[docs] Update custom server section for cli

2024-03-13 12:02:36 +05:30
3315 changed files with 402045 additions and 234097 deletions
--- a/server/.gitattributes
+++ b/server/.gitattributes
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -4,12 +4,11 @@ labels: ["triage"]
 body:
    - type: markdown
      attributes:
-          value: |
+          value: >
-              Before opening a new bug report, please ensure
+              Before opening a new issue, please ensure you are on the latest
-              1. you are on the latest version (it might've already been fixed),
+              version (it might've already been fixed), and that you've searched
-              2. you've searched for existing issues (please add your observations as a comment there instead of creating a duplicate).
+              for existing issues (please add you observations as a comment
-
+              there instead of creating a duplicate).
              If you are self hosting, please create a community [Q&A](https://github.com/ente-io/ente/discussions/categories/q-a) instead.
    - type: textarea
      attributes:
          label: Description
@@ -17,8 +16,7 @@ body:
              Please describe the bug. If possible, also include the steps to
              reproduce the behaviour, and the expected behaviour (sometimes
              bugs are just expectation mismatches, in which case this would be
-              a good fit for [feature
+              a good fit for Discussions).
              requests](https://github.com/ente-io/ente/discussions/categories/feature-requests)).
      validations:
          required: true
    - type: input
--- a/.github/assets/github-badge.png
+++ b/.github/assets/github-badge.png
--- a/.github/assets/obtainium-badge.png
+++ b/.github/assets/obtainium-badge.png
--- a/.github/workflows/auth-crowdin-push.yml
+++ b/.github/workflows/auth-crowdin-push.yml
@@ -1,31 +0,0 @@
 name: "Push sources to Crowdin (auth)"
 on:
    push:
        branches: [main]
        paths:
            # Run workflow when auth's intl_en.arb is changed
            - "auth/lib/l10n/arb/app_en.arb"
            # Or the workflow itself is changed
            - ".github/workflows/auth-crowdin.yml"
 jobs:
    push-sources-to-crowdin:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Crowdin's action
              uses: crowdin/github-action@v2
              with:
                  base_path: "auth/"
                  config: "auth/crowdin.yml"
                  upload_sources: true
                  upload_translations: false
                  download_translations: false
                  project_id: 575169
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/auth-crowdin-sync.yml
+++ b/.github/workflows/auth-crowdin-sync.yml
@@ -1,36 +0,0 @@
 name: "Sync Crowdin translations (auth)"
 on:
    schedule:
        # Run Mondays at ~6:30 AM IST
        # See: [Note: Run workflow on specific days of the week]
        - cron: "50 0 * * 1"
    # Also allow manually running the workflow.
    workflow_dispatch:
 jobs:
    synchronize-with-crowdin:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Crowdin's action
              uses: crowdin/github-action@v2
              with:
                  base_path: "auth/"
                  config: "auth/crowdin.yml"
                  upload_sources: true
                  upload_translations: false
                  download_translations: true
                  localization_branch_name: translations/auth
                  create_pull_request: true
                  skip_untranslated_strings: true
                  pull_request_title: "[auth] New translations"
                  pull_request_body: "New translations from [Crowdin](https://crowdin.com/project/ente-authenticator-app)"
                  pull_request_base_branch_name: "main"
                  project_id: 575169
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/auth-crowdin.yml
+++ b/.github/workflows/auth-crowdin.yml
@@ -0,0 +1,42 @@
 name: "Sync Crowdin translations (auth)"
 on:
    push:
        paths:
            # Run workflow when auth's intl_en.arb is changed
            - "mobile/lib/l10n/arb/app_en.arb"
            # Or the workflow itself is changed
            - ".github/workflows/auth-crowdin.yml"
        branches: [main]
    schedule:
        # See: [Note: Run every 24 hours]
        - cron: "50 1 * * *"
    # Also allow manually running the workflow
    workflow_dispatch:
 jobs:
    synchronize-with-crowdin:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Crowdin's action
              uses: crowdin/github-action@v1
              with:
                  base_path: "auth/"
                  config: "auth/crowdin.yml"
                  upload_sources: true
                  upload_translations: true
                  download_translations: true
                  localization_branch_name: crowdin-translations-auth
                  create_pull_request: true
                  skip_untranslated_strings: true
                  pull_request_title: "[auth] New translations"
                  pull_request_body: "New translations from [Crowdin](https://crowdin.com/project/ente-authenticator-app)"
                  pull_request_base_branch_name: "main"
                  project_id: 575169
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/auth-internal-release.yml
+++ b/.github/workflows/auth-internal-release.yml
@@ -1,56 +0,0 @@
 name: "Internal release (auth mobile)"
 on:
    workflow_dispatch: # Allow manually running the action
 env:
    FLUTTER_VERSION: "3.24.3"
 jobs:
    build:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: auth
        steps:
            - name: Checkout code and submodules
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup JDK 17
              uses: actions/setup-java@v1
              with:
                  java-version: 17
            - name: Install Flutter ${{ env.FLUTTER_VERSION  }}
              uses: subosito/flutter-action@v2
              with:
                  channel: "stable"
                  flutter-version: ${{ env.FLUTTER_VERSION  }}
                  cache: true
            - name: Setup keys
              uses: timheuer/base64-to-file@v1
              with:
                  fileName: "keystore/ente_auth_key.jks"
                  encodedString: ${{ secrets.SIGNING_KEY }}
            - name: Build PlayStore AAB
              run: |
                  flutter build appbundle --release --flavor playstore --dart-define=app.flavor=playstore
              env:
                  SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
                  SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
                  SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
                  SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
            - name: Upload AAB to PlayStore
              uses: r0adkll/upload-google-play@v1
              with:
                  serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
                  packageName: io.ente.auth
                  releaseFiles: auth/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
                  track: internal
--- a/.github/workflows/auth-lint.yml
+++ b/.github/workflows/auth-lint.yml
@@ -1,14 +1,15 @@
 name: "Lint (auth)"
 on:
-    # Run on every pull request (open or push to it) that changes auth/
+    # Run on every push to a branch other than main that changes auth/
-    pull_request:
+    push:
        branches-ignore: [main]
        paths:
            - "auth/**"
            - ".github/workflows/auth-lint.yml"
 env:
-    FLUTTER_VERSION: "3.24.3"
+    FLUTTER_VERSION: "3.16.9"
 jobs:
    lint:
@@ -22,18 +23,6 @@ jobs:
              with:
                  submodules: recursive
            - name: Verify custom icons are lowercase including optional understores, and end with .svg
              run: |
                  find assets/custom-icons -type f -name "*.svg" | while read -r file; do
                      if [[ "$(basename "$file")" != "$(basename "$file" | tr '[:upper:]' '[:lower:]' | tr ' ' '_')" ]]; then
                          echo "File name is not lowercase: $file"
                          exit 1
                      fi
                  done
            - name: Verify custom icon JSON
              run: cat assets/custom-icons/_data/custom-icons.json | jq empty
            - name: Install Flutter ${{ env.FLUTTER_VERSION  }}
              uses: subosito/flutter-action@v2
              with:
@@ -44,3 +33,6 @@ jobs:
            - run: flutter pub get
            - run: flutter analyze --no-fatal-infos
            - name: Verify custom icon JSON
              run: cat assets/custom-icons/_data/custom-icons.json | jq empty
--- a/.github/workflows/auth-release.yml
+++ b/.github/workflows/auth-release.yml
@@ -17,8 +17,8 @@ name: "Release (auth)"
 # We use a suffix like `-test` to indicate that these are test tags, and that
 # they belong to a pre-release.
 #
-# If you need to do multiple tests, add a .x at the end of the tag. e.g.
+# If you need to do multiple tests, add a +x at the end of the tag. e.g.
-# `auth-v1.2.3-test.1`.
+# `auth-v1.2.3-test+1`.
