feat(component): sortable

.cargo/config.toml

@@ -5,14 +5,7 @@ rustflags = ["-C", "target-feature=+crt-static"]
 [target.'cfg(target_os = "linux")']
 rustflags = ["-C", "link-args=-Wl,--warn-unresolved-symbols"]
 [target.'cfg(target_os = "macos")']
-rustflags = [
-  "-C",
-  "link-args=-Wl,-undefined,dynamic_lookup,-no_fixup_chains",
-  "-C",
-  "link-args=-all_load",
-  "-C",
-  "link-args=-weak_framework ScreenCaptureKit",
-]
+rustflags = ["-C", "link-args=-all_load", "-C", "link-args=-weak_framework ScreenCaptureKit"]
 # https://sourceware.org/bugzilla/show_bug.cgi?id=21032
 # https://sourceware.org/bugzilla/show_bug.cgi?id=21031
 # https://github.com/rust-lang/rust/issues/134820

.devcontainer/Dockerfile

@@ -0,0 +1,10 @@
+FROM mcr.microsoft.com/devcontainers/base:bookworm
+
+USER vscode
+# Install Homebrew For Linux
+RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" && \
+    eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" && \
+    echo "eval \"\$($(brew --prefix)/bin/brew shellenv)\"" >> /home/vscode/.zshrc && \
+    echo "eval \"\$($(brew --prefix)/bin/brew shellenv)\"" >> /home/vscode/.bashrc && \
+    # Install Graphite
+    brew install withgraphite/tap/graphite && gt --version

.devcontainer/build.sh

@@ -1,6 +1,10 @@
 #!/bin/bash
 # This is a script used by the devcontainer to build the project
 
+#Enable yarn
+corepack enable
+corepack prepare yarn@stable --activate
+
 # install dependencies
 yarn install
 

.devcontainer/devcontainer.json

@@ -1,16 +1,12 @@
 // For format details, see https://aka.ms/devcontainer.json.
 {
-  "name": "AFFiNE Dev Container",
+  "name": "Debian",
   "dockerComposeFile": "docker-compose.yml",
   "service": "app",
   "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
-  "containerEnv": {
-    "COREPACK_ENABLE_DOWNLOAD_PROMPT": "0"
-  },
   "features": {
     "ghcr.io/devcontainers/features/node:1": {
-      "version": "lts",
-      "installYarnUsingApt": false
+      "version": "18"
     },
     "ghcr.io/devcontainers/features/rust:1": {}
   },
@@ -20,7 +16,7 @@
       "extensions": [
         "ms-playwright.playwright",
         "esbenp.prettier-vscode",
-        "dbaeumer.vscode-eslint"
+        "streetsidesoftware.code-spell-checker"
       ]
     }
   },

.devcontainer/docker-compose.yml

@@ -2,9 +2,9 @@ version: '3.8'
 
 services:
   app:
-    security_opt:
-      - no-new-privileges:true
-    image: mcr.microsoft.com/devcontainers/base:bookworm
+    build:
+      context: .
+      dockerfile: Dockerfile
     volumes:
       - ../..:/workspaces:cached
     command: sleep infinity
@@ -12,7 +12,6 @@ services:
     environment:
       DATABASE_URL: postgresql://affine:affine@db:5432/affine
       REDIS_SERVER_HOST: redis
-      AFFINE_INDEXER_SEARCH_ENDPOINT: http://indexer:9308
 
   db:
     image: pgvector/pgvector:pg16
@@ -25,20 +24,8 @@ services:
       POSTGRES_DB: affine
   redis:
     image: redis
-
-  indexer:
-    image: manticoresearch/manticore:${MANTICORE_VERSION:-10.1.0}
-    ulimits:
-      nproc: 65535
-      nofile:
-        soft: 65535
-        hard: 65535
-      memlock:
-        soft: -1
-        hard: -1
-    volumes:
-      - manticoresearch_data:/var/lib/manticore
+    ports:
+      - 6379:6379
 
 volumes:
   postgres-data:
-  manticoresearch_data:

.devcontainer/setup-user.sh

@@ -1,9 +1,9 @@
 set -e
 
-npm install -g @withgraphite/graphite-cli@stable
-
 if [ -v GRAPHITE_TOKEN ];then
     gt auth --token $GRAPHITE_TOKEN
 fi
 
+git fetch origin canary:canary --depth=1
+git branch canary -t origin/canary
 gt init --trunk canary

.docker/dev/.env.example

@@ -3,13 +3,4 @@ DB_VERSION=16
 # database credentials
 DB_PASSWORD=affine
 DB_USERNAME=affine
-DB_DATABASE_NAME=affine
-
-# elasticsearch env
-# ELASTIC_VERSION=9.0.1
-# enable for arm64, e.g.: macOS M1+
-# ELASTIC_VERSION_ARM64=-arm64
-# ELASTIC_PLATFORM=linux/arm64
-
-# manticoresearch
-MANTICORE_VERSION=10.1.0
+DB_DATABASE_NAME=affine

.docker/dev/.gitignore

@@ -1,6 +1,3 @@
 postgres
 .env
-compose.yml
-certs/*
-!certs/.gitkeep
-nginx/conf.d/*
+compose.yml

.docker/dev/README.md

@@ -1,21 +0,0 @@
-# Dev containers
-
-## Develop with domain
-
-> MacOs only, OrbStack only
-
-### 1. Generate and install Root CA
-
-```bash
-# the root ca file will be located at `./.docker/dev/certs/ca`
-yarn affine cert --install
-```
-
-### 2. Generate domain certs
-
-```bash
-# certificates will be located at `./.docker/dev/certs/${domain}`
-yarn affine cert --domain affine.localhost
-```
-
-### 3. Enable nginx service in compose.yml

.docker/dev/compose.yml.example

@@ -18,82 +18,14 @@ services:
     ports:
       - 6379:6379
 
-  # https://mailpit.axllent.org/docs/install/docker/
-  mailpit:
-    image: axllent/mailpit:latest
+  mailhog:
+    image: mailhog/mailhog:latest
     ports:
       - 1025:1025
       - 8025:8025
-    environment:
-      MP_MAX_MESSAGES: 5000
-      MP_DATABASE: /data/mailpit.db
-      MP_SMTP_AUTH_ACCEPT_ANY: 1
-      MP_SMTP_AUTH_ALLOW_INSECURE: 1
-    volumes:
-      - mailpit_data:/data
-
-  # https://manual.manticoresearch.com/Starting_the_server/Docker
-  manticoresearch:
-    image: manticoresearch/manticore:${MANTICORE_VERSION:-10.1.0}
-    ports:
-      - 9308:9308
-    ulimits:
-      nproc: 65535
-      nofile:
-        soft: 65535
-        hard: 65535
-      memlock:
-        soft: -1
-        hard: -1
-    volumes:
-      - manticoresearch_data:/var/lib/manticore
-  
-  # elasticsearch:
-  #   image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION:-9.0.1}${ELASTIC_VERSION_ARM64}
-  #   platform: ${ELASTIC_PLATFORM}
-  #   labels:
-  #     co.elastic.logs/module: elasticsearch
-  #   volumes:
-  #     - elasticsearch_data:/usr/share/elasticsearch/data
-  #   ports:
-  #     - ${ES_PORT:-9200}:9200
-  #   environment:
-  #     - node.name=es01
-  #     - cluster.name=affine-dev
-  #     - discovery.type=single-node
-  #     - bootstrap.memory_lock=true
-  #     - xpack.security.enabled=false
-  #     - xpack.security.http.ssl.enabled=false
-  #     - xpack.security.transport.ssl.enabled=false
-  #     - xpack.license.self_generated.type=basic
-  #   mem_limit: ${ES_MEM_LIMIT:-1073741824}
-  #   ulimits:
-  #     memlock:
-  #       soft: -1
-  #       hard: -1
-  #   healthcheck:
-  #     test:
-  #       [
-  #         "CMD-SHELL",
-  #         "curl -s http://localhost:9200 | grep -q 'affine-dev'",
-  #       ]
-  #     interval: 10s
-  #     timeout: 10s
-  #     retries: 120
-
-  # nginx:
-  #   image: nginx:alpine
-  #   volumes:
-  #     - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-  #     - ./nginx/conf.d:/etc/nginx/conf.d:ro
-  #     - ./certs:/etc/nginx/certs:ro
-  #   network_mode: host
 
 networks:
   dev:
 
 volumes:
   postgres_data:
-  manticoresearch_data:
-  mailpit_data:
-  elasticsearch_data:

.docker/dev/nginx/nginx.conf

@@ -1,28 +0,0 @@
-user nginx;
-worker_processes auto;
-
-error_log   /var/log/nginx/error.log;
-pid         /var/run/nginx.pid;
-
-events {
-  worker_connections  1024;
-}
-
-http {
-  include mime.types;
-  default_type  application/octet-stream;
-
-  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-  access_log  /var/log/nginx/access.log  main;
-
-  sendfile on;
-  keepalive_timeout  65;
-  types_hash_max_size 2048;
-  client_max_body_size 512M;
-  server_names_hash_bucket_size 128;
-  ssi on;
-  gzip  on;
-  include "/etc/nginx/conf.d/*";
-}

.docker/dev/templates/nginx.conf

@@ -1,27 +0,0 @@
-server {
-  listen 80;
-  server_name DEV_DOMAIN;
-  
-  location / {
-    return 301 https://$host$request_uri;
-  }
-}
-
-server {
-  listen 443 ssl;
-  http2 on;
-  ssl_certificate /etc/nginx/certs/$host/crt;
-  ssl_certificate_key /etc/nginx/certs/$host/key;
-  server_name DEV_DOMAIN;
-
-  location / {
-    proxy_pass http://localhost:8080;
-    proxy_set_header   Host              $host;
-    proxy_set_header   X-Real-IP         $remote_addr;
-    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
-    proxy_set_header   X-Forwarded-Proto $scheme;
-    proxy_set_header   Upgrade           $http_upgrade;
-    proxy_set_header   Connection        "upgrade";
-    resolver 127.0.0.1;
-  }
-}

.docker/dev/templates/openssl.conf

@@ -1,25 +0,0 @@
-[req]
-distinguished_name = req_distinguished_name
-req_extensions = v3_req
-
-[req_distinguished_name]
-countryName = Country Name (2 letter code)
-countryName_default = US
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = MN
-localityName = Locality Name (eg, city)
-localityName_default = Minneapolis
-organizationalUnitName	= Organizational Unit Name (eg, section)
-organizationalUnitName_default	= Domain Control Validated
-commonName = Internet Widgits Ltd
-commonName_max	= 64
-
-[ v3_req ]
-# Extensions to add to a certificate request
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = DEV_DOMAIN
-DNS.2 = *.DEV_DOMAIN

.docker/selfhost/.env.example

@@ -20,4 +20,4 @@ CONFIG_LOCATION=~/.affine/self-host/config
 # database credentials
 DB_USERNAME=affine
 DB_PASSWORD=
-DB_DATABASE=affine
+DB_DATABASE=affine

.docker/selfhost/.gitignore

@@ -1 +0,0 @@
-.env

.docker/selfhost/compose.yml

@@ -1,7 +1,7 @@
 name: affine
 services:
   affine:
-    image: ghcr.io/toeverything/affine:${AFFINE_REVISION:-stable}
+    image: ghcr.io/toeverything/affine-graphql:${AFFINE_REVISION:-stable}
     container_name: affine_server
     ports:
       - '${PORT:-3010}:3010'
@@ -21,11 +21,10 @@ services:
     environment:
       - REDIS_SERVER_HOST=redis
       - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine}
-      - AFFINE_INDEXER_ENABLED=false
     restart: unless-stopped
 
   affine_migration:
-    image: ghcr.io/toeverything/affine:${AFFINE_REVISION:-stable}
+    image: ghcr.io/toeverything/affine-graphql:${AFFINE_REVISION:-stable}
     container_name: affine_migration_job
     volumes:
       # custom configurations
@@ -37,7 +36,6 @@ services:
     environment:
       - REDIS_SERVER_HOST=redis
       - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine}
-      - AFFINE_INDEXER_ENABLED=false
     depends_on:
       postgres:
         condition: service_healthy
@@ -46,7 +44,7 @@ services:
 
   redis:
     image: redis
-    container_name: affine_redis
+    container_name: redis
     healthcheck:
       test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping']
       interval: 10s
@@ -55,8 +53,8 @@ services:
     restart: unless-stopped
 
   postgres:
-    image: pgvector/pgvector:pg16
-    container_name: affine_postgres
+    image: postgres:16
+    container_name: postgres
     volumes:
       - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
     environment:

.docker/selfhost/config.example.json

@@ -1,6 +0,0 @@
-{
-  "$schema": "https://github.com/toeverything/affine/releases/latest/download/config.schema.json",
-  "server": {
-    "name": "AFFiNE Self Hosted Server"
-  }
-}

.dockerignore

@@ -1,26 +0,0 @@
-.git
-.github/**/*.md
-.gitignore
-
-# Local dependency/build artifacts
-/node_modules
-/target
-
-# Yarn v4 artifacts (not needed for image packaging)
-/.yarn/cache
-/.yarn/unplugged
-/.yarn/install-state.gz
-/.pnp.*
-
-# Test artifacts
-/test-results
-/playwright-report
-/coverage
-/.coverage
-
-# OS noise
-.DS_Store
-
-# Sourcemaps (keep server sourcemap for backend stacktraces)
-**/*.map
-!packages/backend/server/dist/main.js.map

.editorconfig

@@ -1,8 +1,6 @@
 # Editor configuration, see http://editorconfig.org
 root = true
 
-[*.rs]
-max_line_length = 120
 [*]
 charset = utf-8
 indent_style = space

.github/ISSUE_TEMPLATE/BUG-REPORT.yml

@@ -74,11 +74,3 @@ body:
       description: |
         Links? References? Anything that will give us more context about the issue you are encountering!
         Tip: You can attach images here
-  - type: checkboxes
-    attributes:
-      label: Is your content generated by AI?
-      description: >
-        (Required) Please confirm that the content you submit was not generated by AI or only minimally edited by AI.
-        If an administrator believes the post contains a large amount of AI-generated content, they may directly close the question.
-      options:
-        - label: I confirm that the content I submitted was **not** generated by AI / **merely contained minimal** AI edits.

.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml

@@ -2,6 +2,7 @@ name: Feature Request
 description: Suggest a feature or improvement
 title: '[Feature Request]: '
 labels: ['feat', 'story']
+assignees: ['hwangdev97']
 body:
   - type: markdown
     attributes:
@@ -34,11 +35,3 @@ body:
         See the AFFiNE [Contributing Guide](https://github.com/toeverything/affine/blob/canary/CONTRIBUTING.md) to get started.
       options:
         - label: Yes I'd like to help by submitting a PR!
-  - type: checkboxes
-    attributes:
-      label: Is your content generated by AI?
-      description: >
-        (Required) Please confirm that the content you submit was not generated by AI or only minimally edited by AI.
-        If an administrator believes the post contains a large amount of AI-generated content, they may directly close the question.
-      options:
-        - label: I confirm that the content I submitted was **not** generated by AI / **merely contained minimal** AI edits.

.github/actions/build-rust/action.yml

@@ -75,11 +75,7 @@ runs:
       shell: bash
       if: ${{ runner.os != 'Windows' && inputs.no-build != 'true' }}
       run: |
-        if [[ "${{ inputs.target }}" == "x86_64-unknown-linux-gnu" ]]; then
-          yarn workspace ${{ inputs.package }} build --target ${{ inputs.target }}
-        else
-          yarn workspace ${{ inputs.package }} build --target ${{ inputs.target }} --use-napi-cross
-        fi
+        yarn workspace ${{ inputs.package }} build --target ${{ inputs.target }} --use-napi-cross
       env:
         DEBUG: 'napi:*'
 

.github/actions/deploy/action.yml

@@ -1,6 +1,9 @@
 name: 'Deploy to Cluster'
 description: 'Deploy AFFiNE Cloud to cluster'
 inputs:
+  build-type:
+    description: 'Align with App build type, canary|beta|stable|internal'
+    default: 'canary'
   gcp-project-number:
     description: 'GCP project number'
     required: true
@@ -33,3 +36,5 @@ runs:
     - name: Deploy
       shell: bash
       run: node ./.github/actions/deploy/deploy.mjs
+      env:
+        BUILD_TYPE: '${{ inputs.build-type }}'

