ci: use setup version action to init version

2026-02-04 16:44:56 +00:00 · 2023-12-21 10:19:19 +08:00
7760 changed files with 131613 additions and 734847 deletions
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -1,8 +1,2 @@
 [target.x86_64-pc-windows-msvc]
 rustflags = ["-C", "target-feature=+crt-static"]
-[target.aarch64-pc-windows-msvc]
-rustflags = ["-C", "target-feature=+crt-static"]
-[target.'cfg(target_os = "linux")']
-rustflags = ["-C", "link-args=-Wl,--warn-unresolved-symbols"]
-[target.'cfg(target_os = "macos")']
-rustflags = ["-C", "link-args=-all_load"]
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,6 +1,5 @@
 FROM mcr.microsoft.com/devcontainers/base:bookworm

-USER vscode
 # Install Homebrew For Linux
 RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" && \
    eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" && \
--- a/.devcontainer/build.sh
+++ b/.devcontainer/build.sh
@@ -8,8 +8,5 @@ corepack prepare yarn@stable --activate
 # install dependencies
 yarn install

-# Build Server Dependencies
-yarn affine @affine/server-native build
-
 # Create database
-yarn affine @affine/server prisma db push
+yarn workspace @affine/server prisma db push
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -11,7 +11,6 @@ services:
    network_mode: service:db
    environment:
      DATABASE_URL: postgresql://affine:affine@db:5432/affine
-      REDIS_SERVER_HOST: redis

  db:
    image: postgres:latest
@@ -22,10 +21,6 @@ services:
      POSTGRES_PASSWORD: affine
      POSTGRES_USER: affine
      POSTGRES_DB: affine
-  redis:
-    image: redis
-    ports:
-      - 6379:6379

 volumes:
  postgres-data:
--- a/.devcontainer/setup-user.sh
+++ b/.devcontainer/setup-user.sh
@@ -1,9 +1,7 @@
-set -e
-
 if [ -v GRAPHITE_TOKEN ];then
    gt auth --token $GRAPHITE_TOKEN
 fi

-git fetch origin canary:canary --depth=1
+git fetch
 git branch canary -t origin/canary
 gt init --trunk canary
--- a/.docker/dev/.env.example
+++ b/.docker/dev/.env.example
@@ -1,3 +0,0 @@
-DB_PASSWORD=affine
-DB_USERNAME=affine
-DB_DATABASE_NAME=affine
--- a/.docker/dev/.gitignore
+++ b/.docker/dev/.gitignore
@@ -1,3 +0,0 @@
-postgres
-.env
-compose.yml
--- a/.docker/dev/compose.yml.example
+++ b/.docker/dev/compose.yml.example
@@ -1,31 +0,0 @@
-name: affine_dev_services
-services:
-  postgres:
-    env_file:
-      - .env
-    image: postgres:16
-    ports:
-      - 5432:5432
-    environment:
-      POSTGRES_PASSWORD: ${DB_PASSWORD}
-      POSTGRES_USER: ${DB_USERNAME}
-      POSTGRES_DB: ${DB_DATABASE_NAME}
-    volumes:
-      - postgres_data:/var/lib/postgresql/data
-
-  redis:
-    image: redis:latest
-    ports:
-      - 6379:6379
-
-  mailhog:
-    image: mailhog/mailhog:latest
-    ports:
-      - 1025:1025
-      - 8025:8025
-
-networks:
-  dev:
-
-volumes:
-  postgres_data:
--- a/.docker/selfhost/.env.example
+++ b/.docker/selfhost/.env.example
@@ -1,23 +0,0 @@
-# select a revision to deploy, available values: stable, beta, canary
-AFFINE_REVISION=stable
-
-# set the port for the server container it will expose the server on
-PORT=3010
-
-# set the host for the server for outgoing links
-# AFFINE_SERVER_HTTPS=true
-# AFFINE_SERVER_HOST=affine.yourdomain.com
-# or 
-# AFFINE_SERVER_EXTERNAL_URL=https://affine.yourdomain.com
-
-# position of the database data to persist
-DB_DATA_LOCATION=~/.affine/self-host/postgres/pgdata
-# position of the upload data(images, files, etc.) to persist
-UPLOAD_LOCATION=~/.affine/self-host/storage
-# position of the configuration files to persist
-CONFIG_LOCATION=~/.affine/self-host/config
-
-# database credentials
-DB_USERNAME=affine
-DB_PASSWORD=
-DB_DATABASE=affine
--- a/.docker/selfhost/compose.yml
+++ b/.docker/selfhost/compose.yml
@@ -1,74 +0,0 @@
-name: affine
-services:
-  affine:
-    image: ghcr.io/toeverything/affine-graphql:${AFFINE_REVISION:-stable}
-    container_name: affine_server
-    ports:
-      - '${PORT:-3010}:3010'
-    depends_on:
-      redis:
-        condition: service_healthy
-      postgres:
-        condition: service_healthy
-      affine_migration:
-        condition: service_completed_successfully
-    volumes:
-      # custom configurations
-      - ${UPLOAD_LOCATION}:/root/.affine/storage
-      - ${CONFIG_LOCATION}:/root/.affine/config
-    env_file:
-      - .env
-    environment:
-      - REDIS_SERVER_HOST=redis
-      - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine}
-    restart: unless-stopped
-
-  affine_migration:
-    image: ghcr.io/toeverything/affine-graphql:${AFFINE_REVISION:-stable}
-    container_name: affine_migration_job
-    volumes:
-      # custom configurations
-      - ${UPLOAD_LOCATION}:/root/.affine/storage
-      - ${CONFIG_LOCATION}:/root/.affine/config
-    command: ['sh', '-c', 'node ./scripts/self-host-predeploy.js']
-    env_file:
-      - .env
-    environment:
-      - REDIS_SERVER_HOST=redis
-      - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine}
-    depends_on:
-      postgres:
-        condition: service_healthy
-      redis:
-        condition: service_healthy
-
-  redis:
-    image: redis
-    container_name: redis
-    healthcheck:
-      test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping']
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    restart: unless-stopped
-
-  postgres:
-    image: postgres:16
-    container_name: postgres
-    volumes:
-      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
-    environment:
-      POSTGRES_USER: ${DB_USERNAME}
-      POSTGRES_PASSWORD: ${DB_PASSWORD}
-      POSTGRES_DB: ${DB_DATABASE:-affine}
-      POSTGRES_INITDB_ARGS: '--data-checksums'
-      # you better set a password for you database
-      # or you may add 'POSTGRES_HOST_AUTH_METHOD=trust' to ignore postgres security policy
-      POSTGRES_HOST_AUTH_METHOD: trust
-    healthcheck:
-      test:
-        ['CMD', 'pg_isready', '-U', "${DB_USERNAME}", '-d', "${DB_DATABASE:-affine}"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    restart: unless-stopped
--- a/.env.template
+++ b/.env.template
@@ -0,0 +1,14 @@
+ENABLE_PLUGIN=
+ENABLE_TEST_PROPERTIES=
+ENABLE_BC_PROVIDER=
+CHANGELOG_URL=
+ENABLE_PRELOADING=
+ENABLE_NEW_SETTING_MODAL=
+ENABLE_SQLITE_PROVIDER=
+ENABLE_NEW_SETTING_UNSTABLE_API=
+ENABLE_NOTIFICATION_CENTER=
+ENABLE_CLOUD=
+ENABLE_MOVE_DATABASE=
+SHOULD_REPORT_TRACE=
+TRACE_REPORT_ENDPOINT=
+CAPTCHA_SITE_KEY=
--- a/.eslintignore
+++ b/.eslintignore
@@ -0,0 +1,16 @@
+node_modules
+dist
+.next
+out
+storybook-static
+affine-out
+_next
+lib
+.eslintrc.js
+e2e-dist-*
+static
+web-static
+public
+packages/common/sdk/src/*.d.ts
+packages/common/sdk/src/*.js
+packages/frontend/i18n/src/i18n-generated.ts
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -0,0 +1,313 @@
+const { resolve } = require('node:path');
+
+const createPattern = packageName => [
+  {
+    group: ['**/dist', '**/dist/**'],
+    message: 'Do not import from dist',
+    allowTypeImports: false,
+  },
+  {
+    group: ['**/src', '**/src/**'],
+    message: 'Do not import from src',
+    allowTypeImports: false,
+  },
+  {
+    group: [`@affine/${packageName}`],
+    message: 'Do not import package itself',
+    allowTypeImports: false,
+  },
+  {
+    group: [`@toeverything/${packageName}`],
+    message: 'Do not import package itself',
+    allowTypeImports: false,
+  },
+  {
+    group: ['@blocksuite/store'],
+    message: "Import from '@blocksuite/global/utils'",
+    importNames: ['assertExists', 'assertEquals'],
+  },
+  {
+    group: ['react-router-dom'],
+    message: 'Use `useNavigateHelper` instead',
+    importNames: ['useNavigate'],
+  },
+  {
+    group: ['next-auth/react'],
+    message: "Import hooks from 'use-current-user.tsx'",
+    // useSession is type unsafe
+    importNames: ['useSession'],
+  },
+  {
+    group: ['next-auth/react'],
+    message: "Import hooks from 'cloud-utils.ts'",
+    importNames: ['signIn', 'signOut'],
+  },
+  {
+    group: ['yjs'],
+    message: 'Do not use this API because it has a bug',
+    importNames: ['mergeUpdates'],
+  },
+  {
+    group: ['@affine/env/constant'],
+    message:
+      'Do not import from @affine/env/constant. Use `environment.isDesktop` instead',
+    importNames: ['isDesktop'],
+  },
+];
+
+const allPackages = [
+  'packages/backend/server',
+  'packages/frontend/component',
+  'packages/frontend/core',
+  'packages/frontend/electron',
+  'packages/frontend/graphql',
+  'packages/frontend/hooks',
+  'packages/frontend/i18n',
+  'packages/frontend/native',
+  'packages/frontend/templates',
+  'packages/frontend/workspace',
+  'packages/common/debug',
+  'packages/common/env',
+  'packages/common/infra',
+  'packages/common/sdk',
+  'packages/common/theme',
+  'packages/common/y-indexeddb',
+  'packages/plugins/copilot',
+  'tools/cli',
+  'tests/storybook',
+];
+
+/**
+ * @type {import('eslint').Linter.Config}
+ */
+const config = {
+  root: true,
+  settings: {
+    react: {
+      version: 'detect',
+    },
+    next: {
+      rootDir: 'packages/frontend/core',
+    },
+  },
+  extends: [
+    'eslint:recommended',
+    'plugin:react-hooks/recommended',
+    'plugin:react/recommended',
+    'plugin:react/jsx-runtime',
+    'plugin:@typescript-eslint/recommended',
+    'prettier',
+  ],
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    ecmaFeatures: {
+      globalReturn: false,
+      impliedStrict: true,
+      jsx: true,
+    },
+    ecmaVersion: 'latest',
+    sourceType: 'module',
+    project: resolve(__dirname, './tsconfig.eslint.json'),
+  },
+  plugins: [
+    'react',
+    '@typescript-eslint',
+    'simple-import-sort',
+    'sonarjs',
+    'i',
+    'unused-imports',
+    'unicorn',
+  ],
+  rules: {
+    'array-callback-return': 'error',
+    'no-undef': 'off',
+    'no-empty': 'off',
+    'no-func-assign': 'off',
+    'no-cond-assign': 'off',
+    'no-constant-binary-expression': 'error',
+    'no-constructor-return': 'error',
+    'no-self-compare': 'error',
+    eqeqeq: ['error', 'always', { null: 'ignore' }],
+    'react/prop-types': 'off',
+    'react/jsx-no-useless-fragment': 'error',
+    '@typescript-eslint/consistent-type-imports': 'error',
+    '@typescript-eslint/no-non-null-assertion': 'error',
+    '@typescript-eslint/no-explicit-any': 'off',
+    '@typescript-eslint/no-empty-function': 'off',
+    '@typescript-eslint/await-thenable': 'error',
+    '@typescript-eslint/require-array-sort-compare': 'error',
+    '@typescript-eslint/unified-signatures': 'error',
+    '@typescript-eslint/prefer-for-of': 'error',
+    '@typescript-eslint/no-unused-vars': [
+      'error',
+      {
+        varsIgnorePattern: '^_',
+        argsIgnorePattern: '^_',
+        caughtErrorsIgnorePattern: '^_',
+      },
+    ],
+    'unused-imports/no-unused-imports': 'error',
+    'simple-import-sort/imports': 'error',
+    'simple-import-sort/exports': 'error',
+    '@typescript-eslint/ban-ts-comment': [
+      'error',
+      {
+        'ts-expect-error': 'allow-with-description',
+        'ts-ignore': true,
+        'ts-nocheck': true,
+        'ts-check': false,
+      },
+    ],
+    '@typescript-eslint/no-restricted-imports': [
+      'error',
+      {
+        patterns: [
+          {
+            group: ['**/dist'],
+            message: "Don't import from dist",
+            allowTypeImports: false,
+          },
+          {
+            group: ['**/src'],
+            message: "Don't import from src",
+            allowTypeImports: false,
+          },
+          {
+            group: ['@blocksuite/store'],
+            message: "Import from '@blocksuite/global/utils'",
+            importNames: ['assertExists', 'assertEquals'],
+          },
+          {
+            group: ['react-router-dom'],
+            message: 'Use `useNavigateHelper` instead',
+            importNames: ['useNavigate'],
+          },
+          {
+            group: ['next-auth/react'],
+            message: "Import hooks from 'use-current-user.tsx'",
+            // useSession is type unsafe
+            importNames: ['useSession'],
+          },
+          {
+            group: ['next-auth/react'],
+            message: "Import hooks from 'cloud-utils.ts'",
+            importNames: ['signIn', 'signOut'],
+          },
+          {
+            group: ['yjs'],
+            message: 'Do not use this API because it has a bug',
+            importNames: ['mergeUpdates'],
+          },
+        ],
+      },
+    ],
+    'unicorn/filename-case': [
+      'error',
+      {
+        case: 'kebabCase',
+        ignore: ['^\\[[a-zA-Z0-9-_]+\\]\\.tsx$'],
+      },
+    ],
+    'unicorn/no-unnecessary-await': 'error',
+    'unicorn/no-useless-fallback-in-spread': 'error',
+    'unicorn/prefer-dom-node-dataset': 'error',
+    'unicorn/prefer-dom-node-append': 'error',
+    'unicorn/prefer-dom-node-remove': 'error',
+    'unicorn/prefer-array-some': 'error',
+    'unicorn/prefer-date-now': 'error',
+    'unicorn/prefer-blob-reading-methods': 'error',
+    'unicorn/no-typeof-undefined': 'error',
+    'unicorn/no-useless-promise-resolve-reject': 'error',
+    'unicorn/no-new-array': 'error',
+    'unicorn/new-for-builtins': 'error',
+    'sonarjs/no-all-duplicated-branches': 'error',
+    'sonarjs/no-element-overwrite': 'error',
+    'sonarjs/no-empty-collection': 'error',
+    'sonarjs/no-extra-arguments': 'error',
+    'sonarjs/no-identical-conditions': 'error',
+    'sonarjs/no-identical-expressions': 'error',
+    'sonarjs/no-ignored-return': 'error',
+    'sonarjs/no-one-iteration-loop': 'error',
+    'sonarjs/no-use-of-empty-return-value': 'error',
+    'sonarjs/non-existent-operator': 'error',
+    'sonarjs/no-collapsible-if': 'error',
+    'sonarjs/no-same-line-conditional': 'error',
+    'sonarjs/no-duplicated-branches': 'error',
+    'sonarjs/no-collection-size-mischeck': 'error',
+    'sonarjs/no-useless-catch': 'error',
+    'sonarjs/no-identical-functions': 'error',
+  },
+  overrides: [
+    {
+      files: 'packages/backend/server/**/*.ts',
+      rules: {
+        '@typescript-eslint/consistent-type-imports': 0,
+      },
+    },
+    {
+      files: '*.cjs',
+      rules: {
+        '@typescript-eslint/no-var-requires': 0,
+      },
+    },
+    ...allPackages.map(pkg => ({
+      files: [`${pkg}/src/**/*.ts`, `${pkg}/src/**/*.tsx`],
+      parserOptions: {
+        project: resolve(__dirname, './tsconfig.eslint.json'),
+      },
+      rules: {
+        '@typescript-eslint/no-restricted-imports': [
+          'error',
+          {
+            patterns: createPattern(pkg),
+          },
+        ],
+        '@typescript-eslint/no-floating-promises': [
+          'error',
+          {
+            ignoreVoid: false,
+            ignoreIIFE: false,
+          },
+        ],
+        '@typescript-eslint/no-misused-promises': ['error'],
+        '@typescript-eslint/prefer-readonly': 'error',
+        'i/no-extraneous-dependencies': ['error'],
+        'react-hooks/exhaustive-deps': [
+          'warn',
+          {
+            additionalHooks: 'useAsyncCallback',
+          },
+        ],
+      },
+    })),
+    {
+      files: [
+        '**/__tests__/**/*',
+        '**/*.stories.tsx',
+        '**/*.spec.ts',
+        '**/tests/**/*',
+        'scripts/**/*',
+        '**/benchmark/**/*',
+        '**/__debug__/**/*',
+        '**/e2e/**/*',
+      ],
+      rules: {
+        '@typescript-eslint/no-non-null-assertion': 0,
+        '@typescript-eslint/ban-ts-comment': [
+          'error',
+          {
+            'ts-expect-error': false,
+            'ts-ignore': true,
+            'ts-nocheck': true,
+            'ts-check': false,
+          },
+        ],
+        '@typescript-eslint/no-floating-promises': 0,
+        '@typescript-eslint/no-misused-promises': 0,
+        '@typescript-eslint/no-restricted-imports': 0,
+      },
+    },
+  ],
+};
+
+module.exports = config;
--- a/.github/CLA.md
+++ b/.github/CLA.md
@@ -33,6 +33,32 @@ You accept and agree to the following terms and conditions for your past, presen

 9. This Agreement will be governed by the laws of Republic of Singapore without reference to conflict of laws principles.

