Dockerfile changes

.devcontainer/server/container-start-backend.sh

@@ -10,8 +10,9 @@ cd "${IMMICH_WORKSPACE}/server" || (
     exit 1
 )
 
+pnpm install
 while true; do
-    run_cmd npx nest start --debug "0.0.0.0:9230" --watch
+    run_cmd pnpm exec nest start --debug "0.0.0.0:9230" --watch
     log "Nest API Server crashed with exit code $?.  Respawning in 3s ..."
     sleep 3
 done

.devcontainer/server/container-start-frontend.sh

@@ -16,7 +16,7 @@ until curl --output /dev/null --silent --head --fail "http://127.0.0.1:${IMMICH_
 done
 
 while true; do
-    run_cmd npx vite dev --host 0.0.0.0 --port "${DEV_PORT}"
+    run_cmd pnpm exec vite dev --host 0.0.0.0 --port "${DEV_PORT}"
     log "Web crashed with exit code $?.  Respawning in 3s ..."
     sleep 3
 done

.github/workflows/docs-build.yml

@@ -62,10 +62,10 @@ jobs:
         run: pnpm install
 
       - name: Check formatting
-        run: pnpm run format
+        run: pnpm format
 
       - name: Run build
-        run: pnpm run build
+        run: pnpm build
 
       - name: Upload build output
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2

.github/workflows/test.yml

@@ -89,15 +89,15 @@ jobs:
         run: pnpm install
 
       - name: Run linter
-        run: pnpm run lint
+        run: pnpm lint
         if: ${{ !cancelled() }}
 
       - name: Run formatter
-        run: pnpm run format
+        run: pnpm format
         if: ${{ !cancelled() }}
 
       - name: Run tsc
-        run: pnpm run check
+        run: pnpm check
         if: ${{ !cancelled() }}
 
       - name: Run small tests & coverage

Makefile

@@ -87,7 +87,7 @@ test-medium:
     -v ./server/tsconfig.json:/usr/src/app/tsconfig.json \
     -e NODE_ENV=development \
     immich-server:latest \
-    -c "pnpm run test:medium -- --run"
+    -c "pnpm test:medium -- --run"
 test-medium-dev:
 	docker exec -it immich_server /bin/sh -c "pnpm run test:medium"
 

cli/README.md

@@ -9,7 +9,7 @@ Before building the CLI, you must build the immich server and the open-api clien
     # if you don't have node installed
     $ npm install -g pnpm 
     $ pnpm install
-    $ pnpm run build
+    $ pnpm build
 
 Then, to build the open-api client run the following in the open-api folder:
 
@@ -20,7 +20,7 @@ To run the Immich CLI from source, run the following in the cli folder:
     # if you don't have node installed
     $ npm install -g pnpm 
     $ pnpm install
-    $ npm run build
+    $ pnpm build
     $ ts-node .
 
 You'll need ts-node, the easiest way to install it is to use npm:

cli/pnpm-lock.yaml

@@ -4,6 +4,8 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+packageExtensionsChecksum: sha256-da8GREkR2VnR5zDxp+RNh2YOpcUGfK6mRCcdi/oaiJs=
+
 importers:
 
   .:

e2e/pnpm-lock.yaml

@@ -4,6 +4,8 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+packageExtensionsChecksum: sha256-da8GREkR2VnR5zDxp+RNh2YOpcUGfK6mRCcdi/oaiJs=
+
 importers:
 
   .:

open-api/typescript-sdk/pnpm-lock.yaml

@@ -4,6 +4,8 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+packageExtensionsChecksum: sha256-da8GREkR2VnR5zDxp+RNh2YOpcUGfK6mRCcdi/oaiJs=
+
 importers:
 
   .:

pnpm-lock.yaml

@@ -4,6 +4,8 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+packageExtensionsChecksum: sha256-da8GREkR2VnR5zDxp+RNh2YOpcUGfK6mRCcdi/oaiJs=
+
 importers:
 
   .: {}

pnpm-workspace.yaml

@@ -6,16 +6,40 @@ packages:
   - server
   - web
 
+dedupePeerDependents: false
+
 ignoredBuiltDependencies:
   - '@tailwindcss/oxide'
+  - canvas
   - es5-ext
   - esbuild
+  - '@nestjs/core'
+  - '@scarf/scarf'
+  - '@swc/core'
+  - bcrypt
+  - cpu-features
+  - msgpackr-extract
+  - protobufjs
+  - ssh2
+  - utimes
 
 onlyBuiltDependencies:
-  - canvas
   - sharp
 
-sharedWorkspaceLockfile: false
-shamefullyHoist: true
-dedupePeerDependents: false
+packageExtensions:
+# these packages use tslib, but do not declare it as a dependency
+  nestjs-kysely:
+    dependencies:
+      tslib: '*'
+  nestjs-otel:
+    dependencies:
+      tslib: '*'
+  sharp:
+    dependencies:
+      '@img/sharp-libvips-linux-x64': '*'
+      '@img/sharp-libvips-linux-arm64': '*'
 preferWorkspacePackages: true
+
+shamefullyHoist: true
+
+sharedWorkspaceLockfile: false

server/Dockerfile

@@ -23,27 +23,35 @@ RUN rm -rf /usr/src/app && \
     chown node:node /usr/src/app 
 
