FROM debian:bookworm-slim

ARG FLUTTER_VERSION=3.38.9

LABEL org.opencontainers.image.title="flutter-sdk"
LABEL org.opencontainers.image.description="Minimal Flutter SDK for Web/WASM CI builds"
LABEL org.opencontainers.image.version="${FLUTTER_VERSION}"

# Install minimal dependencies for Flutter web builds
RUN apt-get update && apt-get install -y --no-install-recommends \
    curl \
    git \
    unzip \
    xz-utils \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

ENV FLUTTER_HOME=/opt/flutter
ENV PATH="${FLUTTER_HOME}/bin:${FLUTTER_HOME}/bin/cache/dart-sdk/bin:${PATH}"

# Download Flutter SDK from official archive
RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" \
      -o /tmp/flutter.tar.xz && \
    tar xf /tmp/flutter.tar.xz -C /opt && \
    rm /tmp/flutter.tar.xz

# Mark git directory as safe (tarball is owned by different uid)
RUN git config --global --add safe.directory "${FLUTTER_HOME}"

# Configure for web-only (disable everything else)
RUN flutter config --enable-web \
    --no-enable-android \
    --no-enable-ios \
    --no-enable-linux-desktop \
    --no-enable-macos-desktop \
    --no-enable-windows-desktop

# Precache only web artifacts
RUN flutter precache --web \
    --no-android \
    --no-ios \
    --no-linux \
    --no-macos \
    --no-windows \
    --no-fuchsia \
    --no-universal

# Verify installation
RUN flutter doctor -v

# Create non-root user for CI builds
RUN groupadd -r flutter && useradd -r -g flutter -m -d /home/flutter flutter && \
    chown -R flutter:flutter "${FLUTTER_HOME}" /home/flutter

WORKDIR /app
RUN chown flutter:flutter /app
USER flutter