 #
 # Once the testing is done, also delete the tag(s) please.
@@ -29,11 +29,11 @@ on:
            - "auth-v*"
 env:
-    FLUTTER_VERSION: "3.24.3"
+    FLUTTER_VERSION: "3.13.4"
 jobs:
    build-ubuntu:
-        runs-on: ubuntu-20.04
+        runs-on: ubuntu-latest
        defaults:
            run:
@@ -45,11 +45,6 @@ jobs:
              with:
                  submodules: recursive
            - name: Setup JDK 17
              uses: actions/setup-java@v1
              with:
                  java-version: 17
            - name: Install Flutter ${{ env.FLUTTER_VERSION  }}
              uses: subosito/flutter-action@v2
              with:
@@ -77,8 +72,6 @@ jobs:
                  SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
            - name: Build PlayStore AAB
              # disable this step if release tag contains nightly or beta
              if: startsWith(github.ref, 'refs/tags/auth-v') && !contains(github.ref, 'nightly') && !contains(github.ref, 'beta')
              run: |
                  flutter build appbundle --release --flavor playstore --dart-define=app.flavor=playstore
              env:
@@ -90,22 +83,31 @@ jobs:
            - name: Install dependencies for desktop build
              run: |
                  sudo apt-get update -y
-                  sudo apt-get install -y libsecret-1-dev libsodium-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config libsqlite3-dev locate appindicator3-0.1 libappindicator3-dev libffi-dev libtiff5
+                  sudo apt-get install -y libsecret-1-dev libsodium-dev libwebkit2gtk-4.0-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config rpm libsqlite3-dev locate
-                  sudo updatedb --localpaths='/usr/lib/x86_64-linux-gnu'
+
            - name: Install appimagetool
              run: |
                  wget -O appimagetool "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage"
                  chmod +x appimagetool
                  mv appimagetool /usr/local/bin/
            - name: Build desktop app
              # Temporarily disable desktop builds
              if: false
              run: |
                  flutter config --enable-linux-desktop
-                  # dart pub global activate flutter_distributor
+                  dart pub global activate flutter_distributor
                  dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor
                  flutter_distributor package --platform=linux --targets=deb --skip-clean
                  flutter_distributor package --platform=linux --targets=rpm --skip-clean
                  flutter_distributor package --platform=linux --targets=appimage --skip-clean
                  mv dist/**/*-*-linux.deb artifacts/ente-${{ github.ref_name }}-x86_64.deb
                  mv dist/**/*-*-linux.rpm artifacts/ente-${{ github.ref_name }}-x86_64.rpm
                  mv dist/**/*-*-linux.AppImage artifacts/ente-${{ github.ref_name }}-x86_64.AppImage
              env:
                  LIBSODIUM_USE_PKGCONFIG: 1
-            - name: Generate checksums and push to artifacts
+            - name: Generate checksums
-              run: |
+              run: sha256sum artifacts/ente-* > artifacts/sha256sum
                  sha256sum artifacts/ente-* > artifacts/sha256sum-apk-deb
            - name: Create a draft GitHub release
              uses: ncipollo/release-action@v1
@@ -116,8 +118,6 @@ jobs:
                  updateOnlyUnreleased: true
            - name: Upload AAB to PlayStore
              # disable this step if release tag contains nightly or beta
              if: startsWith(github.ref, 'refs/tags/auth-v') && !contains(github.ref, 'nightly') && !contains(github.ref, 'beta')
              uses: r0adkll/upload-google-play@v1
              with:
                  serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
@@ -125,67 +125,6 @@ jobs:
                  releaseFiles: auth/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
                  track: internal
    build-fedora-etc:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: auth
        steps:
            - name: Checkout code and submodules
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Install Flutter ${{ env.FLUTTER_VERSION  }}
              uses: subosito/flutter-action@v2
              with:
                  channel: "stable"
                  flutter-version: ${{ env.FLUTTER_VERSION  }}
                  cache: true
            - name: Create artifacts directory
              run: mkdir artifacts
            - name: Install dependencies for desktop build
              run: |
                  sudo apt-get update -y
                  sudo apt-get install -y libsecret-1-dev libsodium-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config rpm patchelf libsqlite3-dev locate libayatana-appindicator3-dev libffi-dev libtiff5 xz-utils libarchive-tools
                  sudo updatedb --localpaths='/usr/lib/x86_64-linux-gnu'
            - name: Install appimagetool
              run: |
                  wget -O appimagetool "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage"
                  chmod +x appimagetool
                  mv appimagetool /usr/local/bin/
            - name: Build desktop app
              run: |
                  flutter config --enable-linux-desktop
                  # dart pub global activate flutter_distributor
                  dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor
                  # Run below command if it is a beta or nightly
                  if [[ ${{ github.ref }} =~ beta|nightly ]]; then
                    flutter_distributor package --platform=linux --targets=pacman --skip-clean
                    mv dist/**/*-*-linux.pacman artifacts/ente-${{ github.ref_name }}-x86_64.pacman
                  fi
                  flutter_distributor package --platform=linux --targets=rpm --skip-clean
                  mv dist/**/*-*-linux.rpm artifacts/ente-${{ github.ref_name }}-x86_64.rpm
                  flutter_distributor package --platform=linux --targets=appimage --skip-clean
                  mv dist/**/*-*-linux.AppImage artifacts/ente-${{ github.ref_name }}-x86_64.AppImage
            - name: Generate checksums
              run: sha256sum artifacts/ente-* >> artifacts/sha256sum-rpm-appimage
            - name: Create a draft GitHub release
              uses: ncipollo/release-action@v1
              with:
                  artifacts: "auth/artifacts/*"
                  draft: true
                  allowUpdates: true
                  updateOnlyUnreleased: true
    build-windows:
        runs-on: windows-latest
@@ -210,18 +149,23 @@ jobs:
              run: mkdir artifacts
            - name: Build Windows installer
              # Temporarily disable desktop builds
              if: false
              run: |
                  flutter config --enable-windows-desktop
-                  # dart pub global activate flutter_distributor
+                  dart pub global activate flutter_distributor
                  dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor
                  make innoinstall
                  flutter_distributor package --platform=windows --targets=exe --skip-clean
-                  mv dist/**/*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe
+                  mv dist/**/ente_auth-*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe
            - name: Retain Windows EXE and DLLs
              # Temporarily disable desktop builds
              if: false
              run: cp -r build/windows/x64/runner/Release ente-${{ github.ref_name }}-windows
            - name: Code sign Windows installer and EXE
              # Temporarily disable desktop builds
              if: false
              uses: dlemstra/code-sign-action@v1
              with:
                  certificate: "${{ secrets.WINDOWS_CERTIFICATE }}"
@@ -231,10 +175,9 @@ jobs:
                      auth/ente-${{ github.ref_name }}-windows/auth.exe
            - name: Zip Windows EXE and DLLs
-              run: tar.exe -a -c -f artifacts/ente-${{ github.ref_name }}-windows.zip ente-${{ github.ref_name }}-windows
+              # Temporarily disable desktop builds
-
+              if: false
-            - name: Generate checksums
+              run: tar.exe -a -c -f auth/artifacts/ente-${{ github.ref_name }}-windows.zip auth/ente-${{ github.ref_name }}-windows
              run: sha256sum artifacts/ente-* > artifacts/sha256sum-windows
            - name: Create a draft GitHub release
              uses: ncipollo/release-action@v1
@@ -305,19 +248,25 @@ jobs:
              run: mkdir artifacts
            - name: Build macOS DMG
              # Temporarily disable desktop builds
              if: false
              run: |
                  flutter config --enable-macos-desktop
                  dart pub global activate flutter_distributor
                  flutter_distributor package --platform=macos --targets=dmg --skip-clean
-                  mv dist/**/*-macos.dmg artifacts/ente-${{ github.ref_name }}.dmg
+                  mv dist/**/ente_auth-*-macos.dmg artifacts/ente-${{ github.ref_name }}.dmg
            - name: Code sign DMG
              # Temporarily disable desktop builds
              if: false
              run: |
                  CERT_NAME=$(security find-identity -v -p codesigning | grep "Developer ID Application" | awk -F'"' '{print $2}' | grep -m1 "")
                  codesign --force --timestamp --sign "$CERT_NAME" --options runtime artifacts/ente-${{ github.ref_name }}.dmg
                  codesign --verify --verbose=4 artifacts/ente-${{ github.ref_name }}.dmg
            - name: Notarize and staple DMG
              # Temporarily disable desktop builds
              if: false
              run: |
                  xcrun notarytool submit artifacts/ente-${{ github.ref_name }}.dmg \
                    --wait \
@@ -330,9 +279,6 @@ jobs:
                  APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
                  APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
            - name: Generate checksums
              run: shasum -a 256 artifacts/ente-* > artifacts/sha256sum-macos
            - name: Create a draft GitHub release
              uses: ncipollo/release-action@v1
              with:
--- a/.github/workflows/copycat-db-release.yml
+++ b/.github/workflows/copycat-db-release.yml
@@ -1,24 +0,0 @@
 name: "Release (copycat-db)"
 on:
    workflow_dispatch: # Run manually
 jobs:
    build:
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v4
              name: Check out code
            - uses: mr-smithers-excellent/docker-build-push@v6
              name: Build & Push
              with:
                  dockerfile: infra/copycat-db/Dockerfile
                  directory: infra/copycat-db
                  image: ente/copycat-db
                  registry: rg.fr-par.scw.cloud
                  enableBuildKit: true
                  buildArgs: GIT_COMMIT=${GITHUB_SHA}
                  tags: ${GITHUB_SHA}, latest
                  username: ${{ secrets.DOCKER_USERNAME }}
                  password: ${{ secrets.DOCKER_PASSWORD }}
--- a/.github/workflows/desktop-lint.yml
+++ b/.github/workflows/desktop-lint.yml
@@ -1,29 +0,0 @@
 name: "Lint (desktop)"
 on:
    # Run on every pull request (open or push to it) that changes desktop/
    pull_request:
        paths:
            - "desktop/**"
            - ".github/workflows/desktop-lint.yml"
 jobs:
    lint:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: desktop
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "desktop/yarn.lock"
            - run: yarn install
            - run: yarn lint
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -37,8 +37,11 @@ jobs:
              run: yarn build
            - name: Publish
-              uses: cloudflare/wrangler-action@v3
+              uses: cloudflare/pages-action@1
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-                  command: pages deploy --project-name=ente --commit-dirty=true --branch=help docs/docs/.vitepress/dist
+                  projectName: ente
                  branch: help
                  directory: docs/docs/.vitepress/dist
                  wranglerVersion: "3"
--- a/.github/workflows/docs-verify-build.yml
+++ b/.github/workflows/docs-verify-build.yml
@@ -4,8 +4,9 @@ name: "Verify build (docs)"
