Compare commits

..

1 Commits

Author SHA1 Message Date
Michel Roegl-Brunner 246e4a643b feat(build.func): add var_ignore_disable to bypass disabled-script guard
Allow users to set var_ignore_disable=true to continue past the 'script disabled' guard in runtime_script_status_guard(). A warning is still shown, but execution continues instead of aborting. Deleted scripts remain a hard stop.
2026-07-02 11:17:21 +02:00
5 changed files with 52 additions and 86 deletions
-12
View File
@@ -497,28 +497,16 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- typo: fix npm update to npm install for n8n [@MickLesk](https://github.com/MickLesk) ([#15545](https://github.com/community-scripts/ProxmoxVE/pull/15545))
- #### ✨ New Features
- Frigate: bump to v0.17.2 [@MickLesk](https://github.com/MickLesk) ([#15536](https://github.com/community-scripts/ProxmoxVE/pull/15536))
- #### 💥 Breaking Changes
- Immich v3.0.0 [@vhsdream](https://github.com/vhsdream) ([#15153](https://github.com/community-scripts/ProxmoxVE/pull/15153))
### 💾 Core
- #### 🐞 Bug Fixes
- tools.func: configure pnpm to allow all build scripts for environments [@MickLesk](https://github.com/MickLesk) ([#15532](https://github.com/community-scripts/ProxmoxVE/pull/15532))
- #### ✨ New Features
- feat(build.func): add var_ignore_disable to bypass disabled-script guard [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15544](https://github.com/community-scripts/ProxmoxVE/pull/15544))
## 2026-07-01
### 🆕 New Scripts
+24 -40
View File
@@ -110,7 +110,7 @@ EOF
msg_ok "Image-processing libraries up to date"
fi
RELEASE="v3.0.1"
RELEASE="v2.7.5"
if check_for_gh_release "Immich" "immich-app/immich" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
if [[ $(cat ~/.immich) > "2.5.1" ]]; then
msg_info "Enabling Maintenance Mode"
@@ -124,7 +124,7 @@ EOF
systemctl stop immich-web
systemctl stop immich-ml
msg_ok "Stopped Services"
VCHORD_RELEASE="1.0.0"
VCHORD_RELEASE="0.5.3"
[[ -f ~/.vchord_version ]] && mv ~/.vchord_version ~/.vectorchord
if check_for_gh_release "VectorChord" "tensorchord/VectorChord" "${VCHORD_RELEASE}" "updated together with Immich after testing"; then
fetch_and_deploy_gh_release "VectorChord" "tensorchord/VectorChord" "binary" "${VCHORD_RELEASE}" "/tmp" "postgresql-16-vchord_*_$(arch_resolve).deb"
@@ -140,7 +140,7 @@ EOF
UPLOAD_DIR="$(sed -n '/^IMMICH_MEDIA_LOCATION/s/[^=]*=//p' /opt/immich/.env)"
SRC_DIR="${INSTALL_DIR}/source"
APP_DIR="${INSTALL_DIR}/app"
PLUGIN_DIR="${APP_DIR}/plugins/immich-plugin-core"
PLUGIN_DIR="${APP_DIR}/corePlugin"
ML_DIR="${APP_DIR}/machine-learning"
GEO_DIR="${INSTALL_DIR}/geodata"
@@ -177,10 +177,10 @@ EOF
# server build
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
$STD pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter immich build
$STD pnpm --filter immich --frozen-lockfile build
unset SHARP_IGNORE_GLOBAL_LIBVIPS
export SHARP_FORCE_GLOBAL_LIBVIPS=true
$STD pnpm --filter immich --prod --no-optional deploy "$APP_DIR"
$STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
# Patch helmet.json: disable upgrade-insecure-requests for HTTP access
if [[ -f "$APP_DIR/helmet.json" ]]; then
@@ -190,31 +190,32 @@ EOF
cp "$APP_DIR"/package.json "$APP_DIR"/bin
sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin
# sdk, cli & web build
# openapi & web build
cd "$SRC_DIR"
echo "packageImportMethod: hardlink" >>./pnpm-workspace.yaml
$STD pnpm --filter @immich/sdk --filter immich-web --frozen-lockfile --force install
unset SHARP_FORCE_GLOBAL_LIBVIPS
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
$STD pnpm --filter @immich/sdk --filter immich-web --filter @immich/cli build
$STD pnpm --filter @immich/cli --prod --no-optional deploy "$APP_DIR"/cli
$STD pnpm --filter @immich/sdk --filter immich-web build
cp -a web/build "$APP_DIR"/www
cp LICENSE "$APP_DIR"
