Upload folder using huggingface_hub

.actrc

@@ -0,0 +1,5 @@
+-P blacksmith-2vcpu-ubuntu-2204=ubuntu-latest
+-P blacksmith-4vcpu-ubuntu-2204=ubuntu-latest
+-P ubuntu-22.04=ubuntu-latest
+-P ubuntu-20.04=ubuntu-latest
+--container-architecture linux/amd64

.devcontainer/Dockerfile

@@ -0,0 +1,9 @@
+FROM n8nio/base:22
+
+RUN apk add --no-cache --update openssh sudo shadow bash
+RUN echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node && chmod 0440 /etc/sudoers.d/node
+RUN mkdir /workspaces && chown node:node /workspaces
+RUN npm install -g pnpm
+
+USER node
+RUN mkdir -p ~/.pnpm-store && pnpm config set store-dir ~/.pnpm-store --global

.devcontainer/devcontainer.json

@@ -0,0 +1,19 @@
+{
+	"name": "n8n",
+	"dockerComposeFile": "docker-compose.yml",
+	"service": "n8n",
+	"workspaceFolder": "/workspaces",
+	"mounts": [
+		"type=bind,source=${localWorkspaceFolder},target=/workspaces,consistency=cached",
+		"type=bind,source=${localEnv:HOME}/.ssh,target=/home/node/.ssh,consistency=cached",
+		"type=bind,source=${localEnv:HOME}/.n8n,target=/home/node/.n8n,consistency=cached"
+	],
+	"forwardPorts": [8080, 5678],
+	"postCreateCommand": "corepack prepare --activate && pnpm install",
+	"postAttachCommand": "pnpm build",
+	"customizations": {
+		"codespaces": {
+			"openFiles": ["CONTRIBUTING.md"]
+		}
+	}
+}

.devcontainer/docker-compose.yml

@@ -0,0 +1,24 @@
+volumes:
+  postgres-data:
+
+services:
+  postgres:
+    image: postgres:16-alpine
+    restart: unless-stopped
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=n8n
+      - POSTGRES_PASSWORD=password
+
+  n8n:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    volumes:
+      - ..:/workspaces:cached
+    command: sleep infinity
+    environment:
+      DB_POSTGRESDB_HOST: postgres
+      DB_TYPE: postgresdb
+      DB_POSTGRESDB_PASSWORD: password

.dockerignore

@@ -0,0 +1,27 @@
+# Whitelist approach: ignore everything, then allow only what Docker builds need
+# This reduces build context from ~900MB to just what's required
+
+# Ignore everything first
+*
+
+# === n8n main image (docker/images/n8n/Dockerfile) ===
+!compiled
+!compiled/**
+!THIRD_PARTY_LICENSES.md
+
+# === runners image (docker/images/runners/Dockerfile + Dockerfile.distroless) ===
+!dist
+!dist/task-runner-javascript
+!dist/task-runner-javascript/**
+!packages
+!packages/@n8n
+!packages/@n8n/task-runner-python
+!packages/@n8n/task-runner-python/**
+
+# === Docker build files (entrypoints, configs) ===
+!docker
+!docker/images
+!docker/images/n8n
+!docker/images/n8n/docker-entrypoint.sh
+!docker/images/runners
+!docker/images/runners/n8n-task-runners.json

.editorconfig

@@ -0,0 +1,20 @@
+root = true
+
+[*]
+charset = utf-8
+indent_style = tab
+indent_size = 2
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[package.json]
+indent_style = space
+indent_size = 2
+
+[*.yml]
+indent_style = space
+indent_size = 2
+
+[*.ts]
+quote_type = single

.git-blame-ignore-revs

@@ -0,0 +1,18 @@
+# Commits of large-scale changes to exclude from `git blame` results
+
+# Set up linting and formatting (#2120)
+
+56c4c6991fb21ba4b7bdcd22c929f63cc1d1defe
+
+# refactor(editor): Apply Prettier (no-changelog) #4920
+
+5ca2148c7ed06c90f999508928b7a51f9ac7a788
+
+# refactor: Run lintfix (no-changelog) (#7537)
+
+62c096710fab2f7e886518abdbded34b55e93f62
+
+# refactor: Move test files alongside tested files (#11504)
+
+7e58fc4fec468aca0b45d5bfe6150e1af632acbc
+f32b13c6ed078be042a735bc8621f27e00dc3116

.gitattributes

@@ -1,35 +1,17 @@
-*.7z filter=lfs diff=lfs merge=lfs -text
-*.arrow filter=lfs diff=lfs merge=lfs -text
-*.bin filter=lfs diff=lfs merge=lfs -text
-*.bz2 filter=lfs diff=lfs merge=lfs -text
-*.ckpt filter=lfs diff=lfs merge=lfs -text
-*.ftz filter=lfs diff=lfs merge=lfs -text
-*.gz filter=lfs diff=lfs merge=lfs -text
-*.h5 filter=lfs diff=lfs merge=lfs -text
-*.joblib filter=lfs diff=lfs merge=lfs -text
-*.lfs.* filter=lfs diff=lfs merge=lfs -text
-*.mlmodel filter=lfs diff=lfs merge=lfs -text
-*.model filter=lfs diff=lfs merge=lfs -text
-*.msgpack filter=lfs diff=lfs merge=lfs -text
-*.npy filter=lfs diff=lfs merge=lfs -text
-*.npz filter=lfs diff=lfs merge=lfs -text
-*.onnx filter=lfs diff=lfs merge=lfs -text
-*.ot filter=lfs diff=lfs merge=lfs -text
-*.parquet filter=lfs diff=lfs merge=lfs -text
-*.pb filter=lfs diff=lfs merge=lfs -text
-*.pickle filter=lfs diff=lfs merge=lfs -text
-*.pkl filter=lfs diff=lfs merge=lfs -text
-*.pt filter=lfs diff=lfs merge=lfs -text
-*.pth filter=lfs diff=lfs merge=lfs -text
-*.rar filter=lfs diff=lfs merge=lfs -text
-*.safetensors filter=lfs diff=lfs merge=lfs -text
-saved_model/**/* filter=lfs diff=lfs merge=lfs -text
-*.tar.* filter=lfs diff=lfs merge=lfs -text
-*.tar filter=lfs diff=lfs merge=lfs -text
-*.tflite filter=lfs diff=lfs merge=lfs -text
-*.tgz filter=lfs diff=lfs merge=lfs -text
-*.wasm filter=lfs diff=lfs merge=lfs -text
-*.xz filter=lfs diff=lfs merge=lfs -text
-*.zip filter=lfs diff=lfs merge=lfs -text
-*.zst filter=lfs diff=lfs merge=lfs -text
-*tfevents* filter=lfs diff=lfs merge=lfs -text
+*.sh text eol=lf
+assets/n8n-screenshot-readme.png filter=lfs diff=lfs merge=lfs -text
+assets/n8n-screenshot.png filter=lfs diff=lfs merge=lfs -text
+packages/frontend/@n8n/chat/resources/images/windowed.png filter=lfs diff=lfs merge=lfs -text
+packages/frontend/@n8n/design-system/assets/fonts/InterVariable-Italic.woff2 filter=lfs diff=lfs merge=lfs -text
+packages/frontend/@n8n/design-system/assets/fonts/InterVariable.woff2 filter=lfs diff=lfs merge=lfs -text
+packages/frontend/@n8n/i18n/docs/img/cred.png filter=lfs diff=lfs merge=lfs -text
+packages/frontend/@n8n/i18n/docs/img/header1.png filter=lfs diff=lfs merge=lfs -text
+packages/frontend/@n8n/i18n/docs/img/header2.png filter=lfs diff=lfs merge=lfs -text
+packages/frontend/@n8n/i18n/docs/img/header3.png filter=lfs diff=lfs merge=lfs -text
+packages/frontend/@n8n/i18n/docs/img/header4.png filter=lfs diff=lfs merge=lfs -text
+packages/frontend/@n8n/i18n/docs/img/header5.png filter=lfs diff=lfs merge=lfs -text
+packages/frontend/editor-ui/public/static/data-mapping-gif.gif filter=lfs diff=lfs merge=lfs -text
+packages/frontend/editor-ui/src/features/integrations/externalSecrets.ee/assets/images/doppler.webp filter=lfs diff=lfs merge=lfs -text
+packages/nodes-base/nodes/AcuityScheduling/acuityScheduling.png filter=lfs diff=lfs merge=lfs -text
+packages/nodes-base/nodes/Cisco/Webex/ciscoWebex.png filter=lfs diff=lfs merge=lfs -text
+packages/testing/playwright/tests/cli-workflows/testData/pdfs/05-versions-space.pdf filter=lfs diff=lfs merge=lfs -text

.github/CODEOWNERS

@@ -0,0 +1,4 @@
+packages/@n8n/db/src/migrations/ @n8n-io/migrations-review
+
+# Node popularity data updates
+packages/frontend/editor-ui/data/node-popularity.json @n8n-io/catalysts

.github/ISSUE_TEMPLATE/01-bug.yml

@@ -0,0 +1,105 @@
+name: Bug Report
+description: Create a bug report to help us improve
+body:
+  - type: markdown
+    attributes:
+      value: |
+        > ⚠️ This form is for reporting bugs only.
+        > ❌ Please do not use this form for general support, feature requests, or questions.
+        > 💬 For help and general inquiries, visit our [community support forum](https://community.n8n.io).
+        > ☁️ If you're experiencing issues with cloud instances not starting or license-related problems, contact [n8n support directly](mailto:help@n8n.io).
+        ---
+        Thank you for helping us improve n8n!
+        To ensure we can address your report efficiently, please fill out all sections in English and provide as much detail as possible.
+  - type: textarea
+    id: description
+    attributes:
+      label: Bug Description
+      description: A clear and concise description of what the bug is
+      placeholder: Tell us what you see!
+    validations:
+      required: true
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: To Reproduce
+      description: Steps to reproduce the behavior
+      placeholder: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. See error
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+      description: A clear and concise description of what you expected to happen
+    validations:
+      required: true
+  - type: textarea
+    id: debug-info
+    attributes:
+      label: Debug Info
+      description: This can be found under Help > About n8n > Copy debug information
+    validations:
+      required: true
+  - type: markdown
+    attributes:
+      value: '## Environment'
+  - type: input
+    id: os
+    attributes:
+      label: Operating System
+      placeholder: ex. Ubuntu Linux 22.04
+    validations:
+      required: true
+  - type: input
+    id: n8n-version
+    attributes:
+      label: n8n Version
+      placeholder: ex. 1.25.0
+    validations:
+      required: true
+  - type: input
+    id: nodejs-version
+    attributes:
+      label: Node.js Version
+      placeholder: ex. 22.16.0
+    validations:
+      required: true
+  - type: dropdown
+    id: db
+    attributes:
+      label: Database
+      options:
+        - SQLite (default)
+        - PostgreSQL
+        - MySQL
+        - MariaDB
+      default: 0
+    validations:
+      required: true
+  - type: dropdown
+    id: execution-mode
+    attributes:
+      label: Execution mode
+      description: '[Info](https://docs.n8n.io/hosting/scaling/queue-mode/)'
+      options:
+        - main (default)
+        - queue
+        - own (deprecated)
+      default: 0
+    validations:
+      required: true
+  - type: dropdown
+    id: hosting
+    attributes:
+      label: Hosting
+      options:
+        - n8n cloud
+        - self hosted
+      default: 0
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,11 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Feature request
+    url: https://community.n8n.io
+    about: Suggest an idea for this project
+  - name: Question / Problem
+    url: https://community.n8n.io
+    about: Questions and problems with n8n
+  - name: n8n Security Vulnerability
+    url: https://n8n.io/legal/#vulnerability
+    about: Learn about our Vulnerability Disclosure Policy

.github/actionlint.yml

@@ -0,0 +1,8 @@
+self-hosted-runner:
+  labels:
+    - blacksmith-2vcpu-ubuntu-2204
+    - blacksmith-4vcpu-ubuntu-2204
+    - blacksmith-2vcpu-ubuntu-2204-arm
+    - blacksmith-4vcpu-ubuntu-2204-arm
+    - blacksmith-8vcpu-ubuntu-2204
+    - ubuntu-slim

.github/actions/docker-registry-login/action.yml

@@ -0,0 +1,51 @@
+# Composite action for logging into Docker registries (GHCR and/or DockerHub).
+# Centralizes the login pattern used across multiple Docker workflows.
+
+name: 'Docker Registry Login'
+description: 'Login to GitHub Container Registry and/or DockerHub'
+
+inputs:
+  login-ghcr:
+    description: 'Login to GitHub Container Registry'
+    required: false
+    default: 'true'
+  login-dockerhub:
+    description: 'Login to DockerHub'
+    required: false
+    default: 'false'
+  login-dhi:
+    description: 'Login to Docker Hardened Images registry (dhi.io)'
+    required: false
+    default: 'false'
+  dockerhub-username:
+    description: 'DockerHub username (required if login-dockerhub or login-dhi is true)'
+    required: false
+  dockerhub-password:
+    description: 'DockerHub password (required if login-dockerhub or login-dhi is true)'
+    required: false
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Login to GitHub Container Registry
+      if: inputs.login-ghcr == 'true'
+      uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
+
+    - name: Login to DockerHub
+      if: inputs.login-dockerhub == 'true'
+      uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+      with:
+        username: ${{ inputs.dockerhub-username }}
+        password: ${{ inputs.dockerhub-password }}
+
+    - name: Login to DHI Registry
+      if: inputs.login-dhi == 'true'
+      uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+      with:
+        registry: dhi.io
+        username: ${{ inputs.dockerhub-username }}
+        password: ${{ inputs.dockerhub-password }}

.github/actions/setup-nodejs/action.yml

@@ -0,0 +1,49 @@
+# This action works transparently on both Blacksmith and GitHub-hosted runners.
+# Blacksmith runners benefit from transparent caching and optional Docker layer caching.
+# GitHub-hosted runners use standard GitHub Actions caching.
+
+name: 'Node.js Build Setup'
+description: 'Configures Node.js with pnpm, installs dependencies, enables Turborepo caching, (optional) sets up Docker layer caching, and builds the project or an optional command.'
+
+inputs:
+  node-version:
+    description: 'Node.js version to use. Uses latest 22.x by default.'
+    required: false
+    default: '22.x'
+  enable-docker-cache:
+    description: 'Whether to set up Blacksmith Buildx for Docker layer caching (Blacksmith runners only).'
+    required: false
+    default: 'false'
+    type: boolean
+  build-command:
+    description: 'Command to execute for building the project or an optional command. Leave empty to skip build step.'
+    required: false
+    default: 'pnpm build'
+    type: string
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Setup pnpm
+      uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+
+    - name: Setup Node.js
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+      with:
+        node-version: ${{ inputs.node-version }}
+        cache: 'pnpm'
+
+    - name: Install Dependencies
+      run: pnpm install --frozen-lockfile
+      shell: bash
+
+    - name: Configure Turborepo Cache
+      uses: rharkor/caching-for-turbo@cda201ff2b32699a2ae9f59704db029e3dde4fbd # v2.3.5
+
+    - name: Setup Docker Builder for Docker Cache
+      if: ${{ inputs.enable-docker-cache == 'true' }}
+      uses: useblacksmith/setup-docker-builder@53647ab5afe8827af5623b35bd4302eabd41619f # v1.2.0
+
+    - name: Build Project
+      run: ${{ inputs.build-command }}
+      shell: bash