 # succeeding before we merge the PR into main.
 on:
-    # Run on every pull request (open or push to it) that changes docs/
+    # Run on every push to a branch other than main that changes docs/
-    pull_request:
+    push:
        branches-ignore: [main]
        paths:
            - "docs/**"
            - ".github/workflows/docs-verify-build.yml"
--- a/.github/workflows/infra-deploy-staff.yml
+++ b/.github/workflows/infra-deploy-staff.yml
@@ -1,43 +0,0 @@
 name: "Deploy (staff)"
 on:
    # Run on every push to main that changes infra/staff/
    push:
        branches: [main]
        paths:
            - "infra/staff/**"
            - ".github/workflows/infra-deploy-staff.yml"
    # Also allow manually running the workflow
    workflow_dispatch:
 jobs:
    lint:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: infra/staff
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "infra/staff/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build
              run: yarn build
            - name: Publish
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/staff infra/staff/dist
--- a/.github/workflows/infra-lint-staff.yml
+++ b/.github/workflows/infra-lint-staff.yml
@@ -1,33 +0,0 @@
 name: "Lint (staff)"
 on:
    # Run on every pull request (open or push to it) that changes infra/staff/
    pull_request:
        paths:
            - "infra/staff/**"
            - ".github/workflows/infra-deploy-staff.yml"
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: infra/staff
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "infra/staff/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Lint
              run: yarn lint
--- a/.github/workflows/mobile-crowdin-push.yml
+++ b/.github/workflows/mobile-crowdin-push.yml
@@ -1,31 +0,0 @@
 name: "Push sources to Crowdin (mobile)"
 on:
    push:
        branches: [main]
        paths:
            # Run workflow when mobiles's intl_en.arb is changed
            - "mobile/lib/l10n/intl_en.arb"
            # Or the workflow itself is changed
            - ".github/workflows/mobile-crowdin.yml"
 jobs:
    push-sources-to-crowdin:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Crowdin's action
              uses: crowdin/github-action@v2
              with:
                  base_path: "mobile/"
                  config: "mobile/crowdin.yml"
                  upload_sources: true
                  upload_translations: false
                  download_translations: false
                  project_id: 574741
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/mobile-crowdin-sync.yml
+++ b/.github/workflows/mobile-crowdin-sync.yml
@@ -1,35 +0,0 @@
 name: "Sync Crowdin translations (mobile)"
 on:
    schedule:
        # Run Mondays at ~6:30 AM IST
        # See: [Note: Run workflow on specific days of the week]
        - cron: "40 0 * * 1"
    # Also allow manually running the workflow.
    workflow_dispatch:
 jobs:
    synchronize-with-crowdin:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Crowdin's action
              uses: crowdin/github-action@v2
              with:
                  base_path: "mobile/"
                  config: "mobile/crowdin.yml"
                  upload_sources: true
                  upload_translations: false
                  download_translations: true
                  localization_branch_name: translations/mobile
                  create_pull_request: true
                  pull_request_title: "[mobile] New translations"
                  pull_request_body: "New translations from [Crowdin](https://crowdin.com/project/ente-photos-app)"
                  pull_request_base_branch_name: "main"
                  project_id: 574741
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/mobile-crowdin.yml
+++ b/.github/workflows/mobile-crowdin.yml
@@ -0,0 +1,42 @@
 name: "Sync Crowdin translations (mobile)"
 on:
    push:
        paths:
            # Run workflow when mobiles's intl_en.arb is changed
            - "mobile/lib/l10n/intl_en.arb"
            # Or the workflow itself is changed
            - ".github/workflows/mobile-crowdin.yml"
        branches: [main]
    schedule:
        # See: [Note: Run every 24 hours]
        - cron: "40 1 * * *"
    # Also allow manually running the workflow
    workflow_dispatch:
 jobs:
    synchronize-with-crowdin:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Crowdin's action
              uses: crowdin/github-action@v1
              with:
                  base_path: "mobile/"
                  config: "mobile/crowdin.yml"
                  upload_sources: true
                  upload_translations: true
                  download_translations: true
                  localization_branch_name: crowdin-translations-mobile
                  create_pull_request: true
                  skip_untranslated_strings: true
                  pull_request_title: "[mobile] New translations"
                  pull_request_body: "New translations from [Crowdin](https://crowdin.com/project/ente-photos-app)"
                  pull_request_base_branch_name: "main"
                  project_id: 574741
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/mobile-internal-release.yml
+++ b/.github/workflows/mobile-internal-release.yml
@@ -1,56 +0,0 @@
 name: "Internal release (photos)"
 on:
    workflow_dispatch: # Allow manually running the action
 env:
    FLUTTER_VERSION: "3.24.3"
 jobs:
    build:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: mobile
        steps:
            - name: Checkout code and submodules
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup JDK 17
              uses: actions/setup-java@v1
              with:
                  java-version: 17
            - name: Install Flutter ${{ env.FLUTTER_VERSION  }}
              uses: subosito/flutter-action@v2
              with:
                  channel: "stable"
                  flutter-version: ${{ env.FLUTTER_VERSION  }}
                  cache: true
            - name: Setup keys
              uses: timheuer/base64-to-file@v1
              with:
                  fileName: "keystore/ente_photos_key.jks"
                  encodedString: ${{ secrets.SIGNING_KEY_PHOTOS }}
            - name: Build PlayStore AAB
              run: |
                  flutter build appbundle --release --flavor playstore
              env:
                  SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_photos_key.jks"
                  SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS_PHOTOS }}
                  SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD_PHOTOS }}
                  SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD_PHOTOS }}
            - name: Upload AAB to PlayStore
              uses: r0adkll/upload-google-play@v1
              with:
                  serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
                  packageName: io.ente.photos
                  releaseFiles: mobile/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
                  track: internal
--- a/.github/workflows/mobile-lint.yml
+++ b/.github/workflows/mobile-lint.yml
@@ -1,15 +1,15 @@
 name: "Lint (mobile)"
 on:
-    # Run on every pull request (open or push to it) that changes mobile/
+    # Run on every push to a branch other than main that changes mobile/
-    pull_request:
+    push:
        branches-ignore: [main]
        paths:
            - "mobile/**"
            - ".github/workflows/mobile-lint.yml"
 env:
-
+    FLUTTER_VERSION: "3.13.4"
    FLUTTER_VERSION: "3.24.3"
 jobs:
    lint:
--- a/.github/workflows/mobile-release.yml
+++ b/.github/workflows/mobile-release.yml
@@ -9,7 +9,7 @@ on:
            - "photos-v*"
 env:
-    FLUTTER_VERSION: "3.24.3"
+    FLUTTER_VERSION: "3.13.4"
 jobs:
    build:
@@ -25,11 +25,6 @@ jobs:
              with:
                  submodules: recursive
            - name: Setup JDK 17
              uses: actions/setup-java@v1
              with:
                  java-version: 17
            - name: Install Flutter ${{ env.FLUTTER_VERSION  }}
              uses: subosito/flutter-action@v2
              with:
@@ -54,7 +49,7 @@ jobs:
                  SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD_PHOTOS }}
            - name: Checksum
-              run: sha256sum build/app/outputs/flutter-apk/ente-${{ github.ref_name }}.apk > build/app/outputs/flutter-apk/sha256sum
+              run: sha256sum build/app/outputs/flutter-apk/ente.apk > build/app/outputs/flutter-apk/sha256sum
            - name: Create a draft GitHub release
              uses: ncipollo/release-action@v1
--- a/.github/workflows/server-lint.yml
+++ b/.github/workflows/server-lint.yml
@@ -1,8 +1,9 @@
 name: "Lint (server)"
 on:
-    # Run on every pull request (open or push to it) that changes server/
+    # Run on every push to a branch other than main that changes server/
-    pull_request:
+    push:
        branches-ignore: [main]
        paths:
            - "server/**"
            - ".github/workflows/server-lint.yml"
@@ -20,8 +21,7 @@ jobs:
            - name: Setup go
              uses: actions/setup-go@v5
              with:
-                  go-version-file: server/go.mod
+                  go-version-file: "server/go.mod"
                  cache-dependency-path: server/go.sum
                  cache: true
            - name: Install dependencies
--- a/.github/workflows/server-publish.yml
+++ b/.github/workflows/server-publish.yml
@@ -1,45 +0,0 @@
 name: "Publish (server)"
 on:
    # Run manually, providing it the commit.
    #
    # To obtain the commit from the currently deployed museum, do:
    # curl -s https://api.ente.io/ping | jq -r '.id'
    #
    # See server/docs/publish.md for more details.
    workflow_dispatch:
        inputs:
            commit:
                description: "Commit to publish the image from"
                type: string
                required: true
 jobs:
    publish:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
              with:
                  ref: ${{ inputs.commit }}
            - name: Build and push
              uses: mr-smithers-excellent/docker-build-push@v6
              with:
                  dockerfile: server/Dockerfile
                  directory: server
                  # Resultant package name will be ghcr.io/ente-io/server
                  image: server
                  registry: ghcr.io
                  enableBuildKit: true
                  multiPlatform: true
                  platform: linux/amd64,linux/arm64
                  buildArgs: GIT_COMMIT=${{ inputs.commit }}
                  tags: ${{ inputs.commit }}, latest
                  username: ${{ github.actor }}
                  password: ${{ secrets.GITHUB_TOKEN }}
            - name: Tag as server/ghcr
              run: |
                  git tag -f server/ghcr
                  git push -f origin server/ghcr
--- a/.github/workflows/server-release.yml
+++ b/.github/workflows/server-release.yml
@@ -7,11 +7,11 @@ jobs:
    build:
        runs-on: ubuntu-latest
        steps:
-            - name: Checkout code
+            - uses: actions/checkout@v4
-              uses: actions/checkout@v4
+              name: Check out code
-            - name: Build and push
+            - uses: mr-smithers-excellent/docker-build-push@v6
-              uses: mr-smithers-excellent/docker-build-push@v6
+              name: Build & Push
              with:
                  dockerfile: server/Dockerfile
                  directory: server
--- a/.github/workflows/web-crowdin-push-both.yml
+++ b/.github/workflows/web-crowdin-push-both.yml
@@ -1,34 +0,0 @@
 name: "Push Crowdin translations (web)"
 # This is a variant of web-crowdin-sync.yml that uploads the translated strings in
 # addition to the source strings.
 #
 # This allows us to change the strings in our source code for an automated
 # refactoring (e.g. renaming a key), and then run this workflow to update the
 # data in Crowdin taking our source code as the source of truth.
 on:
    # Trigger manually, or using
    # `gh workflow run web-crowdin-push-both.yml --ref <my-branch>`
    workflow_dispatch:
 jobs:
    push-both-to-crowdin:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Crowdin push
              uses: crowdin/github-action@v2
              with:
                  base_path: "web/"
                  config: "web/crowdin.yml"
                  upload_sources: true
                  upload_translations: true
                  download_translations: false
                  project_id: 569613
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/web-crowdin-sync.yml
+++ b/.github/workflows/web-crowdin-sync.yml
@@ -1,50 +0,0 @@
 name: "Sync Crowdin translations (web)"
 on:
    push:
        branches: [main]
        paths:
            # Run workflow when web's en-US/translation.json is changed
            - "web/packages/base/locales/en-US/translation.json"
            # Or the workflow itself is changed
            - ".github/workflows/web-crowdin.yml"
    schedule:
