Release 2.4.0 (#870)

* chore: bump version to v2.4.0-preview

* Bump actions/cache from 4 to 5 (#865)

Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Increase maximum DB connection pool size (#876)

Increase DB connection timeout

* Disable length limit for DB field PLUGIN_CONFIG.value (#875)

* Bump actions/cache from 4 to 5 (#871)

Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/download-artifact from 7 to 8 (#882)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/upload-artifact from 6 to 7 (#881)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/cache from 4 to 5 (#878)

Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Dont perform scans if no metadata plugins are enabled (#877)

* Dont perform scans if no metadata plugins are enabled

* Fix tests

* Add PluginServiceTest.kt

* Fix Sonar finding

* Fix malformed external links (#886)

* Fix external links being treated as internal

* chore: bump version to v856-malformed-external-links-preview

* Update JVM in Dockerfile to Java 25

* Revert incorrect version update

* Allow loading .jar plugins in development mode (#885)

* Allow loading .jar plugins in development mode

* Remove unnecessary mock

* Fix unit test

* Add unit tests

* Fix/879 add info and reset to config options (#887)

* Fix gog.sh script

* Add "description" property to ConfigProperties.kt
Add InfoPopup.tsx and ResetToDefaultButton.tsx in UI

* Bump actions/download-artifact from 7 to 8 (#891)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/cache from 4 to 5 (#890)

Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/upload-artifact from 6 to 7 (#889)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Improve memory usage and performance (#888)

mprove memory usage and performance by:
* Using AOT cache
* Using tuned JAVA_OPTIONS
* Session timeout
* Jetty threadpool
* DB batch size
* DB pool size
* Library scanning
* Make scan-concurrency configurable
* Log retention
* Off-load image processing to disk instead of RAM

* Fix bug in PluginState

* Update dependency version for ksp

* Fix race condition preventing plugins from starting

* Show remaining time (estimation) for library scans

* Add unit test for plugin loading bugfix

* Add unit tests for ImageService calculateBlurHash

* Make username claim configurable (#895)

Add fallbacks to resolve username

* Fix sonar issues (#894)

* Add custom "/sonar" command to GH copilot

* Add Sonar plugin integration

* Fix issues reported by Sonar

* Ignore Sonar warning about AES/ECB

* Add unit tests for GameyfinPluginManager

* Add unit tests for GameService

* Add more unit tests for GameService

* Improve library card layout (#896)

* Fix title not being centered

* Add buttons to scan all libraries

* Disable AVX for AOT cache training

* Improve AOT cache training

* Fix tests

* Change output type of Docker Build CI action

* Increase MAX_WAIT of aot-training to 5min

* Optimize Docker CI pipeline

* Add Sonar badges to README.md

* Add custom metrics (downloads & scans)

* Optimize DB connection & add cache for images

* Adjusted logging on startup

* * Show message on start page when no libraries/games are available
* Disable "Scan" buttons when no metadata plugin is enabled

* Fix thread pinning causing deadlocks

* Pre-populate image cache at startup

* Show "Loading" spinner while loading

* Optimize static file serving (images)

* Switch back to Tomcat (from Jetty)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

docker/Dockerfile.ubuntu

@@ -1,19 +1,52 @@
 # syntax=docker/dockerfile:1.4
 
-FROM eclipse-temurin:21-jre-alpine as builder
-WORKDIR /opt/gameyfin
-ARG JAR_FILE=./app/build/libs/app.jar
+# ── Stage 1: extract layers & collect plugins ────────────────────────────
+FROM eclipse-temurin:25-jre-alpine AS extractor
+
+WORKDIR /builder
+
+ARG JAR_FILE=./app/build/libs/app-*.jar
 COPY ${JAR_FILE} application.jar
-RUN java -Djarmode=tools -jar application.jar extract --layers --launcher --destination extracted
+
+# Extract using layered layout for optimal Docker layer caching
+RUN java -Djarmode=tools -jar application.jar extract --layers --destination extracted
 
 # Pre-collect plugin JARs so final stage can copy them in a single layer
 COPY --link ./plugins/ /tmp/plugins/
-RUN mkdir -p /opt/gameyfin/plugins \
-    && find /tmp/plugins -type f -path "*/build/libs/*.jar" -exec cp {} /opt/gameyfin/plugins/ \; \
+RUN mkdir -p /builder/plugins \
+    && find /tmp/plugins -type f -path "*/build/libs/*.jar" -exec cp {} /builder/plugins/ \; \
     && rm -rf /tmp/plugins
 
+# ── Stage 2: AOT cache training (must use the *runtime* JVM) ─────────────
+# Boot the full application, wait for readiness, fire warm-up HTTP requests
+# that exercise Vaadin/Hilla, Spring Security, Hibernate, and PF4J plugin
+# loading, then gracefully shut down
+FROM eclipse-temurin:25-jre AS aot-training
 
-FROM eclipse-temurin:21-jre
+WORKDIR /training
+
+# curl is needed by the training script to poll health and send warm-up requests
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends curl && \
+    rm -rf /var/lib/apt/lists/*
+
+# Copy the extracted layers to reassemble the application for the training run
+COPY --from=extractor /builder/extracted/dependencies/ ./
+COPY --from=extractor /builder/extracted/spring-boot-loader/ ./
+COPY --from=extractor /builder/extracted/snapshot-dependencies/ ./
+COPY --from=extractor /builder/extracted/application/ ./
+
+# Copy plugins
+COPY --from=extractor /builder/plugins ./plugins
+
+# Copy and run the AOT training script
+# On x86-64, the script passes UseAVX=0 to restrict generated code to baseline
+# SSE2 so the cache is portable across all amd64 CPUs (skipped on aarch64).
+COPY --link ./docker/aot-training.sh ./aot-training.sh
+RUN chmod +x aot-training.sh && ./aot-training.sh
+
+# ── Stage 3: runtime image ───────────────────────────────────────────────
+FROM eclipse-temurin:25-jre
 
 # OCI labels
 LABEL maintainer="grimsi" \
@@ -49,12 +82,15 @@ RUN groupadd -g "$GID" "$USER" && \
 # Copy entrypoint script with proper perms and ownership
 COPY --link --chown=${UID}:${GID} --chmod=0755 ./docker/entrypoint.ubuntu.sh /entrypoint.sh
 
-# Copy application layers and plugin jars from builder stage
-COPY --from=builder --link --chown=${UID}:${GID} /opt/gameyfin/extracted/dependencies/ ./
-COPY --from=builder --link --chown=${UID}:${GID} /opt/gameyfin/extracted/spring-boot-loader/ ./
-COPY --from=builder --link --chown=${UID}:${GID} /opt/gameyfin/extracted/snapshot-dependencies/ ./
-COPY --from=builder --link --chown=${UID}:${GID} /opt/gameyfin/extracted/application/ ./
-COPY --from=builder --link --chown=${UID}:${GID} /opt/gameyfin/plugins ./plugins
+# Copy application layers from extractor stage
+COPY --from=extractor --link --chown=${UID}:${GID} /builder/extracted/dependencies/ ./
+COPY --from=extractor --link --chown=${UID}:${GID} /builder/extracted/spring-boot-loader/ ./
+COPY --from=extractor --link --chown=${UID}:${GID} /builder/extracted/snapshot-dependencies/ ./
+COPY --from=extractor --link --chown=${UID}:${GID} /builder/extracted/application/ ./
+COPY --from=extractor --link --chown=${UID}:${GID} /builder/plugins ./plugins
+
+# Copy AOT cache from training stage
+COPY --from=aot-training --link --chown=${UID}:${GID} /training/app.aot ./
 
 EXPOSE 8080