-## How To Sign
+## List of Contributors

-Visit https://cla-assistant.io/toeverything/AFFiNE and sign it.
+The below-signed are contributors to a code repository that is part of the project named "AFFiNE". Each below-signed contributor has read, understand and agrees to the terms above in the section within this document entitled "AFFiNE Contributor License Agreement" as of the date beside their real name (or entity name) and GitHub account name.
+
+---
+
+<!--
+Example:
+
+- Dark Sky, @darkskygit, 2022/07/22
+-->
+
+- Dark Sky, @darkskygit, 2022/07/22
+- Lin Onetwo, @linonetwo, 2022/02/14
+- zqran, @zqran, 2023/02/17
+- Alessio Gravili, @AlessioGr, 2023/03/04
+- Victor Nanka, @victornanka, 2023/03/09
+- Aditya Sharma, @adityash1, 2023/03/21
+- Fangdun Tsai, @fundon, 2023/03/21
+- Zhilin Liu, @lzlme, 2023/04/09
+- Skye Sun, @skyesun, 2023/04/14
+- Jordy Delgado, @Jdelgad8, 2023/04/17
+- Howard Do, @howarddo2208, 2023/04/20
+- 三咲智子 Kevin Deng, @sxzz, 2023/04/21
+- Moeyua, @moeyua, 2023/04/22
+- Shishu, @shishudesu, 2023/05/19
+- Kushagra Singh, @kush002, 2023/06/28
+- Sarvesh Kumar, @sarvesh521 2023/08/25
+- 微扰理论 Qinghao Huang, @wfnuser 2023/09/29
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,2 +0,0 @@
-/blocksuite/ @toeverything/blocksuite-core
-/packages/frontend/core/src/blocksuite @toeverything/blocksuite-core
--- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
@@ -7,8 +7,6 @@ body:
    attributes:
      value: |
        Thanks for taking the time to fill out this bug report!
-        Check out this [link](https://github.com/toeverything/AFFiNE/blob/canary/docs/issue-triaging.md)
-        to learn how we manage issues and when your issue will be processed.
  - type: textarea
    id: what-happened
    attributes:
@@ -43,14 +41,6 @@ body:
        - Firefox
        - Safari
        - Other
-  - type: checkboxes
-    id: selfhost
-    attributes:
-      label: Are you self-hosting?
-      description: >
-        If you are self-hosting, please check the box and provide information about your setup.
-      options:
-        - label: 'Yes'
  - type: textarea
    id: logs
    attributes:
@@ -63,3 +53,11 @@ body:
      description: |
        Links? References? Anything that will give us more context about the issue you are encountering!
        Tip: You can attach images here
+  - type: checkboxes
+    attributes:
+      label: Are you willing to submit a PR?
+      description: >
+        (Optional) We encourage you to submit a [Pull Request](https://github.com/toeverything/affine/pulls) (PR) to help improve AFFiNE for everyone, especially if you have a good understanding of how to implement a fix or feature.
+        See the AFFiNE [Contributing Guide](https://github.com/toeverything/affine/blob/canary/CONTRIBUTING.md) to get started.
+      options:
+        - label: Yes I'd like to help by submitting a PR!
--- a/.github/actions/build-rust/action.yml
+++ b/.github/actions/build-rust/action.yml
@@ -7,10 +7,9 @@ inputs:
  package:
    description: 'Package to build'
    required: true
-  no-build:
-    description: 'Whether to skip building'
+  nx_token:
+    description: 'Nx Cloud access token'
    required: false
-    default: 'false'

 runs:
  using: 'composite'
@@ -18,72 +17,39 @@ runs:
    - name: Print rustup toolchain version
      shell: bash
      id: rustup-version
-      working-directory: ${{ env.DEV_DRIVE_WORKSPACE || github.workspace }}
      run: |
        export RUST_TOOLCHAIN_VERSION="$(grep 'channel' rust-toolchain.toml | head -1 | awk -F '"' '{print $2}')"
        echo "Rust toolchain version: $RUST_TOOLCHAIN_VERSION"
        echo "RUST_TOOLCHAIN_VERSION=$RUST_TOOLCHAIN_VERSION" >> "$GITHUB_OUTPUT"
    - name: Setup Rust
      uses: dtolnay/rust-toolchain@stable
-      if: ${{ runner.os != 'Windows' }}
      with:
        toolchain: '${{ steps.rustup-version.outputs.RUST_TOOLCHAIN_VERSION }}'
        targets: ${{ inputs.target }}
      env:
        CARGO_INCREMENTAL: '1'

-    - name: Setup Rust
-      uses: dtolnay/rust-toolchain@stable
-      if: ${{ runner.os == 'Windows' }}
-      with:
-        toolchain: '${{ steps.rustup-version.outputs.RUST_TOOLCHAIN_VERSION }}'
-        targets: ${{ inputs.target }}
-      env:
-        CARGO_INCREMENTAL: '1'
-        CARGO_HOME: ${{ env.DEV_DRIVE }}/.cargo
-        RUSTUP_HOME: ${{ env.DEV_DRIVE }}/.rustup
-
    - name: Set CC
-      if: ${{ contains(inputs.target, 'linux') && inputs.package != '@affine/native' && inputs.no-build != 'true' }}
-      working-directory: ${{ env.DEV_DRIVE_WORKSPACE || github.workspace }}
+      if: ${{ contains(inputs.target, 'linux') && inputs.package != '@affine/native' }}
      shell: bash
      run: |
        echo "CC=clang" >> "$GITHUB_ENV"
        echo "TARGET_CC=clang" >> "$GITHUB_ENV"

    - name: Cache cargo
-      uses: Swatinem/rust-cache@v2
-      if: ${{ runner.os == 'Windows' }}
+      uses: actions/cache@v3
      with:
-        workspaces: ${{ env.DEV_DRIVE_WORKSPACE }}
-        save-if: ${{ github.ref_name == 'canary' }}
-        shared-key: ${{ inputs.target }}-${{ inputs.package }}
-      env:
-        CARGO_HOME: ${{ env.DEV_DRIVE }}/.cargo
-        RUSTUP_HOME: ${{ env.DEV_DRIVE }}/.rustup
-
-    - name: Cache cargo
-      uses: Swatinem/rust-cache@v2
-      if: ${{ runner.os != 'Windows' }}
-      with:
-        save-if: ${{ github.ref_name == 'canary' }}
-        shared-key: ${{ inputs.target }}-${{ inputs.package }}
-
+        path: |
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+          ~/.napi-rs
+          target/${{ inputs.target }}
+        key: stable-${{ inputs.target }}-cargo-cache
    - name: Build
      shell: bash
-      if: ${{ runner.os != 'Windows' && inputs.no-build != 'true' }}
      run: |
-        yarn workspace ${{ inputs.package }} build --target ${{ inputs.target }} --use-napi-cross
+        yarn workspace ${{ inputs.package }} nx build ${{ inputs.package }} --target ${{ inputs.target }} --use-napi-cross
      env:
+        NX_CLOUD_ACCESS_TOKEN: ${{ inputs.nx_token }}
        DEBUG: 'napi:*'
-
-    - name: Build
-      working-directory: ${{ env.DEV_DRIVE_WORKSPACE || github.workspace }}
-      shell: bash
-      if: ${{ runner.os == 'Windows' && inputs.no-build != 'true' }}
-      run: |
-        yarn workspace ${{ inputs.package }} build --target ${{ inputs.target }} --use-napi-cross
-      env:
-        DEBUG: 'napi:*'
-        CARGO_HOME: ${{ env.DEV_DRIVE }}/.cargo
-        RUSTUP_HOME: ${{ env.DEV_DRIVE }}/.rustup
--- a/.github/actions/cluster-auth/action.yml
+++ b/.github/actions/cluster-auth/action.yml
@@ -1,36 +0,0 @@
-name: 'Auth to Cluster'
-description: 'Auth to the GCP Cluster'
-inputs:
-  gcp-project-number:
-    description: 'GCP project number'
-    required: true
-  gcp-project-id:
-    description: 'GCP project id'
-    required: true
-  service-account:
-    description: 'Service account'
-  cluster-name:
-    description: 'Cluster name'
-  cluster-location:
-    description: 'Cluster location'
-
-runs:
-  using: 'composite'
-  steps:
-    - id: auth
-      uses: google-github-actions/auth@v2
-      with:
-        workload_identity_provider: 'projects/${{ inputs.gcp-project-number }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-helm-deploy'
-        service_account: '${{ inputs.service-account }}'
-        token_format: 'access_token'
-        project_id: '${{ inputs.gcp-project-id }}'
-
-    - name: 'Setup gcloud cli'
-      uses: 'google-github-actions/setup-gcloud@v2'
-      with:
-        install_components: 'gke-gcloud-auth-plugin'
-
-    - id: get-gke-credentials
-      shell: bash
-      run: |
-        gcloud container clusters get-credentials ${{ inputs.cluster-name }} --region ${{ inputs.cluster-location }} --project ${{ inputs.gcp-project-id }}
--- a/.github/actions/copilot-test/action.yml
+++ b/.github/actions/copilot-test/action.yml
@@ -1,37 +0,0 @@
-name: 'Run Copilot E2E Test'
-description: 'Run Copilot E2E Test'
-inputs:
-  script:
-    description: 'Script to run'
-    default: 'yarn affine @affine-test/affine-cloud-copilot e2e --forbid-only'
-    required: false
-  openai-key:
-    description: 'OpenAI secret key'
-    required: true
-  fal-key:
-    description: 'Fal secret key'
-    required: true
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Prepare Server Test Environment
-      uses: ./.github/actions/server-test-env
-
-    - name: Server Copilot E2E Test
-      shell: bash
-      run: ${{ inputs.script }}
-      env:
-        COPILOT: true
-        DEV_SERVER_URL: http://localhost:8080
-        COPILOT_OPENAI_API_KEY: ${{ inputs.openai-key }}
-        COPILOT_FAL_API_KEY: ${{ inputs.fal-key }}
-        COPILOT_PERPLEXITY_API_KEY: ${{ inputs.perplexity-key }}
-
-    - name: Upload test results
-      if: ${{ failure() }}
-      uses: actions/upload-artifact@v4
-      with:
-        name: test-results-e2e-server-copilot
-        path: ./test-results
-        if-no-files-found: ignore
--- a/.github/actions/deploy/action.yml
+++ b/.github/actions/deploy/action.yml
@@ -24,14 +24,24 @@ runs:
      shell: bash
      run: |
        echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
-    - name: 'Auth to cluster'
-      uses: './.github/actions/cluster-auth'
+    - uses: azure/setup-helm@v3
+    - id: auth
+      uses: google-github-actions/auth@v2
      with:
-        gcp-project-number: '${{ inputs.gcp-project-number }}'
-        gcp-project-id: '${{ inputs.gcp-project-id }}'
-        service-account: '${{ inputs.service-account }}'
-        cluster-name: '${{ inputs.cluster-name }}'
-        cluster-location: '${{ inputs.cluster-location }}'
+        workload_identity_provider: 'projects/${{ inputs.gcp-project-number }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-helm-deploy'
+        service_account: '${{ inputs.service-account }}'
+        token_format: 'access_token'
+        project_id: '${{ inputs.gcp-project-id }}'
+
+    - name: 'Setup gcloud cli'
+      uses: 'google-github-actions/setup-gcloud@v2'
+      with:
+        install_components: 'gke-gcloud-auth-plugin'
+
+    - id: get-gke-credentials
+      shell: bash
+      run: |
+        gcloud container clusters get-credentials ${{ inputs.cluster-name }} --region ${{ inputs.cluster-location }} --project ${{ inputs.gcp-project-id }}

    - name: Deploy
      shell: bash
--- a/.github/actions/deploy/deploy.mjs
+++ b/.github/actions/deploy/deploy.mjs
@@ -13,15 +13,12 @@ const {
  R2_ACCOUNT_ID,
  R2_ACCESS_KEY_ID,
  R2_SECRET_ACCESS_KEY,
+  R2_BUCKET,
+  ENABLE_CAPTCHA,
  CAPTCHA_TURNSTILE_SECRET,
-  METRICS_CUSTOMER_IO_TOKEN,
-  COPILOT_OPENAI_API_KEY,
-  COPILOT_FAL_API_KEY,
-  COPILOT_PERPLEXITY_API_KEY,
-  COPILOT_UNSPLASH_API_KEY,
-  MAILER_SENDER,
-  MAILER_USER,
-  MAILER_PASSWORD,
+  OAUTH_EMAIL_SENDER,
+  OAUTH_EMAIL_LOGIN,
+  OAUTH_EMAIL_PASSWORD,
  AFFINE_GOOGLE_CLIENT_ID,
  AFFINE_GOOGLE_CLIENT_SECRET,
  CLOUD_SQL_IAM_ACCOUNT,
@@ -41,47 +38,6 @@ const isProduction = buildType === 'stable';
 const isBeta = buildType === 'beta';
 const isInternal = buildType === 'internal';

-const replicaConfig = {
-  stable: {
-    web: 3,
-    graphql: Number(process.env.PRODUCTION_GRAPHQL_REPLICA) || 3,
-    sync: Number(process.env.PRODUCTION_SYNC_REPLICA) || 3,
-    renderer: Number(process.env.PRODUCTION_RENDERER_REPLICA) || 3,
-    doc: Number(process.env.PRODUCTION_DOC_REPLICA) || 3,
-  },
-  beta: {
-    web: 2,
-    graphql: Number(process.env.BETA_GRAPHQL_REPLICA) || 2,
-    sync: Number(process.env.BETA_SYNC_REPLICA) || 2,
-    renderer: Number(process.env.BETA_RENDERER_REPLICA) || 2,
-    doc: Number(process.env.BETA_DOC_REPLICA) || 2,
-  },
-  canary: {
-    web: 2,
-    graphql: 2,
-    sync: 2,
-    renderer: 2,
-    doc: 2,
-  },
-};
-
-const cpuConfig = {
-  beta: {
-    web: '300m',
-    graphql: '1',
-    sync: '1',
-    doc: '1',
-    renderer: '300m',
-  },
-  canary: {
-    web: '300m',
-    graphql: '1',
-    sync: '1',
-    doc: '1',
-    renderer: '300m',
-  },
-};
-
 const createHelmCommand = ({ isDryRun }) => {
  const flag = isDryRun ? '--dry-run' : '--atomic';
  const imageTag = `${buildType}-${GIT_SHORT_HASH}`;
@@ -109,19 +65,9 @@ const createHelmCommand = ({ isDryRun }) => {
          `--set-json   cloud-sql-proxy.nodeSelector=\"{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }\"`,
        ]
      : [];
-
-  const cpu = cpuConfig[buildType];
-  const resources = cpu
-    ? [
-        `--set        web.resources.requests.cpu="${cpu.web}"`,
-        `--set        graphql.resources.requests.cpu="${cpu.graphql}"`,
-        `--set        sync.resources.requests.cpu="${cpu.sync}"`,
-        `--set        doc.resources.requests.cpu="${cpu.doc}"`,
-      ]
-    : [];
-
-  const replica = replicaConfig[buildType] || replicaConfig.canary;
-
+  const webReplicaCount = isProduction ? 3 : isBeta ? 2 : 2;
+  const graphqlReplicaCount = isProduction ? 10 : isBeta ? 5 : 2;
+  const syncReplicaCount = isProduction ? 10 : isBeta ? 5 : 2;
  const namespace = isProduction
    ? 'production'
    : isBeta
@@ -134,51 +80,36 @@ const createHelmCommand = ({ isDryRun }) => {
  const deployCommand = [
    `helm upgrade --install affine .github/helm/affine`,
    `--namespace  ${namespace}`,
-    `--set-string global.app.buildType="${buildType}"`,
    `--set        global.ingress.enabled=true`,
    `--set-json   global.ingress.annotations=\"{ \\"kubernetes.io/ingress.class\\": \\"gce\\", \\"kubernetes.io/ingress.allow-http\\": \\"true\\", \\"kubernetes.io/ingress.global-static-ip-name\\": \\"${STATIC_IP_NAME}\\" }\"`,
    `--set-string global.ingress.host="${host}"`,
-    `--set        global.objectStorage.r2.enabled=true`,
-    `--set-string global.objectStorage.r2.accountId="${R2_ACCOUNT_ID}"`,
-    `--set-string global.objectStorage.r2.accessKeyId="${R2_ACCESS_KEY_ID}"`,
-    `--set-string global.objectStorage.r2.secretAccessKey="${R2_SECRET_ACCESS_KEY}"`,
    `--set-string global.version="${APP_VERSION}"`,
    ...redisAndPostgres,
-    `--set        web.replicaCount=${replica.web}`,
+    `--set        web.replicaCount=${webReplicaCount}`,
    `--set-string web.image.tag="${imageTag}"`,
-    `--set        graphql.replicaCount=${replica.graphql}`,
+    `--set        graphql.replicaCount=${graphqlReplicaCount}`,
    `--set-string graphql.image.tag="${imageTag}"`,
    `--set        graphql.app.host=${host}`,
-    `--set        graphql.app.captcha.enabled=true`,
+    `--set        graphql.app.captcha.enabled=${ENABLE_CAPTCHA}`,
    `--set-string graphql.app.captcha.turnstile.secret="${CAPTCHA_TURNSTILE_SECRET}"`,
-    `--set        graphql.app.copilot.enabled=true`,
-    `--set-string graphql.app.copilot.openai.key="${COPILOT_OPENAI_API_KEY}"`,
-    `--set-string graphql.app.copilot.fal.key="${COPILOT_FAL_API_KEY}"`,
-    `--set-string graphql.app.copilot.perplexity.key="${COPILOT_PERPLEXITY_API_KEY}"`,
-    `--set-string graphql.app.copilot.unsplash.key="${COPILOT_UNSPLASH_API_KEY}"`,
-    `--set-string graphql.app.mailer.sender="${MAILER_SENDER}"`,
-    `--set-string graphql.app.mailer.user="${MAILER_USER}"`,
-    `--set-string graphql.app.mailer.password="${MAILER_PASSWORD}"`,
+    `--set        graphql.app.objectStorage.r2.enabled=true`,
+    `--set-string graphql.app.objectStorage.r2.accountId="${R2_ACCOUNT_ID}"`,
+    `--set-string graphql.app.objectStorage.r2.accessKeyId="${R2_ACCESS_KEY_ID}"`,
+    `--set-string graphql.app.objectStorage.r2.secretAccessKey="${R2_SECRET_ACCESS_KEY}"`,
+    `--set-string graphql.app.objectStorage.r2.bucket="${R2_BUCKET}"`,
+    `--set-string graphql.app.oauth.email.sender="${OAUTH_EMAIL_SENDER}"`,
+    `--set-string graphql.app.oauth.email.login="${OAUTH_EMAIL_LOGIN}"`,
+    `--set-string graphql.app.oauth.email.password="${OAUTH_EMAIL_PASSWORD}"`,
    `--set-string graphql.app.oauth.google.enabled=true`,
    `--set-string graphql.app.oauth.google.clientId="${AFFINE_GOOGLE_CLIENT_ID}"`,
    `--set-string graphql.app.oauth.google.clientSecret="${AFFINE_GOOGLE_CLIENT_SECRET}"`,
    `--set-string graphql.app.payment.stripe.apiKey="${STRIPE_API_KEY}"`,
    `--set-string graphql.app.payment.stripe.webhookKey="${STRIPE_WEBHOOK_KEY}"`,
-    `--set        graphql.app.metrics.enabled=true`,
-    `--set-string graphql.app.metrics.customerIo.token="${METRICS_CUSTOMER_IO_TOKEN}"`,
-    `--set        graphql.app.experimental.enableJwstCodec=${namespace === 'dev'}`,
+    `--set        graphql.app.experimental.enableJwstCodec=true`,
    `--set        graphql.app.features.earlyAccessPreview=false`,
-    `--set        graphql.app.features.syncClientVersionCheck=true`,
-    `--set        sync.replicaCount=${replica.sync}`,
+    `--set        sync.replicaCount=${syncReplicaCount}`,
    `--set-string sync.image.tag="${imageTag}"`,
-    `--set-string renderer.image.tag="${imageTag}"`,
-    `--set        renderer.app.host=${host}`,
-    `--set        renderer.replicaCount=${replica.renderer}`,
-    `--set-string doc.image.tag="${imageTag}"`,
-    `--set        doc.app.host=${host}`,
-    `--set        doc.replicaCount=${replica.doc}`,
    ...serviceAnnotations,
-    ...resources,
    `--timeout 10m`,
    flag,
  ].join(' ');
--- a/.github/actions/download-core/action.yml
+++ b/.github/actions/download-core/action.yml
@@ -0,0 +1,22 @@
+name: 'Download core artifacts'
+description: 'Download core artifacts and extract to dist'
+inputs:
+  path:
+    description: 'Path to extract'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Download tar.gz
+      uses: actions/download-artifact@v3
+      with:
+        name: core
+        path: .
+
+    - name: Extract core artifacts
+      shell: bash
+      run: |
+        mkdir -p ${{ inputs.path }}
+        tar -xvf dist.tar.gz --directory ${{ inputs.path }}
+        rm dist.tar.gz
--- a/.github/actions/download-web/action.yml
+++ b/.github/actions/download-web/action.yml
@@ -1,22 +0,0 @@
-name: 'Download core artifacts'
-description: 'Download core artifacts and extract to dist'
-inputs:
-  path:
-    description: 'Path to extract'
-    required: true
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Download tar.gz
-      uses: actions/download-artifact@v4
-      with:
-        name: web
-        path: .
-
-    - name: Extract core artifacts
-      shell: bash
-      run: |
-        mkdir -p ${{ inputs.path }}
-        tar -xvf dist.tar.gz --directory ${{ inputs.path }}
-        rm dist.tar.gz
--- a/.github/actions/server-test-env/action.yml
+++ b/.github/actions/server-test-env/action.yml
@@ -1,23 +0,0 @@
-name: 'Prepare Server Test Environment'
-description: 'Prepare Server Test Environment'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Initialize database
-      shell: bash
-      run: |
-        psql -h localhost -U postgres -c "CREATE DATABASE affine;"
-        psql -h localhost -U postgres -c "CREATE USER affine WITH PASSWORD 'affine';"
-        psql -h localhost -U postgres -c "ALTER USER affine WITH SUPERUSER;"
-      env:
-        PGPASSWORD: affine
-
-    - name: Run init-db script
-      shell: bash
-      env:
-        NODE_ENV: test
-      run: |
-        yarn affine @affine/server prisma generate
-        yarn affine @affine/server prisma db push
-        yarn affine @affine/server data-migration run
--- a/.github/actions/setup-node/action.yml
+++ b/.github/actions/setup-node/action.yml
@@ -17,14 +17,18 @@ inputs:
    description: 'Download the Electron binary'
    required: false
    default: 'true'
-  corepack-install:
-    description: 'Install CorePack'
-    required: false
-    default: 'false'
  hard-link-nm:
    description: 'set nmMode to hardlinks-local in .yarnrc.yml'
    required: false
    default: 'true'
+  build-infra:
+    description: 'Build infra'
+    required: false
+    default: 'true'
+  build-plugins:
+    description: 'Build plugins'
+    required: false
+    default: 'true'
  nmHoistingLimits:
    description: 'Set nmHoistingLimits in .yarnrc.yml'
    required: false
@@ -35,19 +39,10 @@ inputs:
  full-cache:
    description: 'Full installation cache'
    required: false
+
 runs:
  using: 'composite'
  steps:
-    - name: Output workspace path
-      id: workspace-path
-      shell: bash
-      run: |
-        if [ -n "${{ env.DEV_DRIVE_WORKSPACE }}" ]; then
-          echo "workspace_path=${{ env.DEV_DRIVE_WORKSPACE }}" >> $GITHUB_OUTPUT
-        else
-          echo "workspace_path=${{ github.workspace }}" >> $GITHUB_OUTPUT
-        fi
-
    - name: Setup Node.js
      uses: actions/setup-node@v4
      with:
@@ -55,81 +50,78 @@ runs:
        registry-url: https://npm.pkg.github.com
        scope: '@toeverything'

-    - uses: kenchan0130/actions-system-info@master
-      id: system-info
-
-    - name: Init CorePack
-      if: ${{ inputs.corepack-install == 'true' }}
-      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
-      run: corepack enable
-
    - name: Set nmMode
      if: ${{ inputs.hard-link-nm == 'false' }}
      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: yarn config set nmMode classic

