Use native Wolfi base images for Android and Linux variants
- Dockerfile.android: Use flutter-sdk-android-latest base with OpenJDK 17 - Dockerfile.linux: Use flutter-sdk-linux-latest base with clang/GTK3 Removes all Debian library copying, eliminating Debian-sourced CVEs. Significantly simplifies both Dockerfiles. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Mathias Beaulieu-Duncan
parent
4827388738
commit
ec0e419275
@ -1,4 +1,4 @@
|
||||
FROM svrnty/base-distro:flutter-sdk-latest AS base
|
||||
FROM svrnty/base-distro:flutter-sdk-android-latest
|
||||
|
||||
ARG FLUTTER_VERSION=3.38.9
|
||||
ARG ANDROID_SDK_TOOLS_VERSION=11076708
|
||||
@ -9,23 +9,13 @@ LABEL org.opencontainers.image.title="flutter-sdk-android"
|
||||
LABEL org.opencontainers.image.description="Flutter SDK for Android CI builds"
|
||||
LABEL org.opencontainers.image.version="${FLUTTER_VERSION}"
|
||||
|
||||
# --- Install JDK and Android SDK in debian (requires apt + shared libs) ---
|
||||
FROM debian:bookworm-slim AS android-stage
|
||||
USER 0
|
||||
|
||||
ARG ANDROID_SDK_TOOLS_VERSION=11076708
|
||||
ARG ANDROID_COMPILE_SDK=36
|
||||
ARG ANDROID_BUILD_TOOLS=36.0.0
|
||||
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
curl \
|
||||
unzip \
|
||||
openjdk-17-jdk-headless \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
|
||||
# Set up Android SDK environment
|
||||
ENV ANDROID_HOME=/opt/android-sdk
|
||||
ENV PATH="${JAVA_HOME}/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/platform-tools:${PATH}"
|
||||
ENV PATH="${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/platform-tools:${PATH}"
|
||||
|
||||
# Download and install Android SDK command-line tools
|
||||
RUN mkdir -p "${ANDROID_HOME}/cmdline-tools" && \
|
||||
curl -fsSL "https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_SDK_TOOLS_VERSION}_latest.zip" \
|
||||
-o /tmp/cmdline-tools.zip && \
|
||||
@ -33,30 +23,14 @@ RUN mkdir -p "${ANDROID_HOME}/cmdline-tools" && \
|
||||
mv /tmp/cmdline-tools/cmdline-tools "${ANDROID_HOME}/cmdline-tools/latest" && \
|
||||
rm -rf /tmp/cmdline-tools.zip /tmp/cmdline-tools
|
||||
|
||||
# Accept licenses and install SDK components
|
||||
RUN yes | sdkmanager --licenses > /dev/null 2>&1 && \
|
||||
sdkmanager --install \
|
||||
"platform-tools" \
|
||||
"platforms;android-${ANDROID_COMPILE_SDK}" \
|
||||
"build-tools;${ANDROID_BUILD_TOOLS}"
|
||||
|
||||
# --- Build final image ---
|
||||
FROM base
|
||||
|
||||
USER 0
|
||||
|
||||
# Copy JDK and its required shared libraries from debian
|
||||
COPY --from=android-stage /usr/lib/jvm/java-17-openjdk-amd64 /usr/lib/jvm/java-17-openjdk-amd64
|
||||
COPY --from=android-stage /usr/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu
|
||||
COPY --from=android-stage /lib/x86_64-linux-gnu /lib/x86_64-linux-gnu
|
||||
ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
|
||||
ENV PATH="${JAVA_HOME}/bin:${PATH}"
|
||||
|
||||
# Copy Android SDK (already set up with licenses and components)
|
||||
COPY --from=android-stage /opt/android-sdk /opt/android-sdk
|
||||
ENV ANDROID_HOME=/opt/android-sdk
|
||||
ENV PATH="${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/platform-tools:${PATH}"
|
||||
|
||||
# Download Flutter SDK and strip unnecessary files in a single layer
|
||||
# Download Flutter SDK and strip unnecessary files
|
||||
RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" \
|
||||
-o /tmp/flutter.tar.xz && \
|
||||
tar xf /tmp/flutter.tar.xz -C /opt && \
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
FROM svrnty/base-distro:flutter-sdk-latest AS base
|
||||
FROM svrnty/base-distro:flutter-sdk-linux-latest
|
||||
|
||||
ARG FLUTTER_VERSION=3.38.9
|
||||
|
||||
@ -6,25 +6,9 @@ LABEL org.opencontainers.image.title="flutter-sdk-linux"
