual edits may be lost in future updates.
-
-provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.7"
-  constraints = "4.52.7"
-  hashes = [
-    "h1:+O72J3QYiZtYmYYZM/Eh0f4NNfl1BvjX1eju43qTQsQ=",
-    "h1:0oqjYIPXcXh7XiDiKI085cHDYQQ5mh8kDl9dmBtvtog=",
-    "h1:4b4ESb87MGv5bnadgYe7sK5rEkKMZhbkQcwPubQTsR4=",
-    "h1:6mTr3eA1Ddb348lLmJuyvn98z4KF+ejqaUEJ76D1rzQ=",
-    "h1:9/3YH+9k9HqsvFtbmBf7SO2+xqZeZrXNKzLkjNuhUEA=",
-    "h1:Jcq4tBWgyH4/2JsojNBSRaN0mcItVMchO+lynonrlqc=",
-    "h1:Y4Vv/2RdP0Q+uxqhOxzOdKxuuEMjXPDcU0vPc5bCQzI=",
-    "h1:a0gW8FBKsbP9Fi0HEDoy49WIbEWVHk9+BR4/iwuBdDQ=",
-    "h1:gElv6iqJtg8OKN77gbw+MjrkrQmJHPkkMEi1J+0xkpU=",
-    "h1:oslXUugD/NQ+duJgT4BhKQyfGbuFOANknMvR73fiOeM=",
-    "h1:pPItIWii5oymR+geZB219ROSPuSODPLTlM4S/u8xLvM=",
-    "h1:u67GWw8GwD9NDlDzp9Y5VRnSQGcCrE8rSpkGPaBpDl0=",
-    "h1:uUUa9dY0XQOycI8pxg16PFFtL0WCTi9uEJz8trTQ7pU=",
-    "h1:y3rV8KF2q6GEMANNlf5EkKJurlfbKlIKpjGcdxoy7pQ=",
-    "zh:0c904ce31a4c6c4a5b3bf7ff1560e77c0cc7e2450c8553ded8e8c90398e1418b",
-    "zh:36183d310c36373fe4cb936b83c595c6fd3b0a94bc7827f28e5789ccbf59752e",
-    "zh:556a568a6f0235e8f41647de9e4d3a1e7b1d6502df8b19b54ec441f1c653ea10",
-    "zh:633ebbd5b0245e75e500ef9be4d9e62288f97e8da3baaa51323892a786d90285",
-    "zh:6acfe60cf52a65ba8f044f748548d2119e7f4fd7f8ebcb14698960d87c68f529",
-    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:904acc31ebb9d6ef68c792074b30532ee61bf515f19e0a3c75b46f126cca1f13",
-    "zh:a1d0a81246afc8750286d3f6fe7a8fbe6460dd2662407b28dbfbabb612e5fa9d",
-    "zh:a41a36fe253fc365fe2b7ffc749624688b2693b4634862fda161179ab100029f",
-    "zh:a7ef269e77ffa8715c8945a2c14322c7ff159ea44c15f62505f3cbb2cae3b32d",
-    "zh:b01aa3bed30610633b762df64332b26f8844a68c3960cebcb30f04918efc67fe",
-    "zh:b069cc2cd18cae10757df3ae030508eac8d55de7e49eda7a5e3e11f2f7fe6455",
-    "zh:b2d2c6313729ebb7465dceece374049e2d08bda34473901be9ff46a8836d42b2",
-    "zh:db0e114edaf4bc2f3d4769958807c83022bfbc619a00bdf4c4bd17faa4ab2d8b",
-    "zh:ecc0aa8b9044f664fd2aaf8fa992d976578f78478980555b4b8f6148e8d1a5fe",
-  ]
-}
@@ -1,11 +0,0 @@
-terraform {
-  backend "pg" {}
-  required_version = "~> 1.7"
-
-  required_providers {
-    cloudflare = {
-      source = "cloudflare/cloudflare"
-      version = "4.52.7"
-    }
-  }
-}
@@ -1,14 +0,0 @@
-resource "cloudflare_pages_domain" "immich_app_release_domain" {
-  account_id   = var.cloudflare_account_id
-  project_name = data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_name
-  domain       = "docs.immich.app"
-}
-
-resource "cloudflare_record" "immich_app_release_domain" {
-  name = "docs.immich.app"
-  proxied = true
-  ttl = 1
-  type = "CNAME"
-  content = data.terraform_remote_state.cloudflare_immich_app_docs.outputs.immich_app_branch_pages_hostname
-  zone_id = data.terraform_remote_state.cloudflare_account.outputs.immich_app_zone_id
-}
@@ -1,3 +0,0 @@
-provider "cloudflare" {
-  api_token = data.terraform_remote_state.api_keys_state.outputs.terraform_key_cloudflare_docs
-}
@@ -1,27 +0,0 @@
-data "terraform_remote_state" "api_keys_state" {
-  backend = "pg"
-
-  config = {
-    conn_str = var.tf_state_postgres_conn_str
-    schema_name = "prod_cloudflare_api_keys"
-  }
-}
-
-data "terraform_remote_state" "cloudflare_account" {
-  backend = "pg"
-
-  config = {
-    conn_str = var.tf_state_postgres_conn_str
-    schema_name = "prod_cloudflare_account"
-  }
-}
-
-data "terraform_remote_state" "cloudflare_immich_app_docs" {
-  backend = "pg"
-
-  config = {
-    conn_str = var.tf_state_postgres_conn_str
-    schema_name = "prod_cloudflare_immich_app_docs_${var.prefix_name}"
-  }
-}
-
@@ -1,20 +0,0 @@
-terraform {
-  source = "."