.github/docker-compose.yml

@@ -0,0 +1,33 @@
+services:
+  mariadb:
+    image: mariadb:10.5
+    environment:
+      - MARIADB_DATABASE=n8n
+      - MARIADB_ROOT_PASSWORD=password
+      - MARIADB_MYSQL_LOCALHOST_USER=true
+    ports:
+      - 3306:3306
+    tmpfs:
+      - /var/lib/mysql
+
+  mysql-8.4:
+    image: mysql:8.4
+    environment:
+      - MYSQL_DATABASE=n8n
+      - MYSQL_ROOT_PASSWORD=password
+    ports:
+      - 3306:3306
+    tmpfs:
+      - /var/lib/mysql
+
+  postgres:
+    image: postgres:16
+    restart: always
+    environment:
+      - POSTGRES_DB=n8n
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=password
+    ports:
+      - 5432:5432
+    tmpfs:
+      - /var/lib/postgresql/data

.github/pull_request_template.md

@@ -0,0 +1,29 @@
+## Summary
+
+<!--
+Describe what the PR does and how to test.
+Photos and videos are recommended.
+-->
+
+## Related Linear tickets, Github issues, and Community forum posts
+
+<!--
+Include links to **Linear ticket** or Github issue or Community forum post.
+Important in order to close *automatically* and provide context to reviewers.
+https://linear.app/n8n/issue/
+-->
+<!-- Use "closes #<issue-number>", "fixes #<issue-number>", or "resolves #<issue-number>" to automatically close issues when the PR is merged. -->
+
+
+## Review / Merge checklist
+
+- [ ] PR title and summary are descriptive. ([conventions](../blob/master/.github/pull_request_title_conventions.md)) <!--
+   **Remember, the title automatically goes into the changelog.
+   Use `(no-changelog)` otherwise.**
+-->
+- [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created.
+- [ ] Tests included. <!--
+   A bug is not considered fixed, unless a test is added to prevent it from happening again.
+   A feature is not complete without tests.
+-->
+- [ ] PR Labeled with `release/backport` (if the PR is an urgent fix that needs to be backported)

.github/pull_request_title_conventions.md

@@ -0,0 +1,116 @@
+# PR Title Convention
+
+We have very precise rules over how Pull Requests (to the `master` branch) must be formatted. This format basically follows the [Angular Commit Message Convention](https://github.com/angular/angular/blob/master/CONTRIBUTING.md#commit). It leads to easier to read commit history and allows for automated generation of release notes:
+
+A PR title consists of these elements:
+
+```text
+<type>(<scope>): <summary>
+  │       │          │
+  │       │          └─⫸ Summary: In imperative present tense.
+  |       |                        Capitalized
+  |       |                        No period at the end.
+  │       │
+  │       └─⫸ Scope: API | benchmark | core | editor | * Node
+  │
+  └─⫸ Type: build | ci | chore | docs | feat | fix | perf | refactor | test
+```
+
+- PR title
+  - type
+  - scope (_optional_)
+  - summary
+- PR description
+  - body (optional)
+  - blank line
+  - footer (optional)
+
+The structure looks like this:
+
+## Type
+
+Must be one of the following:
+
+| type | description | appears in changelog |
+| --- | --- | --- |
+| `feat` | A new feature | ✅ |
+| `fix` | A bug fix | ✅ |
+| `perf` | A code change that improves performance | ✅ |
+| `test` | Adding missing tests or correcting existing tests | ❌ |
+| `docs` | Documentation only changes | ❌ |
+| `refactor` | A behavior-neutral code change that neither fixes a bug nor adds a feature | ❌ |
+| `build` | Changes that affect the build system or external dependencies (TypeScript, Jest, pnpm, etc.) | ❌ |
+| `ci` | Changes to CI configuration files and scripts (e.g. Github actions) | ❌ |
+| `chore` | Routine tasks, maintenance, and minor updates not covered by other types | ❌ |
+
+> BREAKING CHANGES (see Footer section below), will **always** appear in the changelog unless suffixed with `no-changelog`.
+
+## Scope (optional)
+
+The scope should specify the place of the commit change as long as the commit clearly addresses one of the following supported scopes. (Otherwise, omit the scope!)
+
+- `API` - changes to the _public_ API
+- `benchmark` - changes to the benchmark cli
+- `core` - changes to the core / private API / backend of n8n
+- `editor` - changes to the Editor UI
+- `* Node` - changes to a specific node or trigger node (”`*`” to be replaced with the node name, not its display name), e.g.
+  - mattermost → Mattermost Node
+  - microsoftToDo → Microsoft To Do Node
+  - n8n → n8n Node
+
+## Summary
+
+The summary contains succinct description of the change:
+
+- use the imperative, present tense: "change" not "changed" nor "changes"
+- capitalize the first letter
+- _no_ dot (.) at the end
+- do _not_ include Linear ticket IDs etc. (e.g. N8N-1234)
+- suffix with “(no-changelog)” for commits / PRs that should not get mentioned in the changelog.
+
+## Body (optional)
+
+Just as in the **summary**, use the imperative, present tense: "change" not "changed" nor "changes". The body should include the motivation for the change and contrast this with previous behavior.
+
+## Footer (optional)
+
+The footer can contain information about breaking changes and deprecations and is also the place to [reference GitHub issues](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword), Linear tickets, and other PRs that this commit closes or is related to. For example:
+
+```text
+BREAKING CHANGE: <breaking change summary>
+<BLANK LINE>
+<breaking change description + migration instructions>
+<BLANK LINE>
+<BLANK LINE>
+Fixes #<issue number>
+```
+
+or
+
+```text
+DEPRECATED: <what is deprecated>
+<BLANK LINE>
+<deprecation description + recommended update path>
+<BLANK LINE>
+<BLANK LINE>
+Closes #<pr number>
+```
+
+A Breaking Change section should start with the phrase "`BREAKING CHANGE:` " followed by a summary of the breaking change, a blank line, and a detailed description of the breaking change that also includes migration instructions.
+
+> 💡 A breaking change can additionally also be marked by adding a “`!`” to the header, right before the “`:`”, e.g. `feat(editor)!: Remove support for dark mode`
+>
+> This makes locating breaking changes easier when just skimming through commit messages.
+
+> 💡 The breaking changes must also be added to the [packages/cli/BREAKING-CHANGES.md](https://github.com/n8n-io/n8n/blob/master/packages/cli/BREAKING-CHANGES.md) file located in the n8n repository.
+
+Similarly, a Deprecation section should start with "`DEPRECATED:` " followed by a short description of what is deprecated, a blank line, and a detailed description of the deprecation that also mentions the recommended update path.
+
+### Revert commits
+
+If the commit reverts a previous commit, it should begin with `revert:` , followed by the header of the reverted commit.
+
+The content of the commit message body should contain:
+
+- information about the SHA of the commit being reverted in the following format: `This reverts commit <SHA>`,
+- a clear description of the reason for reverting the commit message.

.github/scripts/bump-versions.mjs

@@ -0,0 +1,74 @@
+import semver from 'semver';
+import { writeFile, readFile } from 'fs/promises';
+import { resolve } from 'path';
+import child_process from 'child_process';
+import { promisify } from 'util';
+import assert from 'assert';
+
+const exec = promisify(child_process.exec);
+
+function generateExperimentalVersion(currentVersion) {
+	const parsed = semver.parse(currentVersion);
+	if (!parsed) throw new Error(`Invalid version: ${currentVersion}`);
+
+	// Check if it's already an experimental version
+	if (parsed.prerelease.length > 0 && parsed.prerelease[0] === 'exp') {
+		// Increment the experimental minor version
+		const expMinor = (parsed.prerelease[1] || 0) + 1;
+		return `${parsed.major}.${parsed.minor}.${parsed.patch}-exp.${expMinor}`;
+	}
+
+	// Create new experimental version: <major>.<minor>.<patch>-exp.0
+	return `${parsed.major}.${parsed.minor}.${parsed.patch}-exp.0`;
+}
+
+const rootDir = process.cwd();
+const releaseType = process.env.RELEASE_TYPE;
+assert.match(releaseType, /^(patch|minor|major|experimental|premajor)$/, 'Invalid RELEASE_TYPE');
+
+// TODO: if releaseType is `auto` determine release type based on the changelog
+
+const lastTag = (await exec('git describe --tags --match "n8n@*" --abbrev=0')).stdout.trim();
+const packages = JSON.parse((await exec('pnpm ls -r --only-projects --json')).stdout);
+
+const packageMap = {};
+for (let { name, path, version, private: isPrivate, dependencies } of packages) {
+	if (isPrivate && path !== rootDir) continue;
+	if (path === rootDir) name = 'monorepo-root';
+
+	const isDirty = await exec(`git diff --quiet HEAD ${lastTag} -- ${path}`)
+		.then(() => false)
+		.catch((error) => true);
+
+	packageMap[name] = { path, isDirty, version };
+}
+
+assert.ok(
+	Object.values(packageMap).some(({ isDirty }) => isDirty),
+	'No changes found since the last release',
+);
+
+// Keep the monorepo version up to date with the released version
+packageMap['monorepo-root'].version = packageMap['n8n'].version;
+
+for (const packageName in packageMap) {
+	const { path, version, isDirty } = packageMap[packageName];
+	const packageFile = resolve(path, 'package.json');
+	const packageJson = JSON.parse(await readFile(packageFile, 'utf-8'));
+
+	packageJson.version = packageMap[packageName].nextVersion =
+		isDirty ||
+		Object.keys(packageJson.dependencies || {}).some(
+			(dependencyName) => packageMap[dependencyName]?.isDirty,
+		)
+			? releaseType === 'experimental'
+				? generateExperimentalVersion(version)
+				: releaseType === 'premajor'
+				? semver.inc(version, version.includes('-rc.') ? 'prerelease' : 'premajor', undefined, 'rc')
+					: semver.inc(version, releaseType)
+			: version;
+
+	await writeFile(packageFile, JSON.stringify(packageJson, null, 2) + '\n');
+}
+
+console.log(packageMap['n8n'].nextVersion);

.github/scripts/docker/docker-config.mjs

@@ -0,0 +1,177 @@
+#!/usr/bin/env node
+
+import { appendFileSync } from 'node:fs';
+
+class BuildContext {
+	constructor() {
+		this.githubOutput = process.env.GITHUB_OUTPUT || null;
+	}
+
+	determine({ event, pr, branch, version, releaseType, pushEnabled }) {
+		let context = {
+			version: '',
+			release_type: '',
+			platforms: ['linux/amd64', 'linux/arm64'],
+			push_to_ghcr: true,
+			push_to_docker: false,
+		};
+
+		if (version && releaseType) {
+			context.version = version;
+			context.release_type = releaseType;
+			context.push_to_docker = true;
+		} else {
+			switch (event) {
+				case 'schedule':
+					context.version = 'nightly';
+					context.release_type = 'nightly';
+					context.push_to_docker = true;
+					break;
+
+				case 'pull_request':
+					context.version = `pr-${pr}`;
+					context.release_type = 'dev';
+					context.platforms = ['linux/amd64'];
+					break;
+
+				case 'workflow_dispatch':
+					context.version = `branch-${this.sanitizeBranch(branch)}`;
+					context.release_type = 'branch';
+					context.platforms = ['linux/amd64'];
+					break;
+
+				case 'push':
+					if (branch === 'master') {
+						context.version = 'dev';
+						context.release_type = 'dev';
+						context.push_to_docker = true;
+					} else {
+						context.version = `branch-${this.sanitizeBranch(branch)}`;
+						context.release_type = 'branch';
+						context.platforms = ['linux/amd64'];
+					}
+					break;
+
+				case 'workflow_call':
+				case 'release':
+					if (!version) throw new Error('Version required for release');
+					context.version = version;
+					context.release_type = releaseType || 'stable';
+					context.push_to_docker = true;
+					break;
+
+				default:
+					throw new Error(`Unknown event: ${event}`);
+			}
+		}
+
+		// Handle push_enabled override
+		if (pushEnabled !== undefined) {
+			context.push_enabled = pushEnabled;
+		} else {
+			context.push_enabled = context.push_to_ghcr;
+		}
+
+		return context;
+	}
+
+	sanitizeBranch(branch) {
+		if (!branch) return 'unknown';
+		return branch
+			.toLowerCase()
+			.replace(/[^a-z0-9._-]/g, '-')
+			.replace(/^[.-]/, '')
+			.replace(/[.-]$/, '')
+			.substring(0, 128);
+	}
+
+	buildMatrix(platforms) {
+		const runners = {
+			'linux/amd64': 'blacksmith-4vcpu-ubuntu-2204',
+			'linux/arm64': 'blacksmith-4vcpu-ubuntu-2204-arm',
+		};
+
+		const matrix = {
+			platform: [],
+			include: [],
+		};
+
+		for (const platform of platforms) {
+			const shortName = platform.split('/').pop(); // amd64 or arm64
+			matrix.platform.push(shortName);
+			matrix.include.push({
+				platform: shortName,
+				runner: runners[platform],
+				docker_platform: platform,
+			});
+		}
+
+		return matrix;
+	}
+
+	output(context, matrix = null) {
+		const buildMatrix = matrix || this.buildMatrix(context.platforms);
+
+		if (this.githubOutput) {
+			const outputs = [
+				`version=${context.version}`,
+				`release_type=${context.release_type}`,
+				`platforms=${JSON.stringify(context.platforms)}`,
+				`push_to_ghcr=${context.push_to_ghcr}`,
+				`push_to_docker=${context.push_to_docker}`,
+				`push_enabled=${context.push_enabled}`,
+				`build_matrix=${JSON.stringify(buildMatrix)}`,
+			];
+			appendFileSync(this.githubOutput, outputs.join('\n') + '\n');
+		} else {
+			console.log(JSON.stringify({ ...context, build_matrix: buildMatrix }, null, 2));
+		}
+	}
+}
+
+// CLI - Simple argument parsing
+if (import.meta.url === `file://${process.argv[1]}`) {
+	const args = process.argv.slice(2);
+	const getArg = (name) => {
+		const index = args.indexOf(`--${name}`);
+		if (index === -1 || !args[index + 1]) return undefined;
+		const value = args[index + 1];
+		// Handle empty strings and 'null' as undefined
+		return value === '' || value === 'null' ? undefined : value;
+	};
+
+	try {
+		const context = new BuildContext();
+		const pushEnabledArg = getArg('push-enabled');
+		const result = context.determine({
+			event: getArg('event') || process.env.GITHUB_EVENT_NAME,
+			pr: getArg('pr') || process.env.GITHUB_PR_NUMBER,
+			branch: getArg('branch') || process.env.GITHUB_REF_NAME,
+			version: getArg('version'),
+			releaseType: getArg('release-type'),
+			pushEnabled:
+				pushEnabledArg === 'true' ? true : pushEnabledArg === 'false' ? false : undefined,
+		});
+
+		const matrix = context.buildMatrix(result.platforms);
+
+		// Debug output when GITHUB_OUTPUT is set (running in Actions)
+		if (context.githubOutput) {
+			console.log('=== Build Context ===');
+			console.log(`version: ${result.version}`);
+			console.log(`release_type: ${result.release_type}`);
+			console.log(`platforms: ${JSON.stringify(result.platforms, null, 2)}`);
+			console.log(`push_to_ghcr: ${result.push_to_ghcr}`);
+			console.log(`push_to_docker: ${result.push_to_docker}`);
+			console.log(`push_enabled: ${result.push_enabled}`);
+			console.log('build_matrix:', JSON.stringify(matrix, null, 2));
+		}
+
+		context.output(result, matrix);
+	} catch (error) {
+		console.error(`Error: ${error.message}`);
+		process.exit(1);
+	}
+}
+
+export default BuildContext;