|
||||
LABEL org.opencontainers.image.description="Flutter SDK for Linux desktop CI builds"
|
||||
LABEL org.opencontainers.image.version="${FLUTTER_VERSION}"
|
||||
|
||||
# --- Install Linux desktop build deps in debian ---
|
||||
FROM debian:bookworm-slim AS deps-stage
|
||||
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
clang \
|
||||
cmake \
|
||||
ninja-build \
|
||||
pkg-config \
|
||||
libgtk-3-dev \
|
||||
liblzma-dev \
|
||||
libstdc++-12-dev \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# --- Build final image ---
|
||||
FROM base
|
||||
|
||||
USER 0
|
||||
|
||||
# Download Flutter SDK and strip unnecessary files in a single layer
|
||||
# Download Flutter SDK and strip unnecessary files
|
||||
RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" \
|
||||
-o /tmp/flutter.tar.xz && \
|
||||
tar xf /tmp/flutter.tar.xz -C /opt && \
|
||||
@ -37,45 +21,6 @@ RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/st
|
||||
RUN git config --global --add safe.directory /opt/flutter && \
|
||||
cd /opt/flutter && git gc --prune=all
|
||||
|
||||
# Remove symlinks that conflict with COPY from debian stage
|
||||
RUN rm -f /usr/lib/terminfo
|
||||
|
||||
# Copy only specific toolchain binaries (not all of /usr/bin which would overwrite Wolfi's core utils)
|
||||
COPY --from=deps-stage /usr/bin/cmake /usr/bin/cmake
|
||||
COPY --from=deps-stage /usr/bin/ninja /usr/bin/ninja
|
||||
COPY --from=deps-stage /usr/bin/pkg-config /usr/bin/pkg-config
|
||||
COPY --from=deps-stage /usr/bin/clang-14 /usr/bin/clang-14
|
||||
RUN ln -sf clang-14 /usr/bin/clang && ln -sf clang-14 /usr/bin/clang++
|
||||
|
||||
# Copy libraries from debian stage (specific subdirectories to avoid overwriting Wolfi's core libs)
|
||||
COPY --from=deps-stage /usr/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu
|
||||
COPY --from=deps-stage /usr/lib/llvm-14 /usr/lib/llvm-14
|
||||
COPY --from=deps-stage /usr/lib/cmake /usr/lib/cmake
|
||||
COPY --from=deps-stage /usr/lib/gcc /usr/lib/gcc
|
||||
COPY --from=deps-stage /usr/include /usr/include
|
||||
COPY --from=deps-stage /usr/share/cmake-3.25 /usr/share/cmake-3.25
|
||||
COPY --from=deps-stage /usr/share/pkgconfig /usr/share/pkgconfig
|
||||
COPY --from=deps-stage /lib/x86_64-linux-gnu /lib/x86_64-linux-gnu
|
||||
|
||||
# Remove Debian's glibc/ld files that conflict with Wolfi's newer glibc,
|
||||
# then register the Debian library paths and rebuild the linker cache
|
||||
RUN rm -f /usr/lib/x86_64-linux-gnu/libc.so* /usr/lib/x86_64-linux-gnu/libm.so* \
|
||||
/usr/lib/x86_64-linux-gnu/libpthread* /usr/lib/x86_64-linux-gnu/libdl.so* \
|
||||
/usr/lib/x86_64-linux-gnu/librt.so* /usr/lib/x86_64-linux-gnu/libresolv* \
|
||||
/usr/lib/x86_64-linux-gnu/libmvec* /usr/lib/x86_64-linux-gnu/libnss_* \
|
||||
/usr/lib/x86_64-linux-gnu/ld-linux* /usr/lib/x86_64-linux-gnu/crt*.o \
|
||||
/usr/lib/x86_64-linux-gnu/libpcre2-8.so* \
|
||||
/lib/x86_64-linux-gnu/libc.so* /lib/x86_64-linux-gnu/libc-* \
|
||||
/lib/x86_64-linux-gnu/libm.so* /lib/x86_64-linux-gnu/libm-* \
|
||||
/lib/x86_64-linux-gnu/libpthread* /lib/x86_64-linux-gnu/libdl.so* \
|
||||
/lib/x86_64-linux-gnu/librt.so* /lib/x86_64-linux-gnu/libresolv* \
|
||||
/lib/x86_64-linux-gnu/libmvec* /lib/x86_64-linux-gnu/libnss_* \
|
||||
/lib/x86_64-linux-gnu/ld-linux* \
|
||||
/lib/x86_64-linux-gnu/libpcre2-8.so* && \
|
||||
echo "/usr/lib/x86_64-linux-gnu" > /etc/ld.so.conf.d/debian-x86_64.conf && \
|
||||
echo "/lib/x86_64-linux-gnu" >> /etc/ld.so.conf.d/debian-x86_64.conf && \
|
||||
ldconfig
|
||||
|
||||
# Fix ownership before switching to flutter user
|
||||
RUN chown -R 65532:65532 /opt/flutter
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user