-
-  extra_arguments custom_vars {
-    commands = get_terraform_commands_that_need_vars()
-  }
-}
-
-include {
-  path = find_in_parent_folders("state.hcl")
-}
-
-remote_state {
-  backend = "pg"
-
-  config = {
-    conn_str = get_env("TF_STATE_POSTGRES_CONN_STR")
-    schema_name = "prod_cloudflare_immich_app_docs_release"
-  }
-}
@@ -1,4 +0,0 @@
-variable "cloudflare_account_id" {}
-variable "tf_state_postgres_conn_str" {}
-
-variable "prefix_name" {}
@@ -1,38 +0,0 @@
-# This file is maintained automatically by "tofu init".
-# Manual edits may be lost in future updates.
-
-provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.7"
-  constraints = "4.52.7"
-  hashes = [
-    "h1:+O72J3QYiZtYmYYZM/Eh0f4NNfl1BvjX1eju43qTQsQ=",
-    "h1:0oqjYIPXcXh7XiDiKI085cHDYQQ5mh8kDl9dmBtvtog=",
-    "h1:4b4ESb87MGv5bnadgYe7sK5rEkKMZhbkQcwPubQTsR4=",
-    "h1:6mTr3eA1Ddb348lLmJuyvn98z4KF+ejqaUEJ76D1rzQ=",
-    "h1:9/3YH+9k9HqsvFtbmBf7SO2+xqZeZrXNKzLkjNuhUEA=",
-    "h1:Jcq4tBWgyH4/2JsojNBSRaN0mcItVMchO+lynonrlqc=",
-    "h1:Y4Vv/2RdP0Q+uxqhOxzOdKxuuEMjXPDcU0vPc5bCQzI=",
-    "h1:a0gW8FBKsbP9Fi0HEDoy49WIbEWVHk9+BR4/iwuBdDQ=",
-    "h1:gElv6iqJtg8OKN77gbw+MjrkrQmJHPkkMEi1J+0xkpU=",
-    "h1:oslXUugD/NQ+duJgT4BhKQyfGbuFOANknMvR73fiOeM=",
-    "h1:pPItIWii5oymR+geZB219ROSPuSODPLTlM4S/u8xLvM=",
-    "h1:u67GWw8GwD9NDlDzp9Y5VRnSQGcCrE8rSpkGPaBpDl0=",
-    "h1:uUUa9dY0XQOycI8pxg16PFFtL0WCTi9uEJz8trTQ7pU=",
-    "h1:y3rV8KF2q6GEMANNlf5EkKJurlfbKlIKpjGcdxoy7pQ=",
-    "zh:0c904ce31a4c6c4a5b3bf7ff1560e77c0cc7e2450c8553ded8e8c90398e1418b",
-    "zh:36183d310c36373fe4cb936b83c595c6fd3b0a94bc7827f28e5789ccbf59752e",
-    "zh:556a568a6f0235e8f41647de9e4d3a1e7b1d6502df8b19b54ec441f1c653ea10",
-    "zh:633ebbd5b0245e75e500ef9be4d9e62288f97e8da3baaa51323892a786d90285",
-    "zh:6acfe60cf52a65ba8f044f748548d2119e7f4fd7f8ebcb14698960d87c68f529",
-    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:904acc31ebb9d6ef68c792074b30532ee61bf515f19e0a3c75b46f126cca1f13",
-    "zh:a1d0a81246afc8750286d3f6fe7a8fbe6460dd2662407b28dbfbabb612e5fa9d",
-    "zh:a41a36fe253fc365fe2b7ffc749624688b2693b4634862fda161179ab100029f",
-    "zh:a7ef269e77ffa8715c8945a2c14322c7ff159ea44c15f62505f3cbb2cae3b32d",
-    "zh:b01aa3bed30610633b762df64332b26f8844a68c3960cebcb30f04918efc67fe",
-    "zh:b069cc2cd18cae10757df3ae030508eac8d55de7e49eda7a5e3e11f2f7fe6455",
-    "zh:b2d2c6313729ebb7465dceece374049e2d08bda34473901be9ff46a8836d42b2",
-    "zh:db0e114edaf4bc2f3d4769958807c83022bfbc619a00bdf4c4bd17faa4ab2d8b",
-    "zh:ecc0aa8b9044f664fd2aaf8fa992d976578f78478980555b4b8f6148e8d1a5fe",
-  ]
-}
@@ -1,11 +0,0 @@
-terraform {
-  backend "pg" {}
-  required_version = "~> 1.7"
-
-  required_providers {
-    cloudflare = {
-      source = "cloudflare/cloudflare"
-      version = "4.52.7"
