From d99545f9a82d73301dc1d0c74f1d7346db6f4b4b Mon Sep 17 00:00:00 2001
From: Mathias Beaulieu-Duncan <mathias@svrnty.io>
Date: Mon, 2 Feb 2026 23:49:05 -0500
Subject: [PATCH] Add Flutter SDK Android and Linux base images with native
 Wolfi packages

- Add flutter-sdk-android.yaml with OpenJDK 17 from Wolfi packages
- Add flutter-sdk-linux.yaml with clang-19, cmake, ninja, GTK3 from Wolfi
- Update publish workflow to build new variants

This eliminates the need to copy libraries from Debian, removing all
Debian-sourced CVEs from the derived Flutter SDK images.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .gitea/workflows/publish.yaml |  6 +++-
 apko/flutter-sdk-android.yaml | 49 +++++++++++++++++++++++++++++
 apko/flutter-sdk-linux.yaml   | 59 +++++++++++++++++++++++++++++++++++
 3 files changed, 113 insertions(+), 1 deletion(-)
 create mode 100644 apko/flutter-sdk-android.yaml
 create mode 100644 apko/flutter-sdk-linux.yaml

diff --git a/.gitea/workflows/publish.yaml b/.gitea/workflows/publish.yaml
index 152043d..f20f824 100644
--- a/.gitea/workflows/publish.yaml
+++ b/.gitea/workflows/publish.yaml
@@ -30,6 +30,10 @@ jobs:
             variant: dotnet-sdk
           - config: apko/flutter-sdk.yaml
             variant: flutter-sdk
+          - config: apko/flutter-sdk-android.yaml
+            variant: flutter-sdk-android
+          - config: apko/flutter-sdk-linux.yaml
+            variant: flutter-sdk-linux
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -84,7 +88,7 @@ jobs:
               UPSTREAM=$(curl -fsSL "https://dotnetcli.azureedge.net/dotnet/release-metadata/releases-index.json" \
                 | jq -r '[."releases-index"[] | select(."support-phase" == "active" or ."support-phase" == "go-live") | ."latest-sdk"] | sort_by(. | split(".") | map(tonumber)) | last')
               ;;
-            flutter-sdk)
+            flutter-sdk|flutter-sdk-android|flutter-sdk-linux)
               UPSTREAM=$(curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/releases_linux.json" \
                 | jq -r '.current_release.stable as $hash | .releases[] | select(.hash == $hash and .channel == "stable") | .version')
               ;;
diff --git a/apko/flutter-sdk-android.yaml b/apko/flutter-sdk-android.yaml
new file mode 100644
index 0000000..cbaf7d2
--- /dev/null
+++ b/apko/flutter-sdk-android.yaml
@@ -0,0 +1,49 @@
+contents:
+  keyring:
+    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
+  repositories:
+    - https://packages.wolfi.dev/os
+  packages:
+    # Base runtime
+    - wolfi-baselayout
+    - glibc
+    - glibc-locale-posix
+    - libstdc++
+    - ca-certificates-bundle
+    - tzdata
+    # Build tools
+    - bash
+    - busybox
+    - coreutils
+    - git
+    - curl
+    - wget
+    - unzip
+    - xz
+    - zip
+    # Java (for Android SDK)
+    - openjdk-17
+    - openjdk-17-default-jvm
+
+accounts:
+  groups:
+    - groupname: flutter
+      gid: 65532
+  users:
+    - username: flutter
+      uid: 65532
+      gid: 65532
+  run-as: 65532
+
+archs:
+  - x86_64
+  - aarch64
+
+environment:
+  TZ: UTC
+  FLUTTER_HOME: /opt/flutter
+  JAVA_HOME: /usr/lib/jvm/java-17-openjdk
+  PATH: /opt/flutter/bin:/opt/flutter/bin/cache/dart-sdk/bin:/usr/lib/jvm/java-17-openjdk/bin:/usr/bin:/bin:/usr/sbin:/sbin
+
+entrypoint:
+  command: /bin/bash
diff --git a/apko/flutter-sdk-linux.yaml b/apko/flutter-sdk-linux.yaml
new file mode 100644
index 0000000..eea2fc0
--- /dev/null
+++ b/apko/flutter-sdk-linux.yaml
@@ -0,0 +1,59 @@
+contents:
+  keyring:
+    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
+  repositories:
+    - https://packages.wolfi.dev/os
+  packages:
+    # Base runtime
+    - wolfi-baselayout
+    - glibc
+    - glibc-locale-posix
+    - libstdc++
+    - ca-certificates-bundle
+    - tzdata
+    # Build tools
+    - bash
+    - busybox
+    - coreutils
+    - git
+    - curl
+    - wget
+    - unzip
+    - xz
+    # Linux desktop build toolchain
+    - clang-19
+    - cmake
+    - ninja-build
+    - pkgconf
+    # GTK and dependencies for Flutter Linux
+    - gtk-3-dev
+    - glib-dev
+    - pango-dev
+    - harfbuzz-dev
+    - cairo-dev
+    - gdk-pixbuf-dev
+    - xz-dev
+
+accounts:
+  groups:
+    - groupname: flutter
+      gid: 65532
+  users:
+    - username: flutter
+      uid: 65532
+      gid: 65532
+  run-as: 65532
+
+archs:
+  - x86_64
+  - aarch64
+
+environment:
+  TZ: UTC
+  FLUTTER_HOME: /opt/flutter
+  CC: clang
+  CXX: clang++
+  PATH: /opt/flutter/bin:/opt/flutter/bin/cache/dart-sdk/bin:/usr/bin:/bin:/usr/sbin:/sbin
+
+entrypoint:
+  command: /bin/bash