.github/scripts/docker/docker-tags.mjs

@@ -0,0 +1,113 @@
+#!/usr/bin/env node
+
+import { appendFileSync } from 'node:fs';
+
+class TagGenerator {
+	constructor() {
+		this.githubOwner = process.env.GITHUB_REPOSITORY_OWNER || 'n8n-io';
+		this.dockerUsername = process.env.DOCKER_USERNAME || 'n8nio';
+		this.githubOutput = process.env.GITHUB_OUTPUT || null;
+	}
+
+	generate({ image, version, platform, includeDockerHub = false }) {
+		let imageName = image;
+		let versionSuffix = '';
+
+		if (image === 'runners-distroless') {
+			imageName = 'runners';
+			versionSuffix = '-distroless';
+		}
+
+		const platformSuffix = platform ? `-${platform.split('/').pop()}` : '';
+		const fullVersion = `${version}${versionSuffix}${platformSuffix}`;
+
+		const tags = {
+			ghcr: [`ghcr.io/${this.githubOwner}/${imageName}:${fullVersion}`],
+			docker: includeDockerHub ? [`${this.dockerUsername}/${imageName}:${fullVersion}`] : [],
+		};
+
+		tags.all = [...tags.ghcr, ...tags.docker];
+		return tags;
+	}
+
+	output(tags, prefix = '') {
+		if (this.githubOutput) {
+			const prefixStr = prefix ? `${prefix}_` : '';
+			const primaryTag = tags.ghcr[0] ? tags.ghcr[0].replace(/-amd64$|-arm64$/, '') : '';
+			const outputs = [
+				`${prefixStr}tags=${tags.all.join(',')}`,
+				`${prefixStr}ghcr_tag=${tags.ghcr[0] || ''}`,
+				`${prefixStr}docker_tag=${tags.docker[0] || ''}`,
+				`${prefixStr}primary_tag=${primaryTag}`,
+			];
+			appendFileSync(this.githubOutput, outputs.join('\n') + '\n');
+		} else {
+			console.log(JSON.stringify(tags, null, 2));
+		}
+	}
+
+	generateAll({ version, platform, includeDockerHub = false }) {
+		const images = ['n8n', 'runners', 'runners-distroless'];
+		const results = {};
+
+		for (const image of images) {
+			const tags = this.generate({ image, version, platform, includeDockerHub });
+			const prefix = image.replace('-distroless', '_distroless');
+			results[prefix] = tags;
+
+			if (this.githubOutput) {
+				this.output(tags, prefix);
+			}
+		}
+
+		return results;
+	}
+}
+
+if (import.meta.url === `file://${process.argv[1]}`) {
+	const args = process.argv.slice(2);
+	const getArg = (name) => {
+		const index = args.indexOf(`--${name}`);
+		return index !== -1 && args[index + 1] ? args[index + 1] : undefined;
+	};
+	const hasFlag = (name) => args.includes(`--${name}`);
+
+	try {
+		const generator = new TagGenerator();
+		const version = getArg('version');
+
+		if (!version) {
+			console.error('Error: --version is required');
+			process.exit(1);
+		}
+
+		if (hasFlag('all')) {
+			const results = generator.generateAll({
+				version,
+				platform: getArg('platform'),
+				includeDockerHub: hasFlag('include-docker'),
+			});
+			if (!generator.githubOutput) {
+				console.log(JSON.stringify(results, null, 2));
+			}
+		} else {
+			const image = getArg('image');
+			if (!image) {
+				console.error('Error: Either --image or --all is required');
+				process.exit(1);
+			}
+			const tags = generator.generate({
+				image,
+				version,
+				platform: getArg('platform'),
+				includeDockerHub: hasFlag('include-docker'),
+			});
+			generator.output(tags);
+		}
+	} catch (error) {
+		console.error(`Error: ${error.message}`);
+		process.exit(1);
+	}
+}
+
+export default TagGenerator;

.github/scripts/ensure-provenance-fields.mjs

@@ -0,0 +1,44 @@
+import { writeFile, readFile, copyFile } from 'fs/promises';
+import { resolve, dirname } from 'path';
+import child_process from 'child_process';
+import { fileURLToPath } from 'url';
+import { promisify } from 'util';
+
+const exec = promisify(child_process.exec);
+
+const commonFiles = ['LICENSE.md', 'LICENSE_EE.md'];
+
+const baseDir = resolve(dirname(fileURLToPath(import.meta.url)), '../..');
+const packages = JSON.parse((await exec('pnpm ls -r --only-projects --json')).stdout);
+
+for (let { name, path, version, private: isPrivate } of packages) {
+	if (isPrivate) continue;
+
+	const packageFile = resolve(path, 'package.json');
+	const packageJson = {
+		...JSON.parse(await readFile(packageFile, 'utf-8')),
+		// Add these fields to all published package.json files to ensure provenance checks pass
+		license: 'SEE LICENSE IN LICENSE.md',
+		homepage: 'https://n8n.io',
+		author: {
+			name: 'Jan Oberhauser',
+			email: 'jan@n8n.io',
+		},
+		repository: {
+			type: 'git',
+			url: 'git+https://github.com/n8n-io/n8n.git',
+		},
+	};
+
+	// Copy over LICENSE.md and LICENSE_EE.md into every published package, and ensure they get included in the published package
+	await Promise.all(
+		commonFiles.map(async (file) => {
+			await copyFile(resolve(baseDir, file), resolve(path, file));
+			if (packageJson.files && !packageJson.files.includes(file)) {
+				packageJson.files.push(file);
+			}
+		}),
+	);
+
+	await writeFile(packageFile, JSON.stringify(packageJson, null, 2) + '\n');
+}

.github/scripts/package.json

@@ -0,0 +1,12 @@
+{
+  "dependencies": {
+    "cacheable-lookup": "6.1.0",
+    "conventional-changelog": "^4.0.0",
+    "debug": "4.3.4",
+    "glob": "10.5.0",
+    "p-limit": "3.1.0",
+    "picocolors": "1.0.1",
+    "semver": "7.5.4",
+    "tempfile": "5.0.0"
+  }
+}

.github/scripts/trim-fe-packageJson.js

@@ -0,0 +1,18 @@
+const { writeFileSync } = require('fs');
+const { resolve } = require('path');
+const baseDir = resolve(__dirname, '../..');
+
+const trimPackageJson = (packageName) => {
+	const filePath = resolve(baseDir, 'packages', packageName, 'package.json');
+	const { scripts, peerDependencies, devDependencies, dependencies, ...packageJson } = require(
+		filePath,
+	);
+	if (packageName === 'frontend/@n8n/chat') {
+		packageJson.dependencies = dependencies;
+	}
+	writeFileSync(filePath, JSON.stringify(packageJson, null, 2) + '\n', 'utf-8');
+};
+
+trimPackageJson('frontend/@n8n/chat');
+trimPackageJson('frontend/@n8n/design-system');
+trimPackageJson('frontend/editor-ui');

.github/scripts/update-changelog.mjs

@@ -0,0 +1,40 @@
+import createTempFile from 'tempfile';
+import conventionalChangelog from 'conventional-changelog';
+import { resolve } from 'path';
+import { createReadStream, createWriteStream } from 'fs';
+import { dirname } from 'path';
+import { fileURLToPath } from 'url';
+import { pipeline } from 'stream/promises';
+import packageJson from '../../package.json' with { type: 'json' };
+
+const baseDir = resolve(dirname(fileURLToPath(import.meta.url)), '../..');
+const fullChangelogFile = resolve(baseDir, 'CHANGELOG.md');
+// Version includes experimental versions (e.g., 1.2.3-exp.0)
+const versionChangelogFile = resolve(baseDir, `CHANGELOG-${packageJson.version}.md`);
+
+const changelogStream = conventionalChangelog({
+	preset: 'angular',
+	releaseCount: 1,
+	tagPrefix: 'n8n@',
+	transform: (commit, callback) => {
+		const hasNoChangelogInHeader = commit.header.includes('(no-changelog)');
+		const isBenchmarkScope = commit.scope === 'benchmark';
+
+		// Ignore commits that have 'benchmark' scope or '(no-changelog)' in the header
+		callback(null, hasNoChangelogInHeader || isBenchmarkScope ? undefined : commit);
+	},
+}).on('error', (err) => {
+	console.error(err.stack);
+	process.exit(1);
+});
+
+// Write the new changelog to a new temporary file, so that the contents can be used in the PR description
+await pipeline(changelogStream, createWriteStream(versionChangelogFile));
+
+// Since we can't read and write from the same file at the same time,
+// we use a temporary file to output the updated changelog to.
+const tmpFile = createTempFile();
+const tmpStream = createWriteStream(tmpFile);
+await pipeline(createReadStream(versionChangelogFile), tmpStream, { end: false });
+await pipeline(createReadStream(fullChangelogFile), tmpStream);
+await pipeline(createReadStream(tmpFile), createWriteStream(fullChangelogFile));

.github/scripts/validate-docs-links.js

@@ -0,0 +1,90 @@
+#!/usr/bin/env node
+
+const packages = ['nodes-base', '@n8n/nodes-langchain'];
+const concurrency = 20;
+let exitCode = 0;
+
+const debug = require('debug')('n8n');
+const path = require('path');
+const https = require('https');
+const glob = require('glob');
+const pLimit = require('p-limit');
+const picocolors = require('picocolors');
+const Lookup = require('cacheable-lookup').default;
+
+const agent = new https.Agent({ keepAlive: true, keepAliveMsecs: 5000 });
+new Lookup().install(agent);
+const limiter = pLimit(concurrency);
+
+const validateUrl = async (packageName, kind, type) =>
+	new Promise((resolve, reject) => {
+		const name = type.displayName;
+		const documentationUrl =
+			kind === 'credentials'
+				? type.documentationUrl
+				: type.codex?.resources?.primaryDocumentation?.[0]?.url;
+		if (!documentationUrl) resolve([name, null]);
+
+		const url = new URL(
+			/^https?:\/\//.test(documentationUrl)
+				? documentationUrl
+				: `https://docs.n8n.io/integrations/builtin/${kind}/${documentationUrl.toLowerCase()}/`,
+		);
+		https
+			.request(
+				{
+					hostname: url.hostname,
+					port: 443,
+					path: url.pathname,
+					method: 'HEAD',
+					agent,
+				},
+				(res) => {
+					debug(picocolors.green('✓'), packageName, kind, name);
+					resolve([name, res.statusCode]);
+				},
+			)
+			.on('error', (e) => {
+				debug(picocolors.red('✘'), packageName, kind, name);
+				reject(e);
+			})
+			.end();
+	});
+
+const checkLinks = async (packageName, kind) => {
+	const baseDir = path.resolve(__dirname, '../../packages', packageName);
+	let types = require(path.join(baseDir, `dist/types/${kind}.json`));
+	if (kind === 'nodes')
+		types = types.filter(
+			({ codex, hidden }) => !!codex?.resources?.primaryDocumentation && !hidden,
+		);
+	debug(packageName, kind, types.length);
+
+	const statuses = await Promise.all(
+		types.map((type) =>
+			limiter(() => {
+				return validateUrl(packageName, kind, type);
+			}),
+		),
+	);
+
+	const missingDocs = [];
+	const invalidUrls = [];
+	for (const [name, statusCode] of statuses) {
+		if (statusCode === null) missingDocs.push(name);
+		if (statusCode !== 200) invalidUrls.push(name);
+	}
+
+	if (missingDocs.length)
+		console.log('Documentation URL missing in %s for %s', packageName, kind, missingDocs);
+	if (invalidUrls.length)
+		console.log('Documentation URL invalid in %s for %s', packageName, kind, invalidUrls);
+	if (missingDocs.length || invalidUrls.length) exitCode = 1;
+};
+
+(async () => {
+	for (const packageName of packages) {
+		await Promise.all([checkLinks(packageName, 'credentials'), checkLinks(packageName, 'nodes')]);
+		if (exitCode !== 0) process.exit(exitCode);
+	}
+})();