        # Run Mondays at ~6:00 AM IST
        #
        # [Note: Run workflow on specific days of the week]
        #
        # The last (5th) component of the cron syntax denotes the day of the
        # week, with 0 == SUN and 6 == SAT. So, for example, to run on every TUE
        # and FRI, this can be set to `2,5`.
        #
        # See also: [Note: Run workflow every 24 hours]
        - cron: "20 0 * * 1"
    # Also allow manually running the workflow.
    workflow_dispatch:
 jobs:
    synchronize-with-crowdin:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Crowdin's action
              uses: crowdin/github-action@v2
              with:
                  base_path: "web/"
                  config: "web/crowdin.yml"
                  upload_sources: true
                  upload_translations: false
                  download_translations: true
                  localization_branch_name: translations/web
                  create_pull_request: true
                  skip_untranslated_strings: true
                  pull_request_title: "[web] New translations"
                  pull_request_body: "New translations from [Crowdin](https://crowdin.com/project/ente-photos-web)"
                  pull_request_base_branch_name: "main"
                  project_id: 569613
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/web-crowdin.yml
+++ b/.github/workflows/web-crowdin.yml
@@ -0,0 +1,42 @@
 name: "Sync Crowdin translations (web)"
 on:
    push:
        paths:
            # Run workflow when web's en-US/translation.json is changed
            - "web/apps/photos/public/locales/en-US/translation.json"
            # Or the workflow itself is changed
            - ".github/workflows/web-crowdin.yml"
        branches: [main]
    schedule:
        # See: [Note: Run every 24 hours]
        - cron: "20 1 * * *"
    # Also allow manually running the workflow
    workflow_dispatch:
 jobs:
    synchronize-with-crowdin:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Crowdin's action
              uses: crowdin/github-action@v1
              with:
                  base_path: "web/"
                  config: "web/crowdin.yml"
                  upload_sources: true
                  upload_translations: true
                  download_translations: true
                  localization_branch_name: crowdin-translations-web
                  create_pull_request: true
                  skip_untranslated_strings: true
                  pull_request_title: "[web] New translations"
                  pull_request_body: "New translations from [Crowdin](https://crowdin.com/project/ente-photos-web)"
                  pull_request_base_branch_name: "main"
                  project_id: 569613
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/web-deploy-accounts.yml
+++ b/.github/workflows/web-deploy-accounts.yml
@@ -0,0 +1,43 @@
 name: "Deploy (accounts)"
 on:
    push:
        # Run workflow on pushes to the deploy/accounts
        branches: [deploy/accounts]
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: web
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "docs/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build accounts
              run: yarn build:accounts
            - name: Publish accounts
              uses: cloudflare/pages-action@1
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  projectName: ente
                  branch: deploy/accounts
                  directory: web/apps/accounts/out
                  wranglerVersion: "3"
--- a/.github/workflows/web-deploy-auth.yml
+++ b/.github/workflows/web-deploy-auth.yml
@@ -0,0 +1,43 @@
 name: "Deploy (auth)"
 on:
    push:
        # Run workflow on pushes to the deploy/auth
        branches: [deploy/auth]
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: web
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "docs/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build auth
              run: yarn build:auth
            - name: Publish auth
              uses: cloudflare/pages-action@1
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  projectName: ente
                  branch: deploy/auth
                  directory: web/apps/auth/out
                  wranglerVersion: "3"
--- a/.github/workflows/web-deploy-cast.yml
+++ b/.github/workflows/web-deploy-cast.yml
@@ -0,0 +1,43 @@
 name: "Deploy (cast)"
 on:
    push:
        # Run workflow on pushes to the deploy/cast
        branches: [deploy/cast]
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: web
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "docs/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build cast
              run: yarn build:cast
            - name: Publish cast
              uses: cloudflare/pages-action@1
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  projectName: ente
                  branch: deploy/cast
                  directory: web/apps/cast/out
                  wranglerVersion: "3"
--- a/.github/workflows/web-deploy-one.yml
+++ b/.github/workflows/web-deploy-one.yml
@@ -1,61 +0,0 @@
 name: "Deploy one (web)"
 on:
    workflow_dispatch:
        inputs:
            app:
                description: "App to build and deploy"
                type: choice
                required: true
                default: "photos"
                options:
                    - "accounts"
                    - "auth"
                    - "cast"
                    - "payments"
                    - "photos"
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: web
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "web/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build ${{ inputs.app }}
              run: yarn build:${{ inputs.app }}
            - name: Publish ${{ inputs.app }} to preview
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  # [Note: Wrangler commit-dirty]
                  #
                  # Without the --commit-dirty flag, running the wrangler-action
                  # always prints a warning when used:
                  #
                  #     Warning: Your working directory is a git repo and has uncommitted changes
                  #     To silence this warning, pass in --commit-dirty=true
                  #
                  # There is no clear documentation of if passing this is
                  # harmless, but all indications and in-practice tests seem to
                  # indicate so.
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/${{ inputs.app }} web/apps/${{ inputs.app }}/out
--- a/.github/workflows/web-deploy-photos.yml
+++ b/.github/workflows/web-deploy-photos.yml
@@ -0,0 +1,43 @@
 name: "Deploy (photos)"
 on:
    push:
        # Run workflow on pushes to the deploy/photos
        branches: [deploy/photos]
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: web
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "docs/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build photos
              run: yarn build:photos
            - name: Publish photos
              uses: cloudflare/pages-action@1
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  projectName: ente
                  branch: deploy/photos
                  directory: web/apps/photos/out
                  wranglerVersion: "3"
--- a/.github/workflows/web-deploy-preview.yml
+++ b/.github/workflows/web-deploy-preview.yml
@@ -1,50 +0,0 @@
 name: "Deploy preview (web)"
 on:
    workflow_dispatch:
        inputs:
            app:
                description: "App to build and deploy"
                type: choice
                required: true
                default: "photos"
                options:
                    - "accounts"
                    - "auth"
                    - "cast"
                    - "payments"
                    - "photos"
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: web
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "web/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build ${{ inputs.app }}
              run: yarn build:${{ inputs.app }}
            - name: Publish ${{ inputs.app }} to preview
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=preview web/apps/${{ inputs.app }}/out
--- a/.github/workflows/web-deploy-staging.yml
+++ b/.github/workflows/web-deploy-staging.yml
@@ -1,99 +0,0 @@
 name: "Deploy staging (web)"
 # Builds the "staging/web" branch if it exists, "main" otherwise.
 on:
    schedule:
        # Run everyday at ~3:00 PM IST
        #
        # See: [Note: Run workflow every 24 hours]
        - cron: "25 9 * * *"
    # Also allow manually running the workflow
    workflow_dispatch:
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: web
        steps:
            - name: Determine branch to build
              id: select-branch
              working-directory: ${{ github.workspace }}
              run: |
                  if git ls-remote --exit-code --heads https://github.com/ente-io/ente refs/heads/staging/web; then
                      echo "branch=staging/web" >> $GITHUB_OUTPUT
                  else
                      echo "branch=main" >> $GITHUB_OUTPUT
                  fi
            - name: Checkout ${{ steps.select-branch.outputs.branch }}
              uses: actions/checkout@v4
              with:
                  ref: ${{ steps.select-branch.outputs.branch }}
                  submodules: recursive
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "web/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build photos
              run: yarn build:photos
              env:
                  NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT: https://albums.ente.sh
            - name: Publish photos
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=n-photos web/apps/photos/out
            - name: Build accounts
              run: yarn build:accounts
            - name: Publish accounts
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=n-accounts web/apps/accounts/out
            - name: Build auth
              run: yarn build:auth
            - name: Publish auth
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=n-auth  web/apps/auth/out
            - name: Build cast
              run: yarn build:cast
            - name: Publish cast
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=n-cast web/apps/cast/out
            - name: Build payments
              run: yarn build:payments
            - name: Publish payments
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=n-payments web/apps/payments/dist
--- a/.github/workflows/web-deploy.yml
+++ b/.github/workflows/web-deploy.yml
@@ -1,94 +0,0 @@
 name: "Deploy (web)"
 on:
    schedule:
        # [Note: Run workflow every 24 hours]
        #
        # Run everyday at ~8:00 AM IST (except Sundays).
        #
        # First field is minute, second is hour of the day. Last is day of week,
        # 0 being Sunday.
        #
        # Add a few minutes of offset to avoid scheduling on exact hourly
        # boundaries (recommended by GitHub to avoid congestion).
        #
        # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
        # https://crontab.guru/
        #
        - cron: "25 2 * * 1-6"
    # Also allow manually running the workflow
    workflow_dispatch:
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: web
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "web/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build photos
              run: yarn build:photos
            - name: Publish photos
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/photos web/apps/photos/out
            - name: Build accounts
              run: yarn build:accounts
            - name: Publish accounts
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/accounts web/apps/accounts/out
            - name: Build auth
              run: yarn build:auth
            - name: Publish auth
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/auth web/apps/auth/out
            - name: Build cast
              run: yarn build:cast
            - name: Publish cast
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/cast web/apps/cast/out
            - name: Build payments
              run: yarn build:payments
            - name: Publish payments
              uses: cloudflare/wrangler-action@v3
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/payments web/apps/payments/dist
--- a/.github/workflows/web-lint.yml
+++ b/.github/workflows/web-lint.yml
@@ -1,17 +1,13 @@
 name: "Lint (web)"
 on:
-    # Run on every pull request (open or push to it) that changes web/
+    # Run on every push to a branch other than main that changes web/
-    pull_request:
+    push:
        branches-ignore: [main]
        paths:
            - "web/**"
            - ".github/workflows/web-lint.yml"
 # Cancel in-progress lint runs when a new commit is pushed.
 concurrency:
    group: ${{ github.workflow }}-${{ github.ref }}
    cancel-in-progress: true
 jobs:
    lint:
        runs-on: ubuntu-latest
--- a/.github/workflows/web-nightly.yml
+++ b/.github/workflows/web-nightly.yml
@@ -0,0 +1,94 @@
 name: "Nightly (web)"
 on:
    schedule:
        # [Note: Run every 24 hours]
        #
        # Run every 24 hours - First field is minute, second is hour of the day
        # This runs 23:15 UTC everyday - 1 and 15 are just arbitrary offset to
        # avoid scheduling it on the exact hour, as suggested by GitHub.
        #
        # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
        # https://crontab.guru/
        #
        - cron: "15 23 * * *"
    # Also allow manually running the workflow
    workflow_dispatch:
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: web
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "docs/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build accounts
              run: yarn build:accounts
            - name: Publish accounts
              uses: cloudflare/pages-action@1
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  projectName: ente
                  branch: n-accounts
                  directory: web/apps/accounts/out
                  wranglerVersion: "3"
            - name: Build auth
              run: yarn build:auth
            - name: Publish auth
              uses: cloudflare/pages-action@1
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  projectName: ente
                  branch: n-auth
                  directory: web/apps/auth/out
                  wranglerVersion: "3"
            - name: Build cast
              run: yarn build:cast
            - name: Publish cast
              uses: cloudflare/pages-action@1
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  projectName: ente
                  branch: n-cast
                  directory: web/apps/cast/out
                  wranglerVersion: "3"
            - name: Build photos
              run: yarn build:photos
              env:
                  NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT: https://albums.ente.sh
            - name: Publish photos
              uses: cloudflare/pages-action@1
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  projectName: ente
                  branch: n-photos
                  directory: web/apps/photos/out
                  wranglerVersion: "3"
--- a/.github/workflows/web-preview.yml
+++ b/.github/workflows/web-preview.yml
@@ -0,0 +1,52 @@
 name: "Preview (web)"
 on:
    workflow_dispatch:
        inputs:
            app:
                description: "App to build and deploy"
                type: choice
                required: true
                default: "photos"
                options:
                    - "accounts"
                    - "auth"
                    - "cast"
                    - "photos"
 jobs:
    deploy:
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: web
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
              with:
                  submodules: recursive
            - name: Setup node and enable yarn caching
              uses: actions/setup-node@v4
              with:
                  node-version: 20
                  cache: "yarn"
                  cache-dependency-path: "docs/yarn.lock"
            - name: Install dependencies
              run: yarn install
            - name: Build ${{ inputs.app }}
              run: yarn build:${{ inputs.app }}
            - name: Publish ${{ inputs.app }} to preview
              uses: cloudflare/pages-action@1
              with:
                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                  projectName: ente
                  branch: preview
                  directory: web/apps/${{ inputs.app }}/out
                  wranglerVersion: "3"
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,5 @@
-# Let folks use their custom editor settings
+# Let folks use their custom .vscode settings
 .vscode
 .idea
 # macOS
 .DS_Store
--- a/.gitmodules
+++ b/.gitmodules
@@ -9,6 +9,20 @@
 [submodule "auth/assets/simple-icons"]
 	path = auth/assets/simple-icons
 	url = https://github.com/simple-icons/simple-icons.git
 [submodule "mobile/thirdparty/flutter"]
 	path = mobile/thirdparty/flutter
 	url = https://github.com/flutter/flutter.git
 	branch = stable
 [submodule "mobile/plugins/clip_ggml"]
 	path = mobile/plugins/clip_ggml
 	url = https://github.com/ente-io/clip-ggml.git
 [submodule "mobile/thirdparty/isar"]
 	path = mobile/thirdparty/isar
 	url = https://github.com/isar/isar
 [submodule "web/apps/photos/thirdparty/ffmpeg-wasm"]
 	path = web/apps/photos/thirdparty/ffmpeg-wasm
 	url = https://github.com/abhinavkgrd/ffmpeg.wasm.git
 	branch = master
 [submodule "web/apps/photos/thirdparty/photoswipe"]
 	path = web/apps/photos/thirdparty/photoswipe
 	url = https://github.com/ente-io/PhotoSwipe.git
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -12,10 +12,9 @@ There are many ways to contribute, and most of them don't require writing code.
 ## Spread the word
-This is perhaps the most impactful contribution you can make. [Spread the
+This is perhaps the most impactful contribution you can make. Spread the word.
-word](https://help.ente.io/photos/features/referral-program/). Online on your
+Online on your favorite social media channels. Offline to your friends and
-favorite social media channels. Offline to your friends and family who are
+family who are looking for a privacy-friendly alternative to big tech.
 looking for a privacy-friendly alternative to big tech.
 ## Engage with the community
@@ -60,30 +59,21 @@ See [docs/](docs/README.md) for how to edit these documents.
 ## Code contributions
-Code is a small aspect of community, and the ways mentioned above are more
+If you'd like to contribute code, it is best to start small.
 important in helping us. But if you'd _really_ like to contribute code, it is
 best to start small. Consider some well-scoped changes, say like adding more
 [custom icons to auth](auth/docs/adding-icons.md).
 Each of the individual product/platform specific directories in this repository
-have instructions on setting up a dev environment.
+have instructions on setting up a dev environment and making changes. The issues
 and discussions (feature requests) labelled "good first issues" should be good
 starting points. Once you have a bearing, you can head on to issues or
 discussions labelled "help wanted".
-For anything beyond trivial bug fixes, please use [features requests and
+If you're planning on adding a new feature or making any other substantial
-discussions](https://github.com/ente-io/ente/discussions) instead of performing
+change, please [discuss it with
-code changes directly.
+us](https://github.com/ente-io/ente/discussions). Discussing your idea with us
 first ensures that everyone is on the same page before you start working on your
 change.
-> [!TIP]
+## Star
 >
 > Please remember that code is a important, but small, part of the overall big
 > picture that makes a product a joy to use. Something that's easy in code is
 > not necessarily the right choice for the product as a whole. So we'll repeat -
 > there are other ways to contribute than code that we'd request you to
 > consider.
 ## Leave a review or star
 If you haven't already done so, consider [starring this
-repository](https://github.com/ente-io/ente/stargazers) or leaving a review on
+repository](https://github.com/ente-io/ente/stargazers).
 [PlayStore](https://play.google.com/store/apps/details?id=io.ente.auth),
 [AppStore](https://apps.apple.com/us/app/ente-authenticator/id6444121398) or
 [AlternativeTo](https://alternativeto.net/software/ente-authenticator/).
--- a/README.md
+++ b/README.md
@@ -35,19 +35,18 @@ platform. Private sharing. Collaborative albums. Family plans. Easy import,
 easier export. Background uploads. The list goes on. And of course, all of this,
 while being fully end-to-end encrypted.
-Ente Photos is a paid service, but we offer 5GB of free storage.
+Ente Photos is a paid service, but we offer a free trial. You can also clone
-You can also clone this repository and choose to self-host.
+this repository and choose to self host.
 <br />
 <div align="center">
-[<img height="40" src=".github/assets/app-store-badge.svg">](https://apps.apple.com/app/id1542026904)
+[<img height="42" src=".github/assets/app-store-badge.svg">](https://apps.apple.com/app/id1542026904)
-[<img height="40" src=".github/assets/play-store-badge.png">](https://play.google.com/store/apps/details?id=io.ente.photos)
+[<img height="42" src=".github/assets/play-store-badge.png">](https://play.google.com/store/apps/details?id=io.ente.photos)
-[<img height="40" src=".github/assets/f-droid-badge.png">](https://f-droid.org/packages/io.ente.photos.fdroid/)
+[<img height="42" src=".github/assets/f-droid-badge.png">](https://f-droid.org/packages/io.ente.photos.fdroid/)
-[<img height="40" src=".github/assets/obtainium-badge.png">](https://apps.obtainium.imranr.dev/redirect?r=obtainium://app/%7B%22id%22%3A%22io.ente.photos.independent%22%2C%22url%22%3A%22https%3A%2F%2Fgithub.com%2Fente-io%2Fente%22%2C%22author%22%3A%22ente-io%22%2C%22name%22%3A%22Ente%20Photos%22%2C%22preferredApkIndex%22%3A0%2C%22additionalSettings%22%3A%22%7B%5C%22includePrereleases%5C%22%3Afalse%2C%5C%22fallbackToOlderReleases%5C%22%3Atrue%2C%5C%22filterReleaseTitlesByRegEx%5C%22%3A%5C%22%5C%22%2C%5C%22filterReleaseNotesByRegEx%5C%22%3A%5C%22%5C%22%2C%5C%22verifyLatestTag%5C%22%3Afalse%2C%5C%22dontSortReleasesList%5C%22%3Atrue%2C%5C%22useLatestAssetDateAsReleaseDate%5C%22%3Afalse%2C%5C%22releaseTitleAsVersion%5C%22%3Afalse%2C%5C%22trackOnly%5C%22%3Afalse%2C%5C%22versionExtractionRegEx%5C%22%3A%5C%22%5C%22%2C%5C%22matchGroupToUse%5C%22%3A%5C%22%5C%22%2C%5C%22versionDetection%5C%22%3Atrue%2C%5C%22releaseDateAsVersion%5C%22%3Afalse%2C%5C%22useVersionCodeAsOSVersion%5C%22%3Afalse%2C%5C%22apkFilterRegEx%5C%22%3A%5C%22ente-photos*%5C%22%2C%5C%22invertAPKFilter%5C%22%3Afalse%2C%5C%22autoApkFilterByArch%5C%22%3Atrue%2C%5C%22appName%5C%22%3A%5C%22%5C%22%2C%5C%22shizukuPretendToBeGooglePlay%5C%22%3Afalse%2C%5C%22allowInsecure%5C%22%3Afalse%2C%5C%22exemptFromBackgroundUpdates%5C%22%3Afalse%2C%5C%22skipUpdateNotifications%5C%22%3Afalse%2C%5C%22about%5C%22%3A%5C%22%5C%22%7D%22%2C%22overrideSource%22%3Anull%7D)
+[<img height="42" src=".github/assets/desktop-badge.png">](https://ente.io/download/desktop)
-[<img height="40" src=".github/assets/desktop-badge.png">](https://ente.io/download/desktop)
+[<img height="42" src=".github/assets/web-badge.svg">](https://web.ente.io)
 [<img height="40" src=".github/assets/web-badge.svg">](https://web.ente.io)
 </div>
@@ -61,19 +60,18 @@ Our labour of love. Two years ago, while building Ente Photos, we realized that
 there was no open source end-to-end encrypted authenticator app. We already had
 the building blocks, so we built one.