.github/actions/deploy/deploy.mjs

@@ -10,15 +10,11 @@ const {
   DATABASE_USERNAME,
   DATABASE_PASSWORD,
   DATABASE_NAME,
-  GCLOUD_CONNECTION_NAME,
   CLOUD_SQL_IAM_ACCOUNT,
   APP_IAM_ACCOUNT,
   REDIS_SERVER_HOST,
   REDIS_SERVER_PASSWORD,
   STATIC_IP_NAME,
-  AFFINE_INDEXER_SEARCH_PROVIDER,
-  AFFINE_INDEXER_SEARCH_ENDPOINT,
-  AFFINE_INDEXER_SEARCH_API_KEY,
 } = process.env;
 
 const buildType = BUILD_TYPE || 'canary';
@@ -29,26 +25,43 @@ const isInternal = buildType === 'internal';
 
 const replicaConfig = {
   stable: {
-    front: Number(process.env.PRODUCTION_FRONT_REPLICA) || 2,
-    graphql: Number(process.env.PRODUCTION_GRAPHQL_REPLICA) || 2,
-    doc: Number(process.env.PRODUCTION_DOC_REPLICA) || 2,
+    web: 3,
+    graphql: Number(process.env.PRODUCTION_GRAPHQL_REPLICA) || 3,
+    sync: Number(process.env.PRODUCTION_SYNC_REPLICA) || 3,
+    renderer: Number(process.env.PRODUCTION_RENDERER_REPLICA) || 3,
+    doc: Number(process.env.PRODUCTION_DOC_REPLICA) || 3,
   },
   beta: {
-    front: Number(process.env.BETA_FRONT_REPLICA) || 1,
-    graphql: Number(process.env.BETA_GRAPHQL_REPLICA) || 1,
-    doc: Number(process.env.BETA_DOC_REPLICA) || 1,
+    web: 2,
+    graphql: Number(process.env.BETA_GRAPHQL_REPLICA) || 2,
+    sync: Number(process.env.BETA_SYNC_REPLICA) || 2,
+    renderer: Number(process.env.BETA_RENDERER_REPLICA) || 2,
+    doc: Number(process.env.BETA_DOC_REPLICA) || 2,
+  },
+  canary: {
+    web: 2,
+    graphql: 2,
+    sync: 2,
+    renderer: 2,
+    doc: 2,
   },
-  canary: { front: 1, graphql: 1, doc: 1 },
 };
 
 const cpuConfig = {
-  beta: { front: '1', graphql: '1', doc: '1' },
-  canary: { front: '500m', graphql: '1', doc: '500m' },
-};
-
-const memoryConfig = {
-  beta: { front: '1Gi', graphql: '1Gi', doc: '1Gi' },
-  canary: { front: '512Mi', graphql: '512Mi', doc: '512Mi' },
+  beta: {
+    web: '300m',
+    graphql: '1',
+    sync: '1',
+    doc: '1',
+    renderer: '300m',
+  },
+  canary: {
+    web: '300m',
+    graphql: '1',
+    sync: '1',
+    doc: '1',
+    renderer: '300m',
+  },
 };
 
 const createHelmCommand = ({ isDryRun }) => {
@@ -58,7 +71,6 @@ const createHelmCommand = ({ isDryRun }) => {
     isProduction || isBeta || isInternal
       ? [
           `--set        cloud-sql-proxy.enabled=true`,
-          `--set-string cloud-sql-proxy.database.connectionName="${GCLOUD_CONNECTION_NAME}"`,
           `--set-string global.database.host=${DATABASE_URL}`,
           `--set-string global.database.user=${DATABASE_USERNAME}`,
           `--set-string global.database.password=${DATABASE_PASSWORD}`,
@@ -67,22 +79,17 @@ const createHelmCommand = ({ isDryRun }) => {
           `--set-string global.redis.password="${REDIS_SERVER_PASSWORD}"`,
         ]
       : [];
-  const indexerOptions = [
-    `--set-string global.indexer.provider="${AFFINE_INDEXER_SEARCH_PROVIDER}"`,
-    `--set-string global.indexer.endpoint="${AFFINE_INDEXER_SEARCH_ENDPOINT}"`,
-    `--set-string global.indexer.apiKey="${AFFINE_INDEXER_SEARCH_API_KEY}"`,
-  ];
   const serviceAnnotations = [
-    `--set-json   front.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
+    `--set-json   web.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
     `--set-json   graphql.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
+    `--set-json   sync.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
     `--set-json   doc.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
   ].concat(
     isProduction || isBeta || isInternal
       ? [
-          `--set-json   front.services.web.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
-          `--set-json   front.services.sync.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
-          `--set-json   front.services.renderer.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
+          `--set-json   web.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
           `--set-json   graphql.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
+          `--set-json   sync.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
           `--set-json   cloud-sql-proxy.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }"`,
           `--set-json   cloud-sql-proxy.nodeSelector="{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }"`,
         ]
@@ -90,22 +97,14 @@ const createHelmCommand = ({ isDryRun }) => {
   );
 
   const cpu = cpuConfig[buildType];
-  const memory = memoryConfig[buildType];
-  let resources = [];
-  if (cpu) {
-    resources = resources.concat([
-      `--set        front.resources.requests.cpu="${cpu.front}"`,
-      `--set        graphql.resources.requests.cpu="${cpu.graphql}"`,
-      `--set        doc.resources.requests.cpu="${cpu.doc}"`,
-    ]);
-  }
-  if (memory) {
-    resources = resources.concat([
-      `--set        front.resources.requests.memory="${memory.front}"`,
-      `--set        graphql.resources.requests.memory="${memory.graphql}"`,
-      `--set        doc.resources.requests.memory="${memory.doc}"`,
-    ]);
-  }
+  const resources = cpu
+    ? [
+        `--set        web.resources.requests.cpu="${cpu.web}"`,
+        `--set        graphql.resources.requests.cpu="${cpu.graphql}"`,
+        `--set        sync.resources.requests.cpu="${cpu.sync}"`,
+        `--set        doc.resources.requests.cpu="${cpu.doc}"`,
+      ]
+    : [];
 
   const replica = replicaConfig[buildType] || replicaConfig.canary;
 
@@ -117,11 +116,7 @@ const createHelmCommand = ({ isDryRun }) => {
         ? 'internal'
         : 'dev';
 
-  const hosts = (DEPLOY_HOST || CANARY_DEPLOY_HOST)
-    .split(',')
-    .map(host => host.trim())
-    .filter(host => host);
-  const primaryHost = hosts[0] || '0.0.0.0';
+  const host = DEPLOY_HOST || CANARY_DEPLOY_HOST;
   const deployCommand = [
     `helm upgrade --install affine .github/helm/affine`,
     `--namespace  ${namespace}`,
@@ -130,20 +125,21 @@ const createHelmCommand = ({ isDryRun }) => {
     `--set-string global.app.buildType="${buildType}"`,
     `--set        global.ingress.enabled=true`,
     `--set-json   global.ingress.annotations="{ \\"kubernetes.io/ingress.class\\": \\"gce\\", \\"kubernetes.io/ingress.allow-http\\": \\"true\\", \\"kubernetes.io/ingress.global-static-ip-name\\": \\"${STATIC_IP_NAME}\\" }"`,
-    ...hosts.map(
-      (host, index) => `--set global.ingress.hosts[${index}]=${host}`
-    ),
+    `--set-string global.ingress.host="${host}"`,
     `--set-string global.version="${APP_VERSION}"`,
     ...redisAndPostgres,
-    ...indexerOptions,
-    `--set        front.replicaCount=${replica.front}`,
-    `--set-string front.image.tag="${imageTag}"`,
-    `--set-string front.app.host="${primaryHost}"`,
+    `--set        web.replicaCount=${replica.web}`,
+    `--set-string web.image.tag="${imageTag}"`,
     `--set        graphql.replicaCount=${replica.graphql}`,
     `--set-string graphql.image.tag="${imageTag}"`,
-    `--set-string graphql.app.host="${primaryHost}"`,
+    `--set        graphql.app.host=${host}`,
+    `--set        sync.replicaCount=${replica.sync}`,
+    `--set-string sync.image.tag="${imageTag}"`,
+    `--set-string renderer.image.tag="${imageTag}"`,
+    `--set        renderer.app.host=${host}`,
+    `--set        renderer.replicaCount=${replica.renderer}`,
     `--set-string doc.image.tag="${imageTag}"`,
-    `--set-string doc.app.host="${primaryHost}"`,
+    `--set        doc.app.host=${host}`,
     `--set        doc.replicaCount=${replica.doc}`,
     ...serviceAnnotations,
     ...resources,

.github/actions/prepare-release/action.yml

@@ -1,41 +0,0 @@
-name: Prepare Release
-description: 'Prepare Release'
-outputs:
-  APP_VERSION:
-    description: 'App Version'
-    value: ${{ steps.get-version.outputs.APP_VERSION }}
-  GIT_SHORT_HASH:
-    description: 'Git Short Hash'
-    value: ${{ steps.get-version.outputs.GIT_SHORT_HASH }}
-  BUILD_TYPE:
-    description: 'Build Type'
-    value: ${{ steps.get-version.outputs.BUILD_TYPE }}
-runs:
-  using: 'composite'
-  steps:
-    - name: Get Version
-      id: get-version
-      shell: bash
-      run: |
-        GIT_SHORT_HASH=$(git rev-parse --short HEAD)
-        if [ "${{ github.ref_type }}" == "tag" ]; then
-          APP_VERSION=$(echo "${{ github.ref_name }}" | sed 's/^v//')
-        else
-          APP_VERSION=$(date '+%Y.%-m.%-d-canary.%-H%M')
-        fi
-        if [[ "$APP_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-          BUILD_TYPE=stable
-        elif [[ "$APP_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+-beta\.[0-9]+$ ]]; then
-          BUILD_TYPE=beta
-        elif [[ "$APP_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+-canary\.[0-9a-f]+$ ]]; then
-          BUILD_TYPE=canary
-        else
-          echo "Error: unsupported version string: $APP_VERSION" >&2
-          exit 1
-        fi
-        echo $APP_VERSION
-        echo $GIT_SHORT_HASH
-        echo $BUILD_TYPE
-        echo "APP_VERSION=$APP_VERSION" >> "$GITHUB_OUTPUT"
-        echo "GIT_SHORT_HASH=$GIT_SHORT_HASH" >> "$GITHUB_OUTPUT"
-        echo "BUILD_TYPE=$BUILD_TYPE" >> "$GITHUB_OUTPUT"

.github/actions/server-test-env/action.yml

@@ -21,10 +21,11 @@ runs:
         yarn affine @affine/server prisma generate
         yarn affine @affine/server prisma migrate deploy
         yarn affine @affine/server data-migration run
-
     - name: Import config
       shell: bash
-      env:
-        DEFAULT_CONFIG: '{}'
       run: |
-        printf '%s\n' "${SERVER_CONFIG:-$DEFAULT_CONFIG}" > ./packages/backend/server/config.json
+        printf '{"copilot":{"enabled":true,"providers.fal":{"apiKey":"%s"},"providers.gemini":{"apiKey":"%s"},"providers.openai":{"apiKey":"%s"},"providers.perplexity":{"apiKey":"%s"}}}' \
+        "$COPILOT_FAL_API_KEY" \
+        "$COPILOT_GOOGLE_API_KEY" \
+        "$COPILOT_OPENAI_API_KEY" \
+        "$COPILOT_PERPLEXITY_API_KEY" > ./packages/backend/server/config.json

.github/actions/setup-version/action.yml

@@ -1,18 +1,24 @@
 name: Setup Version
 description: 'Setup Version'
-inputs:
-  app-version:
+outputs:
+  APP_VERSION:
     description: 'App Version'
-    required: true
-  ios-app-version:
-    description: 'iOS App Store Version (Optional, use App version if empty)'
-    required: false
-    type: string
+    value: ${{ steps.version.outputs.APP_VERSION }}
 runs:
   using: 'composite'
   steps:
     - name: 'Write Version'
+      id: version
       shell: bash
-      env:
-        IOS_APP_VERSION: ${{ inputs.ios-app-version }}
-      run: ./scripts/set-version.sh ${{ inputs.app-version }}
+      run: |
+        if [ "${{ github.ref_type }}" == "tag" ]; then
+          APP_VERSION=$(echo "${{ github.ref_name }}" | sed 's/^v//')
+        else
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          TIME_VERSION=$(date +%Y%m%d%H%M)
+          GIT_SHORT_HASH=$(git rev-parse --short HEAD)
+          APP_VERSION=$PACKAGE_VERSION-nightly-$GIT_SHORT_HASH
+        fi
+        echo $APP_VERSION
+        echo "APP_VERSION=$APP_VERSION" >> "$GITHUB_OUTPUT"
+        ./scripts/set-version.sh $APP_VERSION

.github/deployment/front/Dockerfile

@@ -0,0 +1,13 @@
+FROM openresty/openresty:1.27.1.1-0-buster
+WORKDIR /app
+COPY ./packages/frontend/apps/web/dist ./dist
+COPY ./packages/frontend/admin/dist ./admin
+COPY ./packages/frontend/apps/mobile/dist ./mobile
+COPY ./.github/deployment/front/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
+COPY ./.github/deployment/front/affine.nginx.conf /etc/nginx/conf.d/affine.nginx.conf
+
+RUN mkdir -p /var/log/nginx && \
+  rm /etc/nginx/conf.d/default.conf
+
+EXPOSE 8080
+CMD ["/usr/local/openresty/bin/openresty", "-g", "daemon off;"]

.github/deployment/front/affine.nginx.conf

@@ -0,0 +1,42 @@
+server {
+  listen 8080;
+  location /admin {
+    root /app/;
+    index index.html;
+    try_files $uri/index.html $uri/ $uri /admin/index.html;
+  }
+
+  set $app_root_path /app/dist/;
+  set $mobile_root /app/dist/;
+  set_by_lua $affine_env 'return os.getenv("AFFINE_ENV")';
+
+  if ($affine_env = "dev") {
+    set $mobile_root /app/mobile/;
+  }
+
+  # https://gist.github.com/mariusom/6683dc52b1cad1a1f372e908bdb209d0
+  if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino") {
+    set $app_root_path $mobile_root;
+  }
+
+  if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {
+    set $app_root_path $mobile_root;
+  }
+
+  location ~ ^/(_plugin|assets|imgs|js|plugins|static)/ {
+    root $app_root_path;
+    try_files $uri $uri/ =404;
+  }
+
+  location / {
+    root $app_root_path;
+    index index.html;
+    try_files $uri $uri/ /index.html;
+    add_header Cache-Control "private, no-cache, no-store, max-age=0, must-revalidate";
+  }
+
+  error_page 404 /404.html;
+  location = /404.html {
+    internal;
+  }
+}

.github/deployment/front/nginx.conf

@@ -0,0 +1,15 @@
+worker_processes 4;
+error_log /var/log/nginx/error.log warn;
+pcre_jit on;
+env AFFINE_ENV;
+events {
+  worker_connections 1024;
+}
+http {
+  include mime.types;
+  log_format main '$remote_addr [$time_local] "$request" '
+  '$status $body_bytes_sent "$http_referer" '
+  '"$http_user_agent" "$http_x_forwarded_for"';
+  access_log /var/log/nginx/access.log main;
+  include /etc/nginx/conf.d/*.conf;
+}

.github/deployment/node/Dockerfile

@@ -1,35 +1,13 @@
-# syntax=docker/dockerfile:1.7
-
-FROM node:22-bookworm-slim AS assets
-WORKDIR /app
+FROM node:22-bookworm-slim
 
 COPY ./packages/backend/server /app
 COPY ./packages/frontend/apps/web/dist /app/static
 COPY ./packages/frontend/admin/dist /app/static/admin
 COPY ./packages/frontend/apps/mobile/dist /app/static/mobile
-
-# Keep server sourcemap for stacktraces, but don't ship frontend/node_modules sourcemaps.
-ARG TARGETARCH
-ARG TARGETVARIANT
-# Needed for Prisma engine resolution (and potential engine download during cleanup).
-RUN apt-get update && \
-  apt-get install -y --no-install-recommends openssl ca-certificates && \
-  rm -rf /var/lib/apt/lists/*
-
-RUN AFFINE_DOCKER_CLEAN=1 TARGETARCH="${TARGETARCH}" TARGETVARIANT="${TARGETVARIANT}" node ./scripts/docker-clean.mjs
-
-FROM node:22-bookworm-slim
 WORKDIR /app
 
-COPY --from=assets /app /app
-
 RUN apt-get update && \
-  apt-get install -y --no-install-recommends openssl libjemalloc2 && \
+  apt-get install -y --no-install-recommends openssl && \
   rm -rf /var/lib/apt/lists/*
 
-# Enable jemalloc by preloading the library
-ENV LD_PRELOAD=libjemalloc.so.2
-
-EXPOSE 3010
-
-CMD ["node", "./dist/main.js"]
+CMD ["node", "--import", "./scripts/register.js", "./dist/index.js"]

.github/deployment/self-host/compose.yaml

@@ -0,0 +1,60 @@
+services:
+  affine:
+    image: ghcr.io/toeverything/affine-graphql:stable
+    container_name: affine_selfhosted
+    command:
+      ['sh', '-c', 'node ./scripts/self-host-predeploy && node ./dist/index.js']
+    ports:
+      - '3010:3010'
+      - '5555:5555'
+    depends_on:
+      redis:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+    volumes:
+      # custom configurations
+      - ~/.affine/self-host/config:/root/.affine/config
+      # blob storage
+      - ~/.affine/self-host/storage:/root/.affine/storage
+    logging:
+      driver: 'json-file'
+      options:
+        max-size: '1000m'
+    restart: unless-stopped
+    environment:
+      - NODE_OPTIONS="--import=./scripts/register.js"
+      - AFFINE_CONFIG_PATH=/root/.affine/config
+      - REDIS_SERVER_HOST=redis
+      - DATABASE_URL=postgres://affine:affine@postgres:5432/affine
+      - NODE_ENV=production
+      # Telemetry allows us to collect data on how you use the affine. This data will helps us improve the app and provide better features.
+      # Uncomment next line if you wish to quit telemetry.
+      # - TELEMETRY_ENABLE=false
+  redis:
+    image: redis
+    container_name: affine_redis
+    restart: unless-stopped
+    volumes:
+      - ~/.affine/self-host/redis:/data
+    healthcheck:
+      test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+  postgres:
+    image: postgres:16
+    container_name: affine_postgres
+    restart: unless-stopped
+    volumes:
+      - ~/.affine/self-host/postgres:/var/lib/postgresql/data
+    healthcheck:
+      test: ['CMD-SHELL', 'pg_isready -U affine']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    environment:
+      POSTGRES_USER: affine
+      POSTGRES_PASSWORD: affine
+      POSTGRES_DB: affine
+      PGDATA: /var/lib/postgresql/data/pgdata

.github/helm/affine/Chart.yaml

@@ -3,4 +3,4 @@ name: affine
 description: AFFiNE cloud chart
 type: application
 version: 0.0.0
-appVersion: "0.26.1"
+appVersion: "0.20.0"

.github/helm/affine/charts/doc/Chart.yaml

@@ -3,7 +3,7 @@ name: doc
 description: AFFiNE doc server
 type: application
 version: 0.0.0
-appVersion: "0.26.1"
+appVersion: "0.20.0"
 dependencies:
   - name: gcloud-sql-proxy
     version: 0.0.0

.github/helm/affine/charts/doc/templates/deployment.yaml

@@ -69,15 +69,6 @@ spec:
                 key: redis-password
           - name: REDIS_SERVER_DATABASE
             value: "{{ .Values.global.redis.database }}"
-          - name: AFFINE_INDEXER_SEARCH_PROVIDER
-            value: "{{ .Values.global.indexer.provider }}"
-          - name: AFFINE_INDEXER_SEARCH_ENDPOINT
-            value: "{{ .Values.global.indexer.endpoint }}"
-          - name: AFFINE_INDEXER_SEARCH_API_KEY
-            valueFrom:
-              secretKeyRef:
-                name: indexer
-                key: indexer-apiKey
           - name: AFFINE_SERVER_PORT
             value: "{{ .Values.global.docService.port }}"
           - name: AFFINE_SERVER_SUB_PATH
@@ -95,13 +86,11 @@ spec:
               path: /info
               port: http
             initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-            timeoutSeconds: {{ .Values.probe.timeoutSeconds }}
           readinessProbe:
             httpGet:
               path: /info
               port: http
             initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-            timeoutSeconds: {{ .Values.probe.timeoutSeconds }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

.github/helm/affine/charts/doc/values.yaml

@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  repository: ghcr.io/toeverything/affine
+  repository: ghcr.io/toeverything/affine-graphql
   pullPolicy: IfNotPresent
   tag: ''
 
@@ -36,7 +36,6 @@ resources:
 
 probe:
   initialDelaySeconds: 20
-  timeoutSeconds: 5
 
 nodeSelector: {}
 tolerations: []