# cli build
$STD pnpm --filter @immich/sdk --filter @immich/cli --frozen-lockfile install
$STD pnpm --filter @immich/sdk --filter @immich/cli build
$STD pnpm --filter @immich/cli --prod --no-optional deploy "$APP_DIR"/cli
[[ -f "$INSTALL_DIR"/start.sh ]] && mv "$INSTALL_DIR"/start.sh "$APP_DIR"/bin
# plugins
# Build the plugin(s) directly instead of via the `mise //:plugins` monorepo task path,
# which repeatedly breaks across mise releases (experimental/monorepo_root setting churn).
# mise is used only to provide the build tools (extism-js, wasm-opt, etc.) via `mise install`
# and `mise exec`, both of which are stable and do not depend on the monorepo feature.
cd "$SRC_DIR"
export MISE_TRUSTED_CONFIG_PATHS="$SRC_DIR"/mise.toml
export MISE_DISABLE_TOOLS=github:jellyfin/jellyfin-ffmpeg
$STD mise trust --ignore ./mise.toml
$STD mise trust ./plugins/mise.toml
cd plugins
$STD mise install
$STD mise exec -- pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter @immich/plugin-core install --frozen-lockfile
$STD mise exec -- pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter @immich/plugin-core build
$STD mise run build
mkdir -p "$PLUGIN_DIR"
cp -r ./packages/plugin-core/dist "$PLUGIN_DIR"/dist
cp ./packages/plugin-core/manifest.json "$PLUGIN_DIR"
cp -r ./dist "$PLUGIN_DIR"/dist
cp ./manifest.json "$PLUGIN_DIR"
msg_ok "Updated Immich server, web, cli and plugins"
cd "$SRC_DIR"/machine-learning
@@ -230,13 +231,13 @@ EOF
ML_PYTHON="python3.13"
msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
for attempt in $(seq 1 3); do
$STD sudo --preserve-env=VIRTUAL_ENV -Pnu immich uv python install "${ML_PYTHON}" && break
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
[[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
done
msg_ok "Pre-installed Python ${ML_PYTHON}"
msg_info "Updating Intel OpenVINO machine-learning"
for attempt in $(seq 1 3); do
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -Pnu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
[[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
done
patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-$(arch_resolve "x86_64" "aarch64")-linux-gnu.so"
@@ -245,13 +246,13 @@ EOF
ML_PYTHON="python3.11"
msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
for attempt in $(seq 1 3); do
$STD sudo --preserve-env=VIRTUAL_ENV -Pnu immich uv python install "${ML_PYTHON}" && break
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
[[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
done
msg_ok "Pre-installed Python ${ML_PYTHON}"
msg_info "Updating machine-learning"
for attempt in $(seq 1 3); do
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -Pnu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
[[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
done
msg_ok "Updated machine-learning"
@@ -259,23 +260,6 @@ EOF
cd "$SRC_DIR"
cp -a machine-learning/{ann,immich_ml} "$ML_DIR"
[[ -f "$INSTALL_DIR"/ml_start.sh ]] && mv "$INSTALL_DIR"/ml_start.sh "$ML_DIR"
# Regenerate ml_start.sh if it is missing (e.g. lost by a previously interrupted update),
# otherwise immich-ml.service fails to start with status=203/EXEC
if [[ ! -f "$ML_DIR"/ml_start.sh ]]; then
cat <<EOF >"$ML_DIR"/ml_start.sh
#!/usr/bin/env bash
cd ${ML_DIR}
. ${VIRTUAL_ENV}/bin/activate
set -a
. ${INSTALL_DIR}/.env
set +a
python3 -m immich_ml
EOF
chmod +x "$ML_DIR"/ml_start.sh
fi
[[ -f ~/.openvino ]] && sed -i "/intra_op/s/int = 0/int = os.cpu_count() or 0/" "$ML_DIR"/immich_ml/config.py
ln -sf "$APP_DIR"/resources "$INSTALL_DIR"
cd "$APP_DIR"
@@ -445,7 +429,7 @@ function compile_imagemagick() {
function compile_libvips() {
SOURCE=$SOURCE_DIR/libvips
LIBVIPS_REVISION="3664cfc5dc2c5661288f5bf5a85ccc51c64c1626"
LIBVIPS_REVISION="17ad2f62dda7e39985955da189183e594683d45e"
if [[ "$LIBVIPS_REVISION" != "$(grep 'libvips' ~/.immich_library_revisions | awk '{print $2}')" ]]; then
msg_info "Recompiling libvips"
[[ -d "$SOURCE" ]] && rm -rf "$SOURCE"
+1 -1
View File
@@ -45,7 +45,7 @@ EOF
systemctl daemon-reload
fi
$STD npm install -g n8n@2.27.5
$STD npm update -g n8n@2.27.5
systemctl restart n8n
msg_ok "Updated n8n"
msg_ok "Updated successfully!"