.github/test-metrics/playwright.json

@@ -0,0 +1,672 @@
+{
+  "updatedAt": "2025-12-23T17:51:26.730Z",
+  "source": "currents",
+  "projectId": "I0yzoc",
+  "specs": {
+    "tests/e2e/workflows/list/workflows.spec.ts": {
+      "avgDuration": 113599,
+      "testCount": 9,
+      "flakyRate": 0.0066
+    },
+    "tests/e2e/workflows/templates/templates.spec.ts": {
+      "avgDuration": 19603,
+      "testCount": 9,
+      "flakyRate": 0.0016
+    },
+    "tests/e2e/workflows/editor/tags.spec.ts": {
+      "avgDuration": 38592,
+      "testCount": 7,
+      "flakyRate": 0.0014
+    },
+    "tests/e2e/chat-hub/chat-hub-workflow-agent.spec.ts": {
+      "avgDuration": 45555,
+      "testCount": 2,
+      "flakyRate": 0.0814
+    },
+    "tests/e2e/workflows/editor/workflow-actions/settings.spec.ts": {
+      "avgDuration": 60000,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/workflows/editor/subworkflows/workflow-selector.spec.ts": {
+      "avgDuration": 28137,
+      "testCount": 5,
+      "flakyRate": 0.0012
+    },
+    "tests/e2e/workflows/editor/workflow-actions/save.spec.ts": {
+      "avgDuration": 60000,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/workflows/editor/workflow-actions/run.spec.ts": {
+      "avgDuration": 60000,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/workflows/editor/workflow-actions/publish.spec.ts": {
+      "avgDuration": 22021,
+      "testCount": 8,
+      "flakyRate": 0
+    },
+    "tests/e2e/workflows/checklist/production-checklist.spec.ts": {
+      "avgDuration": 27187,
+      "testCount": 7,
+      "flakyRate": 0.0013
+    },
+    "tests/e2e/workflows/executions/list.spec.ts": {
+      "avgDuration": 61008,
+      "testCount": 11,
+      "flakyRate": 0.0042
+    },
+    "tests/e2e/workflows/editor/workflow-actions/duplicate.spec.ts": {
+      "avgDuration": 60000,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/workflows/editor/workflow-actions/copy-paste.spec.ts": {
+      "avgDuration": 60000,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/ai/workflow-builder.spec.ts": {
+      "avgDuration": 32211,
+      "testCount": 5,
+      "flakyRate": 0.0096
+    },
+    "tests/e2e/workflows/editor/workflow-actions/archive.spec.ts": {
+      "avgDuration": 60000,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/settings/workers/workers.spec.ts": {
+      "avgDuration": 5662,
+      "testCount": 4,
+      "flakyRate": 0.0011
+    },
+    "tests/e2e/nodes/webhook.spec.ts": {
+      "avgDuration": 55672,
+      "testCount": 9,
+      "flakyRate": 0.0021
+    },
+    "tests/e2e/api/webhook-isolation.spec.ts": {
+      "avgDuration": 5058,
+      "testCount": 15,
+      "flakyRate": 0.0005
+    },
+    "tests/e2e/app-config/versions.spec.ts": {
+      "avgDuration": 5875,
+      "testCount": 2,
+      "flakyRate": 0
+    },
+    "tests/e2e/settings/environments/variables.spec.ts": {
+      "avgDuration": 15854,
+      "testCount": 7,
+      "flakyRate": 0.0002
+    },
+    "tests/e2e/settings/users/users.spec.ts": {
+      "avgDuration": 11978,
+      "testCount": 4,
+      "flakyRate": 0.015
+    },
+    "tests/e2e/building-blocks/user-service.spec.ts": {
+      "avgDuration": 6400,
+      "testCount": 4,
+      "flakyRate": 0.0005
+    },
+    "tests/e2e/workflows/editor/canvas/undo-redo.spec.ts": {
+      "avgDuration": 65670,
+      "testCount": 13,
+      "flakyRate": 0.0193
+    },
+    "tests/e2e/building-blocks/workflow-entry-points.spec.ts": {
+      "avgDuration": 13573,
+      "testCount": 5,
+      "flakyRate": 0.0006
+    },
+    "tests/e2e/chat-hub/chat-hub-tools.spec.ts": {
+      "avgDuration": 11472,
+      "testCount": 1,
+      "flakyRate": 0.0233
+    },
+    "tests/e2e/capabilities/task-runner.spec.ts": {
+      "avgDuration": 52322,
+      "testCount": 3,
+      "flakyRate": 0.1299
+    },
+    "tests/e2e/workflows/editor/subworkflows/debugging.spec.ts": {
+      "avgDuration": 9686,
+      "testCount": 3,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/workflows/editor/subworkflows/extraction.spec.ts": {
+      "avgDuration": 35747,
+      "testCount": 2,
+      "flakyRate": 0.0011
+    },
+    "tests/e2e/settings/environments/source-control.spec.ts": {
+      "avgDuration": 142866,
+      "testCount": 5,
+      "flakyRate": 0.1412
+    },
+    "tests/e2e/auth/signin.spec.ts": {
+      "avgDuration": 90584,
+      "testCount": 3,
+      "flakyRate": 0
+    },
+    "tests/e2e/chat-hub/chat-hub-settings.spec.ts": {
+      "avgDuration": 29402,
+      "testCount": 2,
+      "flakyRate": 0.0674
+    },
+    "tests/e2e/app-config/security-notifications.spec.ts": {
+      "avgDuration": 14479,
+      "testCount": 5,
+      "flakyRate": 0.0004
+    },
+    "tests/e2e/workflows/editor/ndv/schema-preview.spec.ts": {
+      "avgDuration": 5002,
+      "testCount": 1,
+      "flakyRate": 0.0021
+    },
+    "tests/e2e/nodes/schedule-trigger-node.spec.ts": {
+      "avgDuration": 3494,
+      "testCount": 1,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/regression/SUG-38-inline-expression-preview.spec.ts": {
+      "avgDuration": 4768,
+      "testCount": 1,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/regression/SUG-121-fields-reset-after-closing-ndv.spec.ts": {
+      "avgDuration": 4232,
+      "testCount": 1,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/workflows/editor/routing.spec.ts": {
+      "avgDuration": 28147,
+      "testCount": 6,
+      "flakyRate": 0.0042
+    },
+    "tests/e2e/workflows/editor/ndv/resource-mapper.spec.ts": {
+      "avgDuration": 17808,
+      "testCount": 4,
+      "flakyRate": 0.0005
+    },
+    "tests/e2e/workflows/editor/ndv/resource-locator.spec.ts": {
+      "avgDuration": 36783,
+      "testCount": 7,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/ai/rag-callout.spec.ts": {
+      "avgDuration": 7145,
+      "testCount": 2,
+      "flakyRate": 0
+    },
+    "tests/e2e/source-control/push.spec.ts": {
+      "avgDuration": 161130,
+      "testCount": 4,
+      "flakyRate": 0.4348
+    },
+    "tests/e2e/source-control/pull.spec.ts": {
+      "avgDuration": 63320,
+      "testCount": 2,
+      "flakyRate": 0.2028
+    },
+    "tests/e2e/capabilities/proxy-server.spec.ts": {
+      "avgDuration": 27599,
+      "testCount": 4,
+      "flakyRate": 0.0028
+    },
+    "tests/e2e/projects/project-settings.spec.ts": {
+      "avgDuration": 48766,
+      "testCount": 8,
+      "flakyRate": 0.0005
+    },
+    "tests/e2e/chat-hub/chat-hub-personal-agent.spec.ts": {
+      "avgDuration": 114815,
+      "testCount": 4,
+      "flakyRate": 0.0448
+    },
+    "tests/e2e/settings/personal/personal.spec.ts": {
+      "avgDuration": 40996,
+      "testCount": 9,
+      "flakyRate": 0.0003
+    },
+    "tests/e2e/auth/password-reset.spec.ts": {
+      "avgDuration": 18625,
+      "testCount": 1,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/workflows/editor/subworkflows/wait.spec.ts": {
+      "avgDuration": 40569,
+      "testCount": 4,
+      "flakyRate": 0.2677
+    },
+    "tests/e2e/nodes/pdf-node.spec.ts": {
+      "avgDuration": 5500,
+      "testCount": 1,
+      "flakyRate": 0.003
+    },
+    "tests/e2e/auth/oidc.spec.ts": {
+      "avgDuration": 46170,
+      "testCount": 1,
+      "flakyRate": 0.0033
+    },
+    "tests/e2e/credentials/oauth.spec.ts": {
+      "avgDuration": 4270,
+      "testCount": 1,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/workflows/editor/ndv/io-filter.spec.ts": {
+      "avgDuration": 12720,
+      "testCount": 2,
+      "flakyRate": 0.0037
+    },
+    "tests/e2e/building-blocks/node-details-configuration.spec.ts": {
+      "avgDuration": 33860,
+      "testCount": 7,
+      "flakyRate": 0.0003
+    },
+    "tests/e2e/node-creator/workflows.spec.ts": {
+      "avgDuration": 6428,
+      "testCount": 2,
+      "flakyRate": 0
+    },
+    "tests/e2e/node-creator/vector-stores.spec.ts": {
+      "avgDuration": 9088,
+      "testCount": 3,
+      "flakyRate": 0.001
+    },
+    "tests/e2e/node-creator/special-nodes.spec.ts": {
+      "avgDuration": 13503,
+      "testCount": 3,
+      "flakyRate": 0.0012
+    },
+    "tests/e2e/node-creator/navigation.spec.ts": {
+      "avgDuration": 15911,
+      "testCount": 4,
+      "flakyRate": 0.0002
+    },
+    "tests/e2e/node-creator/categories.spec.ts": {
+      "avgDuration": 17552,
+      "testCount": 5,
+      "flakyRate": 0.0027
+    },
+    "tests/e2e/node-creator/actions.spec.ts": {
+      "avgDuration": 12991,
+      "testCount": 4,
+      "flakyRate": 0.0004
+    },
+    "tests/e2e/app-config/nps-survey.spec.ts": {
+      "avgDuration": 37040,
+      "testCount": 2,
+      "flakyRate": 0.0025
+    },
+    "tests/e2e/workflows/editor/ndv/ndv-parameters.spec.ts": {
+      "avgDuration": 48876,
+      "testCount": 9,
+      "flakyRate": 0.0012
+    },
+    "tests/e2e/workflows/editor/ndv/paired-item.spec.ts": {
+      "avgDuration": 30863,
+      "testCount": 5,
+      "flakyRate": 0.0006
+    },
+    "tests/e2e/workflows/editor/ndv/ndv-floating-nodes.spec.ts": {
+      "avgDuration": 25025,
+      "testCount": 4,
+      "flakyRate": 0.0042
+    },
+    "tests/e2e/workflows/editor/ndv/ndv-data-display.spec.ts": {
+      "avgDuration": 63163,
+      "testCount": 10,
+      "flakyRate": 0.0047
+    },
+    "tests/e2e/workflows/editor/ndv/ndv-core.spec.ts": {
+      "avgDuration": 59650,
+      "testCount": 16,
+      "flakyRate": 0.0003
+    },
+    "tests/e2e/workflows/editor/execution/partial.spec.ts": {
+      "avgDuration": 8298,
+      "testCount": 2,
+      "flakyRate": 0.0004
+    },
+    "tests/e2e/workflows/editor/execution/logs.spec.ts": {
+      "avgDuration": 39950,
+      "testCount": 9,
+      "flakyRate": 0.0002
+    },
+    "tests/e2e/settings/log-streaming/log-streaming-observability.spec.ts": {
+      "avgDuration": 41907,
+      "testCount": 2,
+      "flakyRate": 0.0019
+    },
+    "tests/e2e/settings/log-streaming/log-streaming-ui-e2e.spec.ts": {
+      "avgDuration": 30182,
+      "testCount": 1,
+      "flakyRate": 0.0039
+    },
+    "tests/e2e/settings/log-streaming/log-streaming.spec.ts": {
+      "avgDuration": 14143,
+      "testCount": 5,
+      "flakyRate": 0.0003
+    },
+    "tests/e2e/ai/langchain-agents.spec.ts": {
+      "avgDuration": 69954,
+      "testCount": 7,
+      "flakyRate": 0.0017
+    },
+    "tests/e2e/ai/langchain-tools.spec.ts": {
+      "avgDuration": 60000,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/ai/langchain-memory.spec.ts": {
+      "avgDuration": 60000,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/ai/langchain-chains.spec.ts": {
+      "avgDuration": 41803,
+      "testCount": 4,
+      "flakyRate": 0.0014
+    },
+    "tests/e2e/ai/langchain-vectorstores.spec.ts": {
+      "avgDuration": 36841,
+      "testCount": 2,
+      "flakyRate": 0.0153
+    },
+    "tests/e2e/workflows/editor/expressions/inline.spec.ts": {
+      "avgDuration": 36109,
+      "testCount": 8,
+      "flakyRate": 0.0003
+    },
+    "tests/e2e/workflows/editor/execution/inject-previous.spec.ts": {
+      "avgDuration": 12687,
+      "testCount": 2,
+      "flakyRate": 0
+    },
+    "tests/e2e/workflows/list/import.spec.ts": {
+      "avgDuration": 15225,
+      "testCount": 5,
+      "flakyRate": 0.0003
+    },
+    "tests/e2e/nodes/if-node.spec.ts": {
+      "avgDuration": 7492,
+      "testCount": 2,
+      "flakyRate": 0.0004
+    },
+    "tests/e2e/nodes/http-request-node.spec.ts": {
+      "avgDuration": 9072,
+      "testCount": 2,
+      "flakyRate": 0.0011
+    },
+    "tests/e2e/regression/GHC-5776-ai-sessions-metadata-license-error.spec.ts": {
+      "avgDuration": 2602,
+      "testCount": 1,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/nodes/form-trigger-node.spec.ts": {
+      "avgDuration": 27007,
+      "testCount": 3,
+      "flakyRate": 0.0004
+    },
+    "tests/e2e/projects/folders-operations.spec.ts": {
+      "avgDuration": 46752,
+      "testCount": 13,
+      "flakyRate": 0.0006
+    },
+    "tests/e2e/projects/folders-basic.spec.ts": {
+      "avgDuration": 28139,
+      "testCount": 11,
+      "flakyRate": 0.0005
+    },
+    "tests/e2e/projects/folders-advanced.spec.ts": {
+      "avgDuration": 20134,
+      "testCount": 5,
+      "flakyRate": 0.0004
+    },
+    "tests/e2e/workflows/editor/canvas/focus-panel.spec.ts": {
+      "avgDuration": 4056,
+      "testCount": 1,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/chat-hub/chat-hub-attachment.spec.ts": {
+      "avgDuration": 44171,
+      "testCount": 3,
+      "flakyRate": 0.0147
+    },
+    "tests/e2e/api/webhook-external.spec.ts": {
+      "avgDuration": 9425,
+      "testCount": 2,
+      "flakyRate": 0.0594
+    },
+    "tests/e2e/workflows/editor/expressions/modal.spec.ts": {
+      "avgDuration": 41609,
+      "testCount": 6,
+      "flakyRate": 0.0006
+    },
+    "tests/e2e/workflows/editor/execution/execution.spec.ts": {
+      "avgDuration": 47322,
+      "testCount": 14,
+      "flakyRate": 0.0001
+    },
+    "tests/e2e/workflows/editor/execution/previous-nodes.spec.ts": {
+      "avgDuration": 60000,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/ai/evaluations.spec.ts": {
+      "avgDuration": 60000,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/app-config/env-feature-flags.spec.ts": {
+      "avgDuration": 1359,
+      "testCount": 2,
+      "flakyRate": 0
+    },
+    "tests/e2e/nodes/email-send-node.spec.ts": {
+      "avgDuration": 22418,
+      "testCount": 1,
+      "flakyRate": 0.0054
+    },
+    "tests/e2e/workflows/editor/code/editors.spec.ts": {
+      "avgDuration": 49237,
+      "testCount": 11,
+      "flakyRate": 0.0003
+    },
+    "tests/e2e/workflows/editor/editor-after-route-changes.spec.ts": {
+      "avgDuration": 16091,
+      "testCount": 1,
+      "flakyRate": 0.0211
+    },
+    "tests/e2e/app-config/demo.spec.ts": {
+      "avgDuration": 14718,
+      "testCount": 4,
+      "flakyRate": 0.0176
+    },
+    "tests/e2e/workflows/editor/execution/debug.spec.ts": {
+      "avgDuration": 34255,
+      "testCount": 3,
+      "flakyRate": 0.0037
+    },
+    "tests/e2e/workflows/editor/expressions/transformation.spec.ts": {
+      "avgDuration": 30134,
+      "testCount": 6,
+      "flakyRate": 0.0001
+    },
+    "tests/e2e/workflows/editor/ndv/pinning.spec.ts": {
+      "avgDuration": 36652,
+      "testCount": 10,
+      "flakyRate": 0.0004
+    },
+    "tests/e2e/data-tables/tables.spec.ts": {
+      "avgDuration": 71055,
+      "testCount": 7,
+      "flakyRate": 0.0011
+    },
+    "tests/e2e/data-tables/details.spec.ts": {
+      "avgDuration": 72323,
+      "testCount": 11,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/workflows/editor/expressions/mapping.spec.ts": {
+      "avgDuration": 42523,
+      "testCount": 10,
+      "flakyRate": 0.0047
+    },
+    "tests/e2e/credentials/crud.spec.ts": {
+      "avgDuration": 80126,
+      "testCount": 15,
+      "flakyRate": 0.0009
+    },
+    "tests/e2e/building-blocks/credentials.spec.ts": {
+      "avgDuration": 28608,
+      "testCount": 6,
+      "flakyRate": 0.0008
+    },
+    "tests/e2e/credentials/api-operations.spec.ts": {
+      "avgDuration": 1602,
+      "testCount": 5,
+      "flakyRate": 0.0003
+    },
+    "tests/e2e/settings/community-nodes/community-nodes.spec.ts": {
+      "avgDuration": 4091,
+      "testCount": 1,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/nodes/community-nodes.spec.ts": {
+      "avgDuration": 13999,
+      "testCount": 3,
+      "flakyRate": 0.0005
+    },
+    "tests/e2e/workflows/editor/code/code-node.spec.ts": {
+      "avgDuration": 74990,
+      "testCount": 12,
+      "flakyRate": 0.0226
+    },
+    "tests/e2e/chat-hub/chat-hub-chat-user.spec.ts": {
+      "avgDuration": 9556,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/ai/chat-session.spec.ts": {
+      "avgDuration": 6490,
+      "testCount": 1,
+      "flakyRate": 0.01
+    },
+    "tests/e2e/workflows/editor/canvas/canvas-zoom.spec.ts": {
+      "avgDuration": 54599,
+      "testCount": 12,
+      "flakyRate": 0.0005
+    },
+    "tests/e2e/workflows/editor/canvas/canvas-nodes.spec.ts": {
+      "avgDuration": 65556,
+      "testCount": 8,
+      "flakyRate": 0.0042
+    },
+    "tests/e2e/building-blocks/canvas-actions.spec.ts": {
+      "avgDuration": 31578,
+      "testCount": 9,
+      "flakyRate": 0.0006
+    },
+    "tests/e2e/workflows/editor/canvas/actions.spec.ts": {
+      "avgDuration": 80903,
+      "testCount": 20,
+      "flakyRate": 0.0005
+    },
+    "tests/e2e/workflows/editor/canvas/stickies.spec.ts": {
+      "avgDuration": 2962,
+      "testCount": 1,
+      "flakyRate": 0.0015
+    },
+    "tests/e2e/regression/CAT-726-canvas-node-connectors-not-rendered-when-nodes-inserted.spec.ts": {
+      "avgDuration": 4951,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/app-config/become-creator.spec.ts": {
+      "avgDuration": 5583,
+      "testCount": 2,
+      "flakyRate": 0.0004
+    },
+    "tests/e2e/chat-hub/chat-hub-basic.spec.ts": {
+      "avgDuration": 99260,
+      "testCount": 4,
+      "flakyRate": 0.0319
+    },
+    "tests/e2e/auth/authenticated.spec.ts": {
+      "avgDuration": 13964,
+      "testCount": 5,
+      "flakyRate": 0
+    },
+    "tests/e2e/auth/admin-smoke.spec.ts": {
+      "avgDuration": 2237,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/regression/AI-812-partial-execs-broken-when-using-chat-trigger.spec.ts": {
+      "avgDuration": 8215,
+      "testCount": 2,
+      "flakyRate": 0.0011
+    },
+    "tests/e2e/regression/AI-716-correctly-set-up-agent-model-shows-error.spec.ts": {
+      "avgDuration": 4666,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/regression/AI-1401-sub-nodes-input-panel.spec.ts": {
+      "avgDuration": 4941,
+      "testCount": 1,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/ai/assistant-basic.spec.ts": {
+      "avgDuration": 55527,
+      "testCount": 11,
+      "flakyRate": 0.0003
+    },
+    "tests/e2e/ai/assistant-support-chat.spec.ts": {
+      "avgDuration": 13201,
+      "testCount": 3,
+      "flakyRate": 0.0002
+    },
+    "tests/e2e/ai/assistant-credential-help.spec.ts": {
+      "avgDuration": 18891,
+      "testCount": 4,
+      "flakyRate": 0.0007
+    },
+    "tests/e2e/ai/assistant-code-help.spec.ts": {
+      "avgDuration": 12021,
+      "testCount": 2,
+      "flakyRate": 0.0004
+    },
+    "tests/e2e/regression/ADO-2929-can-load-old-switch-node-workflows.spec.ts": {
+      "avgDuration": 4430,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/regression/ADO-2372-prevent-clipping-params.spec.ts": {
+      "avgDuration": 8217,
+      "testCount": 2,
+      "flakyRate": 0.0004
+    },
+    "tests/e2e/regression/ADO-2270-opening-webhook-ndv-marks-workflow-as-unsaved.spec.ts": {
+      "avgDuration": 3801,
+      "testCount": 1,
+      "flakyRate": 0.0015
+    },
+    "tests/e2e/regression/ADO-2230-ndv-reset-data-pagination.spec.ts": {
+      "avgDuration": 3794,
+      "testCount": 1,
+      "flakyRate": 0
+    },
+    "tests/e2e/regression/ADO-1338-ndv-missing-input-panel.spec.ts": {
+      "avgDuration": 9604,
+      "testCount": 1,
+      "flakyRate": 0
+    }
+  }
+}