.github/helm/affine/charts/front/Chart.yaml

@@ -1,11 +0,0 @@
-apiVersion: v2
-name: front
-description: AFFiNE front server
-type: application
-version: 0.0.0
-appVersion: "0.26.1"
-dependencies:
-  - name: gcloud-sql-proxy
-    version: 0.0.0
-    repository: "file://../gcloud-sql-proxy"
-    condition: .global.database.gcloud.enabled

.github/helm/affine/charts/front/templates/NOTES.txt

@@ -1,16 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.services.sync.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Values.services.sync.name }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.services.sync.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ .Values.services.sync.name }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ .Values.services.sync.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.services.sync.port }}
-{{- else if contains "ClusterIP" .Values.services.sync.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "front.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}

.github/helm/affine/charts/front/templates/_helpers.tpl

@@ -1,63 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "front.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "front.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "front.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "front.labels" -}}
-helm.sh/chart: {{ include "front.chart" . }}
-{{ include "front.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-monitoring: enabled
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "front.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "front.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "front.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "front.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

.github/helm/affine/charts/front/templates/deployment.yaml

@@ -1,120 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "front.fullname" . }}
-  labels:
-    {{- include "front.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "front.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "front.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "front.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-            - name: AFFINE_PRIVATE_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.global.secret.secretName }}"
-                  key: key
-            - name: NODE_ENV
-              value: "{{ .Values.env }}"
-            - name: NODE_OPTIONS
-              value: "{{ .Values.nodeOptions }}"
-            - name: NO_COLOR
-              value: "1"
-            - name: DEPLOYMENT_TYPE
-              value: "{{ .Values.global.deployment.type }}"
-            - name: DEPLOYMENT_PLATFORM
-              value: "{{ .Values.global.deployment.platform }}"
-            - name: SERVER_FLAVOR
-              value: "front"
-            - name: AFFINE_ENV
-              value: "{{ .Release.Namespace }}"
-            - name: DATABASE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: pg-postgresql
-                  key: postgres-password
-            - name: DATABASE_URL
-              value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
-            - name: REDIS_SERVER_ENABLED
-              value: "true"
-            - name: REDIS_SERVER_HOST
-              value: "{{ .Values.global.redis.host }}"
-            - name: REDIS_SERVER_PORT
-              value: "{{ .Values.global.redis.port }}"
-            - name: REDIS_SERVER_USER
-              value: "{{ .Values.global.redis.username }}"
-            - name: REDIS_SERVER_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: redis
-                  key: redis-password
-            - name: REDIS_SERVER_DATABASE
-              value: "{{ .Values.global.redis.database }}"
-            - name: AFFINE_INDEXER_SEARCH_PROVIDER
-              value: "{{ .Values.global.indexer.provider }}"
-            - name: AFFINE_INDEXER_SEARCH_ENDPOINT
-              value: "{{ .Values.global.indexer.endpoint }}"
-            - name: AFFINE_INDEXER_SEARCH_API_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: indexer
-                  key: indexer-apiKey
-            - name: AFFINE_SERVER_PORT
-              value: "{{ .Values.app.port }}"
-            - name: AFFINE_SERVER_SUB_PATH
-              value: "{{ .Values.app.path }}"
-            - name: AFFINE_SERVER_HOST
-              value: "{{ .Values.app.host }}"
-            - name: AFFINE_SERVER_HTTPS
-              value: "{{ .Values.app.https }}"
-            - name: DOC_SERVICE_ENDPOINT
-              value: "http://{{ .Values.global.docService.name }}:{{ .Values.global.docService.port }}"
-          ports:
-            - name: http
-              containerPort: {{ .Values.app.port }}
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /info
-              port: http
-            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-          readinessProbe:
-            httpGet:
-              path: /info
-              port: http
-            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

.github/helm/affine/charts/front/templates/service-renderer.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.services.renderer.name }}
-  labels:
-    {{- include "front.labels" . | nindent 4 }}
-  {{- with .Values.services.renderer.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.services.renderer.type }}
-  ports:
-    - port: {{ .Values.services.renderer.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "front.selectorLabels" . | nindent 4 }}

.github/helm/affine/charts/front/templates/service-sync.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.services.sync.name }}
-  labels:
-    {{- include "front.labels" . | nindent 4 }}
-  {{- with .Values.services.sync.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.services.sync.type }}
-  ports:
-    - port: {{ .Values.services.sync.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "front.selectorLabels" . | nindent 4 }}

.github/helm/affine/charts/front/templates/service-web.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.services.web.name }}
-  labels:
-    {{- include "front.labels" . | nindent 4 }}
-  {{- with .Values.services.web.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.services.web.type }}
-  ports:
-    - port: {{ .Values.services.web.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "front.selectorLabels" . | nindent 4 }}

.github/helm/affine/charts/front/templates/serviceaccount.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "front.serviceAccountName" . }}
-  labels:
-    {{- include "front.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}

.github/helm/affine/charts/front/templates/tests/test-connection.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "front.fullname" . }}-test-connection"
-  labels:
-    {{- include "front.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ .Values.services.sync.name }}:{{ .Values.services.sync.port }}']
-  restartPolicy: Never

.github/helm/affine/charts/front/values.yaml

@@ -1,60 +0,0 @@
-replicaCount: 1
-image:
-  repository: ghcr.io/toeverything/affine
-  pullPolicy: IfNotPresent
-  tag: ''
-
-imagePullSecrets: []
-nameOverride: ''
-fullnameOverride: ''
-# map to NODE_ENV environment variable
-env: 'production'
-nodeOptions: '--max-old-space-size=3072'
-app:
-  # AFFINE_SERVER_PORT
-  port: 3010
-  # AFFINE_SERVER_SUB_PATH
-  path: ''
-  # AFFINE_SERVER_HOST
-  host: '0.0.0.0'
-  https: true
-serviceAccount:
-  create: true
-  annotations: {}
-  name: 'affine-front'
-
-podAnnotations: {}
-
-podSecurityContext:
-  fsGroup: 2000
-
-resources:
-  requests:
-    cpu: '2'
-    memory: 4Gi
-
-probe:
-  initialDelaySeconds: 20
-
-services:
-  sync:
-    name: affine-sync
-    type: ClusterIP
-    port: 3010
-    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
-  renderer:
-    name: affine-renderer
-    type: ClusterIP
-    port: 3000
-    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
-  web:
-    name: affine-web
-    type: ClusterIP
-    port: 8080
-    annotations: {}
-
-nodeSelector: {}
-tolerations: []
-affinity: {}

.github/helm/affine/charts/gcloud-sql-proxy/values.yaml

@@ -1,7 +1,5 @@
-replicaCount: 2
+replicaCount: 3
 enabled: false
-database: 
-  connectionName: ""
 
 image:
   # the tag is defined as chart appVersion.
@@ -33,11 +31,8 @@ service:
 
 resources:
   limits:
-    memory: "1Gi"
-    cpu: "1"
-  requests:
-    memory: "512Mi"
-    cpu: "100m"
+    memory: "4Gi"
+    cpu: "2"
 
 volumes: []
 volumeMounts: []

.github/helm/affine/charts/graphql/Chart.yaml

@@ -3,7 +3,7 @@ name: graphql
 description: AFFiNE GraphQL server
 type: application
 version: 0.0.0
-appVersion: "0.26.1"
+appVersion: "0.20.0"
 dependencies:
   - name: gcloud-sql-proxy
     version: 0.0.0

.github/helm/affine/charts/graphql/templates/deployment.yaml

@@ -67,15 +67,6 @@ spec:
                 key: redis-password
           - name: REDIS_SERVER_DATABASE
             value: "{{ .Values.global.redis.database }}"
-          - name: AFFINE_INDEXER_SEARCH_PROVIDER
-            value: "{{ .Values.global.indexer.provider }}"
-          - name: AFFINE_INDEXER_SEARCH_ENDPOINT
-            value: "{{ .Values.global.indexer.endpoint }}"
-          - name: AFFINE_INDEXER_SEARCH_API_KEY
-            valueFrom:
-              secretKeyRef:
-                name: indexer
-                key: indexer-apiKey
           - name: AFFINE_SERVER_PORT
             value: "{{ .Values.service.port }}"
           - name: AFFINE_SERVER_SUB_PATH

.github/helm/affine/charts/graphql/templates/migration.yaml

@@ -44,15 +44,6 @@ spec:
               secretKeyRef:
                 name: redis
                 key: redis-password
-          - name: AFFINE_INDEXER_SEARCH_PROVIDER
-            value: "{{ .Values.global.indexer.provider }}"
-          - name: AFFINE_INDEXER_SEARCH_ENDPOINT
-            value: "{{ .Values.global.indexer.endpoint }}"
-          - name: AFFINE_INDEXER_SEARCH_API_KEY
-            valueFrom:
-              secretKeyRef:
-                name: indexer
-                key: indexer-apiKey
         resources:
           requests:
             cpu: '100m'

.github/helm/affine/charts/graphql/values.yaml

@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  repository: ghcr.io/toeverything/affine
+  repository: ghcr.io/toeverything/affine-graphql
   pullPolicy: IfNotPresent
   tag: ''
 

.github/helm/affine/charts/renderer/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: renderer
+description: AFFiNE renderer server
+type: application
+version: 0.0.0
+appVersion: "0.16.0"
+dependencies:
+  - name: gcloud-sql-proxy
+    version: 0.0.0
+    repository: "file://../gcloud-sql-proxy"
+    condition: .global.database.gcloud.enabled

.github/helm/affine/charts/renderer/templates/NOTES.txt

@@ -0,0 +1,16 @@
+1. Get the application URL by running these commands:
+{{- if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "renderer.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "renderer.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "renderer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "renderer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

.github/helm/affine/charts/renderer/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "renderer.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "renderer.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "renderer.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "renderer.labels" -}}
+helm.sh/chart: {{ include "renderer.chart" . }}
+{{ include "renderer.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+monitoring: enabled
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "renderer.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "renderer.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "renderer.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "renderer.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

.github/helm/affine/charts/renderer/templates/deployment.yaml

@@ -0,0 +1,109 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "renderer.fullname" . }}
+  labels:
+    {{- include "renderer.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "renderer.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "renderer.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "renderer.serviceAccountName" . }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+          - name: AFFINE_PRIVATE_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.global.secret.secretName }}"
+                key: key
+          - name: NODE_ENV
+            value: "{{ .Values.env }}"
+          - name: NODE_OPTIONS
+            value: "--max-old-space-size=2048"
+          - name: NO_COLOR
+            value: "1"
+          - name: DEPLOYMENT_TYPE
+            value: "{{ .Values.global.deployment.type }}"
+          - name: DEPLOYMENT_PLATFORM
+            value: "{{ .Values.global.deployment.platform }}"
+          - name: SERVER_FLAVOR
+            value: "renderer"
+          - name: AFFINE_ENV
+            value: "{{ .Release.Namespace }}"
+          - name: DATABASE_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: pg-postgresql
+                key: postgres-password
+          - name: DATABASE_URL
+            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
+          - name: REDIS_SERVER_ENABLED
+            value: "true"
+          - name: REDIS_SERVER_HOST
+            value: "{{ .Values.global.redis.host }}"
+          - name: REDIS_SERVER_PORT
+            value: "{{ .Values.global.redis.port }}"
+          - name: REDIS_SERVER_USER
+            value: "{{ .Values.global.redis.username }}"
+          - name: REDIS_SERVER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: redis
+                key: redis-password
+          - name: REDIS_SERVER_DATABASE
+            value: "{{ .Values.global.redis.database }}"
+          - name: AFFINE_SERVER_PORT
+            value: "{{ .Values.service.port }}"
+          - name: AFFINE_SERVER_SUB_PATH
+            value: "{{ .Values.app.path }}"
+          - name: AFFINE_SERVER_HOST
+            value: "{{ .Values.app.host }}"
+          - name: AFFINE_SERVER_HTTPS
+            value: "{{ .Values.app.https }}"
+          - name: DOC_SERVICE_ENDPOINT
+            value: "http://{{ .Values.global.docService.name }}:{{ .Values.global.docService.port }}"
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /info
+              port: http
+            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
+          readinessProbe:
+            httpGet:
+              path: /info
+              port: http
+            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

.github/helm/affine/charts/renderer/templates/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "graphql.fullname" . }}
+  labels:
+    {{- include "graphql.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "graphql.selectorLabels" . | nindent 4 }}

.github/helm/affine/charts/renderer/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "graphql.serviceAccountName" . }}
+  labels:
+    {{- include "graphql.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

.github/helm/affine/charts/renderer/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "renderer.fullname" . }}-test-connection"
+  labels:
+    {{- include "renderer.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "renderer.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

.github/helm/affine/charts/renderer/values.yaml

@@ -0,0 +1,38 @@
+replicaCount: 1
+image:
+  repository: ghcr.io/toeverything/affine-graphql
+  pullPolicy: IfNotPresent
+  tag: ''
+
+imagePullSecrets: []
+nameOverride: ''
+fullnameOverride: ''
+# map to NODE_ENV environment variable
+env: 'production'
+app:
+  # AFFINE_SERVER_SUB_PATH
+  path: ''
+  # AFFINE_SERVER_HOST
+  host: '0.0.0.0'
+  https: true
+serviceAccount:
+  create: true
+  annotations: {}
+  name: 'affine-renderer'
+
+podAnnotations: {}
+
+podSecurityContext:
+  fsGroup: 2000
+
+resources:
+  requests:
+    cpu: '1'
+    memory: 2Gi
+
+probe:
+  initialDelaySeconds: 20
+
+nodeSelector: {}
+tolerations: []
+affinity: {}

.github/helm/affine/charts/sync/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

.github/helm/affine/charts/sync/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: sync
+description: AFFiNE Sync Server
+type: application
+version: 0.0.0
+appVersion: "0.20.0"
+dependencies:
+  - name: gcloud-sql-proxy
+    version: 0.0.0
+    repository: "file://../gcloud-sql-proxy"
+    condition: .global.database.gcloud.enabled

.github/helm/affine/charts/sync/templates/NOTES.txt

@@ -0,0 +1,16 @@
+1. Get the application URL by running these commands:
+{{- if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "sync.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "sync.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "sync.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "sync.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

.github/helm/affine/charts/sync/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sync.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sync.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sync.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "sync.labels" -}}
+helm.sh/chart: {{ include "sync.chart" . }}
+{{ include "sync.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+monitoring: enabled
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "sync.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "sync.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "sync.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "sync.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

.github/helm/affine/charts/sync/templates/deployment.yaml

@@ -0,0 +1,103 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "sync.fullname" . }}
+  labels:
+    {{- include "sync.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "sync.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "sync.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "sync.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+          - name: AFFINE_PRIVATE_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.global.secret.secretName }}"
+                key: key
+          - name: NODE_ENV
+            value: "{{ .Values.env }}"
+          - name: NO_COLOR
+            value: "1"
+          - name: DEPLOYMENT_TYPE
+            value: "{{ .Values.global.deployment.type }}"
+          - name: DEPLOYMENT_PLATFORM
+            value: "{{ .Values.global.deployment.platform }}"
+          - name: SERVER_FLAVOR
+            value: "sync"
+          - name: AFFINE_ENV
+            value: "{{ .Release.Namespace }}"
+          - name: DATABASE_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: pg-postgresql
+                key: postgres-password
+          - name: DATABASE_URL
+            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
+          - name: REDIS_SERVER_HOST
+            value: "{{ .Values.global.redis.host }}"
+          - name: REDIS_SERVER_PORT
+            value: "{{ .Values.global.redis.port }}"
+          - name: REDIS_SERVER_USER
+            value: "{{ .Values.global.redis.username }}"
+          - name: REDIS_SERVER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: redis
+                key: redis-password
+          - name: REDIS_SERVER_DATABASE
+            value: "{{ .Values.global.redis.database }}"
+          - name: AFFINE_SERVER_PORT
+            value: "{{ .Values.service.port }}"
+          - name: AFFINE_SERVER_HOST
+            value: "{{ .Values.app.host }}"
+          - name: DOC_SERVICE_ENDPOINT
+            value: "http://{{ .Values.global.docService.name }}:{{ .Values.global.docService.port }}"
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
+          readinessProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

.github/helm/affine/charts/sync/templates/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "sync.fullname" . }}
+  labels:
+    {{- include "sync.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "sync.selectorLabels" . | nindent 4 }}

.github/helm/affine/charts/sync/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "sync.serviceAccountName" . }}
+  labels:
+    {{- include "sync.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

.github/helm/affine/charts/sync/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "sync.fullname" . }}-test-connection"
+  labels:
+    {{- include "sync.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "sync.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

.github/helm/affine/charts/sync/values.yaml

@@ -0,0 +1,38 @@
+replicaCount: 1
+image:
+  repository: ghcr.io/toeverything/affine-graphql
+  pullPolicy: IfNotPresent
+  tag: ''
+
+imagePullSecrets: []
+nameOverride: ''
+fullnameOverride: ''
+# map to NODE_ENV environment variable
+env: 'production'
+app:
+  # AFFINE_SERVER_HOST
+  host: '0.0.0.0'
+serviceAccount:
+  create: true
+  annotations: {}
+  name: 'affine-sync'
+
+podAnnotations: {}
+
+podSecurityContext:
+  fsGroup: 2000
+
+resources:
+  limits:
+    cpu: '2'
+    memory: 4Gi
+  requests:
+    cpu: '1'
+    memory: 2Gi
+
+probe:
+  initialDelaySeconds: 20
+
+nodeSelector: {}
+tolerations: []
+affinity: {}

.github/helm/affine/charts/web/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

.github/helm/affine/charts/web/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: web
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.0
+appVersion: "0.7.0-canary.18"

.github/helm/affine/charts/web/templates/NOTES.txt

@@ -0,0 +1,16 @@
+1. Get the application URL by running these commands:
+{{- if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "web.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "web.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "web.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "web.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

.github/helm/affine/charts/web/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "web.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "web.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "web.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "web.labels" -}}
+helm.sh/chart: {{ include "web.chart" . }}
+{{ include "web.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+monitoring: enabled
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "web.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "web.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "web.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "web.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

.github/helm/affine/charts/web/templates/deployment.yaml

@@ -0,0 +1,60 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "web.fullname" . }}
+  labels:
+    {{- include "web.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "web.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "web.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "web.serviceAccountName" . }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+          - name: AFFINE_ENV
+            value: "{{ .Release.Namespace }}"
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

.github/helm/affine/charts/web/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "web.fullname" . }}
+  labels:
+    {{- include "web.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "web.selectorLabels" . | nindent 4 }}

.github/helm/affine/charts/web/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "web.serviceAccountName" . }}
+  labels:
+    {{- include "web.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

.github/helm/affine/charts/web/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "web.fullname" . }}-test-connection"
+  labels:
+    {{- include "web.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "web.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