+24 -23
View File
@@ -162,7 +162,7 @@ PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql
ACTUAL_PG_VERSION=$(ls /etc/postgresql/ 2>/dev/null | sort -V | tail -1)
ACTUAL_PG_VERSION=${ACTUAL_PG_VERSION:-16}
VCHORD_RELEASE="1.0.0"
VCHORD_RELEASE="0.5.3"
fetch_and_deploy_gh_release "VectorChord" "tensorchord/VectorChord" "binary" "${VCHORD_RELEASE}" "/tmp" "postgresql-${ACTUAL_PG_VERSION}-vchord_*_$(arch_resolve).deb"
sed -i "s/^#shared_preload.*/shared_preload_libraries = 'vchord.so'/" /etc/postgresql/${ACTUAL_PG_VERSION}/main/postgresql.conf
@@ -282,7 +282,7 @@ msg_ok "(4/5) Compiled imagemagick"
msg_info "(5/5) Compiling libvips"
SOURCE=$SOURCE_DIR/libvips
LIBVIPS_REVISION="3664cfc5dc2c5661288f5bf5a85ccc51c64c1626"
LIBVIPS_REVISION="17ad2f62dda7e39985955da189183e594683d45e"
$STD git clone https://github.com/libvips/libvips.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$LIBVIPS_REVISION"
@@ -306,12 +306,12 @@ INSTALL_DIR="/opt/${APPLICATION}"
UPLOAD_DIR="${INSTALL_DIR}/upload"
SRC_DIR="${INSTALL_DIR}/source"
APP_DIR="${INSTALL_DIR}/app"
PLUGIN_DIR="${APP_DIR}/plugins/immich-plugin-core"
PLUGIN_DIR="${APP_DIR}/corePlugin"
ML_DIR="${APP_DIR}/machine-learning"
GEO_DIR="${INSTALL_DIR}/geodata"
mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v3.0.1" "$SRC_DIR"
fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.7.5" "$SRC_DIR"
PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
NODE_VERSION="24" NODE_MODULE="corepack,pnpm@${PNPM_VERSION}" setup_nodejs
@@ -323,10 +323,10 @@ export CI=1
# server build
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
$STD pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter immich build
$STD pnpm --filter immich --frozen-lockfile build
unset SHARP_IGNORE_GLOBAL_LIBVIPS
export SHARP_FORCE_GLOBAL_LIBVIPS=true
$STD pnpm --filter immich --prod --no-optional deploy "$APP_DIR"
$STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
# Patch helmet.json: disable upgrade-insecure-requests for HTTP access
if [[ -f "$APP_DIR/helmet.json" ]]; then
@@ -336,30 +336,31 @@ fi
cp "$APP_DIR"/package.json "$APP_DIR"/bin
sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin
# sdk, cli & web build
# openapi & web build
cd "$SRC_DIR"
echo "packageImportMethod: hardlink" >>./pnpm-workspace.yaml
$STD pnpm --filter @immich/sdk --filter immich-web --frozen-lockfile --force install
unset SHARP_FORCE_GLOBAL_LIBVIPS
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
$STD pnpm --filter @immich/sdk --filter immich-web --filter @immich/cli build
$STD pnpm --filter @immich/cli --prod --no-optional deploy "$APP_DIR"/cli
$STD pnpm --filter @immich/sdk --filter immich-web build
cp -a web/build "$APP_DIR"/www
cp LICENSE "$APP_DIR"