-Ente Auth is free, and will remain free forever. If you like the service and
+Ente Auth is currently free. If in the future we convert this to a paid service,
-want to give back, please check out Ente Photos or spread the word.
+existing users will be grandfathered in.
 <br />
 <div align="center">
-[<img height="40" src=".github/assets/app-store-badge.svg">](https://apps.apple.com/app/id6444121398)
+[<img height="42" src=".github/assets/app-store-badge.svg">](https://apps.apple.com/app/id6444121398)
-[<img height="40" src=".github/assets/play-store-badge.png">](https://play.google.com/store/apps/details?id=io.ente.auth)
+[<img height="42" src=".github/assets/play-store-badge.png">](https://play.google.com/store/apps/details?id=io.ente.auth)
-[<img height="40" src=".github/assets/f-droid-badge.png">](https://f-droid.org/packages/io.ente.auth/)
+[<img height="42" src=".github/assets/f-droid-badge.png">](https://f-droid.org/packages/io.ente.auth/)
-[<img height="40" src=".github/assets/obtainium-badge.png">](https://apps.obtainium.imranr.dev/redirect?r=obtainium://app/%7B%22id%22%3A%22io.ente.auth.independent%22%2C%22url%22%3A%22https%3A%2F%2Fgithub.com%2Fente-io%2Fente%22%2C%22author%22%3A%22ente-io%22%2C%22name%22%3A%22Ente%20Auth%22%2C%22preferredApkIndex%22%3A0%2C%22additionalSettings%22%3A%22%7B%5C%22includePrereleases%5C%22%3Afalse%2C%5C%22fallbackToOlderReleases%5C%22%3Atrue%2C%5C%22filterReleaseTitlesByRegEx%5C%22%3A%5C%22%5C%22%2C%5C%22filterReleaseNotesByRegEx%5C%22%3A%5C%22%5C%22%2C%5C%22verifyLatestTag%5C%22%3Afalse%2C%5C%22dontSortReleasesList%5C%22%3Atrue%2C%5C%22useLatestAssetDateAsReleaseDate%5C%22%3Afalse%2C%5C%22releaseTitleAsVersion%5C%22%3Afalse%2C%5C%22trackOnly%5C%22%3Afalse%2C%5C%22versionExtractionRegEx%5C%22%3A%5C%22%5C%22%2C%5C%22matchGroupToUse%5C%22%3A%5C%22%5C%22%2C%5C%22versionDetection%5C%22%3Atrue%2C%5C%22releaseDateAsVersion%5C%22%3Afalse%2C%5C%22useVersionCodeAsOSVersion%5C%22%3Afalse%2C%5C%22apkFilterRegEx%5C%22%3A%5C%22ente-auth*%5C%22%2C%5C%22invertAPKFilter%5C%22%3Afalse%2C%5C%22autoApkFilterByArch%5C%22%3Atrue%2C%5C%22appName%5C%22%3A%5C%22%5C%22%2C%5C%22shizukuPretendToBeGooglePlay%5C%22%3Afalse%2C%5C%22allowInsecure%5C%22%3Afalse%2C%5C%22exemptFromBackgroundUpdates%5C%22%3Afalse%2C%5C%22skipUpdateNotifications%5C%22%3Afalse%2C%5C%22about%5C%22%3A%5C%22%5C%22%7D%22%2C%22overrideSource%22%3Anull%7D)
+[<img height="42" src=".github/assets/github-badge.png">](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v2)
-[<img height="40" src=".github/assets/desktop-badge.png">](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v4)
+[<img height="42" src=".github/assets/web-badge.svg">](https://auth.ente.io)
 [<img height="40" src=".github/assets/web-badge.svg">](https://auth.ente.io)
 </div>
@@ -101,7 +99,7 @@ connect with the community.
 [![Discord](https://img.shields.io/discord/948937918347608085?style=for-the-badge&logo=Discord&logoColor=white&label=Discord)](https://discord.gg/z2YVKkycX3)
 [![Ente's Blog RSS](https://img.shields.io/badge/blog-rss-F88900?style=for-the-badge&logo=rss&logoColor=white)](https://ente.io/blog/rss.xml)
-[![Twitter](.github/assets/twitter.svg)](https://twitter.com/enteio) &nbsp; [![Mastodon](.github/assets/mastodon.svg)](https://fosstodon.org/@ente)
+[![Twitter](.github/assets/twitter.svg)](https://twitter.com/enteio) &nbsp; [![Mastodon](.github/assets/mastodon.svg)](https://mstdn.social/@ente)
 ---
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,54 +1,51 @@
 # Security Policy
 Ente believes that working with security researchers across the globe is crucial
 to keeping our users safe. If you believe you've found a security issue in our
-product or service, we encourage you to notify us by email at security@ente.io
+product or service, we encourage you to notify us, by email (security@ente.io)
-or by
+or by [filling this
-[filling out this form](https://github.com/ente-io/ente/security/advisories/new).
+form](https://github.com/ente-io/ente/security/advisories/new) We welcome
-We welcome working with you to resolve the issue promptly. Thanks in advance!
+working with you to resolve the issue promptly. Thanks in advance!
 ## Disclosure Policy
-   Let us know as soon as possible upon discovery of a potential security
+- Let us know as soon as possible upon discovery of a potential security issue,
-    issue, and we'll make every effort to quickly resolve the issue.
+  and we'll make every effort to quickly resolve the issue.
-   Provide us with a reasonable amount of time to resolve the issue before any
+- Provide us a reasonable amount of time to resolve the issue before any
-    disclosure to the public or a third party. We may publicly disclose the
+  disclosure to the public or a third-party. We may publicly disclose the issue
-    issue before resolving it if appropriate.
+  before resolving it, if appropriate.
-   Make a good faith effort to avoid privacy violations, destruction of data,
+- Make a good faith effort to avoid privacy violations, destruction of data, and
-    and interruption or degradation of our service. Only interact with accounts
+  interruption or degradation of our service. Only interact with accounts you
-    you own or with the explicit permission of the account holder.
+  own or with explicit permission of the account holder.
-   If you would like to encrypt your report, please use the PGP key with long
+- If you would like to encrypt your report, please use the PGP key with long ID
-    ID `E273695C0403F34F74171932DF6DDDE98EBD2394` (available in the public
+  `E273695C0403F34F74171932DF6DDDE98EBD2394` (available in the public keyserver
-    keyserver pool).
+  pool).
 ## In-scope
-   Security issues in any current release of Ente's services. Product downloads
+- Security issues in any current release of Ente's services. Product downloads
-    are available at [https://ente.io](https://ente.io). Source code is
+  are available at https://ente.io. Source code is available at
-    available at [https://github.com/ente-io](https://github.com/ente-io).
+  https://github.com/ente-io.
 ## Exclusions
-The following bug classes are out of scope:
+The following bug classes are out-of scope:
-   Bugs that are already reported on any of
+- Bugs that are already reported on any of [Ente's issue
-    [Ente's issue trackers](https://github.com/ente-io) or that we already know
+  trackers](https://github.com/ente-io), or that we already know of (Note that
-    of (note that some of our issue tracking is private).
+  some of our issue tracking is private)
-   Issues in an upstream software dependency (e.g., Flutter, Next.js, etc.)
+- Issues in an upstream software dependency (ex: Flutter, Next.js etc) which are
-    that are already reported to the upstream maintainer.
+  already reported to the upstream maintainer
-   Attacks requiring physical access to a user's device.
+- Attacks requiring physical access to a user's device
-   Self-XSS.
+- Self-XSS
-   Issues related to software or protocols not under Ente's control.
+- Issues related to software or protocols not under ente's control
-   Vulnerabilities in outdated versions of Ente.
+- Vulnerabilities in outdated versions of ente
-   Missing security best practices that do not directly lead to a
+- Missing security best practices that do not directly lead to a vulnerability
-    vulnerability.
+- Issues that do not have any impact on the general public
 -   Issues that do not have any impact on the general public.
 While researching, we'd like to ask you to refrain from:
-   Denial of service
+- Denial of service
-   Spamming
+- Spamming
-   Social engineering (including phishing) of Ente staff or contractors
+- Social engineering (including phishing) of Ente staff or contractors
-   Any physical attempts against Ente property or data centers
+- Any physical attempts against Ente property or data centers
 Thank you for helping keep Ente and our users safe!
--- a/auth/.gitignore
+++ b/auth/.gitignore
@@ -9,20 +9,12 @@
 .history
 .svn/
 # Editors
 .vscode/
 # IntelliJ related
 *.iml
 *.ipr
 *.iws
 .idea/
 # The .vscode folder contains launch configuration and tasks you configure in
 # VS Code which you may wish to be included in version control, so this line
 # is commented out by default.
 #.vscode/
 # Flutter/Dart/Pub related
 **/doc/api/
 .dart_tool/
@@ -40,4 +32,3 @@ lib/generated_plugin_registrant.dart
 !/packages/flutter_tools/test/data/dart_dependencies_test/**/.packages
 android/key.properties
 dist/
--- a/auth/.metadata
+++ b/auth/.metadata
@@ -1,11 +1,11 @@
 # This file tracks properties of this Flutter project.
 # Used by Flutter tool to assess capabilities and perform upgrades etc.
 #
-# This file should be version controlled and should not be manually edited.