.github/workflows/benchmark-destroy-nightly.yml

@@ -0,0 +1,46 @@
+name: Destroy Benchmark Env
+
+on:
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+concurrency:
+  group: benchmark
+  cancel-in-progress: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    environment: benchmarking
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Azure login
+        uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
+        with:
+          client-id: ${{ secrets.BENCHMARK_ARM_CLIENT_ID }}
+          tenant-id: ${{ secrets.BENCHMARK_ARM_TENANT_ID }}
+          subscription-id: ${{ secrets.BENCHMARK_ARM_SUBSCRIPTION_ID }}
+
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22.x
+
+      - name: Setup corepack and pnpm
+        run: |
+          npm i -g corepack@0.33
+          corepack enable
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Destroy cloud env
+        run: pnpm destroy-cloud-env
+        working-directory: packages/@n8n/benchmark

.github/workflows/benchmark-nightly.yml

@@ -0,0 +1,122 @@
+name: Run Nightly Benchmark
+run-name: Benchmark ${{ inputs.n8n_tag || 'nightly' }}
+
+on:
+  schedule:
+    - cron: '30 1,2,3 * * *'
+  workflow_dispatch:
+    inputs:
+      debug:
+        description: 'Use debug logging'
+        required: true
+        default: 'false'
+      n8n_tag:
+        description: 'Name of the n8n docker tag to run the benchmark against.'
+        required: true
+        default: 'nightly'
+      benchmark_tag:
+        description: 'Name of the benchmark cli docker tag to run the benchmark with.'
+        required: true
+        default: 'latest'
+
+env:
+  ARM_CLIENT_ID: ${{ secrets.BENCHMARK_ARM_CLIENT_ID }}
+  ARM_SUBSCRIPTION_ID: ${{ secrets.BENCHMARK_ARM_SUBSCRIPTION_ID }}
+  ARM_TENANT_ID: ${{ secrets.BENCHMARK_ARM_TENANT_ID }}
+  N8N_TAG: ${{ inputs.n8n_tag || 'nightly' }}
+  N8N_BENCHMARK_TAG: ${{ inputs.benchmark_tag || 'latest' }}
+  DEBUG: ${{ inputs.debug == 'true' && '--debug' || '' }}
+
+permissions:
+  id-token: write
+  contents: read
+
+concurrency:
+  group: benchmark
+  cancel-in-progress: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    environment: benchmarking
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
+        with:
+          terraform_version: '1.8.5'
+
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22.x
+
+      - name: Setup corepack and pnpm
+        run: |
+          npm i -g corepack@0.33
+          corepack enable
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Azure login
+        uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
+        with:
+          client-id: ${{ env.ARM_CLIENT_ID }}
+          tenant-id: ${{ env.ARM_TENANT_ID }}
+          subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }}
+
+      - name: Destroy any existing environment
+        run: pnpm destroy-cloud-env
+        working-directory: packages/@n8n/benchmark
+
+      - name: Provision the environment
+        run: pnpm provision-cloud-env ${{ env.DEBUG }}
+        working-directory: packages/@n8n/benchmark
+
+      - name: Run the benchmark
+        id: benchmark
+        env:
+          BENCHMARK_RESULT_WEBHOOK_URL: ${{ secrets.BENCHMARK_RESULT_WEBHOOK_URL }}
+          BENCHMARK_RESULT_WEBHOOK_AUTH_HEADER: ${{ secrets.BENCHMARK_RESULT_WEBHOOK_AUTH_HEADER }}
+          N8N_LICENSE_CERT: ${{ secrets.N8N_BENCHMARK_LICENSE_CERT }}
+        run: |
+          pnpm benchmark-in-cloud \
+            --vus 5 \
+            --duration 1m \
+            --n8nTag ${{ env.N8N_TAG }} \
+            --benchmarkTag ${{ env.N8N_BENCHMARK_TAG }} \
+            ${{ env.DEBUG }}
+        working-directory: packages/@n8n/benchmark
+
+        # We need to login again because the access token expires
+      - name: Azure login
+        if: always()
+        uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
+        with:
+          client-id: ${{ env.ARM_CLIENT_ID }}
+          tenant-id: ${{ env.ARM_TENANT_ID }}
+          subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }}
+
+      - name: Destroy the environment
+        if: always()
+        run: pnpm destroy-cloud-env ${{ env.DEBUG }}
+        working-directory: packages/@n8n/benchmark
+
+      - name: Fail `build` job if `benchmark` step failed
+        if: steps.benchmark.outcome == 'failure'
+        run: exit 1
+
+  notify-on-failure:
+    name: Notify Cats on failure
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: failure()
+    steps:
+      - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
+        with:
+          status: ${{ job.status }}
+          channel: '#team-catalysts'
+          webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          message: Benchmark run failed for n8n tag `${{ inputs.n8n_tag || 'nightly' }}` - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

.github/workflows/build-unit-test-pr-comment.yml

@@ -0,0 +1,100 @@
+name: Trigger build/unit tests on PR comment
+
+on:
+  issue_comment:
+    types: [created]
+
+permissions:
+  pull-requests: read
+  contents: read
+  actions: write
+  issues: write
+
+jobs:
+  validate_and_dispatch:
+    name: Validate user and dispatch CI workflow
+    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/build-unit-test')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate user permissions and collect PR data
+        id: check_permissions
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const commenter = context.actor;
+            const body = (context.payload.comment.body || '').trim();
+            const isCommand = body.startsWith('/build-unit-test');
+            const allowedPermissions = ['admin', 'write', 'maintain'];
+            const commentId = context.payload.comment.id;
+            const { owner, repo } = context.repo;
+
+            async function react(content) {
+              try {
+                await github.rest.reactions.createForIssueComment({
+                  owner,
+                  repo,
+                  comment_id: commentId,
+                  content,
+                });
+              } catch (error) {
+                console.log(`Failed to add reaction '${content}': ${error.message}`);
+              }
+            }
+
+            core.setOutput('proceed', 'false');
+            core.setOutput('headSha', '');
+            core.setOutput('prNumber', '');
+
+            if (!context.payload.issue.pull_request || !isCommand) {
+              console.log('Comment is not /build-unit-test on a pull request. Skipping.');
+              return;
+            }
+
+            let permission;
+            try {
+              const { data } = await github.rest.repos.getCollaboratorPermissionLevel({
+                owner,
+                repo,
+                username: commenter,
+              });
+              permission = data.permission;
+            } catch (error) {
+              console.log(`Could not verify permissions for @${commenter}: ${error.message}`);
+              await react('confused');
+              return;
+            }
+
+            if (!allowedPermissions.includes(permission)) {
+              console.log(`User @${commenter} has '${permission}' permission; requires admin/write/maintain.`);
+              await react('-1');
+              return;
+            }
+
+            try {
+              const prNumber = context.issue.number;
+              const { data: pr } = await github.rest.pulls.get({
+                owner,
+                repo,
+                pull_number: prNumber,
+              });
+              await react('+1');
+              core.setOutput('proceed', 'true');
+              core.setOutput('headSha', pr.head.sha);
+              core.setOutput('prNumber', String(prNumber));
+            } catch (error) {
+              console.log(`Failed to fetch PR details for PR #${context.issue.number}: ${error.message}`);
+              await react('confused');
+            }
+
+      - name: Dispatch build/unit test workflow
+        if: ${{ steps.check_permissions.outputs.proceed == 'true' }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HEAD_SHA: ${{ steps.check_permissions.outputs.headSha }}
+          PR_NUMBER: ${{ steps.check_permissions.outputs.prNumber }}
+        run: |
+          gh workflow run ci-manual-build-unit-tests.yml \
+            --repo "${{ github.repository }}" \
+            -f ref="${HEAD_SHA}" \
+            -f pr_number="${PR_NUMBER}"

.github/workflows/build-windows.yml

@@ -0,0 +1,81 @@
+name: Windows CI
+
+on:
+  workflow_dispatch:
+    inputs:
+      notify_on_failure:
+        description: 'Send Slack notification on build failure'
+        required: false
+        type: boolean
+        default: false
+  workflow_call:
+    inputs:
+      notify_on_failure:
+        description: 'Send Slack notification on build failure'
+        required: false
+        type: boolean
+        default: false
+    secrets:
+      QBOT_SLACK_TOKEN:
+        required: false
+  pull_request:
+    branches: [master]
+    paths:
+      - '**/package.json'
+      - '**/turbo.json'
+      - '.github/workflows/build-windows.yml'
+
+jobs:
+  build:
+    runs-on: windows-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Node.js and Build
+        uses: ./.github/actions/setup-nodejs
+        with:
+          build-command: pnpm build
+
+      - name: Send Slack notification on failure
+        if: failure() && inputs.notify_on_failure == true
+        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+        with:
+          method: chat.postMessage
+          token: ${{ secrets.QBOT_SLACK_TOKEN }}
+          payload: |
+            {
+              "channel": "C035KBDA917",
+              "text": "🚨 Windows build failed for `${{ github.repository }}` on branch `${{ github.ref_name }}`",
+              "blocks": [
+                {
+                  "type": "header",
+                  "text": { "type": "plain_text", "text": "🚨 Windows Build Failed" }
+                },
+                {
+                  "type": "section",
+                  "fields": [
+                    { "type": "mrkdwn", "text": "*Repository:*\n<${{ github.server_url }}/${{ github.repository }}|${{ github.repository }}>" },
+                    { "type": "mrkdwn", "text": "*Branch:*\n`${{ github.ref_name }}`" },
+                    { "type": "mrkdwn", "text": "*Commit:*\n`${{ github.sha }}`" },
+                    { "type": "mrkdwn", "text": "*Trigger:*\n${{ github.event_name }}" }
+                  ]
+                },
+                {
+                  "type": "section",
+                  "text": { "type": "mrkdwn", "text": ":warning: *Cross-platform compatibility issue detected*\nThis likely indicates Unix-specific commands in package.json scripts or build configuration that don't work on Windows." }
+                },
+                {
+                  "type": "actions",
+                  "elements": [
+                    {
+                      "type": "button",
+                      "text": { "type": "plain_text", "text": ":github: View Workflow Run" },
+                      "style": "danger",
+                      "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+                    }
+                  ]
+                }
+              ]
+            }

.github/workflows/check-documentation-urls.yml

@@ -0,0 +1,37 @@
+name: Check Documentation URLs
+
+on:
+  release:
+    types: [published]
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+jobs:
+  check-docs-urls:
+    runs-on: ubuntu-latest
+
+    timeout-minutes: 5
+
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-nodejs
+        with:
+          build-command: turbo build --filter=*nodes*
+
+      - run: npm install --prefix=.github/scripts --no-package-lock
+
+      - name: Test URLs
+        run: node .github/scripts/validate-docs-links.js
+
+      - name: Notify Slack on failure
+        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
+        if: failure()
+        with:
+          status: ${{ job.status }}
+          channel: '#alerts-build'
+          webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          message: |
+            <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}| Documentation URLs check failed >

.github/workflows/check-pr-title.yml

@@ -0,0 +1,21 @@
+name: Check PR title
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+    branches:
+      - 'master'
+      - '1.x'
+
+jobs:
+  check-pr-title:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Validate PR title
+        uses: n8n-io/validate-n8n-pull-request-title@c3b6fd06bda12eebd57a592c0cf3b747d5b73569 # v2.4.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/check-run-eligibility.yml