.github/helm/affine/charts/web/values.yaml

@@ -0,0 +1,37 @@
+replicaCount: 1
+
+image:
+  repository: ghcr.io/toeverything/affine-front
+  pullPolicy: IfNotPresent
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  create: true
+  annotations: {}
+  name: "affine-web"
+
+podAnnotations: {}
+
+podSecurityContext:
+  fsGroup: 2000
+
+resources:
+  limits:
+    cpu: '500m'
+    memory: 2Gi
+  requests:
+    cpu: '500m'
+    memory: 2Gi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+probe:
+  initialDelaySeconds: 1

.github/helm/affine/templates/indexer-secret.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.global.indexer.apiKey -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: indexer
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade
-    "helm.sh/hook-weight": "-2"
-    "helm.sh/hook-delete-policy": before-hook-creation
-type: Opaque
-data:
-  indexer-apiKey: {{ .Values.global.indexer.apiKey | b64enc }}
-{{- end }}

.github/helm/affine/templates/ingress.yaml

@@ -36,44 +36,42 @@ spec:
     {{- end }}
   {{- end }}
   rules:
-    {{- range .Values.global.ingress.hosts }}
-    - host: {{ . | quote }}
+    - host: "{{ .Values.global.ingress.host }}"
       http:
         paths:
           - path: /socket.io
             pathType: Prefix
             backend:
               service:
-                name: {{ $.Values.front.services.sync.name }}
+                name: affine-sync
                 port:
-                  number: {{ $.Values.front.services.sync.port }}
+                  number: {{ .Values.sync.service.port }}
           - path: /graphql
             pathType: Prefix
             backend:
               service:
                 name: affine-graphql
                 port:
-                  number: {{ $.Values.graphql.service.port }}
+                  number: {{ .Values.graphql.service.port }}
           - path: /api
             pathType: Prefix
             backend:
               service:
                 name: affine-graphql
                 port:
-                  number: {{ $.Values.graphql.service.port }}
+                  number: {{ .Values.graphql.service.port }}
           - path: /workspace
             pathType: Prefix
             backend:
               service:
-                name: {{ $.Values.front.services.renderer.name }}
+                name: affine-renderer
                 port:
-                  number: {{ $.Values.front.services.renderer.port }}
+                  number: {{ .Values.renderer.service.port }}
           - path: /
             pathType: Prefix
             backend:
               service:
-                name: {{ $.Values.front.services.web.name }}
+                name: affine-web
                 port:
-                  number: {{ $.Values.front.services.web.port }}
-    {{- end }}
+                  number: {{ .Values.web.service.port }}
 {{- end }}

.github/helm/affine/templates/monitoring.yaml

@@ -1,13 +0,0 @@
-{{- if eq .Values.global.deployment.platform "gcp" -}}
-apiVersion: monitoring.googleapis.com/v1
-kind: PodMonitoring
-metadata:
-  name: "{{ .Release.Name }}-monitoring"
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: 9464
-      interval: 30s
-{{- end }}

.github/helm/affine/values.yaml

@@ -4,13 +4,7 @@ global:
   ingress:
     enabled: false
     className: ''
-    # hosts for ingress rules
-    # e.g.
-    # hosts:
-    #  - affine.pro
-    #  - www.affine.pro
-    hosts:
-      - affine.pro
+    host: affine.pro
     tls: []
   secret:
     secretName: 'server-private-key'
@@ -27,11 +21,6 @@ global:
     username: ''
     password: ''
     database: 0
-  indexer:
-    provider: ''
-    endpoint: ''
-    username: ''
-    password: ''
   docService:
     name: 'affine-doc'
     port: 3020
@@ -47,27 +36,27 @@ graphql:
     annotations:
       cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
 
+sync:
+  service:
+    type: ClusterIP
+    port: 3010
+    annotations:
+      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
+
+renderer:
+  service:
+    type: ClusterIP
+    port: 3000
+    annotations:
+      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
+
 doc:
   service:
     type: ClusterIP
     annotations:
       cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
 
-front:
-  services:
-    sync:
-      name: affine-sync
-      type: ClusterIP
-      port: 3010
-      annotations:
-        cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
-    renderer:
-      name: affine-renderer
-      type: ClusterIP
-      port: 3000
-      annotations:
-        cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
-    web:
-      name: affine-web
-      type: ClusterIP
-      port: 8080
+web:
+  service:
+    type: ClusterIP
+    port: 8080

.github/renovate.json

@@ -21,34 +21,16 @@
       "groupName": "oxlint"
     },
     {
-      "groupName": "all non-major rust dependencies",
-      "groupSlug": "all-minor-patch",
-      "matchUpdateTypes": ["minor", "patch"],
-      "matchManagers": ["cargo"]
-    },
-    {
-      "groupName": "all non-major npm dependencies",
-      "groupSlug": "all-minor-patch",
-      "matchUpdateTypes": ["minor", "patch"],
-      "matchManagers": ["npm"],
-      "matchPackageNames": ["*", "!/^@blocksuite//", "!/oxlint/"]
+      "groupName": "blocksuite",
+      "rangeStrategy": "replace",
+      "changelogUrl": "https://github.com/toeverything/blocksuite/blob/master/packages/blocks/CHANGELOG.md",
+      "matchPackageNames": ["/^@blocksuite/", "!@blocksuite/icons"]
     },
     {
       "groupName": "all non-major dependencies",
       "groupSlug": "all-minor-patch",
       "matchUpdateTypes": ["minor", "patch"],
-      "matchManagers": [
-        "dockerfile",
-        "github-actions",
-        "helmv3",
-        "helm-values",
-        "gradle-wrapper",
-        "gradle",
-        "docker-compose",
-        "devcontainer",
-        "cocoapods",
-        "bundler"
-      ]
+      "matchPackageNames": ["*", "!/^@blocksuite//", "!/oxlint/"]
     },
     {
       "groupName": "rust toolchain",

.github/workflows/build-images.yml

@@ -3,13 +3,7 @@ name: Build Images
 on:
   workflow_call:
     inputs:
-      build-type:
-        type: string
-        required: true
-      app-version:
-        type: string
-        required: true
-      git-short-hash:
+      flavor:
         type: string
         required: true
 
@@ -19,16 +13,40 @@ permissions:
   packages: 'write'
 
 jobs:
-  build-web:
-    name: Build @affine/web
+  build-server:
+    name: Build Server
     runs-on: ubuntu-latest
-    environment: ${{ inputs.build-type }}
     steps:
       - uses: actions/checkout@v4
       - name: Setup Version
+        id: version
         uses: ./.github/actions/setup-version
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
         with:
-          app-version: ${{ inputs.app-version }}
+          electron-install: false
+          extra-flags: workspaces focus @affine/server @types/affine__env
+      - name: Build Server
+        run: |
+          find packages/backend/server/src -type d -name "__tests__" -exec rm -rf {} +
+          rm -rf packages/backend/server/src/seed
+          yarn workspace @affine/server build
+      - name: Upload server dist
+        uses: actions/upload-artifact@v4
+        with:
+          name: server-dist
+          path: ./packages/backend/server/dist
+          if-no-files-found: error
+
+  build-web:
+    name: Build @affine/web
+    runs-on: ubuntu-latest
+    environment: ${{ github.event.inputs.flavor }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Version
+        id: version
+        uses: ./.github/actions/setup-version
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
       - name: Build Core
@@ -37,14 +55,15 @@ jobs:
           R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
           R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
           R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
-          BUILD_TYPE: ${{ inputs.build-type }}
+          BUILD_TYPE: ${{ github.event.inputs.flavor }}
           CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
           SENTRY_PROJECT: 'affine-web'
-          SENTRY_RELEASE: ${{ inputs.app-version }}
+          SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }}
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
           PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
+          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
       - name: Upload web artifact
         uses: actions/upload-artifact@v4
         with:
@@ -55,13 +74,12 @@ jobs:
   build-admin:
     name: Build @affine/admin
     runs-on: ubuntu-latest
-    environment: ${{ inputs.build-type }}
+    environment: ${{ github.event.inputs.flavor }}
     steps:
       - uses: actions/checkout@v4
       - name: Setup Version
+        id: version
         uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
       - name: Build Admin
@@ -70,13 +88,14 @@ jobs:
           R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
           R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
           R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
-          BUILD_TYPE: ${{ inputs.build-type }}
+          BUILD_TYPE: ${{ github.event.inputs.flavor }}
           CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
           SENTRY_PROJECT: 'affine-admin'
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
           PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
+          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
       - name: Upload admin artifact
         uses: actions/upload-artifact@v4
         with:
@@ -87,13 +106,12 @@ jobs:
   build-mobile:
     name: Build @affine/mobile
     runs-on: ubuntu-latest
-    environment: ${{ inputs.build-type }}
+    environment: ${{ github.event.inputs.flavor }}
     steps:
       - uses: actions/checkout@v4
       - name: Setup Version
+        id: version
         uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
       - name: Build Mobile
@@ -102,13 +120,14 @@ jobs:
           R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
           R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
           R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
-          BUILD_TYPE: ${{ inputs.build-type }}
+          BUILD_TYPE: ${{ github.event.inputs.flavor }}
           CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
           SENTRY_PROJECT: 'affine-mobile'
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
           PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
+          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
       - name: Upload mobile artifact
         uses: actions/upload-artifact@v4
         with:
@@ -119,13 +138,12 @@ jobs:
   build-server-native:
     name: Build Server native - ${{ matrix.targets.name }}
     runs-on: ubuntu-latest
-    environment: ${{ inputs.build-type }}
     strategy:
       fail-fast: false
       matrix:
         targets:
           - name: x86_64-unknown-linux-gnu
-            file: server-native.x64.node
+            file: server-native.node
           - name: aarch64-unknown-linux-gnu
             file: server-native.arm64.node
           - name: armv7-unknown-linux-gnueabihf
@@ -134,9 +152,8 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Setup Version
+        id: version
         uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
         with:
@@ -144,53 +161,14 @@ jobs:
           extra-flags: workspaces focus @affine/server-native
       - name: Build Rust
         uses: ./.github/actions/build-rust
-        env:
-          AFFINE_PRO_PUBLIC_KEY: ${{ secrets.AFFINE_PRO_PUBLIC_KEY }}
-          AFFINE_PRO_LICENSE_AES_KEY: ${{ secrets.AFFINE_PRO_LICENSE_AES_KEY }}
         with:
           target: ${{ matrix.targets.name }}
           package: '@affine/server-native'
-      - name: Rename ${{ matrix.targets.file }}
-        run: |
-          mv ./packages/backend/native/server-native.node ./packages/backend/native/${{ matrix.targets.file }}
       - name: Upload ${{ matrix.targets.file }}
         uses: actions/upload-artifact@v4
         with:
-          name: server-native-${{ matrix.targets.file }}
-          path: ./packages/backend/native/${{ matrix.targets.file }}
-          if-no-files-found: error
-
-  build-server:
-    name: Build Server
-    runs-on: ubuntu-latest
-    needs:
-      - build-server-native
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          electron-install: false
-          extra-flags: workspaces focus @affine/server @types/affine__env
-      - name: Download server-native
-        uses: actions/download-artifact@v4
-        with:
-          pattern: server-native-*
-          merge-multiple: true
-          path: ./packages/backend/native
-      - name: List server-native files
-        run: ls -alh ./packages/backend/native
-      - name: Build Server
-        run: yarn workspace @affine/server build
-      - name: Upload server dist
-        uses: actions/upload-artifact@v4
-        with:
-          name: server-dist
-          path: ./packages/backend/server/dist
+          name: ${{ matrix.targets.file }}
+          path: ./packages/backend/native/server-native.node
           if-no-files-found: error
 
   build-images:
@@ -201,6 +179,7 @@ jobs:
       - build-web
       - build-mobile
       - build-admin
+      - build-server-native
     steps:
       - uses: actions/checkout@v4
       - name: Download server dist
@@ -208,6 +187,35 @@ jobs:
         with:
           name: server-dist
           path: ./packages/backend/server/dist
+      - name: Download server-native.node
+        uses: actions/download-artifact@v4
+        with:
+          name: server-native.node
+          path: ./packages/backend/server
+      - name: Download server-native.node arm64
+        uses: actions/download-artifact@v4
+        with:
+          name: server-native.arm64.node
+          path: ./packages/backend/native
+      - name: Download server-native.node arm64
+        uses: actions/download-artifact@v4
+        with:
+          name: server-native.armv7.node
+          path: .
+      - name: move server-native files
+        run: |
+          mv ./packages/backend/native/server-native.node ./packages/backend/server/server-native.arm64.node
+          mv server-native.node ./packages/backend/server/server-native.armv7.node
+      - name: Setup env
+        run: |
+          echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
+          if [ -z "${{ inputs.flavor }}" ]
+          then
+            echo "RELEASE_FLAVOR=canary" >> "$GITHUB_ENV"
+          else
+            echo "RELEASE_FLAVOR=${{ inputs.flavor }}" >> "$GITHUB_ENV"
+          fi
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -255,15 +263,22 @@ jobs:
       - name: Generate Prisma client
         run: yarn workspace @affine/server prisma generate
 
-      - name: Mv node_modules
-        run: mv ./node_modules ./packages/backend/server
-
       - name: Setup Version
+        id: version
         uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
 
-      - name: Build backend Dockerfile
+      - name: Build front Dockerfile
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          pull: true
+          platforms: linux/amd64,linux/arm64
+          provenance: true
+          file: .github/deployment/front/Dockerfile
+          tags: ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}
+
+      - name: Build graphql Dockerfile
         uses: docker/build-push-action@v6
         with:
           context: .
@@ -272,4 +287,4 @@ jobs:
           platforms: linux/amd64,linux/arm64,linux/arm/v7
           provenance: true
           file: .github/deployment/node/Dockerfile
-          tags: ghcr.io/toeverything/affine:${{inputs.build-type}}-${{ inputs.git-short-hash }}
+          tags: ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}

.github/workflows/build-selfhost-image.yml

@@ -0,0 +1,25 @@
+name: Build Selfhost Image
+
+on:
+  workflow_dispatch:
+    inputs:
+      flavor:
+        description: 'Select distribution to build'
+        type: choice
+        default: canary
+        options:
+          - canary
+          - beta
+          - stable
+
+permissions:
+  contents: 'write'
+  id-token: 'write'
+  packages: 'write'
+
+jobs:
+  build-image:
+    name: Build Image
+    uses: ./.github/workflows/build-images.yml
+    with:
+      flavor: ${{ github.event.inputs.flavor }}

.github/workflows/build-test.yml

@@ -11,7 +11,6 @@ on:
     paths-ignore:
       - README.md
   pull_request:
-  merge_group:
 
 env:
   DEBUG: napi:*
@@ -19,20 +18,34 @@ env:
   APP_NAME: affine
   AFFINE_ENV: dev
   COVERAGE: true
-  MACOSX_DEPLOYMENT_TARGET: '11.6'
+  MACOSX_DEPLOYMENT_TARGET: '10.13'
   DEPLOYMENT_TYPE: affine
-  AFFINE_INDEXER_ENABLED: true
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
+  optimize_ci:
+    name: Optimize CI
+    runs-on: ubuntu-latest
+    outputs:
+      skip: ${{ steps.check_skip.outputs.skip }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Graphite CI Optimizer
+        uses: withgraphite/graphite-ci-action@main
+        id: check_skip
+        with:
+          graphite_token: ${{ secrets.GRAPHITE_CI_OPTIMIZER_TOKEN }}
+
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
     env:
       NODE_OPTIONS: --max-old-space-size=14384
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     permissions:
       actions: read
       contents: read
@@ -66,6 +79,9 @@ jobs:
   lint:
     name: Lint
     runs-on: ubuntu-24.04-arm
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
+
     steps:
       - uses: actions/checkout@v4
       - name: Run oxlint
@@ -91,6 +107,8 @@ jobs:
   typecheck:
     name: Typecheck
     runs-on: ubuntu-24.04-arm
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       NODE_OPTIONS: --max-old-space-size=14384
     steps:
@@ -107,7 +125,6 @@ jobs:
       - name: Run BS Docs Build
         run: |
           yarn affine bs-docs build
-          git checkout packages/frontend/i18n/src/i18n-completenesses.json
           git status --porcelain | grep . && {
             echo "Run 'yarn typecheck && yarn affine bs-docs build' and make sure all changes are submitted"
             exit 1
@@ -118,6 +135,8 @@ jobs:
   lint-rust:
     name: Lint Rust
     runs-on: ubuntu-latest
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/build-rust
@@ -131,14 +150,14 @@ jobs:
       - name: Clippy
         run: |
           rustup component add clippy
-          cargo clippy --workspace --exclude affine_server_native --all-targets --all-features -- -D warnings
-          cargo clippy -p affine_server_native --all-targets --all-features -- -D warnings
+          cargo clippy --all-targets --all-features -- -D warnings
 
   check-git-status:
     name: Check Git Status
     runs-on: ubuntu-latest
     needs:
-      - build-server-native
+      - optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -146,21 +165,13 @@ jobs:
         with:
           full-cache: true
 
