The build uses --build-arg to override the Dockerfile default,
so README sync should read from the actual release tag.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use --wasm flag for WebAssembly compilation
- Add cache-busting for JS/WASM assets
- Replace nginx with static-web-server on scratch (~18MB)
- Run as non-root user
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed from standard orange to #E65100 (deep orange) for better
visual balance with the #2e7d32 dark green arm64 badges.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Show web-3.38.9, android-3.38.9, linux-3.38.9 instead of generic names
- Remove Docker Version latest badge
- Update sync workflow to also update Flutter versions in badges
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use workflow_run instead of push trigger to ensure badges
update after images are actually built.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Clickable Docker badges linking to specific tag pages
- Dynamic image sizes from Docker Hub
- Architecture column showing amd64/arm64 support
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove broken Docker Scout and SLSA badges
- Remove LICENSE badge (no LICENSE file)
- Fix image size badge to use version instead
- Add Wolfi base badge
- Use HTML anchor tags with target="_blank"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Focus on Wolfi benefits rather than competitor comparisons.
Highlight lightweight nature and automatic updates.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document the Flutter SDK Docker images with:
- Image variants and sizes
- Comparison showing 75% smaller than alternatives
- CI/CD examples for GitHub, GitLab, and Gitea
- Security features (zero CVEs, SBOM, provenance)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove rav1e binary, library, and SBOM metadata to eliminate
RUSTSEC-2024-0436 in the paste crate. rav1e (AV1 encoder) is not
needed for Flutter Linux desktop development.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace vulnerable commons-lang3 3.16.0 with fixed version 3.18.0
to resolve CVE-2025-48924 (CVSS 6.5 Medium).
Image now has 0 vulnerabilities across all severity levels.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Switch from downloading pre-built Flutter SDK tarballs to cloning from
git. Flutter only provides x64 Linux tarballs, but cloning from git
allows Flutter to bootstrap itself with the correct Dart SDK for any
host architecture (amd64 or arm64).
Also reduces image size from ~4GB to ~1.7GB for Android variant.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Consolidate Android SDK download and setup into single layer to ensure
lint-psi directory (containing vulnerable protobuf-java 2.6.1) is never
committed to any image layer. Reduces CVEs from 4 HIGH to 0 and saves 86MB.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update cmdline-tools from 11076708 to 14742923 (v20.0)
- Update build-tools from 36.0.0 to 36.1.0
- Add Android SDK version checking to update-check workflow
- Creates issues when Android SDK updates are available
This reduces CVEs from 26 to 4 (all from protobuf-java 2.6.1 bundled by Google).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add QEMU setup for cross-platform builds
- Build web, android, and linux images for both amd64 and arm64
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Dockerfile.android: Use flutter-sdk-android-latest base with OpenJDK 17
- Dockerfile.linux: Use flutter-sdk-linux-latest base with clang/GTK3
Removes all Debian library copying, eliminating Debian-sourced CVEs.
Significantly simplifies both Dockerfiles.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Switch all Dockerfiles from debian:bookworm-slim to svrnty/base-distro:flutter-sdk-latest (Wolfi)
- Use non-root user (UID 65532) instead of custom flutter user
- Strip wrong-platform engine artifacts per variant (web, android, linux)
- Remove dev/, examples/ and compact .git with git gc --prune=all
- Android: multi-stage build for JDK 17 + Android SDK 36 from Debian
- Linux: multi-stage build for clang/cmake/ninja/GTK3 with glibc conflict resolution
- Update Android SDK from 35 to 36 (required by Flutter 3.38.9)
Image sizes: web 1.32 GB, linux 2.43 GB, android 4.22 GB
(down from 4.9 GB, 3.69 GB, 4.15 GB respectively)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Creates a dedicated flutter user and switches to it as the default.
Resolves Docker Scout compliance check for non-root default user.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents the multi-stage approach: build Flutter from source in
Debian, package as APK with melange, compose minimal runtime image
from Wolfi packages with apko. Phased rollout starting with web
variant PoC.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
All platform images now publish to svrnty/flutter-sdk with variant
prefixed tags (web-3.38.9, android-latest, linux-dev, etc.) instead
of separate image names per platform.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Build and Push Flutter SDK Image / build-and-push (Flutter SDK for Android CI builds, Dockerfile.android, gpb-flutter-sdk-android) (release) Failing after 7s
Build and Push Flutter SDK Image / build-and-push (Flutter SDK for Linux desktop CI builds, Dockerfile.linux, gpb-flutter-sdk-linux) (release) Failing after 8s
Pre-release triggers now fetch the current Flutter stable version
from the releases API instead of using the release tag. This allows
testing the pipeline with any pre-release tag name.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds Dockerfile.android (Flutter + Android SDK/JDK 17) and
Dockerfile.linux (Flutter + clang/cmake/GTK3 for desktop builds).
Publish and Scout pipelines now use matrix strategy to build all
three variants in parallel. Registry secrets updated to
REGISTRY_USERNAME/REGISTRY_PASSWORD. Update-check adds explicit
stable channel filter.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Dockerfile based on debian:bookworm-slim with web-only Flutter SDK
- Release pipeline with Docker Scout CVE scan, SBOM, and provenance
- Scout PR pipeline with check-image gate
- Daily update-check pipeline that auto-creates releases for new
Flutter stable versions via Gitea API
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