 USER node
+
 WORKDIR /usr/src/app
-COPY --chown=node:node server/package.json server/pnpm-lock.yaml server/pnpm-workspace.yaml ./
-RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 pnpm fetch 
+COPY --chown=node:node \
+    server/package.json \
+    server/pnpm-lock.yaml \
+    pnpm-workspace.yaml \
+    ./
+RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 \
+    pnpm fetch 
 
 ENTRYPOINT ["tini", "--", "/bin/sh"]
 
 FROM dev AS dev-docker
+
 WORKDIR /usr/src/app
+VOLUME /usr/src/app/node_modules
 # Run this without build-cache, so these are cached in image itself
 # This will also build node-gyp binaries, like sharp/canvas
-RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 pnpm install --offline
+RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 \
+    pnpm install --frozen-lockfile --offline
 
 FROM dev AS dev-container-server
 
 USER root
+# Remove app dir from dev container
 RUN rm -rf /usr/src/app
 
 RUN apt-get update && \
     apt-get install sudo inetutils-ping openjdk-11-jre-headless \
-    # these are build-dependencies for 'canvas' used by web testing libs
-    pango1.0 \
     vim nano -y --no-install-recommends --fix-missing
 
 RUN usermod -aG sudo node && \
@@ -56,20 +64,37 @@ RUN sudo mkdir -p /workspaces/immich && \
     sudo mkdir /immich-devcontainer && \
     sudo chown node -R /immich-devcontainer
 
-COPY --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/
+COPY --chmod=777 \
+    ../.devcontainer/server/*.sh \
+    /immich-devcontainer/
 
-COPY --chown=node:node package.json pnpm-lock.yaml* pnpm-workspace.yaml* /tmp/build/
+WORKDIR /tmp/build
+COPY --chown=node:node \
+    package.json \
+    pnpm-lock.yaml \
+    ./
 # note: e2e is part of dockerignore, so it is not copied here
-COPY --chown=node:node web/package.json web/pnpm-lock.yaml* web/pnpm-workspace.yaml* /tmp/build/web/
-COPY --chown=node:node cli/package.json cli/pnpm-lock.yaml* cli/pnpm-workspace.yaml* /tmp/build/cli/
-COPY --chown=node:node server/package.json server/pnpm-lock.yaml* server/pnpm-workspace.yaml* /tmp/build/server/
+COPY --chown=node:node \
+    web/package.json \
+    web/pnpm-lock.yaml \
+    ./web/
+COPY --chown=node:node \
+    cli/package.json \
+    cli/pnpm-lock.yaml \
+    ./cli/
+COPY --chown=node:node \
+    server/package.json \
+    server/pnpm-lock.yaml \
+    ./server/
 # note: docs is part of dockerignore, so it is not copied here
-COPY --chown=node:node open-api/typescript-sdk/package.json open-api/typescript-sdk/pnpm-lock.yaml* open-api/typescript-sdk/pnpm-workspace.yaml* /tmp/build/open-api/typescript-sdk/
+COPY --chown=node:node open-api/typescript-sdk/package.json \
+    open-api/typescript-sdk/pnpm-lock.yaml \
+    ./open-api/typescript-sdk/
 
-# # This will cache all dependencies
-RUN cd /tmp/build && \
-    pnpm fetch && \
-    rm -rf /tmp/build
+# This will cache all dependencies
+RUN pnpm store prune && pnpm fetch 
+WORKDIR /workspaces/immich
+RUN rm -rf /tmp/build
 
 FROM dev-container-server AS dev-container-mobile
 
@@ -107,56 +132,42 @@ COPY --chmod=777 ../.devcontainer/mobile/container-mobile-post-create.sh /immich
 RUN dart --disable-analytics
 