-      - name: Download server-native.node
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/native
-
       - name: Run Check
         run: |
           yarn affine init
           yarn affine gql build
           yarn affine i18n build
-          yarn affine server genconfig
-          git checkout packages/frontend/i18n/src/i18n-completenesses.json
           git status --porcelain | grep . && {
-            echo "Run 'yarn affine init && yarn affine gql build && yarn affine i18n build && yarn affine server genconfig' and make sure all changes are submitted"
+            echo "Run 'yarn affine init && yarn affine gql build && yarn affine i18n build' and make sure all changes are submitted"
             exit 1
           } || {
             echo "All changes are submitted"
@@ -169,6 +180,8 @@ jobs:
   check-yarn-binary:
     name: Check yarn binary
     runs-on: ubuntu-latest
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     steps:
       - uses: actions/checkout@v4
       - name: Run check
@@ -179,10 +192,12 @@ jobs:
   e2e-blocksuite-test:
     name: E2E BlockSuite Test
     runs-on: ubuntu-latest
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     strategy:
       fail-fast: false
       matrix:
-        shard: [1, 2]
+        shard: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -203,47 +218,15 @@ jobs:
         if: always()
         uses: actions/upload-artifact@v4
         with:
-          name: test-results-e2e-bs-${{ matrix.shard }}
-          path: ./test-results
-          if-no-files-found: ignore
-
-  e2e-blocksuite-cross-browser-test:
-    name: E2E BlockSuite Cross Browser Test
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        shard: [1]
-        browser: ['chromium', 'firefox', 'webkit']
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          playwright-install: true
-          playwright-platform: ${{ matrix.browser }}
-          electron-install: false
-          full-cache: true
-
-      - name: Run playground build
-        run: yarn workspace @blocksuite/playground build
-
-      - name: Run playwright tests
-        env:
-          BROWSER: ${{ matrix.browser }}
-        run: yarn workspace @affine-test/blocksuite test "cross-platform/" --forbid-only --shard=${{ matrix.shard }}/${{ strategy.job-total }}
-
-      - name: Upload test results
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: test-results-e2e-bs-cross-browser-${{ matrix.browser }}-${{ matrix.shard }}
+          name: test-results-e2e-legacy-bs-${{ matrix.shard }}
           path: ./test-results
           if-no-files-found: ignore
 
   e2e-test:
     name: E2E Test
     runs-on: ubuntu-24.04-arm
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       DISTRIBUTION: web
       IN_CI_TEST: true
@@ -251,7 +234,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        shard: [1, 2, 3, 4, 5]
+        shard: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -276,13 +259,15 @@ jobs:
   e2e-mobile-test:
     name: E2E Mobile Test
     runs-on: ubuntu-latest
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       DISTRIBUTION: mobile
       IN_CI_TEST: true
     strategy:
       fail-fast: false
       matrix:
-        shard: [1, 2]
+        shard: [1, 2, 3, 4, 5]
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -307,13 +292,15 @@ jobs:
     name: Unit Test
     runs-on: ubuntu-latest
     needs:
+      - optimize_ci
       - build-native
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       DISTRIBUTION: web
     strategy:
       fail-fast: false
       matrix:
-        shard: [1, 2, 3]
+        shard: [1, 2, 3, 4, 5]
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -344,6 +331,8 @@ jobs:
   build-native:
     name: Build AFFiNE native (${{ matrix.spec.target }})
     runs-on: ${{ matrix.spec.os }}
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       CARGO_PROFILE_RELEASE_DEBUG: '1'
     strategy:
@@ -386,6 +375,8 @@ jobs:
   build-windows-native:
     name: Build AFFiNE native (${{ matrix.spec.target }})
     runs-on: ${{ matrix.spec.os }}
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       CARGO_PROFILE_RELEASE_DEBUG: '1'
     strategy:
@@ -433,6 +424,8 @@ jobs:
   build-server-native:
     name: Build Server native
     runs-on: ubuntu-latest
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       CARGO_PROFILE_RELEASE_DEBUG: '1'
     steps:
@@ -458,6 +451,8 @@ jobs:
   build-electron-renderer:
     name: Build @affine/electron renderer
     runs-on: ubuntu-latest
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -483,7 +478,9 @@ jobs:
     name: Native Unit Test
     runs-on: ubuntu-latest
     needs:
+      - optimize_ci
       - build-native
+    if: needs.optimize_ci.outputs.skip == 'false'
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -503,12 +500,14 @@ jobs:
     name: Server Test
     runs-on: ubuntu-latest
     needs:
+      - optimize_ci
       - build-server-native
+    if: needs.optimize_ci.outputs.skip == 'false'
     strategy:
       fail-fast: false
       matrix:
-        node_index: [0, 1, 2, 3]
-        total_nodes: [4]
+        node_index: [0, 1, 2, 3, 4, 5, 6, 7]
+        total_nodes: [8]
     env:
       NODE_ENV: test
       DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
@@ -534,10 +533,6 @@ jobs:
         ports:
           - 1025:1025
           - 8025:8025
-      indexer:
-        image: manticoresearch/manticore:10.1.0
-        ports:
-          - 9308:9308
     steps:
       - uses: actions/checkout@v4
 
@@ -551,7 +546,7 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: server-native.node
-          path: ./packages/backend/native
+          path: ./packages/backend/server
 
       - name: Prepare Server Test Environment
         uses: ./.github/actions/server-test-env
@@ -572,94 +567,14 @@ jobs:
           name: affine
           fail_ci_if_error: false
 
-  server-test-elasticsearch:
-    name: Server Test with Elasticsearch
-    runs-on: ubuntu-latest
-    needs:
-      - build-server-native
-    strategy:
-      fail-fast: false
-    env:
-      NODE_ENV: test
-      DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
-      REDIS_SERVER_HOST: localhost
-      AFFINE_INDEXER_SEARCH_PROVIDER: elasticsearch
-      AFFINE_INDEXER_SEARCH_ENDPOINT: http://localhost:9200
-    services:
-      postgres:
-        image: pgvector/pgvector:pg16
-        env:
-          POSTGRES_PASSWORD: affine
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-      redis:
-        image: redis
-        ports:
-          - 6379:6379
-      mailer:
-        image: mailhog/mailhog
-        ports:
-          - 1025:1025
-          - 8025:8025
-    steps:
-      # https://github.com/elastic/elastic-github-actions/blob/master/elasticsearch/README.md
-      - name: Configure sysctl limits for Elasticsearch
-        run: |
-          sudo swapoff -a
-          sudo sysctl -w vm.swappiness=1
-          sudo sysctl -w fs.file-max=262144
-          sudo sysctl -w vm.max_map_count=262144
-
-      - name: Runs Elasticsearch
-        uses: elastic/elastic-github-actions/elasticsearch@master
-        with:
-          stack-version: 9.0.1
-          security-enabled: false
-
-      - uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          electron-install: false
-          full-cache: true
-
-      - name: Download server-native.node
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/native
-
-      - name: Prepare Server Test Environment
-        uses: ./.github/actions/server-test-env
-
-      - name: Run server tests with elasticsearch only
-        run: yarn affine @affine/server test:coverage "**/*/*elasticsearch.spec.ts" --forbid-only
-        env:
-          CARGO_TARGET_DIR: '${{ github.workspace }}/target'
-          CI_NODE_INDEX: ${{ matrix.node_index }}
-          CI_NODE_TOTAL: ${{ matrix.total_nodes }}
-
-      - name: Upload server test coverage results
-        uses: codecov/codecov-action@v5
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          files: ./packages/backend/server/.coverage/lcov.info
-          flags: server-test
-          name: affine
-          fail_ci_if_error: false
-
   server-e2e-test:
     # the new version of server e2e test should be super fast, so sharding testing is not needed
     name: Server E2E Test
     runs-on: ubuntu-latest
     needs:
+      - optimize_ci
       - build-server-native
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       NODE_ENV: test
       DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
@@ -680,10 +595,6 @@ jobs:
         image: redis
         ports:
           - 6379:6379
-      indexer:
-        image: manticoresearch/manticore:10.1.0
-        ports:
-          - 9308:9308
     steps:
       - uses: actions/checkout@v4
 
@@ -697,7 +608,7 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: server-native.node
-          path: ./packages/backend/native
+          path: ./packages/backend/server
 
       - name: Prepare Server Test Environment
         uses: ./.github/actions/server-test-env
@@ -714,93 +625,11 @@ jobs:
           name: affine
           fail_ci_if_error: false
 
-  miri:
-    name: miri code check
-    runs-on: ubuntu-latest
-    env:
-      RUST_BACKTRACE: full
-      CARGO_TERM_COLOR: always
-      MIRIFLAGS: -Zmiri-backtrace=full -Zmiri-tree-borrows
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Rust
-        uses: dtolnay/rust-toolchain@stable
-        with:
-          toolchain: nightly
-          components: miri
-      - name: Install latest nextest release
-        uses: taiki-e/install-action@v2
-        with:
-          tool: nextest@0.9.98
-
-      - name: Miri Code Check
-        continue-on-error: true
-        run: |
-          cargo +nightly miri nextest run -p y-octo -j4
-
-  loom:
-    name: loom thread test
-    runs-on: ubuntu-latest
-    env:
-      RUSTFLAGS: --cfg loom
-      RUST_BACKTRACE: full
-      CARGO_TERM_COLOR: always
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Rust
-        uses: dtolnay/rust-toolchain@stable
-        with:
-          toolchain: stable
-      - name: Install latest nextest release
-        uses: taiki-e/install-action@v2
-        with:
-          tool: nextest@0.9.98
-
-      - name: Loom Thread Test
-        run: |
-          cargo nextest run -p y-octo --lib
-
-  fuzzing:
-    name: fuzzing
-    runs-on: ubuntu-latest
-    env:
-      CARGO_TERM_COLOR: always
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Rust
-        uses: dtolnay/rust-toolchain@stable
-        with:
-          toolchain: nightly
-
-      - name: fuzzing
-        working-directory: ./packages/common/y-octo/utils
-        run: |
-          cargo install cargo-fuzz
-          cargo +nightly fuzz run apply_update -- -max_total_time=30
-          cargo +nightly fuzz run codec_doc_any_struct -- -max_total_time=30
-          cargo +nightly fuzz run codec_doc_any -- -max_total_time=30
-          cargo +nightly fuzz run decode_bytes -- -max_total_time=30
-          cargo +nightly fuzz run i32_decode -- -max_total_time=30
-          cargo +nightly fuzz run i32_encode -- -max_total_time=30
-          cargo +nightly fuzz run ins_del_text -- -max_total_time=30
-          cargo +nightly fuzz run sync_message -- -max_total_time=30
-          cargo +nightly fuzz run u64_decode -- -max_total_time=30
-          cargo +nightly fuzz run u64_encode -- -max_total_time=30
-          cargo +nightly fuzz run apply_update -- -max_total_time=30
-
-      - name: upload fuzz artifacts
-        if: ${{ failure() }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: fuzz-artifact
-          path: packages/common/y-octo/utils/fuzz/artifacts/**/*
-
   rust-test:
     name: Run native tests
     runs-on: ubuntu-latest
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       CARGO_TERM_COLOR: always
     steps:
@@ -812,18 +641,18 @@ jobs:
           no-build: 'true'
 
       - name: Install latest nextest release
-        uses: taiki-e/install-action@v2
-        with:
-          tool: nextest@0.9.98
+        uses: taiki-e/install-action@nextest
 
       - name: Run tests
-        run: cargo nextest run --workspace --exclude affine_server_native --features use-as-lib --release --no-fail-fast
+        run: cargo nextest run --release --no-fail-fast
 
   copilot-api-test:
     name: Server Copilot Api Test
     runs-on: ubuntu-latest
     needs:
+      - optimize_ci
       - build-server-native
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       NODE_ENV: test
       DISTRIBUTION: web
@@ -850,10 +679,6 @@ jobs:
         ports:
           - 1025:1025
           - 8025:8025
-      indexer:
-        image: manticoresearch/manticore:10.1.0
-        ports:
-          - 9308:9308
     steps:
       - uses: actions/checkout@v4
 
@@ -888,12 +713,15 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: server-native.node
-          path: ./packages/backend/native
+          path: ./packages/backend/server
 
       - name: Prepare Server Test Environment
         if: ${{ steps.check-blocksuite-update.outputs.skip != 'true' || steps.apifilter.outputs.changed == 'true' }}
         env:
-          SERVER_CONFIG: ${{ secrets.TEST_SERVER_CONFIG }}
+          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
+          COPILOT_GOOGLE_API_KEY: ${{ secrets.COPILOT_GOOGLE_API_KEY }}
+          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
+          COPILOT_PERPLEXITY_API_KEY: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
         uses: ./.github/actions/server-test-env
 
       - name: Run server tests
@@ -924,8 +752,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        shardIndex: [1, 2, 3, 4, 5]
-        shardTotal: [5]
+        shardIndex: [1, 2, 3]
+        shardTotal: [3]
     needs:
       - build-server-native
     services:
@@ -944,10 +772,6 @@ jobs:
         image: redis
         ports:
           - 6379:6379
-      indexer:
-        image: manticoresearch/manticore:10.1.0
-        ports:
-          - 9308:9308
     steps:
       - uses: actions/checkout@v4
 
@@ -967,10 +791,7 @@ jobs:
         with:
           filters: |
             changed:
-              - 'packages/backend/server/src/plugins/copilot/**'
-              - 'packages/backend/server/tests/copilot.*'
               - 'packages/frontend/core/src/blocksuite/ai/**'
-              - 'packages/frontend/core/src/modules/workspace-indexer-embedding/**'
               - 'tests/affine-cloud-copilot/**'
 
       - name: Setup Node.js
@@ -987,12 +808,15 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: server-native.node
-          path: ./packages/backend/native
+          path: ./packages/backend/server
 
       - name: Prepare Server Test Environment
         if: ${{ steps.check-blocksuite-update.outputs.skip != 'true' || steps.e2efilter.outputs.changed == 'true' }}
         env:
-          SERVER_CONFIG: ${{ secrets.TEST_SERVER_CONFIG }}
+          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
+          COPILOT_GOOGLE_API_KEY: ${{ secrets.COPILOT_GOOGLE_API_KEY }}
+          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
+          COPILOT_PERPLEXITY_API_KEY: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
         uses: ./.github/actions/server-test-env
 
       - name: Run Copilot E2E Test ${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
@@ -1005,8 +829,10 @@ jobs:
     name: ${{ matrix.tests.name }}
     runs-on: ubuntu-latest
     needs:
+      - optimize_ci
       - build-server-native
       - build-native
+    if: needs.optimize_ci.outputs.skip == 'false'
     env:
       DISTRIBUTION: web
       DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
@@ -1016,12 +842,24 @@ jobs:
       fail-fast: false
       matrix:
         tests:
-          - name: 'Cloud E2E Test 1/2'
+          - name: 'Cloud E2E Test 1/6'
             shard: 1
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=1/2
-          - name: 'Cloud E2E Test 2/2'
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=1/6
+          - name: 'Cloud E2E Test 2/6'
             shard: 2
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=2/2
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=2/6
+          - name: 'Cloud E2E Test 3/6'
+            shard: 3
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=3/6
+          - name: 'Cloud E2E Test 4/6'
+            shard: 4
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=4/6
+          - name: 'Cloud E2E Test 5/6'
+            shard: 5
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=5/6
+          - name: 'Cloud E2E Test 6/6'
+            shard: 6
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=6/6
           - name: 'Cloud Desktop E2E Test'
             shard: desktop
             script: |
@@ -1052,10 +890,6 @@ jobs:
         ports:
           - 1025:1025
           - 8025:8025
-      indexer:
-        image: manticoresearch/manticore:10.1.0
-        ports:
-          - 9308:9308
     steps:
       - uses: actions/checkout@v4
 
@@ -1069,7 +903,7 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: server-native.node
-          path: ./packages/backend/native
+          path: ./packages/backend/server
 
       - name: Download affine.linux-x64-gnu.node
         uses: actions/download-artifact@v4
@@ -1098,8 +932,10 @@ jobs:
     name: Desktop Test (${{ matrix.spec.os }}, ${{ matrix.spec.platform }}, ${{ matrix.spec.arch }}, ${{ matrix.spec.target }}, ${{ matrix.spec.test }})
     runs-on: ${{ matrix.spec.os }}
     needs:
+      - optimize_ci
       - build-electron-renderer
       - build-native
+    if: needs.optimize_ci.outputs.skip == 'false'
     strategy:
       fail-fast: false
       matrix:
@@ -1194,8 +1030,10 @@ jobs:
     name: Desktop bundle check (${{ matrix.spec.os }}, ${{ matrix.spec.platform }}, ${{ matrix.spec.arch }}, ${{ matrix.spec.target }}, ${{ matrix.spec.test }})
     runs-on: ${{ matrix.spec.os }}
     needs:
+      - optimize_ci
       - build-electron-renderer
       - build-native
+    if: needs.optimize_ci.outputs.skip == 'false'
     strategy:
       fail-fast: false
       matrix:
@@ -1221,13 +1059,6 @@ jobs:
               target: x86_64-unknown-linux-gnu,
               test: true,
             }
-          - {
-              os: windows-latest,
-              platform: windows,
-              arch: x64,
-              target: x86_64-pc-windows-msvc,
-              test: true,
-            }
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -1268,23 +1099,11 @@ jobs:
           HOIST_NODE_MODULES: 1
         run: yarn affine @affine/electron package --platform=darwin --arch=arm64
 
-      - name: Make Bundle (Windows)
-        if: ${{ matrix.spec.target == 'x86_64-pc-windows-msvc' }}
-        shell: bash
-        env:
-          SKIP_BUNDLE: true
-          SKIP_WEB_BUILD: true
-          HOIST_NODE_MODULES: 1
-        run: |
-          rm -rf packages/frontend/apps/electron/node_modules/@affine/nbstore/node_modules/@blocksuite/affine/node_modules
-          rm -rf packages/frontend/apps/electron/node_modules/@affine/native/node_modules
-          yarn affine @affine/electron package --platform=win32 --arch=x64
-
       - name: Make Bundle (Linux)
         run: |
           sudo add-apt-repository universe
           sudo apt install -y libfuse2 elfutils flatpak flatpak-builder
-          flatpak remote-add --user --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+          flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
           flatpak update
           # some flatpak deps need git protocol.file.allow
           git config --global protocol.file.allow always
@@ -1299,6 +1118,17 @@ jobs:
         run: |
           yarn affine @affine/electron node ./scripts/macos-arm64-output-check.ts
 
+  test-build-mobile-app:
+    uses: ./.github/workflows/release-mobile.yml
+    needs: optimize_ci
+    if: needs.optimize_ci.outputs.skip == 'false'
+    with:
+      build-type: canary
+      build-target: development
+    secrets: inherit
+    permissions:
+      id-token: 'write'
+
   test-done:
     needs:
       - analyze
@@ -1309,7 +1139,6 @@ jobs:
       - check-yarn-binary
       - e2e-test
       - e2e-blocksuite-test
-      - e2e-blocksuite-cross-browser-test
       - e2e-mobile-test
       - unit-test
       - build-native
@@ -1317,9 +1146,6 @@ jobs:
       - build-server-native
       - build-electron-renderer
       - native-unit-test
-      - miri
-      - loom
-      - fuzzing
       - server-test
       - server-e2e-test
       - rust-test
@@ -1328,6 +1154,7 @@ jobs:
       - desktop-test
       - desktop-bundle-check
       - cloud-e2e-test
+      - test-build-mobile-app
     if: always()
     runs-on: ubuntu-latest
     name: 3, 2, 1 Launch

.github/workflows/copilot-test.yml

@@ -59,10 +59,6 @@ jobs:
         ports:
           - 1025:1025
           - 8025:8025
-      indexer:
-        image: manticoresearch/manticore:10.1.0
-        ports:
-          - 9308:9308
     steps:
       - uses: actions/checkout@v4
 
@@ -77,11 +73,14 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: server-native.node
-          path: ./packages/backend/native
+          path: ./packages/backend/server
 
       - name: Prepare Server Test Environment
         env:
-          SERVER_CONFIG: ${{ secrets.TEST_SERVER_CONFIG }}
+          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
+          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
+          COPILOT_GOOGLE_API_KEY: ${{ secrets.COPILOT_GOOGLE_API_KEY }}
+          COPILOT_PERPLEXITY_API_KEY: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
         uses: ./.github/actions/server-test-env
 