@@ -0,0 +1,111 @@
+# Determines if conditions are met for running subsequent jobs on a Pull Request.
+#
+# !! IMPORTANT !!
+# This workflow RELIES on being called from a parent workflow triggered by
+# a `pull_request` or `pull_request_target` event. It uses `github.event`
+# to access PR details.
+#
+# It checks if all the following conditions are TRUE:
+# 1. The PR is NOT from a fork (i.e., it's an internal PR).
+# 2. The PR has been approved by a maintainer (`is_pr_approved_by_maintainer`).
+# 3. The PR's source branch does NOT match an excluded pattern.
+# 4. The PR includes relevant file changes (`paths_filter_patterns`).
+#
+# It outputs `should_run` as 'true' if ALL conditions pass, 'false' otherwise.
+
+name: PR Eligibility Check
+
+on:
+  workflow_call:
+    inputs:
+      is_pr_approved_by_maintainer:
+        required: true
+        type: boolean
+      paths_filter_patterns:
+        description: "Path filter patterns for 'paths-filter-action'."
+        required: false
+        type: string
+        default: |
+          not_ignored:
+            - '!.devcontainer/**'
+            - '!.github/*'
+            - '!.github/scripts/*'
+            - '!.github/workflows/benchmark-*'
+            - '!.github/workflows/check-*'
+            - '!.vscode/**'
+            - '!docker/**'
+            - '!packages/@n8n/benchmark/**'
+            - '!packages/@n8n/task-runner-python/**'
+            - '!**/*.md'
+      excluded_source_branch_patterns:
+        description: 'Newline-separated list of glob patterns for source branches to EXCLUDE.'
+        required: false
+        type: string
+        default: |
+          release/*
+          master
+
+    outputs:
+      should_run:
+        description: "Outputs 'true' if all eligibility checks pass, otherwise 'false'."
+        value: ${{ jobs.evaluate_conditions.outputs.run_decision }}
+
+jobs:
+  evaluate_conditions:
+    runs-on: ubuntu-latest
+    outputs:
+      run_decision: ${{ steps.evaluate.outputs.should_run }}
+    steps:
+      - name: Check out current commit
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Determine changed files
+        uses: tomi/paths-filter-action@32c62f5ca100c1110406e3477d5b3ecef4666fec # v3.0.2
+        id: changed
+        with:
+          filters: ${{ inputs.paths_filter_patterns }}
+          predicate-quantifier: 'every'
+
+      - name: Evaluate Conditions & Set Output
+        id: evaluate
+        env:
+          IS_FORK: ${{ github.event.pull_request.head.repo.fork }}
+          IS_APPROVED: ${{ inputs.is_pr_approved_by_maintainer }}
+          FILES_CHANGED: ${{ steps.changed.outputs.not_ignored == 'true' }}
+          HEAD_REF: ${{ github.event.pull_request.head.ref }}
+          EXCLUDED_PATTERNS: ${{ inputs.excluded_source_branch_patterns }}
+        run: |
+          if [[ "$IS_FORK" == "true" ]]; then
+            is_community="true"
+          else
+            is_community="false"
+          fi
+
+          source_branch_excluded="false"
+          while IFS= read -r pattern; do
+            # shellcheck disable=SC2053
+            if [[ -n "$pattern" && "$HEAD_REF" == $pattern ]]; then
+                source_branch_excluded="true"
+                break
+            fi
+          done <<< "$EXCLUDED_PATTERNS"
+
+          echo "--- Checking Conditions ---"
+          echo "Is NOT Community PR: $([[ "$is_community" == "false" ]] && echo true || echo false)"
+          echo "Files Changed: $FILES_CHANGED"
+          echo "Source Branch Excluded: $source_branch_excluded"
+          echo "Is Approved: $IS_APPROVED"
+          echo "-------------------------"
+
+          if [[ "$is_community" == "false" && \
+                "$FILES_CHANGED" == "true" && \
+                "$source_branch_excluded" == "false" && \
+                "$IS_APPROVED" == "true" ]]; then
+            echo "Decision: Conditions met. Setting should_run=true."
+            echo "should_run=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "Decision: Conditions not met. Setting should_run=false."
+            echo "should_run=false" >> "$GITHUB_OUTPUT"
+          fi

.github/workflows/chromatic.yml

@@ -0,0 +1,83 @@
+name: Chromatic
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+  pull_request_review:
+    types: [submitted]
+
+concurrency:
+  group: chromatic-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  changeset:
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    steps:
+      - name: Determine changed files
+        uses: tomi/paths-filter-action@v3.0.2
+        id: changed
+        if: github.event_name == 'pull_request_review'
+        with:
+          filters: |
+            design_system:
+              - 'packages/frontend/@n8n/design-system/**'
+              - '.github/workflows/storybook.yml'
+    outputs:
+      has_changes: ${{ steps.changed.outputs.design_system || 'false' }}
+
+  chromatic:
+    needs: [changeset]
+    if: |
+      github.event_name == 'schedule' ||
+      github.event_name == 'workflow_dispatch' ||
+      (
+        github.event_name == 'pull_request_review' &&
+        needs.changeset.outputs.has_changes == 'true' &&
+        github.event.review.state == 'approved' &&
+        !startsWith(github.event.pull_request.head.ref, 'release/') &&
+        !startsWith(github.event.pull_request.head.ref, 'release-pr/')
+      )
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-nodejs
+        with:
+          build-command: pnpm run build --filter=@n8n/utils --filter=@n8n/vitest-config --filter=@n8n/design-system
+
+      - name: Publish to Chromatic
+        uses: chromaui/action@1cfa065cbdab28f6ca3afaeb3d761383076a35aa # v11
+        id: chromatic_tests
+        continue-on-error: true
+        with:
+          workingDir: packages/frontend/@n8n/design-system
+          autoAcceptChanges: 'master'
+          skip: 'release/**'
+          onlyChanged: true
+          projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
+          exitZeroOnChanges: false
+
+      - name: Success comment
+        if: steps.chromatic_tests.outcome == 'success' && github.ref != 'refs/heads/master'
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          edit-mode: replace
+          body: |
+            :white_check_mark: No visual regressions found.
+
+      - name: Fail comment
+        if: steps.chromatic_tests.outcome != 'success' && github.ref != 'refs/heads/master'
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          edit-mode: replace
+          body: |
+            [:warning: Visual regressions found](${{steps.chromatic_tests.outputs.url}}): ${{steps.chromatic_tests.outputs.changeCount}}

.github/workflows/ci-evals.yml

@@ -0,0 +1,73 @@
+name: Run Workflow Builder Evals
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - 'packages/@n8n/ai-workflow-builder.ee/**'
+      - '.github/workflows/ci-evals.yml'
+  schedule:
+    - cron: '0 22 * * 6'
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'GitHub branch to test.'
+        required: false
+        default: 'master'
+      dataset:
+        description: 'LangSmith dataset to use.'
+        required: false
+        default: 'workflow-builder-canvas-prompts'
+
+jobs:
+  evals:
+    name: Run Evaluations
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    env:
+      N8N_AI_ANTHROPIC_KEY: ${{ secrets.EVALS_ANTHROPIC_KEY }}
+      LANGSMITH_TRACING: true
+      LANGSMITH_ENDPOINT: ${{ secrets.EVALS_LANGSMITH_ENDPOINT }}
+      LANGSMITH_API_KEY: ${{ secrets.EVALS_LANGSMITH_API_KEY }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ github.event.inputs.branch || github.ref }}
+
+      - name: Select dataset
+        run: |
+          DATASET="workflow-builder-canvas-prompts"
+          if [ "${{ github.event_name }}" = "schedule" ]; then
+            DATASET="prompts-v2"
+          elif [ -n "${{ github.event.inputs.dataset }}" ]; then
+            DATASET="${{ github.event.inputs.dataset }}"
+          fi
+          echo "LANGSMITH_DATASET_NAME=$DATASET" >> "$GITHUB_ENV"
+
+      - name: Setup and Build
+        uses: ./.github/actions/setup-nodejs
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # 6.5.0
+        with:
+          enable-cache: true
+
+      - name: Install just
+        uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3.0.0
+
+      - name: Install Python
+        working-directory: packages/@n8n/ai-workflow-builder.ee/evaluations/programmatic/python
+        run: uv python install 3.11
+
+      - name: Install workflow comparison dependencies
+        working-directory: packages/@n8n/ai-workflow-builder.ee/evaluations/programmatic/python
+        run: just sync-all
+
+      - name: Export Node Types
+        run: |
+          ./packages/cli/bin/n8n export:nodes --output ./packages/@n8n/ai-workflow-builder.ee/evaluations/nodes.json
+
+      - name: Run Evaluations
+        working-directory: packages/@n8n/ai-workflow-builder.ee/evaluations
+        run: |
+          pnpm eval:langsmith --repetitions 3

.github/workflows/ci-manual-build-unit-tests.yml

@@ -0,0 +1,132 @@
+name: Build, unit test and lint (manual trigger)
+
+on:
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: Commit SHA or ref to check out
+        required: true
+      pr_number:
+        description: PR number (optional, for check reporting)
+        required: false
+        type: string
+
+permissions:
+  contents: read
+  checks: write
+
+jobs:
+  create-check-run:
+    name: Create Check Run
+    runs-on: ubuntu-latest
+    if: inputs.pr_number != ''
+    outputs:
+      check_run_id: ${{ steps.create.outputs.check_run_id }}
+    steps:
+      - name: Create pending check run on PR
+        id: create
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const { data: checkRun } = await github.rest.checks.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              name: 'Build & Unit Tests - Checks',
+              head_sha: '${{ inputs.ref }}',
+              status: 'in_progress',
+              output: {
+                title: 'Build & Unit Tests - Checks',
+                summary: 'Running build, unit tests, and lint...'
+              }
+            });
+
+            core.setOutput('check_run_id', checkRun.id);
+            console.log(`Created check run ${checkRun.id} on commit ${{ inputs.ref }}`);
+
+  install-and-build:
+    name: Install & Build
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    env:
+      NODE_OPTIONS: '--max-old-space-size=6144'
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Setup and Build
+        uses: ./.github/actions/setup-nodejs
+
+      - name: Run format check
+        run: pnpm format:check
+
+      - name: Run typecheck
+        run: pnpm typecheck
+
+  unit-tests:
+    name: Unit tests
+    needs: install-and-build
+    uses: ./.github/workflows/units-tests-reusable.yml
+    with:
+      ref: ${{ inputs.ref }}
+      collectCoverage: true
+    secrets:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  lint:
+    name: Lint
+    needs: install-and-build
+    uses: ./.github/workflows/linting-reusable.yml
+    with:
+      ref: ${{ inputs.ref }}
+
+  post-build-unit-tests:
+    name: Build & Unit Tests - Checks
+    runs-on: ubuntu-latest
+    needs: [create-check-run, install-and-build, unit-tests, lint]
+    if: always()
+    steps:
+      - name: Update check run on PR (if triggered from PR comment)
+        if: inputs.pr_number != ''
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const checkRunId = '${{ needs.create-check-run.outputs.check_run_id }}';
+
+            if (!checkRunId) {
+              console.log('No check run ID found, skipping update');
+              return;
+            }
+
+            const buildResult = '${{ needs.install-and-build.result }}';
+            const testResult = '${{ needs.unit-tests.result }}';
+            const lintResult = '${{ needs.lint.result }}';
+
+            const conclusion = (buildResult === 'success' && testResult === 'success' && lintResult === 'success')
+              ? 'success'
+              : 'failure';
+
+            const summary = `
+            **Build**: ${buildResult}
+            **Unit Tests**: ${testResult}
+            **Lint**: ${lintResult}
+            `;
+
+            await github.rest.checks.update({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              check_run_id: parseInt(checkRunId),
+              status: 'completed',
+              conclusion: conclusion,
+              output: {
+                title: 'Build & Unit Tests - Checks',
+                summary: summary
+              }
+            });
+
+            console.log(`Updated check run ${checkRunId} with conclusion: ${conclusion}`);
+
+      - name: Fail if any job failed
+        if: needs.install-and-build.result == 'failure' || needs.unit-tests.result == 'failure' || needs.lint.result == 'failure'
+        run: exit 1

.github/workflows/ci-master.yml

@@ -0,0 +1,52 @@
+name: Test Master
+
+on:
+  push:
+    branches:
+      - master
+      - 1.x
+    paths-ignore:
+      - packages/@n8n/task-runner-python/**
+
+jobs:
+  build-github:
+    name: Build for Github Cache
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup and Build
+        uses: ./.github/actions/setup-nodejs
+
+  unit-test:
+    name: Unit tests
+    uses: ./.github/workflows/units-tests-reusable.yml
+    strategy:
+      matrix:
+        node-version: [20.x, 22.x, 24.3.x]
+    with:
+      ref: ${{ github.sha }}
+      nodeVersion: ${{ matrix.node-version }}
+      collectCoverage: ${{ matrix.node-version == '22.x' }}
+    secrets:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  lint:
+    name: Lint
+    uses: ./.github/workflows/linting-reusable.yml
+    with:
+      ref: ${{ github.sha }}
+
+  notify-on-failure:
+    name: Notify Slack on failure
+    runs-on: ubuntu-latest
+    needs: [unit-test, lint, build-github]
+    steps:
+      - name: Notify Slack on failure
+        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
+        if: failure()
+        with:
+          status: ${{ job.status }}
+          channel: '#alerts-build'
+          webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          message: ${{ github.ref_name }} branch (build or test or lint) failed (${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})

.github/workflows/ci-postgres-mysql.yml

@@ -0,0 +1,152 @@
+name: Test Postgres and MySQL schemas
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - packages/cli/src/databases/**
+      - packages/cli/src/modules/*/database/**
+      - packages/cli/src/modules/**/*.entity.ts
+      - packages/cli/src/modules/**/*.repository.ts
+      - packages/cli/test/integration/**
+      - packages/cli/test/shared/db/**
+      - packages/@n8n/db/**
+      - packages/cli/**/__tests__/**
+      - .github/workflows/ci-postgres-mysql.yml
+      - .github/docker-compose.yml
+
+concurrency:
+  group: db-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+env:
+  NODE_OPTIONS: '--max-old-space-size=3072'
+
+jobs:
+  build:
+    name: Install & Build
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    if: github.event_name != 'pull_request_review' || startsWith(github.event.pull_request.base.ref, 'release/')
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup and Build
+        uses: ./.github/actions/setup-nodejs
+
+  sqlite-pooled:
+    name: SQLite Pooled
+    needs: build
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    timeout-minutes: 20
+    env:
+      DB_TYPE: sqlite
+      DB_SQLITE_POOL_SIZE: 4
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup and Build
+        uses: ./.github/actions/setup-nodejs
+
+      - name: Test SQLite Pooled
+        working-directory: packages/cli
+        run: pnpm test:sqlite
+
+  mariadb:
+    name: MariaDB
+    needs: build
+    runs-on: blacksmith-4vcpu-ubuntu-2204
+    timeout-minutes: 30
+    if: false
+    env:
+      DB_MYSQLDB_PASSWORD: password
+      DB_MYSQLDB_POOL_SIZE: 1
+      DB_MYSQLDB_CONNECTION_TIMEOUT: 120000
+      DB_MYSQLDB_ACQUIRE_TIMEOUT: 120000
+      DB_MYSQLDB_TIMEOUT: 120000
+      NODE_OPTIONS: '--max-old-space-size=7168'
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup and Build
+        uses: ./.github/actions/setup-nodejs
+
+      - name: Start MariaDB
+        uses: isbang/compose-action@802a148945af6399a338c7906c267331b39a71af # v2.0.0
+        with:
+          compose-file: ./.github/docker-compose.yml
+          services: |
+            mariadb
+
+      - name: Test MariaDB
+        working-directory: packages/cli
+        run: pnpm test:mariadb --testTimeout 120000
+
+  mysql:
+    name: MySQL 8.4
+    needs: build
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    timeout-minutes: 20
+    if: false
+    env:
+      DB_MYSQLDB_PASSWORD: password
+      DB_MYSQLDB_POOL_SIZE: 1
+      DB_MYSQLDB_CONNECTION_TIMEOUT: 120000
+      DB_MYSQLDB_ACQUIRE_TIMEOUT: 120000
+      DB_MYSQLDB_TIMEOUT: 120000
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup and Build
+        uses: ./.github/actions/setup-nodejs
+
+      - name: Start MySQL
+        uses: isbang/compose-action@802a148945af6399a338c7906c267331b39a71af # v2.0.0
+        with:
+          compose-file: ./.github/docker-compose.yml
+          services: mysql-8.4
+
+      - name: Test MySQL
+        working-directory: packages/cli
+        # We sleep here due to flakiness with DB tests if we connect to the database too soon
+        run: sleep 2s && pnpm test:mysql --testTimeout 120000
+
+  postgres:
+    name: Postgres
+    needs: build
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    timeout-minutes: 20
+    env:
+      DB_POSTGRESDB_PASSWORD: password
+      DB_POSTGRESDB_POOL_SIZE: 1 # Detect connection pooling deadlocks
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup and Build
+        uses: ./.github/actions/setup-nodejs
+
+      - name: Start Postgres
+        uses: isbang/compose-action@802a148945af6399a338c7906c267331b39a71af # v2.0.0
+        with:
+          compose-file: ./.github/docker-compose.yml
+          services: |
+            postgres
+
+      - name: Test Postgres
+        working-directory: packages/cli
+        run: pnpm test:postgres
+
+  notify-on-failure:
+    name: Notify Slack on failure
+    runs-on: ubuntu-latest
+    needs: [sqlite-pooled, postgres]
+    steps:
+      - name: Notify Slack on failure
+        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
+        if: failure() && github.ref == 'refs/heads/master'
+        with:
+          status: ${{ job.status }}
+          channel: '#alerts-build'
+          webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          message: Postgres, MariaDB or MySQL tests failed (${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})