    - name: Set nmHoistingLimits
      if: ${{ inputs.nmHoistingLimits }}
      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: yarn config set nmHoistingLimits ${{ inputs.nmHoistingLimits }}

    - name: Set enableScripts
      if: ${{ inputs.enableScripts == 'false' }}
      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: yarn config set enableScripts false

    - name: Set yarn global cache path
      shell: bash
      id: yarn-cache
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: node -e "const p = $(yarn config cacheFolder --json).effective; console.log('yarn_global_cache=' + p)" >> $GITHUB_OUTPUT

    - name: Cache non-full yarn cache on Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
      if: ${{ inputs.full-cache != 'true' && runner.os == 'Linux' }}
      with:
        path: |
-          ${{ steps.workspace-path.outputs.workspace_path }}/node_modules
+          node_modules
          ${{ steps.yarn-cache.outputs.yarn_global_cache }}
-        key: node_modules-cache-${{ github.job }}-${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}
+        key: node_modules-cache-${{ github.job }}-${{ runner.os }}

    # The network performance on macOS is very poor
    # and the decompression performance on Windows is very terrible
    # so we reduce the number of cached files on non-Linux systems by remove node_modules from cache path.
    - name: Cache non-full yarn cache on non-Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
      if: ${{ inputs.full-cache != 'true' && runner.os != 'Linux' }}
      with:
        path: |
          ${{ steps.yarn-cache.outputs.yarn_global_cache }}
-        key: node_modules-cache-${{ github.job }}-${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}
+        key: node_modules-cache-${{ github.job }}-${{ runner.os }}

    - name: Cache full yarn cache on Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
      if: ${{ inputs.full-cache == 'true' && runner.os == 'Linux' }}
      with:
        path: |
          node_modules
          ${{ steps.yarn-cache.outputs.yarn_global_cache }}
-        key: node_modules-cache-full-${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}
+        key: node_modules-cache-full-${{ runner.os }}

    - name: Cache full yarn cache on non-Linux
-      uses: actions/cache@v4
+      uses: actions/cache@v3
      if: ${{ inputs.full-cache == 'true' && runner.os != 'Linux' }}
      with:
        path: |
          ${{ steps.yarn-cache.outputs.yarn_global_cache }}
-        key: node_modules-cache-full-${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}
+        key: node_modules-cache-full-${{ runner.os }}

    - name: yarn install
      if: ${{ inputs.package-install == 'true' }}
      continue-on-error: true
      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
+      run: yarn ${{ inputs.extra-flags }}
+      env:
+        HUSKY: '0'
+        PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: '1'
+        ELECTRON_SKIP_BINARY_DOWNLOAD: '1'
+        SENTRYCLI_SKIP_DOWNLOAD: '1'
+        DEBUG: '*'
+
+    - name: yarn install (try again)
+      if: ${{ steps.install.outcome == 'failure' }}
+      shell: bash
      run: yarn ${{ inputs.extra-flags }}
      env:
        HUSKY: '0'
@@ -142,7 +134,6 @@ runs:
      id: playwright-version
      if: ${{ inputs.playwright-install == 'true' }}
      shell: bash
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      run: echo "version=$(yarn why --json @playwright/test | grep -h 'workspace:.' | jq --raw-output '.children[].locator' | sed -e 's/@playwright\/test@.*://' | head -n 1)" >> $GITHUB_OUTPUT

      # Attempt to restore the correct Playwright browser binaries based on the
@@ -151,12 +142,12 @@ runs:
      # Note: Playwright's cache directory is hard coded because that's what it
      # says to do in the docs. There doesn't appear to be a command that prints
      # it out for us.
-    - uses: actions/cache@v4
+    - uses: actions/cache@v3
      id: playwright-cache
      if: ${{ inputs.playwright-install == 'true' }}
      with:
-        path: ${{ steps.workspace-path.outputs.workspace_path }}/node_modules/.cache/ms-playwright
-        key: '${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}-playwright-${{ steps.playwright-version.outputs.version }}'
+        path: ${{ github.workspace }}/node_modules/.cache/ms-playwright
+        key: '${{ runner.os }}-playwright-${{ steps.playwright-version.outputs.version }}'
        # As a fallback, if the Playwright version has changed, try use the
        # most recently cached version. There's a good chance that at least one
        # of the browser binary versions haven't been updated, so Playwright can
@@ -166,44 +157,46 @@ runs:
        # date cache, but still let Playwright decide if it needs to download
        # new binaries or not.
        restore-keys: |
-          ${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}-playwright-
+          ${{ runner.os }}-playwright-

    # If the Playwright browser binaries weren't able to be restored, we tell
    # playwright to install everything for us.
    - name: Install Playwright's dependencies
      shell: bash
      if: inputs.playwright-install == 'true'
-      run: yarn playwright install --with-deps chromium webkit
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
+      run: yarn playwright install --with-deps chromium
      env:
-        PLAYWRIGHT_BROWSERS_PATH: ${{ steps.workspace-path.outputs.workspace_path }}/node_modules/.cache/ms-playwright
+        PLAYWRIGHT_BROWSERS_PATH: ${{ github.workspace }}/node_modules/.cache/ms-playwright

    - name: Get installed Electron version
      id: electron-version
      if: ${{ inputs.electron-install == 'true' }}
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      shell: bash
      run: |
        echo "version=$(yarn why --json electron | grep -h 'workspace:.' | jq --raw-output '.children[].locator' | sed -e 's/@playwright\/test@.*://' | head -n 1)" >> $GITHUB_OUTPUT

-    - uses: actions/cache@v4
+    - uses: actions/cache@v3
      id: electron-cache
      if: ${{ inputs.electron-install == 'true' }}
      with:
-        path: ${{ steps.workspace-path.outputs.workspace_path }}/node_modules/.cache/electron
-        key: '${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}-electron-${{ steps.electron-version.outputs.version }}'
+        path: 'node_modules/.cache/electron'
+        key: '${{ runner.os }}-electron-${{ steps.electron-version.outputs.version }}'
        restore-keys: |
-          ${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}-electron-
+          ${{ runner.os }}-electron-

    - name: Install Electron binary
      shell: bash
      if: inputs.electron-install == 'true'
      run: node ./node_modules/electron/install.js
-      working-directory: ${{ steps.workspace-path.outputs.workspace_path }}
      env:
-        electron_config_cache: ${{ steps.workspace-path.outputs.workspace_path }}/node_modules/.cache/electron
+        electron_config_cache: ./node_modules/.cache/electron

-    - name: Write PLAYWRIGHT_BROWSERS_PATH env
+    - name: Build Infra
      shell: bash
-      run: |
-        echo "PLAYWRIGHT_BROWSERS_PATH=${{ steps.workspace-path.outputs.workspace_path }}/node_modules/.cache/ms-playwright" >> $GITHUB_ENV
+      if: inputs.build-infra == 'true'
+      run: yarn run build:infra
+
+    - name: Build Plugins
+      if: inputs.build-plugins == 'true'
+      shell: bash
+      run: yarn run build:plugins
--- a/.github/actions/setup-version/action.yml
+++ b/.github/actions/setup-version/action.yml
@@ -1,9 +1,5 @@
 name: Setup Version
 description: 'Setup Version'
-outputs:
-  APP_VERSION:
-    description: 'App Version'
-    value: ${{ steps.version.outputs.APP_VERSION }}
 runs:
  using: 'composite'
  steps:
@@ -12,12 +8,12 @@ runs:
      shell: bash
      run: |
        if [ "${{ github.ref_type }}" == "tag" ]; then
-          APP_VERSION=$(echo "${{ github.ref_name }}" | sed 's/^v//')
+          APP_VERSION=${{ github.ref_name }}
        else
          PACKAGE_VERSION=$(node -p "require('./package.json').version")
          TIME_VERSION=$(date +%Y%m%d%H%M)
          GIT_SHORT_HASH=$(git rev-parse --short HEAD)
-          APP_VERSION=$PACKAGE_VERSION-nightly-$GIT_SHORT_HASH
+          APP_VERSION=$PACKAGE_VERSION-nightly-$TIME_VERSION-$GIT_SHORT_HASH
        fi
        echo $APP_VERSION
        echo "APP_VERSION=$APP_VERSION" >> "$GITHUB_OUTPUT"
--- a/.github/deployment/front/Dockerfile
+++ b/.github/deployment/front/Dockerfile
@@ -1,8 +1,6 @@
-FROM openresty/openresty:1.27.1.1-0-buster
+FROM openresty/openresty:1.21.4.1-0-buster
 WORKDIR /app
-COPY ./packages/frontend/apps/web/dist ./dist
-COPY ./packages/frontend/admin/dist ./admin
-COPY ./packages/frontend/apps/mobile/dist ./mobile
+COPY ./packages/frontend/core/dist ./dist
 COPY ./.github/deployment/front/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
 COPY ./.github/deployment/front/affine.nginx.conf /etc/nginx/conf.d/affine.nginx.conf

--- a/.github/deployment/front/affine.nginx.conf
+++ b/.github/deployment/front/affine.nginx.conf
@@ -1,42 +1,13 @@
 server {
-  listen 8080;
-  location /admin {
-    root /app/;
-    index index.html;
-    try_files $uri/index.html $uri/ $uri /admin/index.html;
-  }
+    listen 8080;
+    root /app/dist;

-  set $app_root_path /app/dist/;
-  set $mobile_root /app/dist/;
-  set_by_lua $affine_env 'return os.getenv("AFFINE_ENV")';
+    location / {
+        try_files $uri $uri/ /index.html;
+    }

-  if ($affine_env = "dev") {
-    set $mobile_root /app/mobile/;
-  }
-
-  # https://gist.github.com/mariusom/6683dc52b1cad1a1f372e908bdb209d0
-  if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino") {
-    set $app_root_path $mobile_root;
-  }
-
-  if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {
-    set $app_root_path $mobile_root;
-  }
-
-  location ~ ^/(_plugin|assets|imgs|js|plugins|static)/ {
-    root $app_root_path;
-    try_files $uri $uri/ =404;
-  }
-
-  location / {
-    root $app_root_path;
-    index index.html;
-    try_files $uri $uri/ /index.html;
-    add_header Cache-Control "private, no-cache, no-store, max-age=0, must-revalidate";
-  }
-
-  error_page 404 /404.html;
-  location = /404.html {
-    internal;
-  }
+    error_page 404 /404.html;
+    location = /404.html {
+        internal;
+    }
 }
--- a/.github/deployment/front/nginx.conf
+++ b/.github/deployment/front/nginx.conf
@@ -1,15 +1,14 @@
-worker_processes 4;
+worker_processes  4;
 error_log /var/log/nginx/error.log warn;
 pcre_jit on;
-env AFFINE_ENV;
 events {
-  worker_connections 1024;
+    worker_connections 1024;
 }
 http {
-  include mime.types;
-  log_format main '$remote_addr [$time_local] "$request" '
-  '$status $body_bytes_sent "$http_referer" '
-  '"$http_user_agent" "$http_x_forwarded_for"';
-  access_log /var/log/nginx/access.log main;
-  include /etc/nginx/conf.d/*.conf;
+    include       mime.types;
+    log_format    main  '$remote_addr [$time_local] "$request" '
+                        '$status $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log    /var/log/nginx/access.log  main;
+    include /etc/nginx/conf.d/*.conf;
 }
--- a/.github/deployment/node/Dockerfile
+++ b/.github/deployment/node/Dockerfile
@@ -1,13 +1,10 @@
-FROM node:22-bookworm-slim
+FROM node:18-bookworm-slim

 COPY ./packages/backend/server /app
-COPY ./packages/frontend/apps/web/dist /app/static
-COPY ./packages/frontend/admin/dist /app/static/admin
-COPY ./packages/frontend/apps/mobile/dist /app/static/mobile
 WORKDIR /app

 RUN apt-get update && \
  apt-get install -y --no-install-recommends openssl && \
  rm -rf /var/lib/apt/lists/*