+# This file should be version controlled.
 version:
-  revision: "ba393198430278b6595976de84fe170f553cc728"
+  revision: ee4e09cce01d6f2d7f4baebd247fde02e5008851
-  channel: "[user-branch]"
+  channel: unknown
 project_type: app
@@ -13,26 +13,17 @@ project_type: app
 migration:
  platforms:
    - platform: root
-      create_revision: ba393198430278b6595976de84fe170f553cc728
+      create_revision: ee4e09cce01d6f2d7f4baebd247fde02e5008851
-      base_revision: ba393198430278b6595976de84fe170f553cc728
+      base_revision: ee4e09cce01d6f2d7f4baebd247fde02e5008851
    - platform: android
      create_revision: ba393198430278b6595976de84fe170f553cc728
      base_revision: ba393198430278b6595976de84fe170f553cc728
    - platform: ios
      create_revision: ba393198430278b6595976de84fe170f553cc728
      base_revision: ba393198430278b6595976de84fe170f553cc728
    - platform: linux
-      create_revision: ba393198430278b6595976de84fe170f553cc728
+      create_revision: ee4e09cce01d6f2d7f4baebd247fde02e5008851
-      base_revision: ba393198430278b6595976de84fe170f553cc728
+      base_revision: ee4e09cce01d6f2d7f4baebd247fde02e5008851
    - platform: macos
-      create_revision: ba393198430278b6595976de84fe170f553cc728
+      create_revision: ee4e09cce01d6f2d7f4baebd247fde02e5008851
-      base_revision: ba393198430278b6595976de84fe170f553cc728
+      base_revision: ee4e09cce01d6f2d7f4baebd247fde02e5008851
    - platform: web
      create_revision: ba393198430278b6595976de84fe170f553cc728
      base_revision: ba393198430278b6595976de84fe170f553cc728
    - platform: windows
-      create_revision: ba393198430278b6595976de84fe170f553cc728
+      create_revision: ee4e09cce01d6f2d7f4baebd247fde02e5008851
-      base_revision: ba393198430278b6595976de84fe170f553cc728
+      base_revision: ee4e09cce01d6f2d7f4baebd247fde02e5008851
  # User provided section
--- a/auth/README.md
+++ b/auth/README.md
@@ -12,7 +12,7 @@ multi-device sync.
 ### Android
 This repository's [GitHub
-releases](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v4)
+releases](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v2)
 contains APKs, built straight from source. These builds keep themselves updated,
 without relying on third party stores.
@@ -31,16 +31,14 @@ You can alternatively install the build from PlayStore or F-Droid.
  <img height="59" src="../.github/assets/app-store-badge.svg">
 </a>
 ### Desktop
 You can [**download**](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v4)
 a native desktop app from this repository's GitHub releases. The desktop app
 works on Windows, Linux and macOS.
 ### Web
 You can view your 2FA codes at [auth.ente.io](https://auth.ente.io). For adding
-or managing your secrets, please use our mobile or desktop app.
+or managing your secrets, please use our mobile app.
 ### Desktop
 A native desktop app is coming soon!
 ## 🧑‍💻 Build from source
@@ -95,11 +93,14 @@ more, see [docs/adding-icons](docs/adding-icons.md).
 ## 💚 Contribute
 The best way to support this project is by checking out [Ente
 Photos](../mobile/README.md) or spreading the word.
 For more ways to contribute, see [../CONTRIBUTING.md](../CONTRIBUTING.md).
 You can also support us by giving this project a ⭐ star on GitHub or by leaving
 a review on
 [PlayStore](https://play.google.com/store/apps/details?id=io.ente.auth),
 [AppStore](https://apps.apple.com/us/app/ente-authenticator/id6444121398) or
 [AlternativeTo](https://alternativeto.net/software/ente-authenticator/).
 ## ⭐️ About
 To know more about Ente and the ways to get in touch or seek help, see [our main
--- a/auth/android/app/build.gradle
+++ b/auth/android/app/build.gradle
@@ -1,9 +1,3 @@
 plugins {
    id "com.android.application"
    id "kotlin-android"
    id "dev.flutter.flutter-gradle-plugin"
 }
 def localProperties = new Properties()
 def localPropertiesFile = rootProject.file('local.properties')
 if (localPropertiesFile.exists()) {
@@ -12,6 +6,11 @@ if (localPropertiesFile.exists()) {
    }
 }
 def flutterRoot = localProperties.getProperty('flutter.sdk')
 if (flutterRoot == null) {
    throw new GradleException("Flutter SDK not found. Define location with flutter.sdk in the local.properties file.")
 }
 def flutterVersionCode = localProperties.getProperty('flutter.versionCode')
 if (flutterVersionCode == null) {
    flutterVersionCode = '1'
@@ -22,6 +21,10 @@ if (flutterVersionName == null) {
    flutterVersionName = '1.0'
 }
 apply plugin: 'com.android.application'
 apply plugin: 'kotlin-android'
 apply from: "$flutterRoot/packages/flutter_tools/gradle/flutter.gradle"
 def keystoreProperties = new Properties()
 def keystorePropertiesFile = rootProject.file('key.properties')
 if (keystorePropertiesFile.exists()) {
@@ -29,18 +32,7 @@ if (keystorePropertiesFile.exists()) {
 }
 android {
-    namespace "io.ente.auth"
+    compileSdkVersion 33
    compileSdk 34
    ndkVersion flutter.ndkVersion
    compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }
    kotlinOptions {
        jvmTarget = '1.8'
    }
    sourceSets {
        main.java.srcDirs += 'src/main/kotlin'
@@ -54,10 +46,8 @@ android {
    defaultConfig {
        applicationId "io.ente.auth"
-        // You can update the following values to match your application needs.
+        minSdkVersion 20
-        // For more information, see: https://docs.flutter.dev/deployment/android#reviewing-the-gradle-build-configuration.
+        targetSdkVersion 33
        minSdkVersion 21
        targetSdkVersion 34
        versionCode flutterVersionCode.toInteger()
        versionName flutterVersionName
        testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
@@ -66,11 +56,11 @@ android {
    signingConfigs {
       release {
-           storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : System.getenv("SIGNING_KEY_PATH") ? file(System.getenv("SIGNING_KEY_PATH")) : null
+            storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : System.getenv("SIGNING_KEY_PATH") ? file(System.getenv("SIGNING_KEY_PATH")) : null
-           keyAlias keystoreProperties['keyAlias'] ? keystoreProperties['keyAlias'] : System.getenv("SIGNING_KEY_ALIAS")
+            keyAlias keystoreProperties['keyAlias'] ? keystoreProperties['keyAlias'] : System.getenv("SIGNING_KEY_ALIAS")
-           keyPassword keystoreProperties['keyPassword'] ? keystoreProperties['keyPassword'] : System.getenv("SIGNING_KEY_PASSWORD")
+            keyPassword keystoreProperties['keyPassword'] ? keystoreProperties['keyPassword'] : System.getenv("SIGNING_KEY_PASSWORD")
-           storePassword keystoreProperties['storePassword'] ? keystoreProperties['storePassword'] : System.getenv("SIGNING_STORE_PASSWORD")
+            storePassword keystoreProperties['storePassword'] ? keystoreProperties['storePassword'] : System.getenv("SIGNING_STORE_PASSWORD")
-       }
+        }
    }
    flavorDimensions "default"
@@ -115,4 +105,12 @@ flutter {
    source '../..'
 }
-dependencies {}
+dependencies {
    implementation 'io.sentry:sentry-android:2.0.0'
    implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
    implementation 'com.android.support:multidex:1.0.3'
    implementation 'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava'
    testImplementation 'junit:junit:4.12'
    androidTestImplementation 'androidx.test:runner:1.1.1'
    androidTestImplementation 'androidx.test.espresso:espresso-core:3.1.1'
 }
--- a/auth/android/app/src/debug/AndroidManifest.xml
+++ b/auth/android/app/src/debug/AndroidManifest.xml
@@ -1,6 +1,6 @@
-<manifest xmlns:android="http://schemas.android.com/apk/res/android">
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
-    <!-- The INTERNET permission is required for development. Specifically,
+    package="io.ente.auth">
-         the Flutter tool needs it to communicate with the running application
+    <!-- Flutter needs it to communicate with the running application
         to allow setting breakpoints, to provide hot reload, etc.
    -->
    <uses-permission android:name="android.permission.INTERNET"/>
--- a/auth/android/app/src/main/AndroidManifest.xml
+++ b/auth/android/app/src/main/AndroidManifest.xml
@@ -1,7 +1,8 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-          xmlns:tools="http://schemas.android.com/tools">
+          xmlns:tools="http://schemas.android.com/tools"
          package="io.ente.auth">
    <application android:name="${applicationName}"
-                 android:label="Ente Auth"
+                 android:label="auth"
                 android:icon="@mipmap/launcher_icon"
                 android:usesCleartextTraffic="true"
                 android:requestLegacyExternalStorage="true"
--- a/auth/android/app/src/main/play/listings/en-US/full-description.txt
+++ b/auth/android/app/src/main/play/listings/en-US/full-description.txt
@@ -1,40 +0,0 @@
 Ente Auth helps you generate and store 2 step verification (2FA)
 tokens on your mobile devices.
 FEATURES
 - Secure Backups
 Auth provides end-to-end encrypted cloud backups so that you don't have to worry
 about losing your tokens. We use the same protocols Ente Photos uses to encrypt
 and preserve your data.
 - Multi Device Synchronization
 Auth will automatically sync the 2FA tokens you add to your account, across all
 your devices. Every new device you sign into will have access to these tokens.
 - Web access
 You can access your 2FA code from any web browser by visiting https://auth.ente.io .
 - Offline Mode
 Auth generates 2FA tokens offline, so your network connectivity will not get in
 the way of your workflow.