.github/workflows/ci-pull-requests.yml

@@ -0,0 +1,129 @@
+name: Build, unit test and lint branch
+
+on:
+  pull_request:
+  merge_group:
+
+concurrency:
+  group: ci-${{ github.event.pull_request.number || github.event.merge_group.head_sha || github.ref }}
+  cancel-in-progress: true
+
+env:
+  COVERAGE_ENABLED: 'true' # Set globally for all jobs - ensures Turbo cache consistency
+
+jobs:
+  install-and-build:
+    name: Install & Build
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    env:
+      NODE_OPTIONS: '--max-old-space-size=6144'
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    outputs:
+      non_python_changed: ${{ steps.paths-filter.outputs.non-python == 'true' }}
+      workflows_changed: ${{ steps.paths-filter.outputs.workflows == 'true' }}
+      commit_sha: ${{ steps.commit-sha.outputs.sha }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # Use merge_group SHA when in merge queue, otherwise PR merge ref
+          ref: ${{ github.event_name == 'merge_group' && github.event.merge_group.head_sha || format('refs/pull/{0}/merge', github.event.pull_request.number) }}
+
+      - name: Capture commit SHA for cache consistency
+        id: commit-sha
+        run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
+
+      - name: Check for relevant changes
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        id: paths-filter
+        with:
+          filters: |
+            non-python:
+              - '**'
+              - '!packages/@n8n/task-runner-python/**'
+            workflows:
+              - .github/**
+      - name: Setup and Build
+        if: steps.paths-filter.outputs.non-python == 'true'
+        uses: ./.github/actions/setup-nodejs
+
+      - name: Run format check
+        if: steps.paths-filter.outputs.non-python == 'true'
+        run: pnpm format:check
+
+  unit-test:
+    name: Unit tests
+    if: needs.install-and-build.outputs.non_python_changed == 'true'
+    uses: ./.github/workflows/units-tests-reusable.yml
+    needs: install-and-build
+    with:
+      ref: ${{ needs.install-and-build.outputs.commit_sha }}
+      collectCoverage: true
+    secrets:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  typecheck:
+    name: Typecheck
+    if: needs.install-and-build.outputs.non_python_changed == 'true'
+    runs-on: blacksmith-4vcpu-ubuntu-2204
+    needs: install-and-build
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ needs.install-and-build.outputs.commit_sha }}
+
+      - name: Setup Node.js
+        uses: ./.github/actions/setup-nodejs
+        with:
+          build-command: pnpm typecheck
+
+  lint:
+    name: Lint
+    if: needs.install-and-build.outputs.non_python_changed == 'true'
+    uses: ./.github/workflows/linting-reusable.yml
+    needs: install-and-build
+    with:
+      ref: ${{ needs.install-and-build.outputs.commit_sha }}
+
+  e2e-tests:
+    name: E2E Tests
+    needs: install-and-build
+    if: needs.install-and-build.outputs.non_python_changed == 'true'
+    uses: ./.github/workflows/playwright-test-ci.yml
+    with:
+      branch: ${{ needs.install-and-build.outputs.commit_sha }}
+    secrets: inherit
+
+  security-checks:
+    name: Security Checks
+    needs: install-and-build
+    if: needs.install-and-build.outputs.workflows_changed == 'true'
+    uses: ./.github/workflows/ci-security.yml
+    with:
+      ref: ${{ needs.install-and-build.outputs.commit_sha }}
+    secrets: inherit
+
+  # This job is required by GitHub branch protection rules.
+  # PRs cannot be merged unless this job passes.
+  # If you add/remove jobs that should block merging, update the 'needs' array
+  # and the skip conditions in the 'if' block below.
+  required-checks:
+    name: Required Checks
+    needs: [install-and-build, unit-test, typecheck, lint, e2e-tests, security-checks]
+    if: always()
+    runs-on: ubuntu-slim
+    steps:
+      - name: Fail if any required job failed or was skipped unexpectedly
+        # Explicit checks for each job's skip conditions:
+        # - Non-python jobs (unit-test, typecheck, lint, e2e-tests): can skip when non_python_changed == false
+        # - security-checks: can skip when workflows_changed == false
+        if: |
+          contains(needs.*.result, 'failure') ||
+          (needs.install-and-build.outputs.non_python_changed == 'true' && (
+            needs.unit-test.result == 'skipped' ||
+            needs.typecheck.result == 'skipped' ||
+            needs.lint.result == 'skipped' ||
+            needs.e2e-tests.result == 'skipped'
+          )) ||
+          (needs.install-and-build.outputs.workflows_changed == 'true' &&
+            needs.security-checks.result == 'skipped')
+        run: exit 1

.github/workflows/ci-python-workflow-builder-evals.yml

@@ -0,0 +1,56 @@
+name: AI Workflow Builder Evals Python CI
+
+on:
+  pull_request:
+    paths:
+      - packages/@n8n/ai-workflow-builder.ee/evaluations/programmatic/python/**
+      - .github/workflows/ci-python-workflow-builder-evals.yml
+  push:
+    paths:
+      - packages/@n8n/ai-workflow-builder.ee/evaluations/programmatic/python/**
+
+jobs:
+  workflow-comparison:
+    name: Workflow Comparison Python
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: packages/@n8n/ai-workflow-builder.ee/evaluations/programmatic/python
+    steps:
+      - name: Check out project
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # 6.5.0
+        with:
+          enable-cache: true
+
+      - name: Install just
+        uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3.0.0
+
+      - name: Install Python
+        run: uv python install 3.11
+
+      - name: Install project dependencies
+        run: just sync-all
+
+      - name: Format check
+        run: just format-check
+
+      - name: Typecheck
+        run: just typecheck
+
+      - name: Lint
+        run: just lint
+
+      - name: Python unit tests
+        run: uv run pytest --cov=src --cov-report=xml --cov-report=term-missing
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: packages/@n8n/ai-workflow-builder.ee/evaluations/programmatic/python/coverage.xml
+          flags: tests
+          name: workflow-comparison-python
+          fail_ci_if_error: false

.github/workflows/ci-python.yml

@@ -0,0 +1,56 @@
+name: Python CI
+
+on:
+  pull_request:
+    paths:
+      - packages/@n8n/task-runner-python/**
+      - .github/workflows/ci-python.yml
+  push:
+    paths:
+      - packages/@n8n/task-runner-python/**
+
+jobs:
+  checks:
+    name: Checks
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: packages/@n8n/task-runner-python
+    steps:
+      - name: Check out project
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # 6.5.0
+        with:
+          enable-cache: true
+
+      - name: Install just
+        uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3.0.0
+
+      - name: Install Python
+        run: uv python install 3.13
+
+      - name: Install project dependencies
+        run: just sync-all
+
+      - name: Format check
+        run: just format-check
+
+      - name: Typecheck
+        run: just typecheck
+
+      - name: Lint
+        run: just lint
+
+      - name: Python unit tests
+        run: uv run pytest --cov=src --cov-report=xml --cov-report=term-missing
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: packages/@n8n/task-runner-python/coverage.xml
+          flags: tests
+          name: task-runner-python
+          fail_ci_if_error: false

.github/workflows/ci-security.yml

@@ -0,0 +1,23 @@
+name: Security Checks
+
+on:
+  workflow_call:
+    inputs:
+      ref:
+        description: GitHub ref to scan.
+        required: false
+        type: string
+        default: ''
+
+jobs:
+  poutine-scan:
+    name: Poutine Security Scan
+    uses: ./.github/workflows/security-poutine-scan-callable.yml
+    with:
+      ref: ${{ inputs.ref }}
+    secrets: inherit
+
+  # Future security checks can be added here:
+  # - dependency-scan:
+  # - secret-detection:
+  # - container-scan:

.github/workflows/claude.yml

@@ -0,0 +1,48 @@
+name: Claude PR Assistant
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude-code-action:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude PR Action
+        uses: anthropics/claude-code-action@beta
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Or use OAuth token instead:
+          # claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          timeout_minutes: '60'
+          # mode: tag  # Default: responds to @claude mentions
+          # Optional: Restrict network access to specific domains only
+          # experimental_allowed_domains: |
+          #   .anthropic.com
+          #   .github.com
+          #   api.github.com
+          #   .githubusercontent.com
+          #   bun.sh
+          #   registry.npmjs.org
+          #   .blob.core.windows.net

.github/workflows/create-patch-release-branch.yml

@@ -0,0 +1,69 @@
+name: Create Branch For Patch Release
+on:
+  workflow_dispatch:
+    inputs:
+      commit_shas:
+        description: 'Comma-separated commit SHAs'
+        required: true
+      old_version:
+        description: 'Old version to be patched'
+        required: true
+        default: '1.0.0'
+      new_version:
+        description: 'The new patch version'
+        required: true
+        default: '1.0.1'
+      resumeUrl:
+        description: 'n8n workflow resume URL'
+        required: true
+jobs:
+  create-branch:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Validate inputs
+        run: |
+          if ! [[ "${{ inputs.old_version }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[0-9A-Za-z]+(\.[0-9A-Za-z]+)*)?$ ]]; then
+            echo "Invalid old version format: ${{ inputs.old_version }}"
+            exit 1
+          fi
+          if ! [[ "${{ inputs.new_version }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[0-9A-Za-z]+(\.[0-9A-Za-z]+)*)?$ ]]; then
+            echo "Invalid new version format: ${{ inputs.new_version }}"
+            exit 1
+          fi
+      - name: Notify if inputs are invalid
+        if: ${{ failure() }}
+        run: |
+          curl -X POST -H "Content-Type: application/json" -d '{ "success": false, "message": "The old or new version you provided is invalid, make sure they both follow the SemVer format" }' ${{ inputs.resumeUrl }}
+          exit 1
+      - name: Setup, cherry-pick and push branch
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git switch "n8n@${{ inputs.old_version }}" --detach
+          BRANCH="patch/${{ inputs.new_version }}"
+          git checkout -b "$BRANCH"
+          IFS=',' read -ra SHAS <<< "${{ inputs.commit_shas }}"
+          for sha in "${SHAS[@]}"; do
+            sha=$(echo "$sha" | xargs)
+            if ! git merge-base --is-ancestor "$sha" HEAD; then
+              echo "Cherry-picking commit $sha"
+              git cherry-pick "$sha"
+            else
+              echo "Commit $sha is already in the branch, skipping"
+            fi
+          done
+          git push -f origin "$BRANCH"
+      - name: Notify if cherry-pick is successful
+        if: ${{ success() }}
+        run: |
+          curl -X POST -H "Content-Type: application/json" -d '{ "success": true }' ${{ inputs.resumeUrl }}
+      - name: Notify if cherry-pick is not successful
+        if: ${{ failure() }}
+        run: |
+          curl -X POST -H "Content-Type: application/json" -d '{ "success": false, "message": "There was a conflict when trying to create the branch, please do the cherry-pick and resolve the conflicts manually or do not include the PRs that caused the conflict" }' ${{ inputs.resumeUrl }}

.github/workflows/data-tooling.yml

@@ -0,0 +1,84 @@
+name: Data tooling, test exports and imports of data to various db types
+
+# TODO: Uncomment this after it works on a manual invocation
+# on:
+#   pull_request:
+#     branches:
+#       - '**'
+#       - '!release/*'
+
+on:
+  workflow_dispatch:
+  
+jobs:
+  sqlite-export-sqlite-import:
+    name: sqlite database export -> sqlite database import
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    outputs:
+      db_changed: ${{ steps.paths-filter.outputs.db == 'true' }}
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        # with:
+        #   ref: refs/pull/${{ github.event.pull_request.number }}/merge
+
+      - name: Check for frontend changes
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        id: paths-filter
+        with:
+          filters: |
+            db:
+              - packages/@n8n/db/**
+              - packages/cli/**
+      - name: Setup, build and export sqlite
+        if: steps.paths-filter.outputs.db == 'true'
+        uses: ./.github/actions/setup-nodejs
+        with:
+          build-command: |
+            pnpm build
+            ./packages/cli/bin/n8n export:entities --outputDir packages/cli/commands/export/outputs 
+            ./packages/cli/bin/n8n import:entities --inputDir packages/cli/commands/export/outputs --truncateTables
+  postgres-export-postgres-import:
+    name: postgres export -> postgres import
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    outputs:
+      db_changed: ${{ steps.paths-filter.outputs.db == 'true' }}
+    env:
+      DB_TYPE: postgresdb
+      DB_POSTGRESDB_DATABASE: n8n
+      DB_POSTGRESDB_HOST: localhost
+      DB_POSTGRESDB_PORT: 5432
+      DB_POSTGRESDB_USER: postgres
+      DB_POSTGRESDB_PASSWORD: password
+      DB_POSTGRESDB_POOL_SIZE: 1 # Detect connection pooling deadlocks
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        # with:
+        #   ref: refs/pull/${{ github.event.pull_request.number }}/merge
+
+      - name: Check for db changes
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        id: paths-filter
+        with:
+          filters: |
+            db:
+              - packages/@n8n/db/**
+              - packages/cli/**
+
+      - name: Setup and Build
+        if: steps.paths-filter.outputs.db == 'true'
+        uses: ./.github/actions/setup-nodejs
+
+      - name: Start Postgres
+        if: steps.paths-filter.outputs.db == 'true'
+        uses: isbang/compose-action@802a148945af6399a338c7906c267331b39a71af # v2.0.0
+        with:
+          compose-file: ./.github/docker-compose.yml
+          services: |
+            postgres
+
+      - name: Export postgres
+        if: steps.paths-filter.outputs.db == 'true'
+        run: ./packages/cli/bin/n8n export:entities --outputDir packages/cli/commands/export/outputs 
+      - name: Import postgres
+        if: steps.paths-filter.outputs.db == 'true'
+        run: ./packages/cli/bin/n8n import:entities --inputDir packages/cli/commands/export/outputs --truncateTables