-CMD ["node", "--import", "./scripts/register.js", "./dist/index.js"]
+CMD ["node", "--es-module-specifier-resolution=node", "./dist/index.js"]
--- a/.github/deployment/self-host/compose.yaml
+++ b/.github/deployment/self-host/compose.yaml
@@ -1,60 +0,0 @@
-services:
-  affine:
-    image: ghcr.io/toeverything/affine-graphql:stable
-    container_name: affine_selfhosted
-    command:
-      ['sh', '-c', 'node ./scripts/self-host-predeploy && node ./dist/index.js']
-    ports:
-      - '3010:3010'
-      - '5555:5555'
-    depends_on:
-      redis:
-        condition: service_healthy
-      postgres:
-        condition: service_healthy
-    volumes:
-      # custom configurations
-      - ~/.affine/self-host/config:/root/.affine/config
-      # blob storage
-      - ~/.affine/self-host/storage:/root/.affine/storage
-    logging:
-      driver: 'json-file'
-      options:
-        max-size: '1000m'
-    restart: unless-stopped
-    environment:
-      - NODE_OPTIONS="--import=./scripts/register.js"
-      - AFFINE_CONFIG_PATH=/root/.affine/config
-      - REDIS_SERVER_HOST=redis
-      - DATABASE_URL=postgres://affine:affine@postgres:5432/affine
-      - NODE_ENV=production
-      # Telemetry allows us to collect data on how you use the affine. This data will helps us improve the app and provide better features.
-      # Uncomment next line if you wish to quit telemetry.
-      # - TELEMETRY_ENABLE=false
-  redis:
-    image: redis
-    container_name: affine_redis
-    restart: unless-stopped
-    volumes:
-      - ~/.affine/self-host/redis:/data
-    healthcheck:
-      test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping']
-      interval: 10s
-      timeout: 5s
-      retries: 5
-  postgres:
-    image: postgres:16
-    container_name: affine_postgres
-    restart: unless-stopped
-    volumes:
-      - ~/.affine/self-host/postgres:/var/lib/postgresql/data
-    healthcheck:
-      test: ['CMD-SHELL', 'pg_isready -U affine']
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    environment:
-      POSTGRES_USER: affine
-      POSTGRES_PASSWORD: affine
-      POSTGRES_DB: affine
-      PGDATA: /var/lib/postgresql/data/pgdata
--- a/.github/helm/affine-cloud/.gitignore
+++ b/.github/helm/affine-cloud/.gitignore
@@ -0,0 +1 @@
+charts/
--- a/.github/helm/affine-cloud/.helmignore
+++ b/.github/helm/affine-cloud/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/.github/helm/affine-cloud/Chart.lock
+++ b/.github/helm/affine-cloud/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 13.2.23
+digest: sha256:5b64538509bd067bb0f67bf082847a2c5d66dc37d0b9d7948a40405d9c446400
+generated: "2023-12-05T03:04:57.997927753Z"
--- a/.github/helm/affine-cloud/Chart.yaml
+++ b/.github/helm/affine-cloud/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: affine-cloud
+description: A Helm chart for AFFiNE Cloud
+
+type: application
+version: 0.6.1
+appVersion: '0.6.1'
+
+dependencies:
+  - name: postgresql
+    version: 13.2.23
+    repository: https://charts.bitnami.com/bitnami
--- a/.github/helm/affine-cloud/readme.md
+++ b/.github/helm/affine-cloud/readme.md
@@ -0,0 +1,30 @@
+# Helm Chart Configuration
+
+The following table lists the configurable parameters of this Helm chart and their default values.
+
+## AFFiNE Cloud Server parameters
+
+| Parameter                      | Description                                        | Default            |
+| ------------------------------ | -------------------------------------------------- | ------------------ |
+| `affineCloud.tag`              | The Docker tag of the AffineCloud image to be used | `'nightly-latest'` |
+| `affineCloud.resources.cpu`    | The CPU resources allocated for AffineCloud        | `'250m'`           |
+| `affineCloud.resources.memory` | The memory resources allocated for AffineCloud     | `'0.5Gi'`          |
+| `affineCloud.signKey`          | The key used to sign the JWT tokens                | `'c2VjcmV0'`       |
+| `affineCloud.service.type`     | The type of the Kubernetes service                 | `'ClusterIP'`      |
+| `affineCloud.service.port`     | The port of the Kubernetes service                 | `'http'`           |
+| `affineCloud.mail.account`     | The email account used to send emails              | `''`               |
+| `affineCloud.mail.password`    | The password of the email account                  | `''`               |
+
+## PostgreSQL parameters
+
+| Parameter                                    | Description                                                                           | Default      |
+| -------------------------------------------- | ------------------------------------------------------------------------------------- | ------------ |
+| `postgresql.auth.username`                   | Username for the PostgreSQL database                                                  | `'affine'`   |
+| `postgresql.auth.password`                   | Password for the PostgreSQL database. Please change this for production environments. | `'password'` |
+| `postgresql.auth.database`                   | The name of the default database that will be created on image startup                | `'affine'`   |
+| `postgresql.primary.resources.limits.cpu`    | The CPU resources allocated for the PostgreSQL primary node                           | `'500m'`     |
+| `postgresql.primary.resources.limits.memory` | The memory resources allocated for the PostgreSQL primary node                        | `'0.5Gi'`    |
+
+For more postgres parameters, please refer to: https://artifacthub.io/packages/helm/bitnami/postgresql
+
+Please note that for the `postgresql.auth.password`, you should provide your own password for production environments. The default value is provided only for demonstration purposes.
--- a/.github/helm/affine-cloud/templates/_helper.tpl
+++ b/.github/helm/affine-cloud/templates/_helper.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "affine-cloud.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "affine-cloud.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "affine-cloud.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "affine-cloud.labels" -}}
+helm.sh/chart: {{ include "affine-cloud.chart" . }}
+{{ include "affine-cloud.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "affine-cloud.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "affine-cloud.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
--- a/.github/helm/affine-cloud/templates/deployment.yaml
+++ b/.github/helm/affine-cloud/templates/deployment.yaml
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ include "affine-cloud.fullname" . }}"
+  labels:
+    {{- include "affine-cloud.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "affine-cloud.selectorLabels" . | nindent 6 }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 2
+  template:
+    metadata:
+      labels:
+        {{- include "affine-cloud.selectorLabels" . | nindent 8 }}
+    spec:
+      restartPolicy: Always
+      containers:
+      - name: affine-cloud
+        image: "ghcr.io/toeverything/cloud-self-hosted:{{ .Values.affineCloud.tag | default .Chart.AppVersion }}"
+        env:
+        - name: PG_USER
+          value: "{{ .Values.postgresql.auth.username }}"
+        - name: PG_PASS
+          value: "{{ .Values.postgresql.auth.password }}"
+        - name: PG_DATABASE
+          value: "{{ .Values.postgresql.auth.database }}"
+        - name: PG_HOST
+          value: "{{ .Values.postgresql.fullnameOverride | default (printf "%s-postgresql" .Release.Name) }}"
+        - name: DATABASE_URL
+          value: "{{ .Values.affineCloud.databaseUrl | default "postgresql://$(PG_USER):$(PG_PASS)@$(PG_HOST)/$(PG_DATABASE)" }}"
+        envFrom:
+        - secretRef:
+            name: affine-cloud-secret
+        ports:
+        - containerPort: 3000
+        livenessProbe:
+          httpGet:
+            path: /api/healthz
+            port: 3000
+          failureThreshold: 1
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: "{{ .Values.affineCloud.resources.cpu }}"
+            memory: "{{ .Values.affineCloud.resources.memory }}"
--- a/.github/helm/affine-cloud/templates/secret.yaml
+++ b/.github/helm/affine-cloud/templates/secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: affine-cloud-secret
+type: Opaque
+data:
+  SIGN_KEY: "{{ .Values.affineCloud.signKey }}"
+  MAIL_ACCOUNT: "{{ .Values.affineCloud.mail.account }}"
+  MAIL_PASSWORD: "{{ .Values.affineCloud.mail.password }}"
--- a/.github/helm/affine-cloud/templates/services.yaml
+++ b/.github/helm/affine-cloud/templates/services.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ include "affine-cloud.fullname" . }}"
+  labels:
+    {{- include "affine-cloud.labels" . | nindent 4 }}
+spec:
+  type: "{{ .Values.affineCloud.service.type }}"
+  ports:
+    - name: http
+      protocol: TCP
+      port: {{ .Values.affineCloud.service.port }}
+      targetPort: 3000
+  selector:
+    {{- include "affine-cloud.selectorLabels" . | nindent 4 }}
--- a/.github/helm/affine-cloud/values.yaml
+++ b/.github/helm/affine-cloud/values.yaml
@@ -0,0 +1,30 @@
+affineCloud:
+  tag: 'canary-5e0d5e0cc65ea46f326fdde12658bfac59b38c9f-0949'
+  # databaseUrl: 'postgresql://affine:password@affine-cloud-postgresql:5432/affine'
+  signKey: TUFtdFdzQTJhdGJuem01TA==
+  mail:
+    account: ''
+    password: ''
+  service:
+    type: ClusterIP
+    port: 80
+  resources:
+    cpu: '250m'
+    memory: 0.5Gi
+postgresql:
+  fullnameOverride: tcp-postgresql
+  auth:
+    # only for demo, please modify it at prod env
+    username: affine
+    password: password
+    database: affine
+  primary:
+    initdb:
+      scripts:
+        01-init.sql: |
+          CREATE DATABASE affine_binary;
+          GRANT ALL PRIVILEGES ON DATABASE affine_binary TO affine;
+    resources:
+      limits:
+        cpu: '500m'
+        memory: 0.5Gi
--- a/.github/helm/affine/Chart.yaml
+++ b/.github/helm/affine/Chart.yaml
@@ -3,4 +3,4 @@ name: affine
 description: AFFiNE cloud chart
 type: application
 version: 0.0.0
-appVersion: "0.20.0"
+appVersion: "0.11.0"
--- a/.github/helm/affine/charts/doc/Chart.yaml
+++ b/.github/helm/affine/charts/doc/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: doc
-description: AFFiNE doc server
-type: application
-version: 0.0.0
-appVersion: "0.20.0"
-dependencies:
-  - name: gcloud-sql-proxy
-    version: 0.0.0
-    repository: "file://../gcloud-sql-proxy"
-    condition: .global.database.gcloud.enabled
--- a/.github/helm/affine/charts/doc/templates/NOTES.txt
+++ b/.github/helm/affine/charts/doc/templates/NOTES.txt
@@ -1,16 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "doc.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "doc.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "doc.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "doc.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
--- a/.github/helm/affine/charts/doc/templates/_helpers.tpl
+++ b/.github/helm/affine/charts/doc/templates/_helpers.tpl
@@ -1,63 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "doc.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "doc.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "doc.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "doc.labels" -}}
-helm.sh/chart: {{ include "doc.chart" . }}
-{{ include "doc.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-monitoring: enabled
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "doc.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "doc.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "doc.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "doc.fullname" .) .Values.global.docService.name }}
-{{- else }}
-{{- default "default" .Values.global.docService.name }}
-{{- end }}
-{{- end }}
--- a/.github/helm/affine/charts/doc/templates/deployment.yaml
+++ b/.github/helm/affine/charts/doc/templates/deployment.yaml
@@ -1,105 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "doc.fullname" . }}
-  labels:
-    {{- include "doc.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "doc.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "doc.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "doc.serviceAccountName" . }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-          - name: AFFINE_PRIVATE_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.secret.secretName }}"
-                key: key
-          - name: NODE_ENV
-            value: "{{ .Values.env }}"
-          - name: NODE_OPTIONS
-            value: "--max-old-space-size=4096"
-          - name: NO_COLOR
-            value: "1"
-          - name: DEPLOYMENT_TYPE
-            value: "affine"
-          - name: SERVER_FLAVOR
-            value: "doc"
-          - name: AFFINE_ENV
-            value: "{{ .Release.Namespace }}"
-          - name: DATABASE_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: pg-postgresql
-                key: postgres-password
-          - name: DATABASE_URL
-            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.url }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
-          - name: REDIS_SERVER_ENABLED
-            value: "true"
-          - name: REDIS_SERVER_HOST
-            value: "{{ .Values.global.redis.host }}"
-          - name: REDIS_SERVER_PORT
-            value: "{{ .Values.global.redis.port }}"
-          - name: REDIS_SERVER_USER
-            value: "{{ .Values.global.redis.username }}"
-          - name: REDIS_SERVER_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: redis
-                key: redis-password
-          - name: REDIS_SERVER_DATABASE
-            value: "{{ .Values.global.redis.database }}"
-          - name: AFFINE_SERVER_PORT
-            value: "{{ .Values.global.docService.port }}"
-          - name: AFFINE_SERVER_SUB_PATH
-            value: "{{ .Values.app.path }}"
-          - name: AFFINE_SERVER_HOST
-            value: "{{ .Values.app.host }}"
-          - name: AFFINE_SERVER_HTTPS
-            value: "{{ .Values.app.https }}"
-          ports:
-            - name: http
-              containerPort: {{ .Values.global.docService.port }}
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /info
-              port: http
-            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-          readinessProbe:
-            httpGet:
-              path: /info
-              port: http
-            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
--- a/.github/helm/affine/charts/doc/templates/service.yaml
+++ b/.github/helm/affine/charts/doc/templates/service.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "doc.fullname" . }}
-  labels:
-    {{- include "doc.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.global.docService.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "doc.selectorLabels" . | nindent 4 }}
--- a/.github/helm/affine/charts/doc/templates/serviceaccount.yaml
+++ b/.github/helm/affine/charts/doc/templates/serviceaccount.yaml
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "doc.serviceAccountName" . }}
-  labels:
-    {{- include "doc.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
--- a/.github/helm/affine/charts/doc/templates/tests/test-connection.yaml
+++ b/.github/helm/affine/charts/doc/templates/tests/test-connection.yaml
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "doc.fullname" . }}-test-connection"
-  labels:
-    {{- include "doc.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "doc.fullname" . }}:{{ .Values.global.docService.port }}']
-  restartPolicy: Never
--- a/.github/helm/affine/charts/doc/values.yaml
+++ b/.github/helm/affine/charts/doc/values.yaml
@@ -1,37 +0,0 @@
-replicaCount: 1
-image:
-  repository: ghcr.io/toeverything/affine-graphql
-  pullPolicy: IfNotPresent
-  tag: ''
-
-imagePullSecrets: []
-nameOverride: ''
-fullnameOverride: ''
-# map to NODE_ENV environment variable
-env: 'production'
-app:
-  # AFFINE_SERVER_SUB_PATH
-  path: ''
-  # AFFINE_SERVER_HOST
-  host: '0.0.0.0'
-  https: true
-serviceAccount:
-  create: true
-  annotations: {}
-
-podAnnotations: {}
-
-podSecurityContext:
-  fsGroup: 2000
-
-resources:
-  requests:
-    cpu: '2'
-    memory: 4Gi
-
-probe:
-  initialDelaySeconds: 20
-
-nodeSelector: {}
-tolerations: []
-affinity: {}
--- a/.github/helm/affine/charts/graphql/Chart.yaml
+++ b/.github/helm/affine/charts/graphql/Chart.yaml
@@ -3,7 +3,7 @@ name: graphql
 description: AFFiNE GraphQL server
 type: application
 version: 0.0.0
-appVersion: "0.20.0"
+appVersion: "0.11.0"
 dependencies:
  - name: gcloud-sql-proxy
    version: 0.0.0
--- a/.github/helm/affine/charts/graphql/templates/_helpers.tpl
+++ b/.github/helm/affine/charts/graphql/templates/_helpers.tpl
@@ -61,3 +61,18 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{- define "jwt.key" -}}
+{{- $secret := lookup "v1" "Secret" .Release.Namespace .Values.app.jwt.secretName -}}
+{{- if and $secret $secret.data.private -}}
+{{/*
+   Reusing existing secret data
+*/}}
+key: {{ $secret.data.private }}
+{{- else -}}
+{{/*
+    Generate new data
+*/}}
+key: {{ genPrivateKey "ecdsa" | b64enc }}
+{{- end -}}
+{{- end -}}
--- a/.github/helm/affine/charts/graphql/templates/copilot-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/copilot-secret.yaml
@@ -1,12 +0,0 @@
-{{- if .Values.app.copilot.enabled -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: "{{ .Values.app.copilot.secretName }}"
-type: Opaque
-data:
-  openaiSecret: {{ .Values.app.copilot.openai.key | b64enc }}
-  falSecret: {{ .Values.app.copilot.fal.key | b64enc }}
-  perplexitySecret: {{ .Values.app.copilot.perplexity.key | b64enc }}
-  unsplashSecret: {{ .Values.app.copilot.unsplash.key | b64enc }}
-{{- end }}
--- a/.github/helm/affine/charts/graphql/templates/deployment.yaml
+++ b/.github/helm/affine/charts/graphql/templates/deployment.yaml
@@ -28,10 +28,10 @@ spec:
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          env:
-          - name: AFFINE_PRIVATE_KEY
+          - name: AUTH_PRIVATE_KEY
            valueFrom:
              secretKeyRef:
-                name: "{{ .Values.global.secret.secretName }}"
+                name: "{{ .Values.app.jwt.secretName }}"
                key: key
          - name: NODE_ENV
            value: "{{ .Values.env }}"
@@ -39,12 +39,12 @@ spec:
            value: "--max-old-space-size=4096"
          - name: NO_COLOR
            value: "1"
-          - name: DEPLOYMENT_TYPE
-            value: "affine"
          - name: SERVER_FLAVOR
            value: "graphql"
          - name: AFFINE_ENV
            value: "{{ .Release.Namespace }}"
+          - name: NEXTAUTH_URL
+            value: "{{ .Values.global.ingress.host }}"
          - name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
@@ -73,39 +73,37 @@ spec:
            value: "{{ .Values.app.path }}"
          - name: AFFINE_SERVER_HOST
            value: "{{ .Values.app.host }}"
-          - name: AFFINE_SERVER_HTTPS
-            value: "{{ .Values.app.https }}"
          - name: ENABLE_R2_OBJECT_STORAGE
-            value: "{{ .Values.global.objectStorage.r2.enabled }}"
+            value: "{{ .Values.app.objectStorage.r2.enabled }}"
+          - name: ENABLE_CAPTCHA
+            value: "{{ .Values.app.captcha.enabled }}"
          - name: FEATURES_EARLY_ACCESS_PREVIEW
            value: "{{ .Values.app.features.earlyAccessPreview }}"
-          - name: FEATURES_SYNC_CLIENT_VERSION_CHECK
-            value: "{{ .Values.app.features.syncClientVersionCheck }}"
-          - name: MAILER_HOST
+          - name: OAUTH_EMAIL_SENDER
            valueFrom:
              secretKeyRef:
-                name: "{{ .Values.app.mailer.secretName }}"
-                key: host
-          - name: MAILER_PORT
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.mailer.secretName }}"
-                key: port
-          - name: MAILER_USER
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.mailer.secretName }}"
-                key: user
-          - name: MAILER_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.mailer.secretName }}"
-                key: password
-          - name: MAILER_SENDER
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.mailer.secretName }}"
+                name: "{{ .Values.app.oauth.email.secretName }}"
                key: sender
+          - name: OAUTH_EMAIL_LOGIN
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.email.secretName }}"
+                key: login
+          - name: OAUTH_EMAIL_SERVER
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.email.secretName }}"
+                key: server
+          - name: OAUTH_EMAIL_PORT
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.email.secretName }}"
+                key: port
+          - name: OAUTH_EMAIL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.oauth.email.secretName }}"
+                key: password
          - name: STRIPE_API_KEY
            valueFrom:
              secretKeyRef:
@@ -116,28 +114,33 @@ spec:
              secretKeyRef:
                name: "{{ .Values.app.payment.stripe.secretName }}"
                key: stripeWebhookKey
-          - name: DOC_SERVICE_ENDPOINT
-            value: "http://{{ .Values.global.docService.name }}:{{ .Values.global.docService.port }}"
+          - name: DOC_MERGE_INTERVAL
+            value: "{{ .Values.app.doc.mergeInterval }}"
          {{ if .Values.app.experimental.enableJwstCodec }}
          - name: DOC_MERGE_USE_JWST_CODEC
            value: "true"
          {{ end }}
-          {{ if .Values.global.objectStorage.r2.enabled }}
+          {{ if .Values.app.objectStorage.r2.enabled }}
          - name: R2_OBJECT_STORAGE_ACCOUNT_ID
            valueFrom:
              secretKeyRef:
-                name: "{{ .Values.global.objectStorage.r2.secretName }}"
+                name: "{{ .Values.app.objectStorage.r2.secretName }}"
                key: accountId
          - name: R2_OBJECT_STORAGE_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
-                name: "{{ .Values.global.objectStorage.r2.secretName }}"
+                name: "{{ .Values.app.objectStorage.r2.secretName }}"
                key: accessKeyId
          - name: R2_OBJECT_STORAGE_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
-                name: "{{ .Values.global.objectStorage.r2.secretName }}"
+                name: "{{ .Values.app.objectStorage.r2.secretName }}"
                key: secretAccessKey
+          - name: R2_OBJECT_STORAGE_BUCKET
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.app.objectStorage.r2.secretName }}"
+                key: bucket
          {{ end }}
          {{ if .Values.app.captcha.enabled }}
          - name: CAPTCHA_TURNSTILE_SECRET
@@ -146,31 +149,7 @@ spec:
                name: "{{ .Values.app.captcha.secretName }}"
                key: turnstileSecret
          {{ end }}
-          {{ if .Values.app.copilot.enabled }}
-          - name: COPILOT_OPENAI_API_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.copilot.secretName }}"
-                key: openaiSecret
-          - name: COPILOT_FAL_API_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.copilot.secretName }}"
-                key: falSecret
-          - name: COPILOT_PERPLEXITY_API_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.copilot.secretName }}"
-                key: perplexitySecret
-          - name: COPILOT_UNSPLASH_API_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.copilot.secretName }}"
-                key: unsplashSecret
-          {{ end }}
          {{ if .Values.app.oauth.google.enabled }}
-          - name: OAUTH_GOOGLE_ENABLED
-            value: "true"
          - name: OAUTH_GOOGLE_CLIENT_ID
            valueFrom:
              secretKeyRef:
@@ -194,25 +173,18 @@ spec:
                name: "{{ .Values.app.oauth.github.secretName }}"
                key: clientSecret
          {{ end }}
-          {{ if .Values.app.metrics.enabled }}
-          - name: METRICS_CUSTOMER_IO_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.app.metrics.secretName }}"
-                key: customerIoSecret
-          {{ end }}
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
              protocol: TCP
          livenessProbe:
            httpGet:
-              path: /info
+              path: /
              port: http
            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
          readinessProbe:
            httpGet:
-              path: /info
+              path: /
              port: http
            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
          resources:
--- a/.github/helm/affine/charts/graphql/templates/jwt-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/jwt-secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Values.app.jwt.secretName }}"
+type: Opaque
+data:
+{{- ( include "jwt.key" . ) | indent 2 -}}
--- a/.github/helm/affine/charts/graphql/templates/mailer.yaml
+++ b/.github/helm/affine/charts/graphql/templates/mailer.yaml
@@ -1,13 +0,0 @@
-{{- if .Values.app.mailer.secretName -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: "{{ .Values.app.mailer.secretName }}"
-type: Opaque
-data:
-  host: "{{ .Values.app.mailer.host | b64enc }}"
-  port: "{{ .Values.app.mailer.port | b64enc }}"
-  user: "{{ .Values.app.mailer.user | b64enc }}"
-  password: "{{ .Values.app.mailer.password | b64enc }}"
-  sender: "{{ .Values.app.mailer.sender | b64enc }}"
-{{- end }}
--- a/.github/helm/affine/charts/graphql/templates/metrics-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/metrics-secret.yaml
@@ -1,9 +0,0 @@
-{{- if .Values.app.metrics.enabled -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: "{{ .Values.app.metrics.secretName }}"
-type: Opaque
-data:
-  customerIoSecret: {{ .Values.app.metrics.customerIo.token | b64enc }}
-{{- end }}
--- a/.github/helm/affine/charts/graphql/templates/migration.yaml
+++ b/.github/helm/affine/charts/graphql/templates/migration.yaml
@@ -22,8 +22,6 @@ spec:
            value: "{{ .Values.env }}"
          - name: AFFINE_ENV
            value: "{{ .Release.Namespace }}"
-          - name: DEPLOYMENT_TYPE
-            value: "affine"
          - name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
@@ -37,23 +35,6 @@ spec:
          - name: DATABASE_URL
            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.gcloud.cloudSqlInternal }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
          {{ end }}
-          {{ if .Values.global.objectStorage.r2.enabled }}
-          - name: R2_OBJECT_STORAGE_ACCOUNT_ID
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.objectStorage.r2.secretName }}"
-                key: accountId
-          - name: R2_OBJECT_STORAGE_ACCESS_KEY_ID
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.objectStorage.r2.secretName }}"
-                key: accessKeyId
-          - name: R2_OBJECT_STORAGE_SECRET_ACCESS_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.objectStorage.r2.secretName }}"
-                key: secretAccessKey
-          {{ end }}
        resources:
          requests:
            cpu: '100m'
--- a/.github/helm/affine/charts/graphql/templates/oauth.yaml
+++ b/.github/helm/affine/charts/graphql/templates/oauth.yaml
@@ -1,3 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Values.app.oauth.email.secretName }}"
+type: Opaque
+data:
+  sender: "{{ .Values.app.oauth.email.sender | b64enc }}"
+  login: "{{ .Values.app.oauth.email.login | b64enc }}"
+  password: "{{ .Values.app.oauth.email.password | b64enc }}"
+  server: "{{ .Values.app.oauth.email.server | b64enc }}"
+  port: "{{ .Values.app.oauth.email.port | b64enc }}"
+---
 {{- if .Values.app.oauth.google.enabled -}}
 apiVersion: v1
 kind: Secret
--- a/.github/helm/affine/charts/graphql/templates/pg-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/pg-secret.yaml
--- a/.github/helm/affine/charts/graphql/templates/r2-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/r2-secret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.app.objectStorage.r2.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ .Values.app.objectStorage.r2.secretName }}"
+type: Opaque
+data:
+  accountId: {{ .Values.app.objectStorage.r2.accountId | b64enc }}
+  accessKeyId: {{ .Values.app.objectStorage.r2.accessKeyId | b64enc }}
+  secretAccessKey: {{ .Values.app.objectStorage.r2.secretAccessKey | b64enc }}
+  bucket: {{ .Values.app.objectStorage.r2.bucket | b64enc }}
+{{- end }}
--- a/.github/helm/affine/charts/graphql/templates/redis-secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/redis-secret.yaml
--- a/.github/helm/affine/charts/graphql/templates/secret.yaml
+++ b/.github/helm/affine/charts/graphql/templates/secret.yaml
@@ -1,18 +0,0 @@
-{{- $privateKey := default (genPrivateKey "ecdsa") .Values.global.secret.privateKey | b64enc | quote }}
-
-{{- if not .Values.global.secret.privateKey }}
-{{- $existingKey := (lookup "v1" "Secret" .Release.Namespace .Values.global.secret.secretName) }}
-{{- if $existingKey }}
-{{- $privateKey = index $existingKey.data "key" }}
-{{- end -}}
-{{- end -}}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Values.global.secret.secretName }}
-  annotations:
-    "helm.sh/resource-policy": "keep"
-type: Opaque
-data:
-  key: {{ $privateKey }}
--- a/.github/helm/affine/charts/graphql/templates/service.yaml
+++ b/.github/helm/affine/charts/graphql/templates/service.yaml
@@ -4,10 +4,6 @@ metadata:
  name: {{ include "graphql.fullname" . }}
  labels:
    {{- include "graphql.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
  type: {{ .Values.service.type }}
  ports:
--- a/.github/helm/affine/charts/graphql/values.yaml
+++ b/.github/helm/affine/charts/graphql/values.yaml
@@ -16,18 +16,33 @@ app:
  path: ''
  # AFFINE_SERVER_HOST
  host: '0.0.0.0'
-  https: true
+  doc:
+    mergeInterval: "3000"
+  jwt:
+    secretName: jwt-private-key
+    # base64 encoded ecdsa private key
+    privateKey: ''
  captcha:
-    enabled: false
+    enable: false
    secretName: captcha
    turnstile:
      secret: ''
-  copilot:
-    enabled: false
-    secretName: copilot
-    openai:
-      key: ''
+  objectStorage:
+    r2:
+      enabled: false
+      secretName: r2
+      accountId: ''
+      accessKeyId: ''
+      secretAccessKey: ''
+      bucket: ''
  oauth:
+    email:
+      secretName: 'oauth-email'
+      sender: 'noreply@toeverything.info'
+      login: ''
+      password: ''
+      server: 'smtp.gmail.com'
+      port: '465'
    google:
      enabled: false
      secretName: oauth-google
@@ -38,18 +53,6 @@ app:
      secretName: oauth-github
      clientId: ''
      clientSecret: ''
-  mailer:
-    secretName: 'mailer'
-    host: 'smtp.gmail.com'
-    port: '465'
-    user: ''
-    password: ''
-    sender: 'noreply@toeverything.info'
-  metrics:
-    enabled: false
-    secretName: 'metrics'
-    customerIo:
-      token: ''
  payment:
    stripe:
      secretName: 'stripe'
@@ -57,7 +60,6 @@ app:
      webhookKey: ''
  features:
    earlyAccessPreview: false
-    syncClientVersionCheck: false