 - Import and Export Tokens
 You can add tokens to Auth by one of the following methods: 
 1. Scanning a QR code
 2. Manually entering (copy-pasting) a 2FA secret
 3. Bulk importing from a file that contains a list of codes in the following format:
 otpauth://totp/provider.com:you@email.com?secret=YOUR_SECRET
 The codes maybe separated by new lines or commas.
 You can also export the codes you have added to Auth, to an **unencrypted** text
 file, that adheres to the above format.
 SUPPORT
 If you need help, please visit @ https://github.com/ente-io/ente/discussions/new?category=q-a, and someone will get in touch with you.
 If you have feature requests, please create an issue @ https://github.com/ente-io/ente
--- a/auth/android/app/src/main/play/listings/en-US/graphics/icon/icon.png
+++ b/auth/android/app/src/main/play/listings/en-US/graphics/icon/icon.png
--- a/auth/android/app/src/main/play/listings/en-US/graphics/phone-screenshots/1.png
+++ b/auth/android/app/src/main/play/listings/en-US/graphics/phone-screenshots/1.png
--- a/auth/android/app/src/main/play/listings/en-US/graphics/phone-screenshots/2.png
+++ b/auth/android/app/src/main/play/listings/en-US/graphics/phone-screenshots/2.png
--- a/auth/android/app/src/main/play/listings/en-US/graphics/phone-screenshots/3.png
+++ b/auth/android/app/src/main/play/listings/en-US/graphics/phone-screenshots/3.png
--- a/auth/android/app/src/main/play/listings/en-US/graphics/phone-screenshots/4.png
+++ b/auth/android/app/src/main/play/listings/en-US/graphics/phone-screenshots/4.png
--- a/auth/android/app/src/main/play/listings/en-US/graphics/phone-screenshots/5.png
+++ b/auth/android/app/src/main/play/listings/en-US/graphics/phone-screenshots/5.png
--- a/auth/android/app/src/main/play/listings/en-US/short-description.txt
+++ b/auth/android/app/src/main/play/listings/en-US/short-description.txt
@@ -1 +0,0 @@
 Auth is a FOSS authenticator app that provides end-to-end encrypted backups for your 2FA secrets.
--- a/auth/android/app/src/main/play/listings/en-US/title.txt
+++ b/auth/android/app/src/main/play/listings/en-US/title.txt
@@ -1 +0,0 @@
 Ente Auth
--- a/auth/android/app/src/main/res/drawable-hdpi/android12splash.png
+++ b/auth/android/app/src/main/res/drawable-hdpi/android12splash.png
--- a/auth/android/app/src/main/res/drawable-hdpi/ic_launcher_background.png
+++ b/auth/android/app/src/main/res/drawable-hdpi/ic_launcher_background.png
--- a/auth/android/app/src/main/res/drawable-hdpi/ic_launcher_foreground.png
+++ b/auth/android/app/src/main/res/drawable-hdpi/ic_launcher_foreground.png
--- a/auth/android/app/src/main/res/drawable-hdpi/splash.png
+++ b/auth/android/app/src/main/res/drawable-hdpi/splash.png
--- a/auth/android/app/src/main/res/drawable-mdpi/android12splash.png
+++ b/auth/android/app/src/main/res/drawable-mdpi/android12splash.png
--- a/auth/android/app/src/main/res/drawable-mdpi/ic_launcher_background.png
+++ b/auth/android/app/src/main/res/drawable-mdpi/ic_launcher_background.png
--- a/auth/android/app/src/main/res/drawable-mdpi/ic_launcher_foreground.png
+++ b/auth/android/app/src/main/res/drawable-mdpi/ic_launcher_foreground.png
--- a/auth/android/app/src/main/res/drawable-mdpi/splash.png
+++ b/auth/android/app/src/main/res/drawable-mdpi/splash.png
--- a/auth/android/app/src/main/res/drawable-night-hdpi/android12splash.png
+++ b/auth/android/app/src/main/res/drawable-night-hdpi/android12splash.png
--- a/auth/android/app/src/main/res/drawable-night-hdpi/splash.png
+++ b/auth/android/app/src/main/res/drawable-night-hdpi/splash.png
--- a/auth/android/app/src/main/res/drawable-night-mdpi/android12splash.png
+++ b/auth/android/app/src/main/res/drawable-night-mdpi/android12splash.png
--- a/auth/android/app/src/main/res/drawable-night-mdpi/splash.png
+++ b/auth/android/app/src/main/res/drawable-night-mdpi/splash.png
--- a/auth/android/app/src/main/res/drawable-night-v21/background.png
+++ b/auth/android/app/src/main/res/drawable-night-v21/background.png
--- a/auth/android/app/src/main/res/drawable-night-xhdpi/android12splash.png
+++ b/auth/android/app/src/main/res/drawable-night-xhdpi/android12splash.png
--- a/auth/android/app/src/main/res/drawable-night-xhdpi/splash.png
+++ b/auth/android/app/src/main/res/drawable-night-xhdpi/splash.png
--- a/auth/android/app/src/main/res/drawable-night-xxhdpi/android12splash.png
+++ b/auth/android/app/src/main/res/drawable-night-xxhdpi/android12splash.png
--- a/auth/android/app/src/main/res/drawable-night-xxhdpi/splash.png
+++ b/auth/android/app/src/main/res/drawable-night-xxhdpi/splash.png
--- a/auth/android/app/src/main/res/drawable-night-xxxhdpi/android12splash.png
+++ b/auth/android/app/src/main/res/drawable-night-xxxhdpi/android12splash.png
--- a/auth/android/app/src/main/res/drawable-night-xxxhdpi/splash.png
+++ b/auth/android/app/src/main/res/drawable-night-xxxhdpi/splash.png
--- a/auth/android/app/src/main/res/drawable-night/background.png
+++ b/auth/android/app/src/main/res/drawable-night/background.png
--- a/auth/android/app/src/main/res/drawable-v21/background.png
+++ b/auth/android/app/src/main/res/drawable-v21/background.png
--- a/auth/android/app/src/main/res/drawable-xhdpi/android12splash.png
+++ b/auth/android/app/src/main/res/drawable-xhdpi/android12splash.png
--- a/auth/android/app/src/main/res/drawable-xhdpi/ic_launcher_background.png
+++ b/auth/android/app/src/main/res/drawable-xhdpi/ic_launcher_background.png
--- a/auth/android/app/src/main/res/drawable-xhdpi/ic_launcher_foreground.png
+++ b/auth/android/app/src/main/res/drawable-xhdpi/ic_launcher_foreground.png
--- a/auth/android/app/src/main/res/drawable-xhdpi/splash.png
+++ b/auth/android/app/src/main/res/drawable-xhdpi/splash.png
--- a/auth/android/app/src/main/res/drawable-xxhdpi/android12splash.png
+++ b/auth/android/app/src/main/res/drawable-xxhdpi/android12splash.png
--- a/auth/android/app/src/main/res/drawable-xxhdpi/ic_launcher_background.png
+++ b/auth/android/app/src/main/res/drawable-xxhdpi/ic_launcher_background.png
--- a/auth/android/app/src/main/res/drawable-xxhdpi/ic_launcher_foreground.png
+++ b/auth/android/app/src/main/res/drawable-xxhdpi/ic_launcher_foreground.png
--- a/auth/android/app/src/main/res/drawable-xxhdpi/splash.png
+++ b/auth/android/app/src/main/res/drawable-xxhdpi/splash.png
--- a/auth/android/app/src/main/res/drawable-xxxhdpi/android12splash.png
+++ b/auth/android/app/src/main/res/drawable-xxxhdpi/android12splash.png
--- a/auth/android/app/src/main/res/drawable-xxxhdpi/ic_launcher_background.png
+++ b/auth/android/app/src/main/res/drawable-xxxhdpi/ic_launcher_background.png
--- a/auth/android/app/src/main/res/drawable-xxxhdpi/ic_launcher_foreground.png
+++ b/auth/android/app/src/main/res/drawable-xxxhdpi/ic_launcher_foreground.png
--- a/auth/android/app/src/main/res/drawable-xxxhdpi/splash.png
+++ b/auth/android/app/src/main/res/drawable-xxxhdpi/splash.png
--- a/auth/android/app/src/main/res/drawable/background.png
+++ b/auth/android/app/src/main/res/drawable/background.png
--- a/auth/android/app/src/main/res/mipmap-anydpi-v26/launcher_icon.xml
+++ b/auth/android/app/src/main/res/mipmap-anydpi-v26/launcher_icon.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
-  <background android:drawable="@drawable/ic_launcher_background"/>
+  <background android:drawable="@color/ic_launcher_background"/>
  <foreground android:drawable="@drawable/ic_launcher_foreground"/>
  <monochrome android:drawable="@drawable/ic_launcher_foreground"/>
 </adaptive-icon>
--- a/auth/android/app/src/main/res/mipmap-hdpi/ic_launcher.png
+++ b/auth/android/app/src/main/res/mipmap-hdpi/ic_launcher.png
--- a/auth/android/app/src/main/res/mipmap-hdpi/launcher_icon.png
+++ b/auth/android/app/src/main/res/mipmap-hdpi/launcher_icon.png
--- a/auth/android/app/src/main/res/mipmap-mdpi/ic_launcher.png
+++ b/auth/android/app/src/main/res/mipmap-mdpi/ic_launcher.png
--- a/auth/android/app/src/main/res/mipmap-mdpi/launcher_icon.png
+++ b/auth/android/app/src/main/res/mipmap-mdpi/launcher_icon.png
--- a/auth/android/app/src/main/res/mipmap-xhdpi/ic_launcher.png
+++ b/auth/android/app/src/main/res/mipmap-xhdpi/ic_launcher.png
--- a/auth/android/app/src/main/res/mipmap-xhdpi/launcher_icon.png
+++ b/auth/android/app/src/main/res/mipmap-xhdpi/launcher_icon.png
--- a/Show More
+++ b/Show More
		`@@ -1 +0,0 @@`
			`Auth is a FOSS authenticator app that provides end-to-end encrypted backups for your 2FA secrets.`