- Check base image digests daily against stored values
- Trigger prerelease rebuild when Wolfi updates detected
- Store digests in .base-digests file
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update cmdline-tools from 11076708 to 14742923 (v20.0)
- Update build-tools from 36.0.0 to 36.1.0
- Add Android SDK version checking to update-check workflow
- Creates issues when Android SDK updates are available
This reduces CVEs from 26 to 4 (all from protobuf-java 2.6.1 bundled by Google).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds Dockerfile.android (Flutter + Android SDK/JDK 17) and
Dockerfile.linux (Flutter + clang/cmake/GTK3 for desktop builds).
Publish and Scout pipelines now use matrix strategy to build all
three variants in parallel. Registry secrets updated to
REGISTRY_USERNAME/REGISTRY_PASSWORD. Update-check adds explicit
stable channel filter.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Dockerfile based on debian:bookworm-slim with web-only Flutter SDK
- Release pipeline with Docker Scout CVE scan, SBOM, and provenance
- Scout PR pipeline with check-image gate
- Daily update-check pipeline that auto-creates releases for new
Flutter stable versions via Gitea API
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