 serviceAccount:
  create: true
--- a/.github/helm/affine/charts/renderer/Chart.yaml
+++ b/.github/helm/affine/charts/renderer/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: renderer
-description: AFFiNE renderer server
-type: application
-version: 0.0.0
-appVersion: "0.16.0"
-dependencies:
-  - name: gcloud-sql-proxy
-    version: 0.0.0
-    repository: "file://../gcloud-sql-proxy"
-    condition: .global.database.gcloud.enabled
--- a/.github/helm/affine/charts/renderer/templates/NOTES.txt
+++ b/.github/helm/affine/charts/renderer/templates/NOTES.txt
@@ -1,16 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "renderer.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "renderer.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "renderer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "renderer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
--- a/.github/helm/affine/charts/renderer/templates/_helpers.tpl
+++ b/.github/helm/affine/charts/renderer/templates/_helpers.tpl
@@ -1,63 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "renderer.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "renderer.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "renderer.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "renderer.labels" -}}
-helm.sh/chart: {{ include "renderer.chart" . }}
-{{ include "renderer.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-monitoring: enabled
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "renderer.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "renderer.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "renderer.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "renderer.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
--- a/.github/helm/affine/charts/renderer/templates/deployment.yaml
+++ b/.github/helm/affine/charts/renderer/templates/deployment.yaml
@@ -1,126 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "renderer.fullname" . }}
-  labels:
-    {{- include "renderer.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "renderer.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "renderer.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "renderer.serviceAccountName" . }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-          - name: AFFINE_PRIVATE_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.secret.secretName }}"
-                key: key
-          - name: NODE_ENV
-            value: "{{ .Values.env }}"
-          - name: NODE_OPTIONS
-            value: "--max-old-space-size=4096"
-          - name: NO_COLOR
-            value: "1"
-          - name: DEPLOYMENT_TYPE
-            value: "affine"
-          - name: SERVER_FLAVOR
-            value: "renderer"
-          - name: AFFINE_ENV
-            value: "{{ .Release.Namespace }}"
-          - name: DATABASE_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: pg-postgresql
-                key: postgres-password
-          - name: DATABASE_URL
-            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.url }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
-          - name: REDIS_SERVER_ENABLED
-            value: "true"
-          - name: REDIS_SERVER_HOST
-            value: "{{ .Values.global.redis.host }}"
-          - name: REDIS_SERVER_PORT
-            value: "{{ .Values.global.redis.port }}"
-          - name: REDIS_SERVER_USER
-            value: "{{ .Values.global.redis.username }}"
-          - name: REDIS_SERVER_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: redis
-                key: redis-password
-          - name: REDIS_SERVER_DATABASE
-            value: "{{ .Values.global.redis.database }}"
-          - name: AFFINE_SERVER_PORT
-            value: "{{ .Values.service.port }}"
-          - name: AFFINE_SERVER_SUB_PATH
-            value: "{{ .Values.app.path }}"
-          - name: AFFINE_SERVER_HOST
-            value: "{{ .Values.app.host }}"
-          - name: AFFINE_SERVER_HTTPS
-            value: "{{ .Values.app.https }}"
-          - name: ENABLE_R2_OBJECT_STORAGE
-            value: "{{ .Values.global.objectStorage.r2.enabled }}"
-          {{ if .Values.global.objectStorage.r2.enabled }}
-          - name: R2_OBJECT_STORAGE_ACCOUNT_ID
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.objectStorage.r2.secretName }}"
-                key: accountId
-          - name: R2_OBJECT_STORAGE_ACCESS_KEY_ID
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.objectStorage.r2.secretName }}"
-                key: accessKeyId
-          - name: R2_OBJECT_STORAGE_SECRET_ACCESS_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.objectStorage.r2.secretName }}"
-                key: secretAccessKey
-          {{ end }}
-          - name: DOC_SERVICE_ENDPOINT
-            value: "http://{{ .Values.global.docService.name }}:{{ .Values.global.docService.port }}"
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /info
-              port: http
-            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-          readinessProbe:
-            httpGet:
-              path: /info
-              port: http
-            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
--- a/.github/helm/affine/charts/renderer/templates/service.yaml
+++ b/.github/helm/affine/charts/renderer/templates/service.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "graphql.fullname" . }}
-  labels:
-    {{- include "graphql.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "graphql.selectorLabels" . | nindent 4 }}
--- a/.github/helm/affine/charts/renderer/templates/serviceaccount.yaml
+++ b/.github/helm/affine/charts/renderer/templates/serviceaccount.yaml
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "graphql.serviceAccountName" . }}
-  labels:
-    {{- include "graphql.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
--- a/.github/helm/affine/charts/renderer/templates/tests/test-connection.yaml
+++ b/.github/helm/affine/charts/renderer/templates/tests/test-connection.yaml
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "renderer.fullname" . }}-test-connection"
-  labels:
-    {{- include "renderer.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "renderer.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never
--- a/.github/helm/affine/charts/renderer/values.yaml
+++ b/.github/helm/affine/charts/renderer/values.yaml
@@ -1,38 +0,0 @@
-replicaCount: 1
-image:
-  repository: ghcr.io/toeverything/affine-graphql
-  pullPolicy: IfNotPresent
-  tag: ''
-
-imagePullSecrets: []
-nameOverride: ''
-fullnameOverride: ''
-# map to NODE_ENV environment variable
-env: 'production'
-app:
-  # AFFINE_SERVER_SUB_PATH
-  path: ''
-  # AFFINE_SERVER_HOST
-  host: '0.0.0.0'
-  https: true
-serviceAccount:
-  create: true
-  annotations: {}
-  name: 'affine-renderer'
-
-podAnnotations: {}
-
-podSecurityContext:
-  fsGroup: 2000
-
-resources:
-  requests:
-    cpu: '4'
-    memory: 4Gi
-
-probe:
-  initialDelaySeconds: 20
-
-nodeSelector: {}
-tolerations: []
-affinity: {}
--- a/.github/helm/affine/charts/sync/Chart.yaml
+++ b/.github/helm/affine/charts/sync/Chart.yaml
@@ -3,7 +3,7 @@ name: sync
 description: AFFiNE Sync Server
 type: application
 version: 0.0.0
-appVersion: "0.20.0"
+appVersion: "0.11.0"
 dependencies:
  - name: gcloud-sql-proxy
    version: 0.0.0
--- a/.github/helm/affine/charts/sync/templates/deployment.yaml
+++ b/.github/helm/affine/charts/sync/templates/deployment.yaml
@@ -32,19 +32,14 @@ spec:
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          env:
-          - name: AFFINE_PRIVATE_KEY
-            valueFrom:
-              secretKeyRef:
-                name: "{{ .Values.global.secret.secretName }}"
-                key: key
          - name: NODE_ENV
            value: "{{ .Values.env }}"
          - name: NO_COLOR
            value: "1"
-          - name: DEPLOYMENT_TYPE
-            value: "affine"
          - name: SERVER_FLAVOR
            value: "sync"
+          - name: NEXTAUTH_URL
+            value: "{{ .Values.global.ingress.host }}"
          - name: AFFINE_ENV
            value: "{{ .Release.Namespace }}"
          - name: DATABASE_PASSWORD
@@ -73,8 +68,6 @@ spec:
            value: "{{ .Values.service.port }}"
          - name: AFFINE_SERVER_HOST
            value: "{{ .Values.app.host }}"
-          - name: DOC_SERVICE_ENDPOINT
-            value: "http://{{ .Values.global.docService.name }}:{{ .Values.global.docService.port }}"
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
--- a/.github/helm/affine/charts/sync/values.yaml
+++ b/.github/helm/affine/charts/sync/values.yaml
@@ -12,6 +12,7 @@ env: 'production'
 app:
  # AFFINE_SERVER_HOST
  host: '0.0.0.0'
+
 serviceAccount:
  create: true
  annotations: {}
--- a/.github/helm/affine/charts/web/templates/deployment.yaml
+++ b/.github/helm/affine/charts/web/templates/deployment.yaml
@@ -27,9 +27,6 @@ spec:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-          - name: AFFINE_ENV
-            value: "{{ .Release.Namespace }}"
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
--- a/.github/helm/affine/templates/configmap.yaml
+++ b/.github/helm/affine/templates/configmap.yaml
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-runtime-config
-data:
-  web-assets-manifest: |-
-    {{ .Files.Get "web-assets-manifest.json" | nindent 4 }}
-  mobile-assets-manifest: |-
-    {{ .Files.Get "mobile-assets-manifest.json" | nindent 4 }}
--- a/.github/helm/affine/templates/ingress.yaml
+++ b/.github/helm/affine/templates/ingress.yaml
@@ -60,13 +60,6 @@ spec:
                name: affine-graphql
                port:
                  number: {{ .Values.graphql.service.port }}
-          - path: /workspace
-            pathType: Prefix
-            backend:
-              service:
-                name: affine-renderer
-                port:
-                  number: {{ .Values.renderer.service.port }}
          - path: /
            pathType: Prefix
            backend:
--- a/.github/helm/affine/templates/r2-secret.yaml
+++ b/.github/helm/affine/templates/r2-secret.yaml
@@ -1,11 +0,0 @@
-{{- if .Values.global.objectStorage.r2.enabled -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: "{{ .Values.global.objectStorage.r2.secretName }}"
-type: Opaque
-data:
-  accountId: {{ .Values.global.objectStorage.r2.accountId | b64enc }}
-  accessKeyId: {{ .Values.global.objectStorage.r2.accessKeyId | b64enc }}
-  secretAccessKey: {{ .Values.global.objectStorage.r2.secretAccessKey | b64enc }}
-{{- end }}
--- a/.github/helm/affine/values.yaml
+++ b/.github/helm/affine/values.yaml
@@ -1,14 +1,9 @@
 global:
-  app:
-    buildType: 'stable'
  ingress:
    enabled: false
    className: ''
    host: affine.pro
    tls: []
-  secret:
-    secretName: 'server-private-key'
-    privateKey: ''
  database:
    user: 'postgres'
    url: 'pg-postgresql'
@@ -30,45 +25,20 @@ global:
    username: ''
    password: ''
    database: 0
-  objectStorage:
-    r2:
-      enabled: false
-      secretName: r2
-      accountId: ''
-      accessKeyId: ''
-      secretAccessKey: ''
  gke:
    enabled: true
-  docService:
-    name: 'affine-doc'
-    port: 3020

 graphql:
  service:
    type: ClusterIP
    port: 3000
-    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'

 sync:
  service:
    type: ClusterIP
    port: 3010
    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
-
-renderer:
-  service:
-    type: ClusterIP
-    port: 3000
-    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
-
-doc:
-  service:
-    type: ClusterIP
-    annotations:
-      cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
+      cloud.google.com/backend-config: '{"default": "affine-backendconfig"}'

 web:
  service:
--- a/.github/helm/deployment_guide.md
+++ b/.github/helm/deployment_guide.md
@@ -0,0 +1,60 @@
+# Cluster Deployment Guide
+
+This document provides a step-by-step guide for developers on how to deploy services in a Kubernetes cluster. The following content assumes that the reader already has a basic understanding of Kubernetes concepts and operations.
+
+### 1. Configure Service Mesh (Optional)
+
+In the Kubernetes cluster, we optionally use Service Mesh (like Istio and Anthos Service Mesh) to manage the network interactions of microservices. If Service Mesh is already deployed on your cluster or do not need to use the service network, you can skip this step. In this step, we assume that you are using Google Kubernetes Engine (GKE) and have already installed Anthos Service Mesh on your cluster, if you wish to use another Ingress Controller, please refer to the relevant documentation.
+
+To configure your kubectl context to interact with your Kubernetes cluster using the gcloud tool, you need to execute the following commands:
+
+```sh
+export CLUSTER_NAME=your_cluster_name
+export REGION=your_cluster_region
+export PROJECT=your_project_id
+gcloud container clusters get-credentials $CLUSTER_NAME --region $REGION --project $PROJECT
+```
+
+In this command, you should replace `CLUSTER_NAME`, `REGION` and `PROJECT` with the actual name, region and project id of your Kubernetes cluster. This command retrieves the access credentials for your Kubernetes cluster and automatically configures kubectl to use these credentials.
+
+Now, to inject Service Mesh for a specific Namespace, first, set the environment variable `NAMESPACE` that should correspond to your target Kubernetes Namespace. In this example, we use `prod` as the target Namespace:
+
+```sh
+export NAMESPACE=prod
+```
+
+Then, we label the Namespace which will enable Istio to automatically inject the sidecar container for all new Pods under this Namespace:
+
+```sh
+kubectl label namespace $NAMESPACE istio-injection- istio.io/rev=asm-managed --overwrite
+```
+
+Finally, we trigger the Kubernetes Deployment restart mechanism to allow existing Pods to also obtain sidecar container injection:
+
+```sh
+kubectl rollout restart deployment -n $NAMESPACE
+```
+
+### 2. Deploying the Application
+
+Next, we will deploy our application in the Kubernetes cluster through Helm. First, set relevant environment variables:
+
+```sh
+export NAMESPACE=prod
+export RELEASE=affine-cloud-prod
+export PATH=.github/helm/affine-cloud
+```
+
+- `NAMESPACE` should be consistent with the first step, indicating your target Kubernetes Namespace.
+- `RELEASE` is the name of your Helm release.
+- `PATH` is the location of your Helm chart in your file system.
+
+Finally, use the `helm upgrade --install` command to deploy or upgrade your application:
+
+```sh
+helm upgrade --namespace $NAMESPACE --create-namespace --install $RELEASE $PATH
+```
+
+This command creates (if it doesn't already exist) and deploys your Helm chart in the specified Namespace. If the release already exists, it will be upgraded.
+
+The above are the complete steps for deploying an application in a Kubernetes cluster. Make sure all prerequisites are met before deploying, and also ensure that you have the correct permissions for operations in Kubernetes.
--- a/.github/helm/separate-config/backend-config.yaml
+++ b/.github/helm/separate-config/backend-config.yaml
@@ -1,10 +0,0 @@
-apiVersion: cloud.google.com/v1
-kind: BackendConfig
-metadata:
-  name: "affine-api-backendconfig"
-spec:
-  healthCheck:
-    timeoutSec: 1
-    type: HTTP
-    requestPath: /info
-
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -19,16 +19,36 @@ mod:dev:
          - 'tools/cli/**/*'
          - 'packages/common/debug/**/*'

+mod:plugin:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/plugins/**/*'
+
+plugin:copilot:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/plugins/copilot/**/*'
+
 mod:infra:
  - changed-files:
      - any-glob-to-any-file:
          - 'packages/common/infra/**/*'

+mod:sdk:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/common/sdk/**/*'
+
 mod:plugin-cli:
  - changed-files:
      - any-glob-to-any-file:
          - 'tools/plugin-cli/**/*'

+mod:workspace:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/frontend/workspace/**/*'
+
 mod:i18n:
  - changed-files:
      - any-glob-to-any-file:
@@ -39,15 +59,20 @@ mod:env:
      - any-glob-to-any-file:
          - 'packages/common/env/**/*'

+mod:hooks:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/frontend/hooks/**/*'
+
 mod:component:
  - changed-files:
      - any-glob-to-any-file:
          - 'packages/frontend/component/**/*'

-mod:server-native:
+mod:storage:
  - changed-files:
      - any-glob-to-any-file:
-          - 'packages/backend/native/**/*'
+          - 'packages/backend/storage/**/*'

 mod:native:
  - changed-files:
@@ -69,6 +94,11 @@ rust:
          - '**/rust-toolchain.toml'
          - '**/rustfmt.toml'

+package:y-indexeddb:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'packages/common/y-indexeddb/**/*'
+
 app:core:
  - changed-files:
      - any-glob-to-any-file:
@@ -77,7 +107,7 @@ app:core:
 app:electron:
  - changed-files:
      - any-glob-to-any-file:
-          - 'packages/frontend/apps/electron/**/*'
+          - 'packages/frontend/electron/**/*'

 app:server:
  - changed-files:
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,66 +1,53 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["config:recommended", ":disablePeerDependencies"],
-  "labels": ["dependencies"],
-  "ignorePaths": [
-    "**/node_modules/**",
-    "**/bower_components/**",
-    "**/vendor/**",
-    "**/examples/**",
-    "**/__tests__/**"
+  "extends": [
+    "config:base",
+    "group:allNonMajor",
+    ":preserveSemverRanges",
+    ":disablePeerDependencies"
  ],
+  "labels": ["dependencies"],
  "packageRules": [
    {
-      "rangeStrategy": "replace",
-      "groupName": "linter",
-      "matchPackageNames": ["/^eslint/", "/^@typescript-eslint/"]
+      "matchPackageNames": ["napi", "napi-build", "napi-derive"],
+      "groupName": "napi-rs"
    },
    {
-      "matchDepNames": ["oxlint"],
-      "rangeStrategy": "replace",
-      "groupName": "oxlint"
+      "matchPackagePatterns": ["^eslint", "^@typescript-eslint"],
+      "groupName": "linter"
    },
    {
-      "groupName": "blocksuite",
-      "rangeStrategy": "replace",
-      "changelogUrl": "https://github.com/toeverything/blocksuite/blob/master/packages/blocks/CHANGELOG.md",
-      "matchPackageNames": ["/^@blocksuite/", "!@blocksuite/icons"]
+      "matchPackagePatterns": ["^@nestjs"],
+      "groupName": "nestjs"
    },
    {
-      "groupName": "all non-major dependencies",
-      "groupSlug": "all-minor-patch",
-      "matchUpdateTypes": ["minor", "patch"],
-      "matchPackageNames": ["*", "!/^@blocksuite//", "!/oxlint/"]
+      "matchPackagePatterns": ["^@opentelemetry"],
+      "groupName": "opentelemetry"
    },
    {
-      "groupName": "rust toolchain",
-      "matchManagers": ["custom.regex"],
-      "matchDepNames": ["rustc"]
+      "matchPackageNames": [
+        "@prisma/client",
+        "@prisma/instrumentation",
+        "prisma"
+      ],
+      "groupName": "prisma"
    },
    {
-      "groupName": "nestjs",
-      "matchPackageNames": ["/^@nestjs/"]
+      "matchPackagePatterns": ["^@electron-forge"],
+      "groupName": "electron-forge"
+    },
+    {
+      "matchPackagePatterns": ["^@blocksuite"],
+      "excludePackageNames": ["@blocksuite/icons"],
+      "followTag": "nightly"
    }
  ],
  "commitMessagePrefix": "chore: ",
  "commitMessageAction": "bump up",
  "commitMessageTopic": "{{depName}} version",
  "ignoreDeps": [],
-  "postUpdateOptions": ["yarnDedupeHighest"],
  "lockFileMaintenance": {
    "enabled": true,
    "extends": ["schedule:weekly"]
-  },
-  "customManagers": [
-    {
-      "customType": "regex",
-      "fileMatch": ["^rust-toolchain\\.toml?$"],
-      "matchStrings": [
-        "channel\\s*=\\s*\"(?<currentValue>\\d+\\.\\d+(\\.\\d+)?)\""
-      ],
-      "depNameTemplate": "rustc",
-      "packageNameTemplate": "rust-lang/rust",
-      "datasourceTemplate": "github-releases"
-    }
-  ]
+  }
 }
--- a/.github/workflows/build-images.yml
+++ b/.github/workflows/build-images.yml
@@ -1,289 +0,0 @@
-name: Build Images
-
-on:
-  workflow_call:
-    inputs:
-      flavor:
-        type: string
-        required: true
-
-permissions:
-  contents: 'write'
-  id-token: 'write'
-  packages: 'write'
-
-jobs:
-  build-server:
-    name: Build Server
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          electron-install: false
-          extra-flags: workspaces focus @affine/server
-      - name: Build Server
-        run: |
-          find packages/backend/server -type d -name "__tests__" -exec rm -rf {} +
-          yarn workspace @affine/server build
-      - name: Upload server dist
-        uses: actions/upload-artifact@v4
-        with:
-          name: server-dist
-          path: ./packages/backend/server/dist
-          if-no-files-found: error
-
-  build-web:
-    name: Build @affine/web
-    runs-on: ubuntu-latest
-    environment: ${{ github.event.inputs.flavor }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-      - name: Build Core
-        run: yarn affine @affine/web build
-        env:
-          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
-          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
-          BUILD_TYPE: ${{ github.event.inputs.flavor }}
-          CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
-          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-          SENTRY_PROJECT: 'affine-web'
-          SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }}
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
-          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
-      - name: Upload web artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: web
-          path: ./packages/frontend/apps/web/dist
-          if-no-files-found: error
-
-  build-admin:
-    name: Build @affine/admin
-    runs-on: ubuntu-latest
-    environment: ${{ github.event.inputs.flavor }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-      - name: Build Admin
-        run: yarn affine @affine/admin build
-        env:
-          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
-          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
-          BUILD_TYPE: ${{ github.event.inputs.flavor }}
-          CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
-          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-          SENTRY_PROJECT: 'affine-admin'
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
-          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
-      - name: Upload admin artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: admin
-          path: ./packages/frontend/admin/dist
-          if-no-files-found: error
-
-  build-mobile:
-    name: Build @affine/mobile
-    runs-on: ubuntu-latest
-    environment: ${{ github.event.inputs.flavor }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-      - name: Build Mobile
-        run: yarn affine @affine/mobile build
-        env:
-          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
-          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
-          BUILD_TYPE: ${{ github.event.inputs.flavor }}
-          CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
-          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-          SENTRY_PROJECT: 'affine-mobile'
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-          PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
-          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
-      - name: Upload mobile artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: mobile
-          path: ./packages/frontend/apps/mobile/dist
-          if-no-files-found: error
-
-  build-server-native:
-    name: Build Server native - ${{ matrix.targets.name }}
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        targets:
-          - name: x86_64-unknown-linux-gnu
-            file: server-native.node
-          - name: aarch64-unknown-linux-gnu
-            file: server-native.arm64.node
-          - name: armv7-unknown-linux-gnueabihf
-            file: server-native.armv7.node
-
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          electron-install: false
-          extra-flags: workspaces focus @affine/server-native
-      - name: Build Rust
-        uses: ./.github/actions/build-rust
-        with:
-          target: ${{ matrix.targets.name }}
-          package: '@affine/server-native'
-      - name: Upload ${{ matrix.targets.file }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.targets.file }}
-          path: ./packages/backend/native/server-native.node
-          if-no-files-found: error
-
-  build-images:
-    name: Build Images
-    runs-on: ubuntu-latest
-    needs:
-      - build-server
-      - build-web
-      - build-mobile
-      - build-admin
-      - build-server-native
-    steps:
-      - uses: actions/checkout@v4
-      - name: Download server dist
-        uses: actions/download-artifact@v4
-        with:
-          name: server-dist
-          path: ./packages/backend/server/dist
-      - name: Download server-native.node
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/server
-      - name: Download server-native.node arm64
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.arm64.node
-          path: ./packages/backend/native
-      - name: Download server-native.node arm64
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.armv7.node
-          path: .
-      - name: move server-native files
-        run: |
-          mv ./packages/backend/native/server-native.node ./packages/backend/server/server-native.arm64.node
-          mv server-native.node ./packages/backend/server/server-native.armv7.node
-      - name: Setup env
-        run: |
-          echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
-          if [ -z "${{ inputs.flavor }}" ]
-          then
-            echo "RELEASE_FLAVOR=canary" >> "$GITHUB_ENV"
-          else
-            echo "RELEASE_FLAVOR=${{ inputs.flavor }}" >> "$GITHUB_ENV"
-          fi
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          logout: false
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      # setup node without cache configuration
-      # Prisma cache is not compatible with docker build cache
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: '.nvmrc'
-          registry-url: https://npm.pkg.github.com
-          scope: '@toeverything'
-
-      - name: Download web artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: web
-          path: ./packages/frontend/apps/web/dist
-
-      - name: Download mobile artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: mobile
-          path: ./packages/frontend/apps/mobile/dist
-
-      - name: Download admin artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: admin
-          path: ./packages/frontend/admin/dist
-
-      - name: Install Node.js dependencies
-        run: |
-          yarn config set --json supportedArchitectures.cpu '["x64", "arm64", "arm"]'
-          yarn config set --json supportedArchitectures.libc '["glibc"]'
-          yarn workspaces focus @affine/server --production
-
-      - name: Generate Prisma client
-        run: yarn workspace @affine/server prisma generate
-
-      - name: Setup Version
-        id: version
-        uses: ./.github/actions/setup-version
-
-      - name: Build front Dockerfile
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          pull: true
-          platforms: linux/amd64,linux/arm64
-          provenance: true
-          file: .github/deployment/front/Dockerfile
-          tags: ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}
-
-      - name: Build graphql Dockerfile
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          pull: true
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
-          provenance: true
-          file: .github/deployment/node/Dockerfile
-          tags: ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}
--- a/.github/workflows/build-selfhost-image.yml
+++ b/.github/workflows/build-selfhost-image.yml
@@ -1,25 +0,0 @@
-name: Build Selfhost Image
-
-on:
-  workflow_dispatch:
-    inputs:
-      flavor:
-        description: 'Select distribution to build'
-        type: choice
-        default: canary
-        options:
-          - canary
-          - beta
-          - stable
-
-permissions:
-  contents: 'write'
-  id-token: 'write'
-  packages: 'write'
-
-jobs:
-  build-image:
-    name: Build Image
-    uses: ./.github/workflows/build-images.yml
-    with:
-      flavor: ${{ github.event.inputs.flavor }}
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
@@ -4,8 +4,6 @@ on:
  push:
    branches:
      - canary
-      - beta
-      - stable
      - v[0-9]+.[0-9]+.x-staging
      - v[0-9]+.[0-9]+.x
    paths-ignore:
@@ -19,31 +17,17 @@ env:
  AFFINE_ENV: dev
  COVERAGE: true
  MACOSX_DEPLOYMENT_TARGET: '10.13'
-  DEPLOYMENT_TYPE: affine
+  NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+  PLAYWRIGHT_BROWSERS_PATH: ${{ github.workspace }}/node_modules/.cache/ms-playwright