       - name: Run server tests
@@ -109,8 +108,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        shardIndex: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
-        shardTotal: [10]
+        shardIndex: [1, 2, 3]
+        shardTotal: [3]
     needs:
       - build-server-native
     services:
@@ -129,10 +128,6 @@ jobs:
         image: redis
         ports:
           - 6379:6379
-      indexer:
-        image: manticoresearch/manticore:10.1.0
-        ports:
-          - 9308:9308
     steps:
       - uses: actions/checkout@v4
 
@@ -147,11 +142,14 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: server-native.node
-          path: ./packages/backend/native
+          path: ./packages/backend/server
 
       - name: Prepare Server Test Environment
         env:
-          SERVER_CONFIG: ${{ secrets.TEST_SERVER_CONFIG }}
+          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
+          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
+          COPILOT_GOOGLE_API_KEY: ${{ secrets.COPILOT_GOOGLE_API_KEY }}
+          COPILOT_PERPLEXITY_API_KEY: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
         uses: ./.github/actions/server-test-env
 
       - name: Run Copilot E2E Test ${{ matrix.shardIndex }}/${{ matrix.shardTotal }}

.github/workflows/deploy-automatically.yml

@@ -0,0 +1,32 @@
+name: Deploy Automatically
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
+  schedule:
+    - cron: '0 9 * * *'
+
+permissions:
+  contents: write
+  pull-requests: write
+  actions: write
+
+jobs:
+  dispatch-deploy:
+    runs-on: ubuntu-latest
+    name: Setup Deploy
+    steps:
+      - name: dispatch deploy by tag
+        if: ${{ github.event_name == 'push' }}
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: deploy.yml
+          inputs: '{ "flavor": "canary" }'
+      - name: dispatch deploy by schedule
+        if: ${{ github.event_name == 'schedule' }}
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: deploy.yml
+          inputs: '{ "flavor": "canary" }'
+          ref: canary

.github/workflows/deploy.yml

@@ -0,0 +1,204 @@
+name: Deploy
+
+on:
+  workflow_dispatch:
+    inputs:
+      flavor:
+        description: 'Select what enverionment to deploy to'
+        type: choice
+        default: canary
+        options:
+          - canary
+          - beta
+          - stable
+          - internal
+
+permissions:
+  contents: 'write'
+  id-token: 'write'
+  packages: 'write'
+
+jobs:
+  output-prev-version:
+    name: Output previous version
+    runs-on: ubuntu-latest
+    environment: ${{ github.event.inputs.flavor }}
+    outputs:
+      prev: ${{ steps.print.outputs.version }}
+      namespace: ${{ steps.print.outputs.namespace }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Auth to Cluster
+        uses: './.github/actions/cluster-auth'
+        with:
+          gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }}
+          gcp-project-id: ${{ secrets.GCP_PROJECT_ID }}
+          service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }}
+          cluster-name: ${{ secrets.GCP_CLUSTER_NAME }}
+          cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }}
+      - name: Output previous version
+        id: print
+        run: |
+          namespace=""
+          if [ "${{ github.event.inputs.flavor }}" = "canary" ]; then
+            namespace="dev"
+          elif [ "${{ github.event.inputs.flavor }}" = "beta" ]; then
+            namespace="beta"
+          elif [ "${{ github.event.inputs.flavor }}" = "stable" ]; then
+            namespace="production"
+          else
+            echo "Invalid flavor: ${{ github.event.inputs.flavor }}"
+            exit 1
+          fi
+
+          echo "Namespace set to: $namespace"
+
+          # Get the previous version from the deployment
+          prev_version=$(kubectl get deployment -n $namespace affine-graphql -o=jsonpath='{.spec.template.spec.containers[0].image}' | awk -F '-' '{print $3}')
+
+          echo "Previous version: $prev_version"
+          echo "version=$prev_version" >> $GITHUB_OUTPUT
+          echo "namesapce=$namespace" >> $GITHUB_OUTPUT
+
+  build-images:
+    name: Build Images
+    uses: ./.github/workflows/build-images.yml
+    secrets: inherit
+    with:
+      flavor: ${{ github.event.inputs.flavor }}
+
+  deploy:
+    name: Deploy to cluster
+    if: ${{ github.event_name == 'workflow_dispatch' }}
+    environment: ${{ github.event.inputs.flavor }}
+    needs:
+      - build-images
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Version
+        id: version
+        uses: ./.github/actions/setup-version
+      - name: Deploy to ${{ github.event.inputs.flavor }}
+        uses: ./.github/actions/deploy
+        with:
+          build-type: ${{ github.event.inputs.flavor }}
+          gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }}
+          gcp-project-id: ${{ secrets.GCP_PROJECT_ID }}
+          service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }}
+          cluster-name: ${{ secrets.GCP_CLUSTER_NAME }}
+          cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }}
+        env:
+          APP_VERSION: ${{ steps.version.outputs.APP_VERSION }}
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+          CANARY_DEPLOY_HOST: ${{ secrets.CANARY_DEPLOY_HOST }}
+          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
+          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
+          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
+          CAPTCHA_TURNSTILE_SECRET: ${{ secrets.CAPTCHA_TURNSTILE_SECRET }}
+          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
+          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
+          COPILOT_GOOGLE_API_KEY: ${{ secrets.COPILOT_GOOGLE_API_KEY }}
+          COPILOT_PERPLEXITY_API_KEY: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
+          COPILOT_UNSPLASH_API_KEY: ${{ secrets.COPILOT_UNSPLASH_API_KEY }}
+          METRICS_CUSTOMER_IO_TOKEN: ${{ secrets.METRICS_CUSTOMER_IO_TOKEN }}
+          MAILER_SENDER: ${{ secrets.OAUTH_EMAIL_SENDER }}
+          MAILER_USER: ${{ secrets.OAUTH_EMAIL_LOGIN }}
+          MAILER_PASSWORD: ${{ secrets.OAUTH_EMAIL_PASSWORD }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AFFINE_GOOGLE_CLIENT_ID: ${{ secrets.AFFINE_GOOGLE_CLIENT_ID }}
+          AFFINE_GOOGLE_CLIENT_SECRET: ${{ secrets.AFFINE_GOOGLE_CLIENT_SECRET }}
+          DATABASE_URL: ${{ secrets.DATABASE_URL }}
+          DATABASE_USERNAME: ${{ secrets.DATABASE_USERNAME }}
+          DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }}
+          DATABASE_NAME: ${{ secrets.DATABASE_NAME }}
+          GCLOUD_CONNECTION_NAME: ${{ secrets.GCLOUD_CONNECTION_NAME }}
+          GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT: ${{ secrets.GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT }}
+          REDIS_SERVER_HOST: ${{ secrets.REDIS_SERVER_HOST }}
+          REDIS_SERVER_PASSWORD: ${{ secrets.REDIS_SERVER_PASSWORD }}
+          CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }}
+          APP_IAM_ACCOUNT: ${{ secrets.APP_IAM_ACCOUNT }}
+          STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
+          STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }}
+          STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}
+
+  deploy-done:
+    needs:
+      - output-prev-version
+      - build-images
+      - deploy
+    if: always()
+    runs-on: ubuntu-latest
+    name: Post deploy message
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/checkout@v4
+        with:
+          repository: toeverything/blocksuite
+          path: blocksuite
+          fetch-depth: 0
+          fetch-tags: true
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: 'workspaces focus @affine/changelog'
+          electron-install: false
+      - name: Output deployed info
+        if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
+        id: set_info
+        run: |
+          if [ "${{ github.event.inputs.flavor }}" = "canary" ]; then
+            echo "deployed_url=https://affine.fail" >> $GITHUB_OUTPUT
+          elif [ "${{ github.event.inputs.flavor }}" = "beta" ]; then
+            echo "deployed_url=https://insider.affine.pro" >> $GITHUB_OUTPUT
+          elif [ "${{ github.event.inputs.flavor }}" = "stable" ]; then
+            echo "deployed_url=https://app.affine.pro" >> $GITHUB_OUTPUT
+          else
+            exit 1
+          fi
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Post Success event to a Slack channel
+        if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
+        run: node ./tools/changelog/index.js
+        env:
+          CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          DEPLOYED_URL: ${{ steps.set_info.outputs.deployed_url }}
+          PREV_VERSION: ${{ needs.output-prev-version.outputs.prev }}
+          NAMESPACE: ${{ needs.output-prev-version.outputs.namespace }}
+          DEPLOYMENT: 'SERVER'
+          FLAVOR: ${{ github.event.inputs.flavor }}
+          BLOCKSUITE_REPO_PATH: ${{ github.workspace }}/blocksuite
+      - name: Post Failed event to a Slack channel
+        id: failed-slack
+        uses: slackapi/slack-github-action@v2.0.0
+        if: ${{ always() && contains(needs.*.result, 'failure') }}
+        with:
+          method: chat.postMessage
+          token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload: |
+            channel: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
+            text: "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy failed `${{ github.event.inputs.flavor }}`>"
+            blocks:
+              - type: section
+                text:
+                  type: mrkdwn
+                  text: "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy failed `${{ github.event.inputs.flavor }}`>"
+      - name: Post Cancel event to a Slack channel
+        id: cancel-slack
+        uses: slackapi/slack-github-action@v2.0.0
+        if: ${{ always() && contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'failure') }}
+        with:
+          token: ${{ secrets.SLACK_BOT_TOKEN }}
+          method: chat.postMessage
+          payload: |
+            channel: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
+            text: "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy cancelled `${{ github.event.inputs.flavor }}`>"
+            blocks:
+              - type: section
+                text:
+                  type: mrkdwn
+                  text: "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy cancelled `${{ github.event.inputs.flavor }}`>"

.github/workflows/helm-releaser.yml

@@ -0,0 +1,66 @@
+name: Release Charts
+
+on:
+  push:
+    branches: [canary]
+    paths:
+      - '.github/helm/**/Chart.yml'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Checkout Helm chart repo
+        uses: actions/checkout@v4
+        with:
+          repository: toeverything/helm-charts
+          path: .helm-chart-repo
+          ref: gh-pages
+          token: ${{ secrets.HELM_RELEASER_TOKEN }}
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+
+      - name: Install chart releaser
+        run: |
+          set -e
+          arch="$(dpkg --print-architecture)"
+          curl -s https://api.github.com/repos/helm/chart-releaser/releases/latest \
+          | yq --indent 0 --no-colors --input-format json --unwrapScalar \
+            ".assets[] | select(.name | test("\""^chart-releaser_.+_linux_${arch}\.tar\.gz$"\"")) | .browser_download_url" \
+          | xargs curl -SsL \
+          | tar zxf - -C /usr/local/bin
+
+      - name: Package charts
+        working-directory: .helm-chart-repo
+        run: |
+          mkdir -p .cr-index
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo update
+
+          helm dependencies build ../.github/helm/affine
+          helm dependencies build ../.github/helm/affine-cloud
+          cr package ../.github/helm/affine
+          cr package ../.github/helm/affine-cloud
+
+      - name: Publish charts
+        working-directory: .helm-chart-repo
+        run: |
+          set -ex
+          git config --local user.name "$GITHUB_ACTOR"
+          git config --local user.email "$GITHUB_ACTOR@users.noreply.github.com"
+          owner=$(cut -d '/' -f 1 <<< '${{ github.repository }}')
+          repo=helm-charts
+          git_hash=$(git rev-parse HEAD)
+          cr upload --commit "$git_hash" \
+            --git-repo "$repo" --owner "$owner" \
+            --token '${{ secrets.HELM_RELEASER_TOKEN }}' \
+            --skip-existing
+          cr index --git-repo "$repo" --owner "$owner" \
+            --token '${{ secrets.HELM_RELEASER_TOKEN }}' \
+            --index-path .cr-index --push

.github/workflows/label-checker.yml

@@ -0,0 +1,19 @@
+name: Label Checker
+on:
+  pull_request:
+    types:
+      - opened
+      - labeled
+      - unlabeled
+    branches:
+      - canary
+
+jobs:
+  check_labels:
+    name: PR should not have a blocked label
+    runs-on: ubuntu-latest
+    steps:
+      - uses: docker://agilepathway/pull-request-label-checker:latest
+        with:
+          none_of: blocked
+          repo_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr-auto-assign.yml

@@ -0,0 +1,12 @@
+name: Pull request auto assign
+
+# on: pull_request
+on:
+  pull_request:
+    types: [opened, ready_for_review]
+
+jobs:
+  add-reviews:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: kentaro-m/auto-assign-action@v2.0.0

.github/workflows/release-automatically.yml

@@ -0,0 +1,38 @@
+name: Release Desktop/Mobile Automatically
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
+  schedule:
+    - cron: '0 9 * * *'
+
+permissions:
+  contents: write
+  pull-requests: write
+  actions: write
+
+jobs:
+  dispatch-release-desktop:
+    runs-on: ubuntu-latest
+    name: Setup Release Desktop
+    steps:
+      - name: dispatch desktop release by tag
+        if: ${{ github.event_name == 'push' }}
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: release-desktop.yml
+          inputs: '{ "build-type": "canary", "is-draft": false, "is-pre-release": true }'
+
+      - name: dispatch desktop release by schedule
+        if: ${{ github.event_name == 'schedule' }}
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: release-desktop.yml
+          inputs: '{ "build-type": "canary", "is-draft": false, "is-pre-release": true }'
+          ref: canary
+      - name: dispatch desktop release by tag
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: release-mobile.yml
+          inputs: '{ "build-type": "canary", "build-target": "distribution" }'

.github/workflows/release-cloud.yml

@@ -1,66 +0,0 @@
-name: Release Cloud
-
-on:
-  workflow_call:
-    inputs:
-      build-type:
-        required: true
-        type: string
-      app-version:
-        required: true
-        type: string
-      git-short-hash:
-        required: true
-        type: string
-
-permissions:
-  contents: 'write'
-  id-token: 'write'
-  packages: 'write'
-
-jobs:
-  build-images:
-    name: Build Images
-    uses: ./.github/workflows/build-images.yml
-    secrets: inherit
-    with:
-      build-type: ${{ inputs.build-type }}
-      app-version: ${{ inputs.app-version }}
-      git-short-hash: ${{ inputs.git-short-hash }}
-
-  deploy:
-    name: Deploy to cluster
-    environment: ${{ inputs.build-type }}
-    needs:
-      - build-images
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Deploy to ${{ inputs.build-type }}
-        uses: ./.github/actions/deploy
-        with:
-          gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }}
-          gcp-project-id: ${{ secrets.GCP_PROJECT_ID }}
-          service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }}
-          cluster-name: ${{ secrets.GCP_CLUSTER_NAME }}
-          cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }}
-        env:
-          BUILD_TYPE: ${{ inputs.build-type }}
-          APP_VERSION: ${{ inputs.app-version }}
-          GIT_SHORT_HASH: ${{ inputs.git-short-hash }}
-          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
-          CANARY_DEPLOY_HOST: ${{ secrets.CANARY_DEPLOY_HOST }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DATABASE_URL: ${{ secrets.DATABASE_URL }}
-          DATABASE_USERNAME: ${{ secrets.DATABASE_USERNAME }}
-          DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }}
-          DATABASE_NAME: ${{ secrets.DATABASE_NAME }}
-          GCLOUD_CONNECTION_NAME: ${{ secrets.GCLOUD_CONNECTION_NAME }}
-          REDIS_SERVER_HOST: ${{ secrets.REDIS_SERVER_HOST }}
-          REDIS_SERVER_PASSWORD: ${{ secrets.REDIS_SERVER_PASSWORD }}
-          CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }}
-          APP_IAM_ACCOUNT: ${{ secrets.APP_IAM_ACCOUNT }}
-          STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}
-          AFFINE_INDEXER_SEARCH_PROVIDER: ${{ secrets.AFFINE_INDEXER_SEARCH_PROVIDER }}
-          AFFINE_INDEXER_SEARCH_ENDPOINT: ${{ secrets.AFFINE_INDEXER_SEARCH_ENDPOINT }}
-          AFFINE_INDEXER_SEARCH_API_KEY: ${{ secrets.AFFINE_INDEXER_SEARCH_API_KEY }}