# cli build
$STD pnpm --filter @immich/sdk --filter @immich/cli --frozen-lockfile install
$STD pnpm --filter @immich/sdk --filter @immich/cli build
$STD pnpm --filter @immich/cli --prod --no-optional deploy "$APP_DIR"/cli
# plugins
# Build the plugin(s) directly instead of via the `mise //:plugins` monorepo task path,
# which repeatedly breaks across mise releases (experimental/monorepo_root setting churn).
# mise is used only to provide the build tools (extism-js, wasm-opt, etc.) via `mise install`
# and `mise exec`, both of which are stable and do not depend on the monorepo feature.
cd "$SRC_DIR"
export MISE_TRUSTED_CONFIG_PATHS="$SRC_DIR"/mise.toml
export MISE_DISABLE_TOOLS=github:jellyfin/jellyfin-ffmpeg
$STD mise trust --ignore ./mise.toml
$STD mise trust ./plugins/mise.toml
cd plugins
$STD mise install
$STD mise exec -- pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter @immich/plugin-core install --frozen-lockfile
$STD mise exec -- pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter @immich/plugin-core build
$STD mise run build
mkdir -p "$PLUGIN_DIR"
cp -r ./packages/plugin-core/dist "$PLUGIN_DIR"/dist
cp ./packages/plugin-core/manifest.json "$PLUGIN_DIR"
cp -r ./dist "$PLUGIN_DIR"/dist
cp ./manifest.json "$PLUGIN_DIR"
msg_ok "Installed Immich Server, Web and Plugin Components"
cd "$SRC_DIR"/machine-learning
@@ -375,13 +376,13 @@ if [[ -f ~/.openvino ]]; then
ML_PYTHON="python3.13"
msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
for attempt in $(seq 1 3); do
$STD sudo --preserve-env=VIRTUAL_ENV -Pnu immich uv python install "${ML_PYTHON}" && break
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
[[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
done
msg_ok "Pre-installed Python ${ML_PYTHON}"
msg_info "Installing Intel OpenVINO machine-learning"
for attempt in $(seq 1 3); do
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -Pnu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
[[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
done
patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-$(arch_resolve "x86_64" "aarch64")-linux-gnu.so"
@@ -390,13 +391,13 @@ else
ML_PYTHON="python3.11"
msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
for attempt in $(seq 1 3); do
$STD sudo --preserve-env=VIRTUAL_ENV -Pnu immich uv python install "${ML_PYTHON}" && break
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
[[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
done
msg_ok "Pre-installed Python ${ML_PYTHON}"
msg_info "Installing machine-learning"
for attempt in $(seq 1 3); do
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -Pnu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
[[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
done
msg_ok "Installed machine-learning"
+3 -10
View File
@@ -7627,10 +7627,7 @@ setup_nodejs() {
MODULE_INSTALLED_VERSION="$(npm list -g --depth=0 "$MODULE_NAME" 2>&1 | grep "$MODULE_NAME@" | awk -F@ '{print $2}' 2>/dev/null | tr -d '[:space:]' || echo '')"
if [[ "$MODULE_REQ_VERSION" != "latest" && "$MODULE_REQ_VERSION" != "$MODULE_INSTALLED_VERSION" ]]; then
msg_info "Updating $MODULE_NAME to v$MODULE_REQ_VERSION"
# Retry with --force to overwrite corepack-provided shims (pnpm/yarn), which now
# ship with recent corepack and cause EEXIST on /usr/bin/<tool>
if $STD npm install -g "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null ||
$STD npm install -g --force "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null; then
if $STD npm install -g "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null; then
msg_ok "Updated $MODULE_NAME"
else
msg_warn "Failed to update $MODULE_NAME to version $MODULE_REQ_VERSION"
@@ -7638,8 +7635,7 @@ setup_nodejs() {
fi
elif [[ "$MODULE_REQ_VERSION" == "latest" ]]; then
msg_info "Updating $MODULE_NAME to latest version"
if $STD npm install -g "${MODULE_NAME}@latest" 2>/dev/null ||
$STD npm install -g --force "${MODULE_NAME}@latest" 2>/dev/null; then
if $STD npm install -g "${MODULE_NAME}@latest" 2>/dev/null; then
msg_ok "Updated $MODULE_NAME"
else
msg_warn "Failed to update $MODULE_NAME to latest version"
@@ -7648,10 +7644,7 @@ setup_nodejs() {
fi
else
msg_info "Installing $MODULE_NAME@$MODULE_REQ_VERSION"
# Retry with --force to overwrite corepack-provided shims (pnpm/yarn), which now
# ship with recent corepack and cause EEXIST on /usr/bin/<tool>
if $STD npm install -g "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null ||
$STD npm install -g --force "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null; then
if $STD npm install -g "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null; then
msg_ok "Installed $MODULE_NAME"
else
msg_warn "Failed to install $MODULE_NAME@$MODULE_REQ_VERSION"