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

 jobs:
-  optimize_ci:
-    name: Optimize CI
-    runs-on: ubuntu-latest
-    outputs:
-      skip: ${{ steps.check_skip.outputs.skip }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Graphite CI Optimizer
-        uses: withgraphite/graphite-ci-action@main
-        id: check_skip
-        with:
-          graphite_token: ${{ secrets.GRAPHITE_CI_OPTIMIZER_TOKEN }}
-
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
    permissions:
      actions: read
      contents: read
@@ -91,8 +75,6 @@ jobs:
  lint:
    name: Lint
    runs-on: ubuntu-latest
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'

    steps:
      - uses: actions/checkout@v4
@@ -105,7 +87,7 @@ jobs:
          electron-install: false
          full-cache: true
      - name: Run i18n codegen
-        run: yarn affine @affine/i18n build
+        run: yarn i18n-codegen gen
      - name: Run ESLint
        run: yarn lint:eslint --max-warnings=0
      - name: Run Prettier
@@ -113,36 +95,12 @@ jobs:
        run: |
          git checkout .yarnrc.yml
          yarn lint:prettier
-      - name: Yarn Dedupe
-        run: yarn dedupe --check
      - name: Run Type Check
        run: yarn typecheck

-  lint-rust:
-    name: Lint Rust
-    runs-on: ubuntu-latest
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/build-rust
-        with:
-          no-build: 'true'
-      - name: fmt check
-        run: |
-          rustup toolchain add nightly
-          rustup component add --toolchain nightly-x86_64-unknown-linux-gnu rustfmt
-          cargo +nightly fmt --all -- --check
-      - name: Clippy
-        run: |
-          rustup component add clippy
-          cargo clippy --all-targets --all-features -- -D warnings
-
  check-yarn-binary:
    name: Check yarn binary
    runs-on: ubuntu-latest
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
    steps:
      - uses: actions/checkout@v4
      - name: Run check
@@ -150,15 +108,11 @@ jobs:
          yarn set version $(node -e "console.log(require('./package.json').packageManager.split('@')[1])")
          git diff --exit-code

-  e2e-legacy-blocksuite-test:
-    name: Legacy Blocksuite E2E Test
+  e2e-plugin-test:
+    name: E2E Plugin Test
    runs-on: ubuntu-latest
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
-    strategy:
-      fail-fast: false
-      matrix:
-        shard: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
+    env:
+      DISTRIBUTION: browser
    steps:
      - uses: actions/checkout@v4
      - name: Setup Node.js
@@ -167,29 +121,36 @@ jobs:
          playwright-install: true
          electron-install: false
          full-cache: true
-
-      - name: Run playground build
-        run: yarn workspace @blocksuite/playground build
-
      - name: Run playwright tests
-        run: yarn workspace @blocksuite/legacy-e2e test --forbid-only --shard=${{ matrix.shard }}/${{ strategy.job-total }}
+        run: yarn e2e --forbid-only
+        working-directory: tests/affine-plugin
+        env:
+          COVERAGE: true
+      - name: Collect code coverage report
+        run: yarn exec nyc report -t .nyc_output --report-dir .coverage --reporter=lcov
+
+      - name: Upload e2e test coverage results
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./.coverage/lcov.info
+          flags: e2e-plugin-test
+          name: affine
+          fail_ci_if_error: false

      - name: Upload test results
-        if: always()
-        uses: actions/upload-artifact@v4
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v3
        with:
-          name: test-results-e2e-legacy-bs-${{ matrix.shard }}
+          name: test-results-e2e-plugin
          path: ./test-results
          if-no-files-found: ignore

  e2e-test:
    name: E2E Test
    runs-on: ubuntu-latest
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
    env:
-      DISTRIBUTION: web
-      IN_CI_TEST: true
+      DISTRIBUTION: browser
    strategy:
      fail-fast: false
      matrix:
@@ -204,28 +165,21 @@ jobs:
          full-cache: true

      - name: Run playwright tests
-        run: yarn affine @affine-test/affine-local e2e --forbid-only --shard=${{ matrix.shard }}/${{ strategy.job-total }}
+        run: yarn workspace @affine-test/affine-local e2e --forbid-only --shard=${{ matrix.shard }}/${{ strategy.job-total }}

      - name: Upload test results
-        if: always()
-        uses: actions/upload-artifact@v4
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v3
        with:
          name: test-results-e2e-${{ matrix.shard }}
          path: ./test-results
          if-no-files-found: ignore

-  e2e-mobile-test:
-    name: E2E Mobile Test
+  e2e-migration-test:
+    name: E2E Migration Test
    runs-on: ubuntu-latest
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
    env:
-      DISTRIBUTION: mobile
-      IN_CI_TEST: true
-    strategy:
-      fail-fast: false
-      matrix:
-        shard: [1, 2, 3, 4, 5]
+      DISTRIBUTION: browser
    steps:
      - uses: actions/checkout@v4
      - name: Setup Node.js
@@ -236,49 +190,42 @@ jobs:
          full-cache: true

      - name: Run playwright tests
-        run: yarn affine @affine-test/affine-mobile e2e --forbid-only --shard=${{ matrix.shard }}/${{ strategy.job-total }}
+        run: yarn workspace @affine-test/affine-migration e2e --forbid-only

      - name: Upload test results
-        if: always()
-        uses: actions/upload-artifact@v4
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v3
        with:
-          name: test-results-e2e-mobile-${{ matrix.shard }}
-          path: ./test-results
+          name: test-results-e2e-migration
+          path: ./tests/affine-migration/test-results
          if-no-files-found: ignore

  unit-test:
    name: Unit Test
    runs-on: ubuntu-latest
    needs:
-      - optimize_ci
      - build-native
-    if: needs.optimize_ci.outputs.skip == 'false'
    env:
-      DISTRIBUTION: web
-    strategy:
-      fail-fast: false
-      matrix:
-        shard: [1, 2, 3, 4, 5]
+      DISTRIBUTION: browser
    steps:
      - uses: actions/checkout@v4
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
        with:
-          electron-install: true
-          playwright-install: true
+          electron-install: false
          full-cache: true

      - name: Download affine.linux-x64-gnu.node
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: affine.linux-x64-gnu.node
          path: ./packages/frontend/native

      - name: Unit Test
-        run: yarn test:coverage --shard=${{ matrix.shard }}/${{ strategy.job-total }}
+        run: yarn nx test:coverage @affine/monorepo

      - name: Upload unit test coverage results
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v3
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: ./.coverage/store/lcov.info
@@ -289,8 +236,6 @@ jobs:
  build-native:
    name: Build AFFiNE native (${{ matrix.spec.target }})
    runs-on: ${{ matrix.spec.os }}
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
    env:
      CARGO_PROFILE_RELEASE_DEBUG: '1'
    strategy:
@@ -304,19 +249,15 @@ jobs:

    steps:
      - uses: actions/checkout@v4
-      - uses: samypr100/setup-dev-drive@v3
-        if: ${{ matrix.spec.os == 'windows-latest' }}
-        with:
-          workspace-copy: true
-          drive-size: 8GB
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
        with:
          extra-flags: workspaces focus @affine/native
          electron-install: false
+          build-infra: false
+          build-plugins: false
      - name: Setup filename
        id: filename
-        working-directory: ${{ env.DEV_DRIVE_WORKSPACE || github.workspace }}
        shell: bash
        run: |
          export PLATFORM_ARCH_ABI=$(node -e "console.log(require('@napi-rs/cli').parseTriple('${{ matrix.spec.target }}').platformArchABI)")
@@ -326,19 +267,17 @@ jobs:
        with:
          target: ${{ matrix.spec.target }}
          package: '@affine/native'
+          nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
      - name: Upload ${{ steps.filename.outputs.filename }}
-        uses: actions/upload-artifact@v4
-        if: always()
+        uses: actions/upload-artifact@v3
        with:
          name: ${{ steps.filename.outputs.filename }}
-          path: ${{ env.DEV_DRIVE_WORKSPACE || github.workspace }}/packages/frontend/native/${{ steps.filename.outputs.filename }}
+          path: ./packages/frontend/native/${{ steps.filename.outputs.filename }}
          if-no-files-found: error

-  build-server-native:
-    name: Build Server native
+  build-storage:
+    name: Build Storage
    runs-on: ubuntu-latest
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
    env:
      CARGO_PROFILE_RELEASE_DEBUG: '1'
    steps:
@@ -346,64 +285,53 @@ jobs:
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
        with:
-          extra-flags: workspaces focus @affine/server-native
+          extra-flags: workspaces focus @affine/storage
          electron-install: false
+          build-infra: false
+          build-plugins: false
      - name: Build Rust
        uses: ./.github/actions/build-rust
        with:
          target: 'x86_64-unknown-linux-gnu'
-          package: '@affine/server-native'
-      - name: Upload server-native.node
-        uses: actions/upload-artifact@v4
-        if: always()
+          package: '@affine/storage'
+          nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+      - name: Upload storage.node
+        uses: actions/upload-artifact@v3
        with:
-          name: server-native.node
-          path: ./packages/backend/native/server-native.node
+          name: storage.node
+          path: ./packages/backend/storage/storage.node
          if-no-files-found: error

-  build-electron-renderer:
-    name: Build @affine/electron renderer
+  build-core:
+    name: Build @affine/core
    runs-on: ubuntu-latest
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
+
    steps:
      - uses: actions/checkout@v4
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
        with:
          electron-install: false
+          build-plugins: false
          full-cache: true
-      - name: Build Electron renderer
-        run: yarn affine @affine/electron-renderer build
-        env:
-          DISTRIBUTION: desktop
-      - name: zip web
-        run: tar -czf dist.tar.gz --directory=packages/frontend/apps/electron-renderer/dist .
-      - name: Upload web artifact
-        uses: actions/upload-artifact@v4
-        if: always()
+      - name: Build Core
+        # always skip cache because its fast, and cache configuration is always changing
+        run: yarn nx build @affine/core --skip-nx-cache
+      - name: zip core
+        run: tar -czf dist.tar.gz --directory=packages/frontend/core/dist .
+      - name: Upload core artifact
+        uses: actions/upload-artifact@v3
        with:
-          name: web
+          name: core
          path: dist.tar.gz
          if-no-files-found: error

  server-test:
    name: Server Test
    runs-on: ubuntu-latest
-    needs:
-      - optimize_ci
-      - build-server-native
-    if: needs.optimize_ci.outputs.skip == 'false'
-    strategy:
-      fail-fast: false
-      matrix:
-        node_index: [0, 1, 2]
-        total_nodes: [3]
+    needs: build-storage
    env:
-      NODE_ENV: test
-      DISTRIBUTION: web
-      DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
-      REDIS_SERVER_HOST: localhost
+      DISTRIBUTION: browser
    services:
      postgres:
        image: postgres
@@ -416,10 +344,6 @@ jobs:
          --health-retries 5
        ports:
          - 5432:5432
-      redis:
-        image: redis
-        ports:
-          - 6379:6379
      mailer:
        image: mailhog/mailhog
        ports:
@@ -434,25 +358,42 @@ jobs:
          electron-install: false
          full-cache: true

-      - name: Download server-native.node
-        uses: actions/download-artifact@v4
+      - name: Initialize database
+        run: |
+          psql -h localhost -U postgres -c "CREATE DATABASE affine;"
+          psql -h localhost -U postgres -c "CREATE USER affine WITH PASSWORD 'affine';"
+          psql -h localhost -U postgres -c "ALTER USER affine WITH SUPERUSER;"
+        env:
+          PGPASSWORD: affine
+
+      - name: Generate prisma client
+        run: |
+          yarn workspace @affine/server exec prisma generate
+          yarn workspace @affine/server exec prisma db push
+        env:
+          DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
+
+      - name: Run init-db script
+        run: |
+          yarn workspace @affine/server data-migration run
+          yarn workspace @affine/server exec node --loader ts-node/esm/transpile-only ./scripts/init-db.ts
+        env:
+          DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
+
+      - name: Download storage.node
+        uses: actions/download-artifact@v3
        with:
-          name: server-native.node
+          name: storage.node
          path: ./packages/backend/server

-      - name: Prepare Server Test Environment
-        uses: ./.github/actions/server-test-env
-
      - name: Run server tests
-        run: yarn affine @affine/server test:coverage --forbid-only
+        run: yarn workspace @affine/server test:coverage
        env:
          CARGO_TARGET_DIR: '${{ github.workspace }}/target'
-          COPILOT_OPENAI_API_KEY: 'use_fake_openai_api_key'
-          CI_NODE_INDEX: ${{ matrix.node_index }}
-          CI_NODE_TOTAL: ${{ matrix.total_nodes }}
+          DATABASE_URL: postgresql://affine:affine@localhost:5432/affine

      - name: Upload server test coverage results
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v3
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: ./packages/backend/server/.coverage/lcov.info
@@ -460,232 +401,29 @@ jobs:
          name: affine
          fail_ci_if_error: false

-  rust-test:
-    name: Run native tests
-    runs-on: ubuntu-latest
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
-    env:
-      CARGO_TERM_COLOR: always
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Rust
-        uses: ./.github/actions/build-rust
-        with:
-          package: 'affine'
-          no-build: 'true'
-
-      - name: Install latest nextest release
-        uses: taiki-e/install-action@nextest
-
-      - name: Run tests
-        run: cargo nextest run --release --no-fail-fast
-
-  copilot-api-test:
-    name: Server Copilot Api Test
-    runs-on: ubuntu-latest
-    needs:
-      - optimize_ci
-      - build-server-native
-    if: needs.optimize_ci.outputs.skip == 'false'
-    env:
-      NODE_ENV: test
-      DISTRIBUTION: web
-      DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
-      REDIS_SERVER_HOST: localhost
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_PASSWORD: affine
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-      redis:
-        image: redis
-        ports:
-          - 6379:6379
-      mailer:
-        image: mailhog/mailhog
-        ports:
-          - 1025:1025
-          - 8025:8025
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Check blocksuite update
-        id: check-blocksuite-update
-        env:
-          BASE_REF: ${{ github.base_ref }}
-        run: |
-          if node ./scripts/detect-blocksuite-update.mjs "$BASE_REF"; then
-            echo "skip=false" >> $GITHUB_OUTPUT
-          else
-            echo "skip=true" >> $GITHUB_OUTPUT
-          fi
-
-      - uses: dorny/paths-filter@v3
-        id: apifilter
-        with:
-          filters: |
-            changed:
-              - 'packages/backend/server/src/plugins/copilot/**'
-              - 'packages/backend/server/tests/copilot.*'
-
-      - name: Setup Node.js
-        if: ${{ steps.check-blocksuite-update.outputs.skip != 'true' || steps.apifilter.outputs.changed == 'true' }}
-        uses: ./.github/actions/setup-node
-        with:
-          electron-install: false
-          full-cache: true
-
-      - name: Download server-native.node
-        if: ${{ steps.check-blocksuite-update.outputs.skip != 'true' || steps.apifilter.outputs.changed == 'true' }}
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/server
-
-      - name: Prepare Server Test Environment
-        if: ${{ steps.check-blocksuite-update.outputs.skip != 'true' || steps.apifilter.outputs.changed == 'true' }}
-        uses: ./.github/actions/server-test-env
-
-      - name: Run server tests
-        if: ${{ steps.check-blocksuite-update.outputs.skip != 'true' || steps.apifilter.outputs.changed == 'true' }}
-        run: yarn affine @affine/server test:copilot:coverage --forbid-only
-        env:
-          CARGO_TARGET_DIR: '${{ github.workspace }}/target'
-          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
-          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
-          COPILOT_PERPLEXITY_API_KEY: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
-
-      - name: Upload server test coverage results
-        if: ${{ steps.check-blocksuite-update.outputs.skip != 'true' || steps.apifilter.outputs.changed == 'true' }}
-        uses: codecov/codecov-action@v5
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          files: ./packages/backend/server/.coverage/lcov.info
-          flags: server-test
-          name: affine
-          fail_ci_if_error: false
-
-  copilot-e2e-test:
-    name: Server Copilot E2E Test
-    runs-on: ubuntu-latest
-    env:
-      DISTRIBUTION: web
-      DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
-      IN_CI_TEST: true
-      REDIS_SERVER_HOST: localhost
-      DEPLOYMENT_TYPE: affine
-    strategy:
-      fail-fast: false
-      matrix:
-        shardIndex: [1, 2, 3]
-        shardTotal: [3]
-    needs:
-      - build-server-native
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_PASSWORD: affine
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-      redis:
-        image: redis
-        ports:
-          - 6379:6379
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Check blocksuite update
-        id: check-blocksuite-update
-        env:
-          BASE_REF: ${{ github.base_ref }}
-        run: |
-          if node ./scripts/detect-blocksuite-update.mjs "$BASE_REF"; then
-            echo "skip=false" >> $GITHUB_OUTPUT
-          else
-            echo "skip=true" >> $GITHUB_OUTPUT
-          fi
-
-      - uses: dorny/paths-filter@v3
-        id: e2efilter
-        with:
-          filters: |
-            changed:
-              - 'packages/frontend/core/src/blocksuite/ai/**'
-              - 'tests/affine-cloud-copilot/**'
-
-      - name: Setup Node.js
-        if: ${{ steps.check-blocksuite-update.outputs.skip != 'true' || steps.e2efilter.outputs.changed == 'true' }}
-        uses: ./.github/actions/setup-node
-        with:
-          playwright-install: true
-          electron-install: false
-          hard-link-nm: false
-
-      - name: Download server-native.node
-        if: ${{ steps.check-blocksuite-update.outputs.skip != 'true' || steps.e2efilter.outputs.changed == 'true' }}
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/server
-
-      - name: Run Copilot E2E Test ${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
-        if: ${{ steps.check-blocksuite-update.outputs.skip != 'true' || steps.e2efilter.outputs.changed == 'true' }}
-        uses: ./.github/actions/copilot-test
-        with:
-          script: yarn affine @affine-test/affine-cloud-copilot e2e --forbid-only --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
-          openai-key: ${{ secrets.COPILOT_OPENAI_API_KEY }}
-          fal-key: ${{ secrets.COPILOT_FAL_API_KEY }}
-          perplexity-key: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
-
  server-e2e-test:
    name: ${{ matrix.tests.name }}
    runs-on: ubuntu-latest
-    needs:
-      - optimize_ci
-      - build-server-native
-      - build-native
-    if: needs.optimize_ci.outputs.skip == 'false'
    env:
-      DISTRIBUTION: web
+      DISTRIBUTION: browser
      DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
-      REDIS_SERVER_HOST: localhost
-      IN_CI_TEST: true
    strategy:
      fail-fast: false
      matrix:
        tests:
          - name: 'Server E2E Test 1/3'
-            shard: 1
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=1/3
+            script: yarn workspace @affine-test/affine-cloud e2e --forbid-only --shard=1/3
          - name: 'Server E2E Test 2/3'
-            shard: 2
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=2/3
+            script: yarn workspace @affine-test/affine-cloud e2e --forbid-only --shard=2/3
          - name: 'Server E2E Test 3/3'
-            shard: 3
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=3/3
+            script: yarn workspace @affine-test/affine-cloud e2e --forbid-only --shard=3/3
          - name: 'Server Desktop E2E Test'
-            shard: desktop
            script: |
-              yarn affine @affine/electron build:dev
-              # Workaround for Electron apps failing to initialize on Ubuntu 24.04 due to AppArmor restrictions
-              # Disables unprivileged user namespaces restriction to allow Electron apps to run
-              # Reference: https://github.com/electron/electron/issues/42510
-              sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
-              xvfb-run --auto-servernum --server-args="-screen 0 1280x960x24" -- yarn affine @affine-test/affine-desktop-cloud e2e
+              yarn workspace @affine/electron build:dev
+              xvfb-run --auto-servernum --server-args="-screen 0 1280x960x24" -- yarn workspace @affine-test/affine-desktop-cloud e2e
+    needs:
+      - build-storage
+      - build-native
    services:
      postgres:
        image: postgres
@@ -698,10 +436,6 @@ jobs:
          --health-retries 5
        ports:
          - 5432:5432
-      redis:
-        image: redis
-        ports:
-          - 6379:6379
      mailer:
        image: mailhog/mailhog
        ports:
@@ -716,48 +450,58 @@ jobs:
          playwright-install: true
          hard-link-nm: false