.github/workflows/release-desktop-platform.yml

@@ -1,225 +0,0 @@
-name: Release Desktop Platform
-
-on:
-  workflow_call:
-    inputs:
-      build_type:
-        required: true
-        type: string
-      app_version:
-        required: true
-        type: string
-      git_short_hash:
-        required: true
-        type: string
-      runner:
-        required: true
-        type: string
-      platform:
-        required: true
-        type: string
-      arch:
-        required: true
-        type: string
-      target:
-        required: true
-        type: string
-      apple_codesign:
-        required: false
-        default: false
-        type: boolean
-      install_linux_deps:
-        required: false
-        default: false
-        type: boolean
-      enable_scripts:
-        required: false
-        default: false
-        type: boolean
-    outputs:
-      files_to_be_signed:
-        description: Files to be signed (Windows only)
-        value: ${{ jobs.build.outputs.files_to_be_signed }}
-
-permissions:
-  actions: write
-  contents: write
-  security-events: write
-  id-token: write
-  attestations: write
-
-jobs:
-  build:
-    runs-on: ${{ inputs.runner }}
-    outputs:
-      files_to_be_signed: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
-    env:
-      BUILD_TYPE: ${{ inputs.build_type }}
-      RELEASE_VERSION: ${{ inputs.app_version }}
-      DEBUG: 'affine:*,napi:*'
-      APP_NAME: affine
-      MACOSX_DEPLOYMENT_TARGET: '12.0'
-      SKIP_GENERATE_ASSETS: 1
-      APPLE_ID: ${{ secrets.APPLE_ID }}
-      APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
-      APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
-      SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-      SENTRY_PROJECT: 'affine'
-      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-      SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-      SENTRY_RELEASE: ${{ inputs.app_version }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Version
-        uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app_version }}
-
-      - name: Setup Node.js
-        timeout-minutes: 10
-        uses: ./.github/actions/setup-node
-        with:
-          extra-flags: workspaces focus @affine/electron @affine/monorepo @affine/nbstore @toeverything/infra
-          hard-link-nm: false
-          nmHoistingLimits: workspaces
-          enableScripts: ${{ inputs.enable_scripts }}
-
-      - name: Build AFFiNE native
-        uses: ./.github/actions/build-rust
-        with:
-          target: ${{ inputs.target }}
-          package: '@affine/native'
-
-      - uses: actions/download-artifact@v4
-        with:
-          name: desktop-web
-          path: packages/frontend/apps/electron/resources/web-static
-
-      - name: Build Desktop Layers
-        run: yarn affine @affine/electron build
-
-      - name: Signing By Apple Developer ID
-        if: ${{ inputs.platform == 'darwin' && inputs.apple_codesign }}
-        uses: apple-actions/import-codesign-certs@v5
-        with:
-          p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
-          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
-
-      - name: Install additional dependencies on Linux
-        if: ${{ inputs.platform == 'linux' && inputs.install_linux_deps }}
-        run: |
-          df -h
-          sudo add-apt-repository universe
-          sudo apt install -y libfuse2 elfutils flatpak flatpak-builder
-          flatpak remote-add --user --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
-          flatpak update
-          # some flatpak deps need git protocol.file.allow
-          git config --global protocol.file.allow always
-          # clean up apt cache to save disk space
-          sudo -E apt-get -y purge azure-cli* zulu* hhvm* llvm* firefox* google* dotnet* aspnetcore* powershell* adoptopenjdk* mysql* php* mongodb* moby* snap* || true
-          sudo -E apt-get -qq autoremove --purge
-          sudo rm -rf /usr/share/dotnet /opt/ghc /opt/hostedtoolcache/CodeQL /usr/local/lib/android
-          sudo apt-get clean
-          rm -rf ~/.cache/yarn ~/.npm
-          df -h
-
-      - name: Remove nbstore node_modules (darwin/linux)
-        if: ${{ inputs.platform != 'win32' }}
-        shell: bash
-        # node_modules of nbstore is not needed for building, and it will make the build process out of memory
-        run: |
-          cargo clean
-          rm -rf packages/frontend/apps/electron/node_modules/@affine/nbstore/node_modules/@blocksuite
-          rm -rf packages/frontend/apps/electron/node_modules/@affine/native/node_modules
-
-      - name: Remove nbstore node_modules (windows)
-        if: ${{ inputs.platform == 'win32' }}
-        shell: bash
-        run: |
-          rm -rf packages/frontend/apps/electron/node_modules/@affine/nbstore/node_modules/@blocksuite/affine/node_modules
-          rm -rf packages/frontend/apps/electron/node_modules/@affine/native/node_modules
-
-      - name: make
-        if: ${{ inputs.platform != 'win32' }}
-        run: yarn affine @affine/electron make --platform=${{ inputs.platform }} --arch=${{ inputs.arch }}
-        env:
-          SKIP_WEB_BUILD: 1
-          HOIST_NODE_MODULES: 1
-          NODE_OPTIONS: --max-old-space-size=14384
-
-      - name: package
-        if: ${{ inputs.platform == 'win32' }}
-        run: |
-          yarn affine @affine/electron package --platform=${{ inputs.platform }} --arch=${{ inputs.arch }}
-        env:
-          SKIP_WEB_BUILD: 1
-          HOIST_NODE_MODULES: 1
-          NODE_OPTIONS: --max-old-space-size=14384
-
-      - name: signing DMG
-        if: ${{ inputs.platform == 'darwin' && inputs.apple_codesign }}
-        run: |
-          codesign --force --sign "Developer ID Application: TOEVERYTHING PTE. LTD." packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make/AFFiNE.dmg
-
-      - name: Save artifacts (mac)
-        if: ${{ inputs.platform == 'darwin' }}
-        run: |
-          mkdir -p builds
-          mv packages/frontend/apps/electron/out/*/make/*.dmg ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ inputs.arch }}.dmg
-          mv packages/frontend/apps/electron/out/*/make/zip/darwin/${{ inputs.arch }}/*.zip ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ inputs.arch }}.zip
-
-      - name: Save artifacts (linux)
-        if: ${{ inputs.platform == 'linux' }}
-        run: |
-          mkdir -p builds
-          mv packages/frontend/apps/electron/out/*/make/zip/linux/${{ inputs.arch }}/*.zip ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.zip
-          mv packages/frontend/apps/electron/out/*/make/*.AppImage ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.appimage
-          mv packages/frontend/apps/electron/out/*/make/deb/${{ inputs.arch }}/*.deb ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.deb
-          mv packages/frontend/apps/electron/out/*/make/flatpak/*/*.flatpak ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.flatpak
-
-      - uses: actions/attest-build-provenance@v2
-        if: ${{ inputs.platform == 'darwin' }}
-        with:
-          subject-path: |
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ inputs.arch }}.zip
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ inputs.arch }}.dmg
-
-      - uses: actions/attest-build-provenance@v2
-        if: ${{ inputs.platform == 'linux' }}
-        with:
-          subject-path: |
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.zip
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.appimage
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.deb
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.flatpak
-
-      - name: Upload Artifact
-        if: ${{ inputs.platform == 'darwin' || inputs.platform == 'linux' }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: affine-${{ inputs.platform }}-${{ inputs.arch }}-builds
-          path: builds
-
-      - name: get all files to be signed
-        id: get_files_to_be_signed
-        if: ${{ inputs.platform == 'win32' }}
-        shell: pwsh
-        run: |
-          Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/apps/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\apps\electron\out\', '') + '"' }) -join ' ')
-          "FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
-          echo $FILES_TO_BE_SIGNED
-
-      - name: Zip artifacts for faster upload
-        if: ${{ inputs.platform == 'win32' }}
-        shell: pwsh
-        run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/apps/electron/out/* -DestinationPath archive.zip
-
-      - name: Save packaged artifacts for signing
-        if: ${{ inputs.platform == 'win32' }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: packaged-${{ inputs.platform }}-${{ inputs.arch }}
-          path: |
-            archive.zip
-            !**/*.map

.github/workflows/release-desktop.yml

@@ -1,32 +1,27 @@
-name: Release Desktop
+name: Release Desktop App
 
 on:
-  workflow_call:
+  workflow_dispatch:
     inputs:
       build-type:
+        description: 'Build Type'
+        type: choice
         required: true
-        type: string
-      app-version:
+        default: canary
+        options:
+          - canary
+          - beta
+          - stable
+      is-draft:
+        description: 'Draft Release?'
+        type: boolean
         required: true
-        type: string
-      git-short-hash:
+        default: true
+      is-pre-release:
+        description: 'Pre Release? (labeled as "PreRelease")'
+        type: boolean
         required: true
-        type: string
-      desktop_macos:
-        description: 'Desktop - macOS'
-        required: false
         default: true
-        type: boolean
-      desktop_windows:
-        description: 'Desktop - Windows'
-        required: false
-        default: true
-        type: boolean
-      desktop_linux:
-        description: 'Desktop - Linux'
-        required: false
-        default: true
-        type: boolean
 
 permissions:
   actions: write
@@ -36,23 +31,22 @@ permissions:
   attestations: write
 
 env:
-  BUILD_TYPE: ${{ inputs.build-type }}
-  RELEASE_VERSION: ${{ inputs.app-version }}
+  BUILD_TYPE: ${{ github.event.inputs.build-type }}
   DEBUG: 'affine:*,napi:*'
   APP_NAME: affine
-  MACOSX_DEPLOYMENT_TARGET: '11.6'
+  MACOSX_DEPLOYMENT_TARGET: '10.13'
 
 jobs:
   before-make:
-    if: ${{ inputs.desktop_macos || inputs.desktop_windows || inputs.desktop_linux }}
     runs-on: ubuntu-latest
-    environment: ${{ inputs.build-type }}
+    environment: ${{ github.event.inputs.build-type }}
+    outputs:
+      RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
     steps:
       - uses: actions/checkout@v4
       - name: Setup Version
+        id: version
         uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
       - name: Setup @sentry/cli
@@ -64,17 +58,17 @@ jobs:
           SENTRY_PROJECT: 'affine'
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          SENTRY_RELEASE: ${{ inputs.app-version }}
-          RELEASE_VERSION: ${{ inputs.app-version }}
+          SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }}
+          RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
+          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
 
       - name: Upload web artifact
         uses: actions/upload-artifact@v4
         with:
-          name: desktop-web
+          name: web
           path: packages/frontend/apps/electron/resources/web-static
 
-  make-distribution-macos:
-    if: ${{ inputs.desktop_macos }}
+  make-distribution:
     strategy:
       fail-fast: false
       matrix:
@@ -87,90 +81,204 @@ jobs:
             platform: darwin
             arch: arm64
             target: aarch64-apple-darwin
-    needs: before-make
-    uses: ./.github/workflows/release-desktop-platform.yml
-    secrets: inherit
-    with:
-      build_type: ${{ inputs.build-type }}
-      app_version: ${{ inputs.app-version }}
-      git_short_hash: ${{ inputs.git-short-hash }}
-      runner: ${{ matrix.spec.runner }}
-      platform: ${{ matrix.spec.platform }}
-      arch: ${{ matrix.spec.arch }}
-      target: ${{ matrix.spec.target }}
-      apple_codesign: true
-
-  make-distribution-linux:
-    if: ${{ inputs.desktop_linux }}
-    strategy:
-      fail-fast: false
-      matrix:
-        spec:
           - runner: ubuntu-latest
             platform: linux
             arch: x64
             target: x86_64-unknown-linux-gnu
+    runs-on: ${{ matrix.spec.runner }}
     needs: before-make
-    uses: ./.github/workflows/release-desktop-platform.yml
-    secrets: inherit
-    with:
-      build_type: ${{ inputs.build-type }}
-      app_version: ${{ inputs.app-version }}
-      git_short_hash: ${{ inputs.git-short-hash }}
-      runner: ${{ matrix.spec.runner }}
-      platform: ${{ matrix.spec.platform }}
-      arch: ${{ matrix.spec.arch }}
-      target: ${{ matrix.spec.target }}
-      install_linux_deps: true
+    environment: ${{ github.event.inputs.build-type }}
+    env:
+      APPLE_ID: ${{ secrets.APPLE_ID }}
+      APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+      APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+      SKIP_GENERATE_ASSETS: 1
+      SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+      SENTRY_PROJECT: 'affine'
+      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+      SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+      SENTRY_RELEASE: ${{ needs.before-make.outputs.RELEASE_VERSION }}
+      MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Version
+        id: version
+        uses: ./.github/actions/setup-version
+      - name: Setup Node.js
+        timeout-minutes: 10
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: workspaces focus @affine/electron @affine/monorepo @affine/nbstore @toeverything/infra
+          hard-link-nm: false
+          nmHoistingLimits: workspaces
+          enableScripts: false
+      - name: Build AFFiNE native
+        uses: ./.github/actions/build-rust
+        with:
+          target: ${{ matrix.spec.target }}
+          package: '@affine/native'
+      - uses: actions/download-artifact@v4
+        with:
+          name: web
+          path: packages/frontend/apps/electron/resources/web-static
 
-  package-distribution-windows-x64:
-    if: ${{ inputs.desktop_windows }}
-    needs: before-make
-    uses: ./.github/workflows/release-desktop-platform.yml
-    secrets: inherit
-    with:
-      build_type: ${{ inputs.build-type }}
-      app_version: ${{ inputs.app-version }}
-      git_short_hash: ${{ inputs.git-short-hash }}
-      runner: windows-latest
-      platform: win32
-      arch: x64
-      target: x86_64-pc-windows-msvc
-      enable_scripts: true
+      - name: Build Desktop Layers
+        run: yarn affine @affine/electron build
 
-  package-distribution-windows-arm64:
-    if: ${{ inputs.desktop_windows }}
+      - name: Signing By Apple Developer ID
+        if: ${{ matrix.spec.platform == 'darwin' }}
+        uses: apple-actions/import-codesign-certs@v5
+        with:
+          p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
+          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
+
+      - name: Install additional dependencies on Linux
+        if: ${{ matrix.spec.platform == 'linux' }}
+        run: |
+          sudo add-apt-repository universe
+          sudo apt install -y libfuse2 elfutils flatpak flatpak-builder
+          flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+          flatpak update
+          # some flatpak deps need git protocol.file.allow
+          git config --global protocol.file.allow always
+
+      - name: make
+        run: yarn affine @affine/electron make --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
+        env:
+          SKIP_WEB_BUILD: 1
+          HOIST_NODE_MODULES: 1
+
+      - name: signing DMG
+        if: ${{ matrix.spec.platform == 'darwin' }}
+        run: |
+          codesign --force --sign "Developer ID Application: TOEVERYTHING PTE. LTD." packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make/AFFiNE.dmg
+
+      - name: Save artifacts (mac)
+        if: ${{ matrix.spec.platform == 'darwin' }}
+        run: |
+          mkdir -p builds
+          mv packages/frontend/apps/electron/out/*/make/*.dmg ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.dmg
+          mv packages/frontend/apps/electron/out/*/make/zip/darwin/${{ matrix.spec.arch }}/*.zip ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.zip
+      - name: Save artifacts (linux)
+        if: ${{ matrix.spec.platform == 'linux' }}
+        run: |
+          mkdir -p builds
+          mv packages/frontend/apps/electron/out/*/make/zip/linux/${{ matrix.spec.arch }}/*.zip ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ matrix.spec.arch }}.zip
+          mv packages/frontend/apps/electron/out/*/make/*.AppImage ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ matrix.spec.arch }}.appimage
+          mv packages/frontend/apps/electron/out/*/make/deb/${{ matrix.spec.arch }}/*.deb ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ matrix.spec.arch }}.deb
+          mv packages/frontend/apps/electron/out/*/make/flatpak/*/*.flatpak ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ matrix.spec.arch }}.flatpak
+
+      - uses: actions/attest-build-provenance@v2
+        if: ${{ matrix.spec.platform == 'darwin' }}
+        with:
+          subject-path: |
+            ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.zip
+            ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.dmg
+
+      - uses: actions/attest-build-provenance@v2
+        if: ${{ matrix.spec.platform == 'linux' }}
+        with:
+          subject-path: |
+            ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.zip
+            ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.appimage
+            ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.deb
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
+          path: builds
+
+  package-distribution-windows:
+    environment: ${{ github.event.inputs.build-type }}
+    strategy:
+      fail-fast: false
+      matrix:
+        spec:
+          - runner: windows-latest
+            platform: win32
+            arch: x64
+            target: x86_64-pc-windows-msvc
+          - runner: windows-latest
+            platform: win32
+            arch: arm64
+            target: aarch64-pc-windows-msvc
+    runs-on: ${{ matrix.spec.runner }}
     needs: before-make
-    uses: ./.github/workflows/release-desktop-platform.yml
-    secrets: inherit
-    with:
-      build_type: ${{ inputs.build-type }}
-      app_version: ${{ inputs.app-version }}
-      git_short_hash: ${{ inputs.git-short-hash }}
-      runner: windows-latest
-      platform: win32
-      arch: arm64
-      target: aarch64-pc-windows-msvc
-      enable_scripts: true
+    outputs:
+      FILES_TO_BE_SIGNED_x64: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED_x64 }}
+      FILES_TO_BE_SIGNED_arm64: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED_arm64 }}
+    env:
+      SKIP_GENERATE_ASSETS: 1
+      SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+      SENTRY_PROJECT: 'affine'
+      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+      SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+      SENTRY_RELEASE: ${{ needs.before-make.outputs.RELEASE_VERSION }}
+      MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Version
+        id: version
+        uses: ./.github/actions/setup-version
+      - name: Setup Node.js
+        timeout-minutes: 10
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: workspaces focus @affine/electron @affine/monorepo @affine/nbstore @toeverything/infra
+          hard-link-nm: false
+          nmHoistingLimits: workspaces
+      - name: Build AFFiNE native
+        uses: ./.github/actions/build-rust
+        with:
+          target: ${{ matrix.spec.target }}
+          package: '@affine/native'
+      - uses: actions/download-artifact@v4
+        with:
+          name: web
+          path: packages/frontend/apps/electron/resources/web-static
+
+      - name: Build Desktop Layers
+        run: yarn affine @affine/electron build
+
+      - name: package
+        run: yarn affine @affine/electron package --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
+        env:
+          SKIP_WEB_BUILD: 1
+          HOIST_NODE_MODULES: 1
+
+      - name: get all files to be signed
+        id: get_files_to_be_signed
+        run: |
+          Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/apps/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\apps\electron\out\', '') + '"' }) -join ' ')
+          "FILES_TO_BE_SIGNED_${{ matrix.spec.arch }}=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
+          echo $FILES_TO_BE_SIGNED
+
+      - name: Zip artifacts for faster upload
+        run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/apps/electron/out/* -DestinationPath archive.zip
+
+      - name: Save packaged artifacts for signing
+        uses: actions/upload-artifact@v4
+        with:
+          name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
+          path: |
+            archive.zip
+            !**/*.map
 
   sign-packaged-artifacts-windows_x64:
-    if: ${{ inputs.desktop_windows }}
-    needs: package-distribution-windows-x64
+    needs: package-distribution-windows
     uses: ./.github/workflows/windows-signer.yml
     with:
-      files: ${{ needs.package-distribution-windows-x64.outputs.files_to_be_signed }}
+      files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED_x64 }}
       artifact-name: packaged-win32-x64
 
   sign-packaged-artifacts-windows_arm64:
-    if: ${{ inputs.desktop_windows }}
-    needs: package-distribution-windows-arm64
+    needs: package-distribution-windows
     uses: ./.github/workflows/windows-signer.yml
     with:
-      files: ${{ needs.package-distribution-windows-arm64.outputs.files_to_be_signed }}
+      files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED_arm64 }}
       artifact-name: packaged-win32-arm64
 
   make-windows-installer:
-    if: ${{ inputs.desktop_windows }}
     needs:
       - sign-packaged-artifacts-windows_x64
       - sign-packaged-artifacts-windows_arm64
@@ -189,9 +297,8 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Setup Version
+        id: version
         uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
       - name: Setup Node.js
         timeout-minutes: 10
         uses: ./.github/actions/setup-node
@@ -232,7 +339,6 @@ jobs:
           path: archive.zip
 
   sign-installer-artifacts-windows-x64:
-    if: ${{ inputs.desktop_windows }}
     needs: make-windows-installer
     uses: ./.github/workflows/windows-signer.yml
     with:
@@ -240,7 +346,6 @@ jobs:
       artifact-name: installer-win32-x64
 
   sign-installer-artifacts-windows-arm64:
-    if: ${{ inputs.desktop_windows }}
     needs: make-windows-installer
     uses: ./.github/workflows/windows-signer.yml
     with:
@@ -248,7 +353,6 @@ jobs:
       artifact-name: installer-win32-arm64
 
   finalize-installer-windows:
-    if: ${{ inputs.desktop_windows }}
     needs:
       [
         sign-installer-artifacts-windows-x64,
@@ -278,16 +382,16 @@ jobs:
       - name: Save artifacts
         run: |
           mkdir -p builds
-          mv packages/frontend/apps/electron/out/*/make/zip/win32/${{ matrix.spec.arch }}/AFFiNE*-win32-${{ matrix.spec.arch }}-*.zip ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.zip
-          mv packages/frontend/apps/electron/out/*/make/squirrel.windows/${{ matrix.spec.arch }}/*.exe ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.exe
-          mv packages/frontend/apps/electron/out/*/make/nsis.windows/${{ matrix.spec.arch }}/*.exe ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.nsis.exe
+          mv packages/frontend/apps/electron/out/*/make/zip/win32/${{ matrix.spec.arch }}/AFFiNE*-win32-${{ matrix.spec.arch }}-*.zip ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.zip
+          mv packages/frontend/apps/electron/out/*/make/squirrel.windows/${{ matrix.spec.arch }}/*.exe ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.exe
+          mv packages/frontend/apps/electron/out/*/make/nsis.windows/${{ matrix.spec.arch }}/*.exe ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.nsis.exe
 