 # server production build
-FROM dev-container-server AS prod
+FROM dev AS prod
 
 USER root
 RUN chown node:node /usr/src/app
 USER node
-COPY server .
+COPY --chown=node:node server .
 RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 \
     pnpm install --frozen-lockfile --offline && \
-    pnpm build && pnpm prune --prod --no-optional
-# && \
-#     cp -R /usr/src/app/node_modules/@img /tmp/optionals && \
-#     cp -R /usr/src/app/node_modules/exiftool-vendored.pl /tmp/optionals && \
-#     rm -rf /tmp/optionals/node_modules/@img/*musl*
-# RUN pnpm prune --prod --no-optional && \
-#     mv /tmp/optionals/* ./node_modules/ && \
-#     rm -rf /tmp/optionals
+    pnpm build
+
+FROM dev AS sdk
+
+COPY --chown=node:node open-api/typescript-sdk/ .
+RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 \
+    pnpm install --frozen-lockfile --no-optional && \
+    pnpm build 
 
 # web production build
 FROM dev AS web
 
-COPY --chown=node:node open-api/typescript-sdk/ ../open-api/typescript-sdk/
-WORKDIR /usr/src/open-api/typescript-sdk
-RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 \
-    pnpm install --frozen-lockfile --offline --no-optional && \
-    pnpm build && pnpm prune --prod --no-optional
-
-COPY --chown=node:node web /usr/src/app
+COPY --chown=node:node web .
+COPY --from=sdk /usr/src/app /usr/src/open-api/typescript-sdk
 COPY --chown=node:node i18n /usr/src/i18n
-WORKDIR /usr/src/app
 RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 \
-    pnpm install --frozen-lockfile --offline --force && \
-    pnpm build && pnpm prune --prod --no-optional
+    pnpm install --frozen-lockfile && \
+    pnpm build 
 
 FROM dev AS cli
 
-COPY --chown=node:node open-api/typescript-sdk/ ../open-api/typescript-sdk/
-WORKDIR /usr/src/open-api/typescript-sdk
-RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 \
-    pnpm install --frozen-lockfile --offline --no-optional && \
-    pnpm build && pnpm prune --prod --no-optional
-
-COPY --chown=node:node cli /usr/src/app
-WORKDIR /usr/src/app
+COPY --chown=node:node cli .
+COPY --from=sdk /usr/src/app /usr/src/open-api/typescript-sdk
 # the following command does not use --offline, because the cache created in 
 # the 'dev' stage did not includ the cli depenencies
 RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 \
-    pnpm install --frozen-lockfile --force && \
-    pnpm build && pnpm prune --prod --no-optional
-
-RUN touch CLI_SUCCESS
+    pnpm install --frozen-lockfile && \
+    pnpm build 
 
 # prod build
 FROM ghcr.io/immich-app/base-server-prod:202505061115@sha256:9971d3a089787f0bd01f4682141d3665bcf5efb3e101a88e394ffd25bee4eedb
@@ -184,7 +195,7 @@ COPY --chown=node:node --from=prod /usr/src/app/bin ./bin
 COPY --chown=node:node --from=web /usr/src/app/build /build/www
 COPY --chown=node:node --from=cli /usr/src/app/dist ./cli
 COPY --chown=node:node server/resources ./resources/
-COPY --chown=node:node server/package.json server/pnpm-lock.yaml server/pnpm-workspace.yaml server/start*.sh \
+COPY --chown=node:node server/package.json server/pnpm-lock.yaml pnpm-workspace.yaml server/start*.sh \
                        docker/scripts/get-cpus.sh ./
 COPY LICENSE /licenses/LICENSE.txt
 COPY LICENSE /LICENSE
@@ -213,6 +224,8 @@ ENV IMMICH_SOURCE_REF=${BUILD_SOURCE_REF}
 ENV IMMICH_SOURCE_COMMIT=${BUILD_SOURCE_COMMIT}
 ENV IMMICH_SOURCE_URL=https://github.com/immich-app/immich/commit/${BUILD_SOURCE_COMMIT}
 
+USER root
+
 VOLUME /usr/src/app/upload
 EXPOSE 2283
 ENTRYPOINT ["tini", "--", "/bin/bash"]

server/pnpm-lock.yaml

@@ -4,6 +4,8 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+packageExtensionsChecksum: sha256-da8GREkR2VnR5zDxp+RNh2YOpcUGfK6mRCcdi/oaiJs=
+
 importers:
 