-      - name: Download server-native.node
-        uses: actions/download-artifact@v4
+      - name: Initialize database
+        run: |
+          psql -h localhost -U postgres -c "CREATE DATABASE affine;"
+          psql -h localhost -U postgres -c "CREATE USER affine WITH PASSWORD 'affine';"
+          psql -h localhost -U postgres -c "ALTER USER affine WITH SUPERUSER;"
+        env:
+          PGPASSWORD: affine
+
+      - name: Generate prisma client
+        run: |
+          yarn workspace @affine/server exec prisma generate
+          yarn workspace @affine/server exec prisma db push
+        env:
+          DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
+
+      - name: Run init-db script
+        run: |
+          yarn workspace @affine/server data-migration run
+          yarn workspace @affine/server exec node --loader ts-node/esm/transpile-only ./scripts/init-db.ts
+      - name: Download storage.node
+        uses: actions/download-artifact@v3
        with:
-          name: server-native.node
+          name: storage.node
          path: ./packages/backend/server

      - name: Download affine.linux-x64-gnu.node
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: affine.linux-x64-gnu.node
          path: ./packages/frontend/native

-      - name: Prepare Server Test Environment
-        uses: ./.github/actions/server-test-env
-
      - name: ${{ matrix.tests.name }}
        run: |
          ${{ matrix.tests.script }}
        env:
          DEV_SERVER_URL: http://localhost:8080
-          COPILOT_OPENAI_API_KEY: 1
-          COPILOT_FAL_API_KEY: 1
-          COPILOT_PERPLEXITY_API_KEY: 1
+          ENABLE_LOCAL_EMAIL: true

      - name: Upload test results
-        if: always()
-        uses: actions/upload-artifact@v4
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v3
        with:
-          name: test-results-e2e-server-${{ matrix.tests.shard }}
-          path: ./test-results
+          name: test-results-e2e-server
+          path: ./tests/affine-cloud/test-results
          if-no-files-found: ignore

  desktop-test:
    name: Desktop Test (${{ matrix.spec.os }}, ${{ matrix.spec.platform }}, ${{ matrix.spec.arch }}, ${{ matrix.spec.target }}, ${{ matrix.spec.test }})
    runs-on: ${{ matrix.spec.os }}
-    needs:
-      - optimize_ci
-      - build-electron-renderer
-      - build-native
-    if: needs.optimize_ci.outputs.skip == 'false'
    strategy:
      fail-fast: false
+      # all combinations: macos-latest x64, macos-latest arm64, windows-latest x64, ubuntu-latest x64
      matrix:
        spec:
          - {
@@ -765,14 +509,14 @@ jobs:
              platform: macos,
              arch: x64,
              target: x86_64-apple-darwin,
-              test: false,
+              test: true,
            }
          - {
              os: macos-latest,
              platform: macos,
              arch: arm64,
              target: aarch64-apple-darwin,
-              test: true,
+              test: false,
            }
          - {
              os: ubuntu-latest,
@@ -788,13 +532,16 @@ jobs:
              target: x86_64-pc-windows-msvc,
              test: true,
            }
+    needs:
+      - build-core
+      - build-native
    steps:
      - uses: actions/checkout@v4
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
        timeout-minutes: 10
        with:
-          extra-flags: workspaces focus @affine/electron @affine/monorepo @affine-test/affine-desktop @affine/nbstore @toeverything/infra
+          extra-flags: workspaces focus @affine/electron @affine/monorepo @affine-test/affine-desktop
          playwright-install: true
          hard-link-nm: false
          enableScripts: false
@@ -807,7 +554,7 @@ jobs:
          echo "filename=affine.$PLATFORM_ARCH_ABI.node" >> "$GITHUB_OUTPUT"

      - name: Download ${{ steps.filename.outputs.filename }}
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: ${{ steps.filename.outputs.filename }}
          path: ./packages/frontend/native
@@ -815,99 +562,42 @@ jobs:
      - name: Run unit tests
        if: ${{ matrix.spec.test }}
        shell: bash
-        run: yarn affine @affine/electron vitest
+        run: yarn vitest
+        working-directory: packages/frontend/electron

-      - name: Download web artifact
-        uses: ./.github/actions/download-web
+      - name: Download core artifact
+        uses: ./.github/actions/download-core
        with:
-          path: packages/frontend/apps/electron/resources/web-static
+          path: packages/frontend/electron/resources/web-static

      - name: Build Desktop Layers
-        run: yarn affine @affine/electron build
+        run: yarn workspace @affine/electron build

      - name: Run desktop tests
-        if: ${{ matrix.spec.os == 'ubuntu-latest' }}
-        run: |
-          # Workaround for Electron apps failing to initialize on Ubuntu 24.04 due to AppArmor restrictions
-          # Disables unprivileged user namespaces restriction to allow Electron apps to run
-          # Reference: https://github.com/electron/electron/issues/42510
-          sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
-          xvfb-run --auto-servernum --server-args="-screen 0 1280x960x24" -- yarn affine @affine-test/affine-desktop e2e
+        if: ${{ matrix.spec.test && matrix.spec.os == 'ubuntu-latest' }}
+        run: xvfb-run --auto-servernum --server-args="-screen 0 1280x960x24" -- yarn workspace @affine-test/affine-desktop e2e

      - name: Run desktop tests
        if: ${{ matrix.spec.test && matrix.spec.os != 'ubuntu-latest' }}
-        run: yarn affine @affine-test/affine-desktop e2e
+        run: yarn workspace @affine-test/affine-desktop e2e

-      - name: Make bundle (macOS)
-        if: ${{ matrix.spec.target == 'aarch64-apple-darwin' }}
+      - name: Make bundle
+        if: ${{ matrix.spec.os == 'macos-latest' && matrix.spec.arch == 'arm64' }}
        env:
          SKIP_BUNDLE: true
          SKIP_WEB_BUILD: true
          HOIST_NODE_MODULES: 1
-        run: yarn affine @affine/electron package --platform=darwin --arch=arm64
-
-      - name: Make Bundle (Linux)
-        run: |
-          sudo add-apt-repository universe
-          sudo apt install -y libfuse2 elfutils flatpak flatpak-builder
-          flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
-          flatpak update
-          # some flatpak deps need git protocol.file.allow
-          git config --global protocol.file.allow always
-          yarn affine @affine/electron make --platform=linux --arch=x64
-        if: ${{ matrix.spec.target == 'x86_64-unknown-linux-gnu' }}
-        env:
-          SKIP_WEB_BUILD: 1
-          HOIST_NODE_MODULES: 1
+        run: yarn workspace @affine/electron package --platform=darwin --arch=arm64

      - name: Output check
-        if: ${{ matrix.spec.os == 'macos-14' && matrix.spec.arch == 'arm64' }}
+        if: ${{ matrix.spec.os == 'macos-latest' && matrix.spec.arch == 'arm64' }}
        run: |
-          yarn affine @affine/electron node ./scripts/macos-arm64-output-check.ts
+          yarn workspace @affine/electron exec node --loader ts-node/esm/transpile-only ./scripts/macos-arm64-output-check.ts

      - name: Upload test results
-        if: always()
-        uses: actions/upload-artifact@v4
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v3
        with:
          name: test-results-e2e-${{ matrix.spec.os }}-${{ matrix.spec.arch }}
          path: ./test-results
          if-no-files-found: ignore
-
-  test-build-mobile-app:
-    uses: ./.github/workflows/release-mobile.yml
-    needs: optimize_ci
-    if: needs.optimize_ci.outputs.skip == 'false'
-    with:
-      build-type: canary
-      build-target: development
-    secrets: inherit
-    permissions:
-      id-token: 'write'
-
-  test-done:
-    needs:
-      - analyze
-      - lint
-      - lint-rust
-      - check-yarn-binary
-      - e2e-test
-      - e2e-legacy-blocksuite-test
-      - e2e-mobile-test
-      - unit-test
-      - build-native
-      - build-server-native
-      - build-electron-renderer
-      - server-test
-      - rust-test
-      - copilot-api-test
-      - copilot-e2e-test
-      - server-e2e-test
-      - desktop-test
-      - test-build-mobile-app
-    if: always()
-    runs-on: ubuntu-latest
-    name: 3, 2, 1 Launch
-    steps:
-      - run: exit 1
-        # Thank you, next https://github.com/vercel/next.js/blob/canary/.github/workflows/build_and_test.yml#L379
-        if: ${{ always() && (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) }}
--- a/.github/workflows/copilot-test-automatically.yml
+++ b/.github/workflows/copilot-test-automatically.yml
@@ -1,29 +0,0 @@
-name: Copilot Test Automatically
-
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
-  schedule:
-    - cron: '0 8 * * *'
-  workflow_dispatch:
-
-permissions:
-  actions: write
-
-jobs:
-  dispatch-test:
-    runs-on: ubuntu-latest
-    name: Setup Test
-    steps:
-      - name: dispatch test by tag
-        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: copilot-test.yml
-      - name: dispatch test by schedule
-        if: ${{ github.event_name == 'schedule' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: copilot-test.yml
-          ref: canary
--- a/.github/workflows/copilot-test.yml
+++ b/.github/workflows/copilot-test.yml
@@ -1,197 +0,0 @@
-name: Copilot Cron Test
-
-on:
-  workflow_dispatch:
-
-jobs:
-  build-server-native:
-    name: Build Server native
-    runs-on: ubuntu-latest
-    env:
-      CARGO_PROFILE_RELEASE_DEBUG: '1'
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          extra-flags: workspaces focus @affine/server-native
-          electron-install: false
-      - name: Build Rust
-        uses: ./.github/actions/build-rust
-        with:
-          target: 'x86_64-unknown-linux-gnu'
-          package: '@affine/server-native'
-      - name: Upload server-native.node
-        uses: actions/upload-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/native/server-native.node
-          if-no-files-found: error
-
-  copilot-api-test:
-    name: Server Copilot Api Test
-    runs-on: ubuntu-latest
-    needs:
-      - build-server-native
-    env:
-      NODE_ENV: test
-      DISTRIBUTION: web
-      DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
-      REDIS_SERVER_HOST: localhost
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_PASSWORD: affine
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-      redis:
-        image: redis
-        ports:
-          - 6379:6379
-      mailer:
-        image: mailhog/mailhog
-        ports:
-          - 1025:1025
-          - 8025:8025
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          playwright-install: true
-          electron-install: false
-          full-cache: true
-
-      - name: Download server-native.node
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/server
-
-      - name: Prepare Server Test Environment
-        uses: ./.github/actions/server-test-env
-
-      - name: Run server tests
-        run: yarn affine @affine/server test:copilot:coverage --forbid-only
-        env:
-          CARGO_TARGET_DIR: '${{ github.workspace }}/target'
-          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
-          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
-          COPILOT_PERPLEXITY_API_KEY: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
-
-      - name: Upload server test coverage results
-        uses: codecov/codecov-action@v5
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          files: ./packages/backend/server/.coverage/lcov.info
-          flags: server-test
-          name: affine
-          fail_ci_if_error: false
-
-  copilot-e2e-test:
-    name: Server Copilot E2E Test
-    runs-on: ubuntu-latest
-    env:
-      DISTRIBUTION: web
-      DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
-      REDIS_SERVER_HOST: localhost
-      IN_CI_TEST: true
-    strategy:
-      fail-fast: false
-      matrix:
-        shardIndex: [1, 2, 3]
-        shardTotal: [3]
-    needs:
-      - build-server-native
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_PASSWORD: affine
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-      redis:
-        image: redis
-        ports:
-          - 6379:6379
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          playwright-install: true
-          electron-install: false
-          hard-link-nm: false
-
-      - name: Download server-native.node
-        uses: actions/download-artifact@v4
-        with:
-          name: server-native.node
-          path: ./packages/backend/server
-
-      - name: Run Copilot E2E Test ${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
-        uses: ./.github/actions/copilot-test
-        with:
-          script: yarn affine @affine-test/affine-cloud-copilot e2e --forbid-only --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
-          openai-key: ${{ secrets.COPILOT_OPENAI_API_KEY }}
-          fal-key: ${{ secrets.COPILOT_FAL_API_KEY }}
-          perplexity-key: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
-
-  test-done:
-    needs:
-      - copilot-api-test
-      - copilot-e2e-test
-    if: always()
-    runs-on: ubuntu-latest
-    name: Post test result message
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          extra-flags: 'workspaces focus @affine/copilot-result'
-          electron-install: false
-      - name: Post Success event to a Slack channel
-        if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
-        run: node ./tools/copilot-result/index.js
-        env:
-          CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-          BRANCH_SHA: ${{ github.sha }}
-          BRANCH_NAME: ${{ github.ref }}
-          COPILOT_RESULT: success
-      - name: Post Failed event to a Slack channel
-        id: failed-slack
-        if: ${{ always() && contains(needs.*.result, 'failure') }}
-        run: node ./tools/copilot-result/index.js
-        env:
-          CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-          BRANCH_SHA: ${{ github.sha }}
-          BRANCH_NAME: ${{ github.ref }}
-          COPILOT_RESULT: failed
-      - name: Post Cancel event to a Slack channel
-        id: cancel-slack
-        if: ${{ always() && contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'failure') }}
-        run: node ./tools/copilot-result/index.js
-        env:
-          CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-          BRANCH_SHA: ${{ github.sha }}
-          BRANCH_NAME: ${{ github.ref }}
-          COPILOT_RESULT: canceled
--- a/.github/workflows/deploy-automatically.yml
+++ b/.github/workflows/deploy-automatically.yml
@@ -1,32 +0,0 @@
-name: Deploy Automatically
-
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
-  schedule:
-    - cron: '0 9 * * *'
-
-permissions:
-  contents: write
-  pull-requests: write
-  actions: write
-
-jobs:
-  dispatch-deploy:
-    runs-on: ubuntu-latest
-    name: Setup Deploy
-    steps:
-      - name: dispatch deploy by tag
-        if: ${{ github.event_name == 'push' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: deploy.yml
-          inputs: '{ "flavor": "canary" }'
-      - name: dispatch deploy by schedule
-        if: ${{ github.event_name == 'schedule' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: deploy.yml
-          inputs: '{ "flavor": "canary" }'
-          ref: canary
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -12,72 +12,214 @@ on:
          - beta
          - stable
          - internal
-
-permissions:
-  contents: 'write'
-  id-token: 'write'
-  packages: 'write'
+env:
+  APP_NAME: affine
+  NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}

 jobs:
-  output-prev-version:
-    name: Output previous version
+  build-server:
+    name: Build Server
    runs-on: ubuntu-latest
-    environment: ${{ github.event.inputs.flavor }}
-    outputs:
-      prev: ${{ steps.print.outputs.version }}
-      namespace: ${{ steps.print.outputs.namespace }}
    steps:
      - uses: actions/checkout@v4
-      - name: Auth to Cluster
-        uses: './.github/actions/cluster-auth'
+      - name: Setup Version
+        uses: ./.github/actions/setup-version
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
        with:
-          gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }}
-          gcp-project-id: ${{ secrets.GCP_PROJECT_ID }}
-          service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }}
-          cluster-name: ${{ secrets.GCP_CLUSTER_NAME }}
-          cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }}
-      - name: Output previous version
-        id: print
+          electron-install: false
+      - name: Build Server
+        run: yarn workspace @affine/server build
+      - name: Upload server dist
+        uses: actions/upload-artifact@v3
+        with:
+          name: server-dist
+          path: ./packages/backend/server/dist
+          if-no-files-found: error
+  build-core:
+    name: Build @affine/core
+    runs-on: ubuntu-latest
+    environment: ${{ github.event.inputs.flavor }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Version
+        uses: ./.github/actions/setup-version
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+      - name: Build Plugins
+        run: yarn run build:plugins
+      - name: Build Core
+        run: yarn nx build @affine/core --skip-nx-cache
+        env:
+          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
+          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
+          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
+          BUILD_TYPE: ${{ github.event.inputs.flavor }}
+          SHOULD_REPORT_TRACE: true
+          TRACE_REPORT_ENDPOINT: ${{ secrets.TRACE_REPORT_ENDPOINT }}
+          CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+      - name: Upload core artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: core
+          path: ./packages/frontend/core/dist
+          if-no-files-found: error
+
+  build-storage:
+    name: Build Storage
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Version
+        uses: ./.github/actions/setup-version
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+      - name: Build Rust
+        uses: ./.github/actions/build-rust
+        with:
+          target: 'x86_64-unknown-linux-gnu'
+          package: '@affine/storage'
+          nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+      - name: Upload storage.node
+        uses: actions/upload-artifact@v3
+        with:
+          name: storage.node
+          path: ./packages/backend/storage/storage.node
+          if-no-files-found: error
+
+  build-storage-arm64:
+    name: Build Storage arm64
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Version
+        uses: ./.github/actions/setup-version
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+      - name: Build Rust
+        uses: ./.github/actions/build-rust
+        with:
+          target: 'aarch64-unknown-linux-gnu'
+          package: '@affine/storage'
+          nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+      - name: Upload storage.node
+        uses: actions/upload-artifact@v3
+        with:
+          name: storage.arm64.node
+          path: ./packages/backend/storage/storage.node
+          if-no-files-found: error
+
+  build-docker:
+    name: Build Docker
+    runs-on: ubuntu-latest
+    needs:
+      - build-server
+      - build-core
+      - build-storage
+      - build-storage-arm64
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download core artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: core
+          path: ./packages/frontend/core/dist
+      - name: Download server dist
+        uses: actions/download-artifact@v3
+        with:
+          name: server-dist
+          path: ./packages/backend/server/dist
+      - name: Download storage.node
+        uses: actions/download-artifact@v3
+        with:
+          name: storage.node
+          path: ./packages/backend/server
+      - name: Download storage.node arm64
+        uses: actions/download-artifact@v3
+        with:
+          name: storage.arm64.node
+          path: ./packages/backend/storage
+      - name: move storage.arm64.node
+        run: mv ./packages/backend/storage/storage.node ./packages/backend/server/storage.arm64.node
+      - name: Setup env
        run: |
-          namespace=""
-          if [ "${{ github.event.inputs.flavor }}" = "canary" ]; then
-            namespace="dev"
-          elif [ "${{ github.event.inputs.flavor }}" = "beta" ]; then
-            namespace="beta"
-          elif [ "${{ github.event.inputs.flavor }}" = "stable" ]; then
-            namespace="production"
+          echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
+          if [ -z "${{ inputs.flavor }}" ]
+          then
+            echo "RELEASE_FLAVOR=canary" >> "$GITHUB_ENV"
          else
-            echo "Invalid flavor: ${{ github.event.inputs.flavor }}"
-            exit 1
+            echo "RELEASE_FLAVOR=${{ inputs.flavor }}" >> "$GITHUB_ENV"
          fi