-    }
-  }
-}
@@ -1,26 +0,0 @@
-resource "cloudflare_pages_domain" "immich_app_branch_domain" {
-  account_id   = var.cloudflare_account_id
-  project_name = local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_name : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_name
-  domain       = "docs.${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
-}
-
-resource "cloudflare_record" "immich_app_branch_subdomain" {
-  name    = "docs.${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
-  proxied = true
-  ttl     = 1
-  type    = "CNAME"
-  content   = "${replace(var.prefix_name, "/\\/|\\./", "-")}.${local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_subdomain : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_subdomain}"
-  zone_id = data.terraform_remote_state.cloudflare_account.outputs.immich_app_zone_id
-}
-
-output "immich_app_branch_subdomain" {
-  value = cloudflare_record.immich_app_branch_subdomain.hostname
-}
-
-output "immich_app_branch_pages_hostname" {
-  value = cloudflare_record.immich_app_branch_subdomain.content
-}
-
-output "pages_project_name" {
-  value = cloudflare_pages_domain.immich_app_branch_domain.project_name
-}
@@ -1,7 +0,0 @@
-locals {
-  domain_name = "immich.app"
-  preview_prefix = contains(["branch", "pr"], var.prefix_event_type) ? "preview" : ""
-  archive_prefix = contains(["release"], var.prefix_event_type) ? "archive" : ""
-  deploy_domain_prefix = coalesce(local.preview_prefix, local.archive_prefix)
-  is_release = contains(["release"], var.prefix_event_type)
-}
@@ -1,3 +0,0 @@
-provider "cloudflare" {
-  api_token = data.terraform_remote_state.api_keys_state.outputs.terraform_key_cloudflare_docs
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
mertalev	ea33cd9515	remove `version` flag	2024-05-14 20:40:36 -04:00
mertalev	e9ceb8b017	fix mutating config	2024-05-14 20:40:36 -04:00
mertalev	94030d809f	add hw decode toggle	2024-05-14 20:40:36 -04:00
mertalev	4db0717a08	update api	2024-05-14 20:40:36 -04:00
mertalev	b6808c1675	separate configs for hw/sw	2024-05-14 20:40:36 -04:00
mertalev	a2b7403978	fix software tone-mapping not being applied	2024-05-14 20:40:36 -04:00
mertalev	1556d978ed	toggle for hardware decoding, software / hardware decoding for nvenc and rkmpp	2024-05-14 20:40:36 -04:00
mertalev	48a71ac4d9	refactor	2024-05-14 20:38:08 -04:00
mertalev	adf620331c	tweak settings	2024-05-14 20:38:08 -04:00
mertalev	c92637df80	update nvenc options	2024-05-14 20:38:08 -04:00
mertalev	3356b023c5	tweaks	2024-05-14 20:38:08 -04:00
mertalev	a2e8b657e6	libplacebo for nvenc update dockerfile	2024-05-14 20:38:08 -04:00
mertalev	f420befc15	use arrayContaining	2024-05-14 20:37:56 -04:00
				`@@ -1 +0,0 @@`
				`custom: ['https://buy.immich.app', 'https://immich.store']`