.github/workflows/docker-base-image.yml

@@ -0,0 +1,68 @@
+name: Docker Base Image CI
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - 'docker/images/n8n-base/Dockerfile'
+  pull_request:
+    paths:
+      - 'docker/images/n8n-base/Dockerfile'
+  workflow_dispatch:
+    inputs:
+      push:
+        description: 'Push to registries'
+        required: false
+        default: false
+        type: boolean
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node_version: ['20', '22.21.1', '24']
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Login to DHI Registry (for pulling base images)
+        uses: ./.github/actions/docker-registry-login
+        with:
+          login-ghcr: 'false'
+          login-dhi: 'true'
+          dockerhub-username: ${{ secrets.DOCKER_USERNAME }}
+          dockerhub-password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Login to Docker registries (for pushing)
+        if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.push == true)
+        uses: ./.github/actions/docker-registry-login
+        with:
+          login-ghcr: 'true'
+          login-dockerhub: 'true'
+          dockerhub-username: ${{ secrets.DOCKER_USERNAME }}
+          dockerhub-password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          file: ./docker/images/n8n-base/Dockerfile
+          build-args: |
+            NODE_VERSION=${{ matrix.node_version }}
+          platforms: linux/amd64,linux/arm64
+          provenance: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.push == true) }}
+          sbom: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.push == true) }}
+          push: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.push == true) }}
+          tags: |
+            ${{ secrets.DOCKER_USERNAME }}/base:${{ matrix.node_version }}-${{ github.sha }}
+            ${{ secrets.DOCKER_USERNAME }}/base:${{ matrix.node_version }}
+            ghcr.io/${{ github.repository_owner }}/base:${{ matrix.node_version }}-${{ github.sha }}
+            ghcr.io/${{ github.repository_owner }}/base:${{ matrix.node_version }}
+          no-cache: true

.github/workflows/docker-build-push.yml

@@ -0,0 +1,294 @@
+# This workflow is used to build and push the Docker image for n8nio/n8n and n8nio/runners
+#
+# - Uses docker-config.mjs for context determination, this determines what needs to be built based on the trigger
+# - Uses docker-tags.mjs for tag generation, this generates the tags for the images
+
+name: 'Docker: Build and Push'
+
+env:
+  NODE_OPTIONS: '--max-old-space-size=7168'
+  NODE_VERSION: '22.21.1'
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+  workflow_call:
+    inputs:
+      n8n_version:
+        description: 'N8N version to build'
+        required: true
+        type: string
+      release_type:
+        description: 'Release type (stable, nightly, dev)'
+        required: false
+        type: string
+        default: 'stable'
+      push_enabled:
+        description: 'Whether to push the built images'
+        required: false
+        type: boolean
+        default: true
+
+  workflow_dispatch:
+    inputs:
+      push_enabled:
+        description: 'Push image to registry'
+        required: false
+        type: boolean
+        default: true
+      success_url:
+        description: 'URL to call after the build is successful'
+        required: false
+        type: string
+
+jobs:
+  determine-build-context:
+    name: Determine Build Context
+    runs-on: ubuntu-latest
+    outputs:
+      release_type: ${{ steps.context.outputs.release_type }}
+      n8n_version: ${{ steps.context.outputs.version }}
+      push_enabled: ${{ steps.context.outputs.push_enabled }}
+      push_to_docker: ${{ steps.context.outputs.push_to_docker }}
+      build_matrix: ${{ steps.context.outputs.build_matrix }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Determine build context
+        id: context
+        run: |
+          node .github/scripts/docker/docker-config.mjs \
+            --event "${{ github.event_name }}" \
+            --pr "${{ github.event.pull_request.number }}" \
+            --branch "${{ github.ref_name }}" \
+            --version "${{ inputs.n8n_version }}" \
+            --release-type "${{ inputs.release_type }}" \
+            --push-enabled "${{ inputs.push_enabled }}"
+
+  build-and-push-docker:
+    name: Build App, then Build and Push Docker Image (${{ matrix.platform }})
+    needs: determine-build-context
+    runs-on: ${{ matrix.runner }}
+    timeout-minutes: 25
+    strategy:
+      matrix: ${{ fromJSON(needs.determine-build-context.outputs.build_matrix) }}
+    outputs:
+      image_ref: ${{ steps.determine-tags.outputs.n8n_primary_tag }}
+      primary_ghcr_manifest_tag: ${{ steps.determine-tags.outputs.n8n_primary_tag }}
+      runners_primary_ghcr_manifest_tag: ${{ steps.determine-tags.outputs.runners_primary_tag }}
+      runners_distroless_primary_ghcr_manifest_tag: ${{ steps.determine-tags.outputs.runners_distroless_primary_tag }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Setup and Build
+        uses: ./.github/actions/setup-nodejs
+        with:
+          build-command: pnpm build:n8n
+          enable-docker-cache: 'true'
+
+      - name: Determine Docker tags for all images
+        id: determine-tags
+        run: |
+          node .github/scripts/docker/docker-tags.mjs \
+            --all \
+            --version "${{ needs.determine-build-context.outputs.n8n_version }}" \
+            --platform "${{ matrix.docker_platform }}" \
+            ${{ needs.determine-build-context.outputs.push_to_docker == 'true' && '--include-docker' || '' }}
+
+          echo "=== Generated Docker Tags ==="
+          cat "$GITHUB_OUTPUT" | grep "_tags=" | while IFS='=' read -r key value; do
+            echo "${key}: ${value%%,*}..."  # Show first tag for brevity
+          done
+
+      - name: Login to Docker registries
+        if: needs.determine-build-context.outputs.push_enabled == 'true'
+        uses: ./.github/actions/docker-registry-login
+        with:
+          login-ghcr: true
+          login-dockerhub: ${{ needs.determine-build-context.outputs.push_to_docker == 'true' }}
+          dockerhub-username: ${{ secrets.DOCKER_USERNAME }}
+          dockerhub-password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push n8n Docker image
+        uses: useblacksmith/build-push-action@30c71162f16ea2c27c3e21523255d209b8b538c1 # v2
+        with:
+          context: .
+          file: ./docker/images/n8n/Dockerfile
+          build-args: |
+            NODE_VERSION=${{ env.NODE_VERSION }}
+            N8N_VERSION=${{ needs.determine-build-context.outputs.n8n_version }}
+            N8N_RELEASE_TYPE=${{ needs.determine-build-context.outputs.release_type }}
+          platforms: ${{ matrix.docker_platform }}
+          provenance: true
+          sbom: true
+          push: ${{ needs.determine-build-context.outputs.push_enabled == 'true' }}
+          tags: ${{ steps.determine-tags.outputs.n8n_tags }}
+
+      - name: Build and push task runners Docker image (Alpine)
+        uses: useblacksmith/build-push-action@30c71162f16ea2c27c3e21523255d209b8b538c1 # v2
+        with:
+          context: .
+          file: ./docker/images/runners/Dockerfile
+          build-args: |
+            NODE_VERSION=${{ env.NODE_VERSION }}
+            N8N_VERSION=${{ needs.determine-build-context.outputs.n8n_version }}
+            N8N_RELEASE_TYPE=${{ needs.determine-build-context.outputs.release_type }}
+          platforms: ${{ matrix.docker_platform }}
+          provenance: true
+          sbom: true
+          push: ${{ needs.determine-build-context.outputs.push_enabled == 'true' }}
+          tags: ${{ steps.determine-tags.outputs.runners_tags }}
+
+      - name: Build and push task runners Docker image (distroless)
+        uses: useblacksmith/build-push-action@30c71162f16ea2c27c3e21523255d209b8b538c1 # v2
+        with:
+          context: .
+          file: ./docker/images/runners/Dockerfile.distroless
+          build-args: |
+            NODE_VERSION=${{ env.NODE_VERSION }}
+            N8N_VERSION=${{ needs.determine-build-context.outputs.n8n_version }}
+            N8N_RELEASE_TYPE=${{ needs.determine-build-context.outputs.release_type }}
+          platforms: ${{ matrix.docker_platform }}
+          provenance: true
+          sbom: true
+          push: ${{ needs.determine-build-context.outputs.push_enabled == 'true' }}
+          tags: ${{ steps.determine-tags.outputs.runners_distroless_tags }}
+
+  create_multi_arch_manifest:
+    name: Create Multi-Arch Manifest
+    needs: [determine-build-context, build-and-push-docker]
+    runs-on: ubuntu-latest
+    if: |
+      needs.build-and-push-docker.result == 'success' &&
+      needs.determine-build-context.outputs.push_enabled == 'true'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Login to Docker registries
+        uses: ./.github/actions/docker-registry-login
+        with:
+          login-ghcr: true
+          login-dockerhub: ${{ needs.determine-build-context.outputs.push_to_docker == 'true' }}
+          dockerhub-username: ${{ secrets.DOCKER_USERNAME }}
+          dockerhub-password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Create GHCR multi-arch manifests
+        run: |
+          RELEASE_TYPE="${{ needs.determine-build-context.outputs.release_type }}"
+
+          # Function to create manifest for an image
+          create_manifest() {
+            local IMAGE_NAME=$1
+            local MANIFEST_TAG=$2
+
+            if [[ -z "$MANIFEST_TAG" ]]; then
+              echo "Skipping $IMAGE_NAME - no manifest tag"
+              return
+            fi
+
+            echo "Creating GHCR manifest for $IMAGE_NAME: $MANIFEST_TAG"
+
+            # For branch builds, only AMD64 is built
+            if [[ "$RELEASE_TYPE" == "branch" ]]; then
+              docker buildx imagetools create \
+                --tag "$MANIFEST_TAG" \
+                "${MANIFEST_TAG}-amd64"
+            else
+              docker buildx imagetools create \
+                --tag "$MANIFEST_TAG" \
+                "${MANIFEST_TAG}-amd64" \
+                "${MANIFEST_TAG}-arm64"
+            fi
+          }
+
+          # Create manifests for all images
+          create_manifest "n8n" "${{ needs.build-and-push-docker.outputs.primary_ghcr_manifest_tag }}"
+          create_manifest "runners" "${{ needs.build-and-push-docker.outputs.runners_primary_ghcr_manifest_tag }}"
+          create_manifest "runners-distroless" "${{ needs.build-and-push-docker.outputs.runners_distroless_primary_ghcr_manifest_tag }}"
+
+      - name: Create Docker Hub manifests
+        if: needs.determine-build-context.outputs.push_to_docker == 'true'
+        run: |
+          VERSION="${{ needs.determine-build-context.outputs.n8n_version }}"
+          DOCKER_BASE="${{ secrets.DOCKER_USERNAME }}"
+
+          # Create manifests for each image type
+          declare -A images=(
+            ["n8n"]="${VERSION}"
+            ["runners"]="${VERSION}"
+            ["runners-distroless"]="${VERSION}-distroless"
+          )
+
+          for image in "${!images[@]}"; do
+            TAG_SUFFIX="${images[$image]}"
+            IMAGE_NAME="${image//-distroless/}"  # Remove -distroless from image name
+
+            echo "Creating Docker Hub manifest for $image"
+            docker buildx imagetools create \
+              --tag "${DOCKER_BASE}/${IMAGE_NAME}:${TAG_SUFFIX}" \
+              "${DOCKER_BASE}/${IMAGE_NAME}:${TAG_SUFFIX}-amd64" \
+              "${DOCKER_BASE}/${IMAGE_NAME}:${TAG_SUFFIX}-arm64"
+          done
+
+  call-success-url:
+    name: Call Success URL
+    needs: [create_multi_arch_manifest]
+    runs-on: ubuntu-latest
+    if: needs.create_multi_arch_manifest.result == 'success' || needs.create_multi_arch_manifest.result == 'skipped'
+    steps:
+      - name: Call Success URL
+        env:
+          SUCCESS_URL: ${{ github.event.inputs.success_url }}
+        if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.success_url != '' }}
+        run: |
+          echo "Calling success URL: ${{ env.SUCCESS_URL }}"
+          curl -v "${{ env.SUCCESS_URL }}" || echo "Failed to call success URL"
+        shell: bash
+
+  security-scan:
+    name: Security Scan
+    needs: [determine-build-context, build-and-push-docker, create_multi_arch_manifest]
+    if: |
+      success() &&
+      (needs.determine-build-context.outputs.release_type == 'stable' ||
+       needs.determine-build-context.outputs.release_type == 'nightly' ||
+       needs.determine-build-context.outputs.release_type == 'rc')
+    uses: ./.github/workflows/security-trivy-scan-callable.yml
+    with:
+      image_ref: ${{ needs.build-and-push-docker.outputs.image_ref }}
+    secrets: inherit
+
+  security-scan-runners:
+    name: Security Scan (runners)
+    needs: [determine-build-context, build-and-push-docker, create_multi_arch_manifest]
+    if: |
+      success() &&
+      (needs.determine-build-context.outputs.release_type == 'stable' ||
+       needs.determine-build-context.outputs.release_type == 'nightly' ||
+       needs.determine-build-context.outputs.release_type == 'rc')
+    uses: ./.github/workflows/security-trivy-scan-callable.yml
+    with:
+      image_ref: ${{ needs.build-and-push-docker.outputs.runners_primary_ghcr_manifest_tag }}
+    secrets: inherit
+
+  notify-on-failure:
+    name: Notify Cats on nightly build failure
+    runs-on: ubuntu-latest
+    needs: [build-and-push-docker]
+    if: needs.build-and-push-docker.result == 'failure' && github.event_name == 'schedule'
+    steps:
+      - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
+        with:
+          status: ${{ needs.build-and-push-docker.result }}
+          channel: '#team-catalysts'
+          webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          message: Nightly Docker build failed - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

.github/workflows/docker-images-benchmark.yml

@@ -0,0 +1,41 @@
+name: Benchmark Docker Image CI
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+    paths:
+      - 'packages/@n8n/benchmark/**'
+      - 'pnpm-lock.yaml'
+      - 'pnpm-workspace.yaml'
+      - '.github/workflows/docker-images-benchmark.yml'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+
+      - name: Login to GitHub Container Registry
+        uses: ./.github/actions/docker-registry-login
+
+      - name: Build
+        uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
+        env:
+          DOCKER_BUILD_SUMMARY: false
+        with:
+          context: .
+          file: ./packages/@n8n/benchmark/Dockerfile
+          platforms: linux/amd64
+          provenance: false
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/n8n-benchmark:latest

.github/workflows/linting-reusable.yml

@@ -0,0 +1,33 @@
+name: Reusable linting workflow
+
+on:
+  workflow_call:
+    inputs:
+      ref:
+        description: GitHub ref to lint.
+        required: false
+        type: string
+        default: ''
+      nodeVersion:
+        description: Version of node to use.
+        required: false
+        type: string
+        default: 22.x
+
+env:
+  NODE_OPTIONS: --max-old-space-size=7168
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: blacksmith-4vcpu-ubuntu-2204
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Build and Test
+        uses: ./.github/actions/setup-nodejs
+        with:
+          build-command: pnpm lint
+          node-version: ${{ inputs.nodeVersion }}

.github/workflows/notify-pr-status.yml

@@ -0,0 +1,27 @@
+name: Notify PR status changed
+
+on:
+  pull_request_review:
+    types: [submitted, dismissed]
+  pull_request:
+    types: [closed]
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    if: >-
+      (github.event_name == 'pull_request_review' && github.event.review.state == 'approved') ||
+      (github.event_name == 'pull_request_review' && github.event.review.state == 'dismissed') ||
+      (github.event_name == 'pull_request' && github.event.pull_request.merged == true) ||
+      (github.event_name == 'pull_request' && github.event.pull_request.merged == false && github.event.action == 'closed')
+    steps:
+      - uses: fjogeleit/http-request-action@bf78da14118941f7e940279dd58f67e863cbeff6 # v1
+        if: ${{!contains(github.event.pull_request.labels.*.name, 'community')}}
+        name: Notify
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        with:
+          url: ${{ secrets.N8N_NOTIFY_PR_STATUS_CHANGED_URL }}
+          method: 'POST'
+          customHeaders: '{ "x-api-token": "${{ secrets.N8N_NOTIFY_PR_STATUS_CHANGED_TOKEN }}" }'
+          data: '{ "event_name": "${{ github.event_name }}", "pr_url": "${{ env.PR_URL }}",  "event": ${{ toJSON(github.event) }} }'