-          echo "Namespace set to: $namespace"
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          logout: false
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build front Dockerfile
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          pull: true
+          platforms: linux/amd64,linux/arm64
+          provenance: true
+          file: .github/deployment/front/Dockerfile
+          tags: ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}

-          # Get the previous version from the deployment
-          prev_version=$(kubectl get deployment -n $namespace affine-graphql -o=jsonpath='{.spec.template.spec.containers[0].image}' | awk -F '-' '{print $3}')
+      # setup node without cache configuration
+      # Prisma cache is not compatible with docker build cache
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+          registry-url: https://npm.pkg.github.com
+          scope: '@toeverything'

-          echo "Previous version: $prev_version"
-          echo "version=$prev_version" >> $GITHUB_OUTPUT
-          echo "namesapce=$namespace" >> $GITHUB_OUTPUT
+      - name: Install Node.js dependencies
+        run: |
+          yarn config set --json supportedArchitectures.cpu '["x64", "arm64"]'
+          yarn workspaces focus @affine/server --production

-  build-images:
-    name: Build Images
-    uses: ./.github/workflows/build-images.yml
-    secrets: inherit
-    with:
-      flavor: ${{ github.event.inputs.flavor }}
+      - name: Generate Prisma client
+        run: yarn workspace @affine/server prisma generate
+
+      - name: Build graphql Dockerfile
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          pull: true
+          platforms: linux/amd64,linux/arm64
+          provenance: true
+          file: .github/deployment/node/Dockerfile
+          tags: ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}

  deploy:
    name: Deploy to cluster
    if: ${{ github.event_name == 'workflow_dispatch' }}
    environment: ${{ github.event.inputs.flavor }}
+    permissions:
+      contents: 'write'
+      id-token: 'write'
    needs:
-      - build-images
+      - build-docker
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Setup Version
-        id: version
        uses: ./.github/actions/setup-version
      - name: Deploy to ${{ github.event.inputs.flavor }}
        uses: ./.github/actions/deploy
@@ -95,15 +237,12 @@ jobs:
          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
+          R2_BUCKET: ${{ secrets.R2_BUCKET }}
+          ENABLE_CAPTCHA: true
          CAPTCHA_TURNSTILE_SECRET: ${{ secrets.CAPTCHA_TURNSTILE_SECRET }}
-          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
-          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
-          COPILOT_PERPLEXITY_API_KEY: ${{ secrets.COPILOT_PERPLEXITY_API_KEY }}
-          COPILOT_UNSPLASH_API_KEY: ${{ secrets.COPILOT_UNSPLASH_API_KEY }}
-          METRICS_CUSTOMER_IO_TOKEN: ${{ secrets.METRICS_CUSTOMER_IO_TOKEN }}
-          MAILER_SENDER: ${{ secrets.OAUTH_EMAIL_SENDER }}
-          MAILER_USER: ${{ secrets.OAUTH_EMAIL_LOGIN }}
-          MAILER_PASSWORD: ${{ secrets.OAUTH_EMAIL_PASSWORD }}
+          OAUTH_EMAIL_SENDER: ${{ secrets.OAUTH_EMAIL_SENDER }}
+          OAUTH_EMAIL_LOGIN: ${{ secrets.OAUTH_EMAIL_LOGIN }}
+          OAUTH_EMAIL_PASSWORD: ${{ secrets.OAUTH_EMAIL_PASSWORD }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          AFFINE_GOOGLE_CLIENT_ID: ${{ secrets.AFFINE_GOOGLE_CLIENT_ID }}
          AFFINE_GOOGLE_CLIENT_SECRET: ${{ secrets.AFFINE_GOOGLE_CLIENT_SECRET }}
@@ -119,84 +258,3 @@ jobs:
          STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
          STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }}
          STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}
-
-  deploy-done:
-    needs:
-      - output-prev-version
-      - build-images
-      - deploy
-    if: always()
-    runs-on: ubuntu-latest
-    name: Post deploy message
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - uses: actions/checkout@v4
-        with:
-          repository: toeverything/blocksuite
-          path: blocksuite
-          fetch-depth: 0
-          fetch-tags: true
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          extra-flags: 'workspaces focus @affine/changelog'
-          electron-install: false
-      - name: Output deployed info
-        if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
-        id: set_info
-        run: |
-          if [ "${{ github.event.inputs.flavor }}" = "canary" ]; then
-            echo "deployed_url=https://affine.fail" >> $GITHUB_OUTPUT
-          elif [ "${{ github.event.inputs.flavor }}" = "beta" ]; then
-            echo "deployed_url=https://insider.affine.pro" >> $GITHUB_OUTPUT
-          elif [ "${{ github.event.inputs.flavor }}" = "stable" ]; then
-            echo "deployed_url=https://app.affine.pro" >> $GITHUB_OUTPUT
-          else
-            exit 1
-          fi
-        env:
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-      - name: Post Success event to a Slack channel
-        if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
-        run: node ./tools/changelog/index.js
-        env:
-          CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-          DEPLOYED_URL: ${{ steps.set_info.outputs.deployed_url }}
-          PREV_VERSION: ${{ needs.output-prev-version.outputs.prev }}
-          NAMESPACE: ${{ needs.output-prev-version.outputs.namespace }}
-          DEPLOYMENT: 'SERVER'
-          FLAVOR: ${{ github.event.inputs.flavor }}
-          BLOCKSUITE_REPO_PATH: ${{ github.workspace }}/blocksuite
-      - name: Post Failed event to a Slack channel
-        id: failed-slack
-        uses: slackapi/slack-github-action@v2.0.0
-        if: ${{ always() && contains(needs.*.result, 'failure') }}
-        with:
-          method: chat.postMessage
-          token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload: |
-            channel: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
-            text: "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy failed `${{ github.event.inputs.flavor }}`>"
-            blocks:
-              - type: section
-                text:
-                  type: mrkdwn
-                  text: "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy failed `${{ github.event.inputs.flavor }}`>"
-      - name: Post Cancel event to a Slack channel
-        id: cancel-slack
-        uses: slackapi/slack-github-action@v2.0.0
-        if: ${{ always() && contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'failure') }}
-        with:
-          token: ${{ secrets.SLACK_BOT_TOKEN }}
-          method: chat.postMessage
-          payload: |
-            channel: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }}
-            text: "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy cancelled `${{ github.event.inputs.flavor }}`>"
-            blocks:
-              - type: section
-                text:
-                  type: mrkdwn
-                  text: "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy cancelled `${{ github.event.inputs.flavor }}`>"
--- a/.github/workflows/dispatch-deploy.yml
+++ b/.github/workflows/dispatch-deploy.yml
@@ -0,0 +1,30 @@
+name: Dispatch Deploy by tag
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
+
+jobs:
+  dispatch-deploy-by-tag:
+    runs-on: ubuntu-latest
+    name: Setup deploy environment
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: 'workspaces focus @affine/monorepo'
+          hard-link-nm: false
+          electron-install: false
+          build-infra: false
+          build-plugins: false
+      - name: Setup output value
+        id: flavor
+        run: |
+          node -e "const env = require('semver').parse('${{ github.ref_name }}').prerelease[0] ?? 'stable'; console.log(`flavor=${env}`)" >> "$GITHUB_OUTPUT"
+      - name: dispatch deploy
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: deploy.yml
+          inputs: '{ "flavor": "${{ steps.flavor.outputs.flavor }}" }'
--- a/.github/workflows/helm-releaser.yml
+++ b/.github/workflows/helm-releaser.yml
@@ -24,7 +24,7 @@ jobs:
          token: ${{ secrets.HELM_RELEASER_TOKEN }}

      - name: Install Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@v3

      - name: Install chart releaser
        run: |
--- a/.github/workflows/languages-sync.yml
+++ b/.github/workflows/languages-sync.yml
@@ -0,0 +1,35 @@
+name: Languages Sync
+
+on:
+  push:
+    branches: ['canary']
+    paths:
+      - 'packages/frontend/i18n/**'
+      - '.github/workflows/languages-sync.yml'
+      - '!.github/actions/setup-node/action.yml'
+  pull_request_target:
+    branches: ['canary']
+    paths:
+      - 'packages/frontend/i18n/**'
+      - '.github/workflows/languages-sync.yml'
+      - '!.github/actions/setup-node/action.yml'
+  workflow_dispatch:
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+      - name: Check Language Key
+        if: github.ref != 'refs/heads/canary'
+        run: yarn workspace @affine/i18n run sync-languages:check
+        env:
+          TOLGEE_API_KEY: ${{ secrets.TOLGEE_API_KEY }}
+
+      - name: Sync Languages
+        if: github.ref == 'refs/heads/canary'
+        run: yarn workspace @affine/i18n run sync-languages
+        env:
+          TOLGEE_API_KEY: ${{ secrets.TOLGEE_API_KEY }}
--- a/.github/workflows/nightly-build.yml
+++ b/.github/workflows/nightly-build.yml
@@ -0,0 +1,258 @@
+name: Build Canary Desktop App on Staging Branch
+
+on:
+  workflow_dispatch:
+    inputs:
+      channel_override:
+        description: 'channel type (canary, beta, or stable)'
+        type: choice
+        default: beta
+        options:
+          - canary
+          - beta
+          - stable
+  push:
+    branches:
+      # 0.6.x-staging
+      - v[0-9]+.[0-9]+.x-staging
+      # 0.6.1-staging
+      - v[0-9]+.[0-9]+.[0-9]+-staging
+    paths-ignore:
+      - README.md
+      - .github/**
+      - '!.github/workflows/nightly-build.yml'
+      - '!.github/actions/build-rust/action.yml'
+      - '!.github/actions/setup-node/action.yml'
+
+permissions:
+  actions: write
+  contents: write
+  security-events: write
+
+concurrency:
+  # The concurrency group contains the workflow name and the branch name for
+  # pull requests or the commit hash for any other events.
+  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
+  cancel-in-progress: true
+
+env:
+  # BUILD_TYPE => app icon, app name, etc
+  BUILD_TYPE: internal
+  # BUILD_TYPE_OVERRIDE => channel type (canary, beta, or stable) - get the channel type (the api configs)
+  BUILD_TYPE_OVERRIDE: ${{ github.event.inputs.channel_override || 'beta' }}
+
+jobs:
+  set-build-version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: 0.0.0-internal.${{ steps.version.outputs.version }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: toeverything/set-build-version@latest
+      - id: version
+        run: echo ::set-output name=version::${{ env.BUILD_VERSION }}
+
+  before-make:
+    runs-on: ubuntu-latest
+    needs:
+      - set-build-version
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+      - name: Setup @sentry/cli
+        uses: ./.github/actions/setup-sentry
+      - name: Replace Version
+        run: ./scripts/set-version.sh ${{ needs.set-build-version.outputs.version }}
+      - name: generate-assets
+        run: yarn workspace @affine/electron generate-assets
+        env:
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+          RELEASE_VERSION: ${{ needs.set-build-version.outputs.version }}
+          SKIP_PLUGIN_BUILD: 'true'
+          SKIP_NX_CACHE: 'true'
+
+      - name: Upload core artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: core
+          path: packages/frontend/electron/resources/web-static
+
+  make-distribution:
+    strategy:
+      # all combinations: macos-latest x64, macos-latest arm64, ubuntu-latest x64
+      # For windows, we need a separate approach
+      matrix:
+        spec:
+          - runner: macos-latest
+            platform: darwin
+            arch: x64
+            target: x86_64-apple-darwin
+          - runner: macos-latest
+            platform: darwin
+            arch: arm64
+            target: aarch64-apple-darwin
+          - runner: ubuntu-latest
+            platform: linux
+            arch: x64
+            target: x86_64-unknown-linux-gnu
+          - runner: windows-latest
+            platform: win32
+            arch: x64
+            target: x86_64-pc-windows-msvc
+    runs-on: ${{ matrix.spec.runner }}
+    needs:
+      - before-make
+      - set-build-version
+    env:
+      APPLE_ID: ${{ secrets.APPLE_ID }}
+      APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+      APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+      SKIP_GENERATE_ASSETS: 1
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        timeout-minutes: 10
+        if: ${{ matrix.spec.platform == 'darwin' }}
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: workspaces focus @affine/electron @affine/monorepo
+          hard-link-nm: false
+          build-plugins: false
+          nmHoistingLimits: workspaces
+          enableScripts: false
+      - name: Setup Node.js
+        timeout-minutes: 10
+        if: ${{ matrix.spec.platform != 'darwin' }}
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: workspaces focus @affine/electron @affine/monorepo
+          hard-link-nm: false
+          build-plugins: false
+          nmHoistingLimits: workspaces
+      - name: Build AFFiNE native
+        uses: ./.github/actions/build-rust
+        with:
+          target: ${{ matrix.spec.target }}
+          package: '@affine/native'
+          nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+      - name: Replace Version
+        run: ./scripts/set-version.sh ${{ needs.set-build-version.outputs.version }}
+      - uses: actions/download-artifact@v3
+        with:
+          name: core
+          path: packages/frontend/electron/resources/web-static
+
+      - name: Build Plugins
+        run: yarn run build:plugins
+
+      - name: Build Desktop Layers
+        run: yarn workspace @affine/electron build
+
+      - name: Signing By Apple Developer ID
+        if: ${{ matrix.spec.platform == 'darwin' }}
+        uses: apple-actions/import-codesign-certs@v2
+        with:
+          p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
+          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
+
+      - name: make
+        run: yarn workspace @affine/electron make --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
+        env:
+          SKIP_PLUGIN_BUILD: 1
+          SKIP_WEB_BUILD: 1
+          HOIST_NODE_MODULES: 1
+
+      - name: Save artifacts (mac)
+        if: ${{ matrix.spec.platform == 'darwin' }}
+        run: |
+          mkdir -p builds
+          mv packages/frontend/electron/out/*/make/*.dmg ./builds/affine-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.dmg
+          mv packages/frontend/electron/out/*/make/zip/darwin/${{ matrix.spec.arch }}/*.zip ./builds/affine-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.zip
+      - name: Save artifacts (windows)
+        if: ${{ matrix.spec.platform == 'win32' }}
+        run: |
+          mkdir -p builds
+          mv packages/frontend/electron/out/*/make/zip/win32/x64/AFFiNE*-win32-x64-*.zip ./builds/affine-${{ env.BUILD_TYPE }}-windows-x64.zip
+          mv packages/frontend/electron/out/*/make/squirrel.windows/x64/*.exe ./builds/affine-${{ env.BUILD_TYPE }}-windows-x64.exe
+          mv packages/frontend/electron/out/*/make/squirrel.windows/x64/*.msi ./builds/affine-${{ env.BUILD_TYPE }}-windows-x64.msi
+          mv packages/frontend/electron/out/*/make/squirrel.windows/x64/*.nupkg ./builds/affine-${{ env.BUILD_TYPE }}-windows-x64.nupkg
+
+      - name: Save artifacts (linux)
+        if: ${{ matrix.spec.platform == 'linux' }}
+        run: |
+          mkdir -p builds
+          mv packages/frontend/electron/out/*/make/zip/linux/x64/*.zip ./builds/affine-${{ env.BUILD_TYPE }}-linux-x64.zip
+          mv packages/frontend/electron/out/*/make/AppImage/x64/*.AppImage ./builds/affine-${{ env.BUILD_TYPE }}-linux-x64.AppImage
+
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
+          path: builds
+
+  release:
+    needs:
+      - make-distribution
+      - set-build-version
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download Artifacts (macos-x64)
+        uses: actions/download-artifact@v3
+        with:
+          name: affine-darwin-x64-builds
+          path: ./
+      - name: Download Artifacts (macos-arm64)
+        uses: actions/download-artifact@v3
+        with:
+          name: affine-darwin-arm64-builds
+          path: ./
+      - name: Download Artifacts (windows-x64)
+        uses: actions/download-artifact@v3
+        with:
+          name: affine-win32-x64-builds
+          path: ./
+      - name: Download Artifacts (linux-x64)
+        uses: actions/download-artifact@v3
+        with:
+          name: affine-linux-x64-builds
+          path: ./
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - name: Generate Release yml
+        run: |
+          node ./packages/frontend/electron/scripts/generate-yml.js
+        env:
+          RELEASE_VERSION: ${{ needs.set-build-version.outputs.version }}
+      - name: Generate SHA512 checksums
+        run: |
+          sha512sum *-linux-* > SHA512SUMS.txt
+          sha512sum *-macos-* >> SHA512SUMS.txt
+          sha512sum *-windows-* >> SHA512SUMS.txt
+      - name: Create Release Draft
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+        with:
+          repository: 'toeverything/AFFiNE-Releases'
+          name: ${{ needs.set-build-version.outputs.version }}
+          tag_name: ${{ needs.set-build-version.outputs.version }}
+          prerelease: true
+          files: |
+            ./SHA512SUMS.txt
+            ./VERSION
+            ./*.zip
+            ./*.dmg
+            ./*.exe
+            ./*.nupkg
+            ./RELEASES
+            ./*.AppImage
+            ./*.apk
+            ./*.yml
--- a/.github/workflows/pr-auto-assign.yml
+++ b/.github/workflows/pr-auto-assign.yml
@@ -9,4 +9,4 @@ jobs:
  add-reviews:
    runs-on: ubuntu-latest
    steps:
-      - uses: kentaro-m/auto-assign-action@v2.0.0
+      - uses: kentaro-m/auto-assign-action@v1.2.5
--- a/.github/workflows/pr-title-lint.yml
+++ b/.github/workflows/pr-title-lint.yml
@@ -25,7 +25,4 @@ jobs:
          node-version-file: '.nvmrc'
      - name: Install dependencies
        run: yarn workspaces focus @affine/commitlint-config
-      - name: Check PR title
-        env:
-          TITLE: ${{ github.event.pull_request.title }}
-        run: echo "$TITLE" | yarn workspace @affine/commitlint-config commitlint -g ./.commitlintrc.json
+      - run: echo "${{ github.event.pull_request.title }}" | yarn workspace @affine/commitlint-config commitlint -g ./.commitlintrc.json
--- a/.github/workflows/publish-storybook.yml
+++ b/.github/workflows/publish-storybook.yml
@@ -0,0 +1,53 @@
+name: Publish Storybook
+
+env:
+  NODE_OPTIONS: --max-old-space-size=4096
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - canary
+  pull_request:
+    branches:
+      - canary
+    paths-ignore:
+      - README.md
+      - .github/**
+      - packages/backend/server
+      - packages/frontend/electron
+      - '!.github/workflows/publish-storybook.yml'
+
+jobs:
+  publish-storybook:
+    name: Publish Storybook
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.merge_commit_sha }}
+          # This is required to fetch all commits for chromatic
+          fetch-depth: 0
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-node
+        with:
+          electron-install: false
+      - name: Build Plugins
+        run: yarn run build:plugins
+      - uses: chromaui/action-next@v1
+        with:
+          workingDir: tests/storybook
+          buildScriptName: build
+          exitOnceUploaded: true
+          onlyChanged: false
+          diagnostics: true
+        env:
+          CHROMATIC_PROJECT_TOKEN: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
+          NODE_OPTIONS: ${{ env.NODE_OPTIONS }}
+      - uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: chromatic-build-artifacts-${{ github.run_id }}
+          path: |
+            chromatic-diagnostics.json
+            **/build-storybook.log
--- a/.github/workflows/release-automatically.yml
+++ b/.github/workflows/release-automatically.yml
@@ -1,38 +0,0 @@
-name: Release Desktop/Mobile Automatically
-
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+-canary.[0-9]+'
-  schedule:
-    - cron: '0 9 * * *'
-
-permissions:
-  contents: write
-  pull-requests: write
-  actions: write
-
-jobs:
-  dispatch-release-desktop:
-    runs-on: ubuntu-latest
-    name: Setup Release Desktop
-    steps:
-      - name: dispatch desktop release by tag
-        if: ${{ github.event_name == 'push' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: release-desktop.yml
-          inputs: '{ "build-type": "canary", "is-draft": false, "is-pre-release": true }'
-
-      - name: dispatch desktop release by schedule
-        if: ${{ github.event_name == 'schedule' }}
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: release-desktop.yml
-          inputs: '{ "build-type": "canary", "is-draft": false, "is-pre-release": true }'
-          ref: canary
-      - name: dispatch desktop release by tag
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: release-mobile.yml
-          inputs: '{ "build-type": "canary", "build-target": "distribution" }'
--- a/Show More
+++ b/Show More