       - uses: actions/attest-build-provenance@v2
         with:
           subject-path: |
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.zip
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.exe
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.nsis.exe
+            ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.zip
+            ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.exe
+            ./builds/affine-${{ needs.before-make.outputs.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.nsis.exe
 
       - name: Upload Artifact
         uses: actions/upload-artifact@v4
@@ -296,18 +400,17 @@ jobs:
           path: builds
 
   release:
-    if: ${{ inputs.desktop_macos && inputs.desktop_linux && inputs.desktop_windows }}
-    needs:
-      [
-        before-make,
-        make-distribution-macos,
-        make-distribution-linux,
-        finalize-installer-windows,
-      ]
+    needs: [before-make, make-distribution, finalize-installer-windows]
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
+      - uses: actions/download-artifact@v4
+        with:
+          name: web
+          path: web-static
+      - name: Zip web-static
+        run: zip -r web-static.zip web-static
       - name: Download Artifacts (macos-x64)
         uses: actions/download-artifact@v4
         with:
@@ -340,17 +443,36 @@ jobs:
         run: |
           cp ./.docker/selfhost/compose.yml ./release/docker-compose.yml
           cp ./.docker/selfhost/.env.example ./release/.env.example
-          cp ./.docker/selfhost/schema.json ./release/config.schema.json
       - name: Generate Release yml
         run: |
           node ./scripts/generate-release-yml.mjs
         env:
-          RELEASE_VERSION: ${{ env.RELEASE_VERSION }}
-      - name: Create GitHub Release
+          RELEASE_VERSION: ${{ needs.before-make.outputs.RELEASE_VERSION }}
+      - name: Create Release Draft
+        if: ${{ github.ref_type == 'tag' }}
         uses: softprops/action-gh-release@v2
         with:
-          name: ${{ env.RELEASE_VERSION }}
-          draft: ${{ inputs.build-type == 'stable' }}
-          prerelease: ${{ inputs.build-type != 'stable' }}
-          tag_name: v${{ env.RELEASE_VERSION}}
-          files: ./release/*
+          name: ${{ needs.before-make.outputs.RELEASE_VERSION }}
+          body: ''
+          draft: ${{ github.event.inputs.is-draft }}
+          prerelease: ${{ github.event.inputs.is-pre-release }}
+          files: |
+            ./release/*
+            ./release/.env.example
+      - name: Create Nightly Release Draft
+        if: ${{ github.ref_type == 'branch' }}
+        uses: softprops/action-gh-release@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+        with:
+          # Temporarily, treat release from branch as nightly release, artifact saved to AFFiNE-Releases.
+          # Need to improve internal build and nightly release logic.
+          repository: 'toeverything/AFFiNE-Releases'
+          name: ${{ needs.before-make.outputs.RELEASE_VERSION }}
+          tag_name: ${{ needs.before-make.outputs.RELEASE_VERSION }}
+          body: ''
+          draft: false
+          prerelease: true
+          files: |
+            ./release/*
+            ./release/.env.example

.github/workflows/release-mobile.yml

@@ -1,36 +1,68 @@
-name: Release Mobile
+name: Release Mobile App
 
 on:
   workflow_call:
     inputs:
-      app-version:
-        type: string
-        required: true
-      git-short-hash:
+      build-target:
+        description: 'Build Target'
         type: string
         required: true
       build-type:
+        description: 'Build Type'
         type: string
         required: true
-      ios-app-version:
-        type: string
-        required: false
-
+  workflow_dispatch:
+    inputs:
+      build-target:
+        description: 'Build Target'
+        type: choice
+        required: true
+        default: distribution
+        options:
+          - development
+          - distribution
+      build-type:
+        description: 'Build Type'
+        type: choice
+        required: true
+        default: canary
+        options:
+          - canary
+          - beta
+          - stable
 env:
-  BUILD_TYPE: ${{ inputs.build-type }}
+  BUILD_TYPE: ${{ inputs.build-type || github.event.inputs.build-type }}
+  BUILD_TARGET: ${{ inputs.build-target || github.event.inputs.build-target }}
   DEBUG: napi:*
   KEYCHAIN_NAME: ${{ github.workspace }}/signing_temp
 
 jobs:
-  build-ios-web:
+  output-env:
     runs-on: ubuntu-latest
-    environment: ${{ inputs.build-type }}
+    outputs:
+      ENVIRONMENT: ${{ steps.env.outputs.ENVIRONMENT }}
+    steps:
+      - name: Output Environment
+        id: env
+        run: |
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            echo "ENVIRONMENT=${{ github.event.inputs.build-type }}" >> $GITHUB_OUTPUT
+          else
+            echo "ENVIRONMENT=" >> $GITHUB_OUTPUT
+          fi
+
+  build-ios-web:
+    needs:
+      - output-env
+    runs-on: ubuntu-24.04-arm
+    environment: ${{ needs.output-env.outputs.ENVIRONMENT }}
+    outputs:
+      RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
     steps:
       - uses: actions/checkout@v4
       - name: Setup Version
+        id: version
         uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
       - name: Setup @sentry/cli
@@ -39,12 +71,13 @@ jobs:
         run: yarn affine @affine/ios build
         env:
           PUBLIC_PATH: '/'
+          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
           SENTRY_PROJECT: 'affine'
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          SENTRY_RELEASE: ${{ inputs.app-version }}
-          RELEASE_VERSION: ${{ inputs.app-version }}
+          SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }}
+          RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
       - name: Upload ios artifact
         uses: actions/upload-artifact@v4
         with:
@@ -52,13 +85,17 @@ jobs:
           path: packages/frontend/apps/ios/dist
 
   build-android-web:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
+    needs:
+      - output-env
+    environment: ${{ needs.output-env.outputs.ENVIRONMENT }}
+    outputs:
+      RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
     steps:
       - uses: actions/checkout@v4
       - name: Setup Version
+        id: version
         uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
       - name: Setup @sentry/cli
@@ -67,11 +104,13 @@ jobs:
         run: yarn affine @affine/android build
         env:
           PUBLIC_PATH: '/'
+          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
           SENTRY_PROJECT: 'affine'
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          SENTRY_RELEASE: ${{ inputs.app-version }}
+          SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }}
+          RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
       - name: Upload android artifact
         uses: actions/upload-artifact@v4
         with:
@@ -79,19 +118,11 @@ jobs:
           path: packages/frontend/apps/android/dist
 
   ios:
-    runs-on: 'macos-15'
+    runs-on: namespace-profile-macos
     needs:
       - build-ios-web
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Version
-        uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
-          ios-app-version: ${{ inputs.ios-app-version }}
-      - name: 'Update Code Sign Identity'
-        shell: bash
-        run: ./packages/frontend/apps/ios/update_code_sign_identity.sh
       - name: Download mobile artifact
         uses: actions/download-artifact@v4
         with:
@@ -108,7 +139,7 @@ jobs:
           enableScripts: false
       - uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: 26.2
+          xcode-version: 16.2
       - name: Install Swiftformat
         run: brew install swiftformat
       - name: Cap sync
@@ -126,6 +157,7 @@ jobs:
           package: 'affine_mobile_native'
           no-build: 'true'
       - name: Testflight
+        if: ${{ env.BUILD_TYPE != 'stable' }}
         working-directory: packages/frontend/apps/ios/App
         run: |
           echo -n "${{ env.BUILD_PROVISION_PROFILE }}" | base64 --decode -o $PP_PATH
@@ -133,7 +165,6 @@ jobs:
           cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
           fastlane beta
         env:
-          BUILD_TARGET: distribution
           BUILD_PROVISION_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE }}
           PP_PATH: ${{ runner.temp }}/build_pp.mobileprovision
           APPLE_STORE_CONNECT_API_KEY_ID: ${{ secrets.APPLE_STORE_CONNECT_API_KEY_ID }}
@@ -148,19 +179,11 @@ jobs:
       - build-android-web
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Version
-        uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
       - name: Download mobile artifact
         uses: actions/download-artifact@v4
         with:
           name: android
           path: packages/frontend/apps/android/dist
-      - name: Load Google Service file
-        env:
-          DATA: ${{ secrets.FIREBASE_ANDROID_GOOGLE_SERVICE_JSON }}
-        run: echo $DATA | base64 -di > packages/frontend/apps/android/App/app/google-services.json
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
         timeout-minutes: 10
@@ -184,6 +207,7 @@ jobs:
       - name: Auth gcloud
         id: auth
         uses: google-github-actions/auth@v2
+        if: ${{ env.BUILD_TARGET == 'distribution' }}
         with:
           workload_identity_provider: 'projects/${{ secrets.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-helm-deploy'
           service_account: '${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }}'
@@ -197,6 +221,7 @@ jobs:
           cache: 'gradle'
       - name: Auto increment version code
         id: bump
+        if: ${{ env.BUILD_TARGET == 'distribution' }}
         run: yarn affine @affine/playstore-auto-bump bump
         env:
           GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.auth.outputs.credentials_file_path }}
@@ -208,13 +233,13 @@ jobs:
           AFFINE_ANDROID_KEYSTORE_PASSWORD: ${{ secrets.AFFINE_ANDROID_KEYSTORE_PASSWORD }}
           AFFINE_ANDROID_KEYSTORE_ALIAS_PASSWORD: ${{ secrets.AFFINE_ANDROID_KEYSTORE_ALIAS_PASSWORD }}
           AFFINE_ANDROID_SIGN_KEYSTORE: ${{ secrets.AFFINE_ANDROID_SIGN_KEYSTORE }}
-          VERSION_NAME: ${{ inputs.app-version }}
+
       - name: Upload to Google Play
         uses: r0adkll/upload-google-play@v1
+        if: ${{ env.BUILD_TARGET == 'distribution' }}
         with:
           serviceAccountJson: ${{ steps.auth.outputs.credentials_file_path }}
           packageName: app.affine.pro
-          releaseName: ${{ inputs.app-version }}
           releaseFiles: packages/frontend/apps/android/App/app/build/outputs/bundle/${{ env.BUILD_TYPE }}Release/app-${{ env.BUILD_TYPE }}-release-signed.aab
           track: internal
           status: draft

.github/workflows/release.yml

@@ -1,210 +0,0 @@
-name: Release
-
-on:
-  schedule:
-    - cron: '0 9 * * *'
-
-  workflow_dispatch:
-    inputs:
-      web:
-        description: 'Release Web?'
-        required: true
-        type: boolean
-        default: false
-      desktop_macos:
-        description: 'Desktop - macOS'
-        required: true
-        type: boolean
-        default: false
-      desktop_windows:
-        description: 'Desktop - Windows'
-        required: true
-        type: boolean
-        default: false
-      desktop_linux:
-        description: 'Desktop - Linux'
-        required: true
-        type: boolean
-        default: false
-      mobile:
-        description: 'Release Mobile?'
-        required: true
-        type: boolean
-        default: false
-      ios-app-version:
-        description: 'iOS App Store Version (Optional, use tag version if empty)'
-        required: false
-        type: string
-
-permissions:
-  contents: write
-  pull-requests: write
-  actions: write
-  id-token: write
-  packages: write
-  security-events: write
-  attestations: write
-  issues: write
-
-jobs:
-  prepare:
-    name: Prepare
-    runs-on: ubuntu-latest
-    outputs:
-      APP_VERSION: ${{ steps.prepare.outputs.APP_VERSION }}
-      GIT_SHORT_HASH: ${{ steps.prepare.outputs.GIT_SHORT_HASH }}
-      BUILD_TYPE: ${{ steps.prepare.outputs.BUILD_TYPE }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Prepare Release
-        id: prepare
-        uses: ./.github/actions/prepare-release
-
-  canary-gate:
-    name: Canary Gate
-    runs-on: ubuntu-latest
-    needs:
-      - prepare
-    outputs:
-      SHOULD_RELEASE: ${{ steps.decide.outputs.SHOULD_RELEASE }}
-      LAST_CANARY_TAG: ${{ steps.decide.outputs.LAST_CANARY_TAG }}
-      LAST_CANARY_SHA: ${{ steps.decide.outputs.LAST_CANARY_SHA }}
-    steps:
-      - name: Decide whether to release
-        id: decide
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const buildType = '${{ needs.prepare.outputs.BUILD_TYPE }}'
-            if (buildType !== 'canary') {
-              core.setOutput('SHOULD_RELEASE', 'true')
-              return
-            }
-
-            const owner = context.repo.owner
-            const repo = context.repo.repo
-            const currentSha = context.sha
-            const canaryTagRe = /^v\d+\.\d+\.\d+-canary\.[0-9a-f]+$/i
-
-            let page = 1
-            const perPage = 100
-            let lastCanary = null
-
-            while (!lastCanary && page <= 10) {
-              const { data } = await github.rest.repos.listTags({
-                owner,
-                repo,
-                per_page: perPage,
-                page,
-              })
-
-              for (const tag of data) {
-                if (canaryTagRe.test(tag.name)) {
-                  lastCanary = tag
-                  break
-                }
-              }
-
-              if (data.length < perPage) break
-              page++
-            }
-
-            if (!lastCanary) {
-              core.warning('No canary tags found; proceeding with canary release.')
-              core.setOutput('SHOULD_RELEASE', 'true')
-              return
-            }
-
-            core.setOutput('LAST_CANARY_TAG', lastCanary.name)
-            core.setOutput('LAST_CANARY_SHA', lastCanary.commit.sha)
-
-            const shouldRelease = lastCanary.commit.sha !== currentSha
-            core.info(`Latest canary tag ${lastCanary.name} -> ${lastCanary.commit.sha}; current ${currentSha}; should_release=${shouldRelease}`)
-            core.setOutput('SHOULD_RELEASE', shouldRelease ? 'true' : 'false')
-
-  cloud:
-    name: Release Cloud
-    if: ${{ inputs.web || github.event_name != 'workflow_dispatch' }}
-    needs:
-      - prepare
-    uses: ./.github/workflows/release-cloud.yml
-    secrets: inherit
-    with:
-      build-type: ${{ needs.prepare.outputs.BUILD_TYPE }}
-      app-version: ${{ needs.prepare.outputs.APP_VERSION }}
-      git-short-hash: ${{ needs.prepare.outputs.GIT_SHORT_HASH }}
-
-  image:
-    name: Release Docker Image
-    if: ${{ needs.canary-gate.outputs.SHOULD_RELEASE == 'true' }}
-    runs-on: ubuntu-latest
-    needs:
-      - prepare
-      - canary-gate
-      - cloud
-    steps:
-      - uses: trstringer/manual-approval@v1
-        if: ${{ needs.prepare.outputs.BUILD_TYPE == 'stable' }}
-        name: Wait for approval
-        with:
-          secret: ${{ secrets.GITHUB_TOKEN }}
-          approvers: darkskygit,pengx17,L-Sun,EYHN
-          minimum-approvals: 1
-          fail-on-denial: true
-          issue-title: Please confirm to release docker image
-          issue-body: |
-            Env: ${{ needs.prepare.outputs.BUILD_TYPE }}
-            Candidate: ghcr.io/toeverything/affine:${{ needs.prepare.outputs.BUILD_TYPE }}-${{ needs.prepare.outputs.GIT_SHORT_HASH }}
-            Tag: ghcr.io/toeverything/affine:${{ needs.prepare.outputs.BUILD_TYPE }}
-
-            > comment with "approve", "approved", "lgtm", "yes" to approve
-            > comment with "deny", "denied", "no" to deny
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          logout: false
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Tag Image
-        run: |
-          docker buildx imagetools create --tag ghcr.io/toeverything/affine:${{needs.prepare.outputs.BUILD_TYPE}} ghcr.io/toeverything/affine:${{needs.prepare.outputs.BUILD_TYPE}}-${{needs.prepare.outputs.GIT_SHORT_HASH}}
-          docker buildx imagetools create --tag ghcr.io/toeverything/affine:${{needs.prepare.outputs.APP_VERSION}} ghcr.io/toeverything/affine:${{needs.prepare.outputs.BUILD_TYPE}}-${{needs.prepare.outputs.GIT_SHORT_HASH}}
-
-  desktop:
-    name: Release Desktop
-    if: >-
-      ${{
-        (github.event_name != 'workflow_dispatch' && needs.canary-gate.outputs.SHOULD_RELEASE == 'true') ||
-        inputs.desktop_macos ||
-        inputs.desktop_windows ||
-        inputs.desktop_linux
-      }}
-    needs:
-      - prepare
-      - canary-gate
-    uses: ./.github/workflows/release-desktop.yml
-    secrets: inherit
-    with:
-      build-type: ${{ needs.prepare.outputs.BUILD_TYPE }}
-      app-version: ${{ needs.prepare.outputs.APP_VERSION }}
-      git-short-hash: ${{ needs.prepare.outputs.GIT_SHORT_HASH }}
-      desktop_macos: ${{ github.event_name != 'workflow_dispatch' || inputs.desktop_macos }}
-      desktop_windows: ${{ github.event_name != 'workflow_dispatch' || inputs.desktop_windows }}
-      desktop_linux: ${{ github.event_name != 'workflow_dispatch' || inputs.desktop_linux }}
-
-  mobile:
-    name: Release Mobile
-    if: ${{ inputs.mobile }}
-    needs:
-      - prepare
-    uses: ./.github/workflows/release-mobile.yml
-    secrets: inherit
-    with:
-      build-type: ${{ needs.prepare.outputs.BUILD_TYPE }}
-      app-version: ${{ needs.prepare.outputs.APP_VERSION }}
-      git-short-hash: ${{ needs.prepare.outputs.GIT_SHORT_HASH }}
-      ios-app-version: ${{ inputs.ios-app-version }}

.github/workflows/windows-signer.yml

@@ -29,7 +29,7 @@ jobs:
         shell: cmd
         run: |
           cd ${{ env.ARCHIVE_DIR }}/out
-          signtool sign /tr http://timestamp.globalsign.com/tsa/r6advanced1 /td sha256 /fd sha256 /a ${{ inputs.files }}
+          signtool sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /a ${{ inputs.files }}
       - name: zip file
         shell: cmd
         run: |