   .:
@@ -10372,6 +10374,7 @@ snapshots:
       '@nestjs/core': 11.1.3(@nestjs/common@11.1.3(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@11.1.3)(@nestjs/websockets@11.1.3)(reflect-metadata@0.2.2)(rxjs@7.8.2)
       kysely: 0.28.2
       reflect-metadata: 0.2.2
+      tslib: 2.8.1
 
   nestjs-otel@6.2.0(@nestjs/common@11.1.3(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.3):
     dependencies:
@@ -10380,6 +10383,7 @@ snapshots:
       '@opentelemetry/api': 1.9.0
       '@opentelemetry/host-metrics': 0.35.5(@opentelemetry/api@1.9.0)
       response-time: 2.3.3
+      tslib: 2.8.1
 
   next@15.3.4(@opentelemetry/api@1.9.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0):
     dependencies:

server/pnpm-workspace.yaml

@@ -1,10 +0,0 @@
-ignoredBuiltDependencies:
-  - '@tailwindcss/oxide'
-  - es5-ext
-  - esbuild
-
-onlyBuiltDependencies:
-  - canvas
-  - sharp
-
-preferWorkspacePackages: true

web/Dockerfile

@@ -1,18 +1,34 @@
 FROM node:22.16.0-alpine3.20@sha256:2289fb1fba0f4633b08ec47b94a89c7e20b829fc5679f9b7b298eaa2f1ed8b7e
-ENV COREPACK_ENABLE_AUTO_PIN=0
-ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0
-RUN corepack enable && corepack install -g pnpm && apk add --no-cache tini
-RUN mkdir -p /pnpm/store && chown node:node -R /pnpm && mkdir -p /usr/local/etc && echo "store-dir=/pnpm/store" >> /usr/local/etc/npmrc
+ENV COREPACK_ENABLE_AUTO_PIN=0 \
+    COREPACK_ENABLE_DOWNLOAD_PROMPT=0
+
+RUN corepack enable && corepack install -g pnpm && \
+    apk add --no-cache tini && \
+    mkdir -p /pnpm/store && \
+    chown node:node -R /pnpm && \
+    mkdir -p /usr/local/etc && \
+    echo "store-dir=/pnpm/store" >> /usr/local/etc/npmrc
+
 USER node
 WORKDIR /usr/src/app
+
 COPY --chown=node:node \
     ../open-api/typescript-sdk/package.json \
     ../open-api/typescript-sdk/pnpm-lock.yaml \
     ../open-api/typescript-sdk/
-COPY --chown=node:node ./web/package.json ./web/pnpm-lock.yaml ./web/pnpm-workspace.yaml ./
-COPY pnpm-workspace.yaml /usr/src
-RUN pnpm install --frozen-lockfile
+    
+COPY --chown=node:node \
+    ./web/package.json \
+    ./web/pnpm-lock.yaml \
+    pnpm-workspace.yaml \
+    ./
+
+RUN --mount=type=cache,id=pnpm,target=/buildcache,uid=1000,gid=1000 \
+    pnpm install --frozen-lockfile
+
 ENV CHOKIDAR_USEPOLLING=true
+
 EXPOSE 24678
 EXPOSE 3000
+
 ENTRYPOINT ["/sbin/tini", "--", "/bin/sh"]

web/bin/immich-web

@@ -3,7 +3,7 @@
 TYPESCRIPT_SDK=@immich/sdk
 
 echo "Building TypeScript SDK..."
-(cd ../open-api/typescript-sdk && pnpm run build)
+(cd ../open-api/typescript-sdk && pnpm install && pnpm build)
 echo "Installing Deps ..."
 pnpm install
 

web/package.json

@@ -5,7 +5,7 @@
   "type": "module",
   "scripts": {
     "dev": "vite dev --host 0.0.0.0 --port 3000",
-    "build": "vite build",
+    "build": "svelte-kit sync && vite build",
     "build:stats": "BUILD_STATS=true vite build",
     "package": "svelte-kit package",
     "preview": "vite preview",
@@ -22,8 +22,7 @@
     "format:i18n": "npx --yes sort-json ../i18n/*.json",
     "test": "vitest --run",
     "test:cov": "vitest --coverage",
-    "test:watch": "vitest dev",
-    "prepare": "node -e \"try { require.resolve('@sveltejs/kit/package.json'); } catch(e) { process.exit(1); }\" && svelte-kit sync || echo 'Skipping svelte-kit sync (devDependency not available)'"
+    "test:watch": "vitest dev"
   },
   "dependencies": {
     "@formatjs/icu-messageformat-parser": "^2.9.8",

web/pnpm-lock.yaml

@@ -4,6 +4,8 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+packageExtensionsChecksum: sha256-da8GREkR2VnR5zDxp+RNh2YOpcUGfK6mRCcdi/oaiJs=
+
 importers:
 
   .:

web/pnpm-workspace.yaml

@@ -1,10 +0,0 @@
-ignoredBuiltDependencies:
-  - '@tailwindcss/oxide'
-  - es5-ext
-  - esbuild
-
-onlyBuiltDependencies:
-  - canvas
-  - sharp
-
-preferWorkspacePackages: true