Use git clone for Flutter SDK to support arm64

Switch from downloading pre-built Flutter SDK tarballs to cloning from
git. Flutter only provides x64 Linux tarballs, but cloning from git
allows Flutter to bootstrap itself with the correct Dart SDK for any
host architecture (amd64 or arm64).

Also reduces image size from ~4GB to ~1.7GB for Android variant.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.gitea/workflows/publish.yaml

@@ -45,6 +45,9 @@ jobs:
             echo "tag=${{ matrix.variant }}-latest" >> $GITHUB_OUTPUT
           fi
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -80,7 +83,7 @@ jobs:
         with:
           context: .
           file: ${{ matrix.dockerfile }}
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: true
           sbom: true
           provenance: mode=max

.gitea/workflows/update-check.yaml

@@ -1,4 +1,4 @@
-name: Check for Flutter SDK Updates
+name: Check for Flutter SDK and Android SDK Updates
 
 on:
   schedule:
@@ -9,6 +9,9 @@ jobs:
   check-update:
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
       - name: Get latest Flutter stable version
         id: flutter
         run: |
@@ -17,7 +20,47 @@ jobs:
           echo "version=${LATEST}" >> $GITHUB_OUTPUT
           echo "Latest Flutter stable: ${LATEST}"
 
-      - name: Check if release already exists
+      - name: Get latest Android SDK versions
+        id: android
+        run: |
+          REPO_XML=$(curl -fsSL "https://dl.google.com/android/repository/repository2-1.xml")
+
+          # Latest stable build-tools (exclude rc/alpha/beta)
+          BUILD_TOOLS=$(echo "$REPO_XML" | grep -o 'path="build-tools;[0-9]*\.[0-9]*\.[0-9]*"' | \
+            sed 's/path="build-tools;//;s/"//' | sort -V | tail -1)
+
+          # Latest stable platform
+          PLATFORM=$(echo "$REPO_XML" | grep -o 'path="platforms;android-[0-9]*"' | \
+            sed 's/path="platforms;android-//;s/"//' | sort -n | tail -1)
+
+          # Latest cmdline-tools download ID
+          CMDLINE_DOWNLOAD=$(echo "$REPO_XML" | grep -o 'commandlinetools-linux-[0-9]*_latest' | \
+            sed 's/commandlinetools-linux-//;s/_latest//' | sort -n | tail -1)
+
+          echo "build_tools=${BUILD_TOOLS}" >> $GITHUB_OUTPUT
+          echo "platform=${PLATFORM}" >> $GITHUB_OUTPUT
+          echo "cmdline_tools=${CMDLINE_DOWNLOAD}" >> $GITHUB_OUTPUT
+
+          echo "Latest Android build-tools: ${BUILD_TOOLS}"
+          echo "Latest Android platform: ${PLATFORM}"
+          echo "Latest cmdline-tools download: ${CMDLINE_DOWNLOAD}"
+
+      - name: Check current Android SDK versions in Dockerfile
+        id: current
+        run: |
+          CURRENT_CMDLINE=$(grep -o 'ANDROID_SDK_TOOLS_VERSION=[0-9]*' Dockerfile.android | cut -d= -f2)
+          CURRENT_BUILD_TOOLS=$(grep -o 'ANDROID_BUILD_TOOLS=[0-9.]*' Dockerfile.android | cut -d= -f2)
+          CURRENT_PLATFORM=$(grep -o 'ANDROID_COMPILE_SDK=[0-9]*' Dockerfile.android | cut -d= -f2)
+
+          echo "cmdline_tools=${CURRENT_CMDLINE}" >> $GITHUB_OUTPUT
+          echo "build_tools=${CURRENT_BUILD_TOOLS}" >> $GITHUB_OUTPUT
+          echo "platform=${CURRENT_PLATFORM}" >> $GITHUB_OUTPUT
+
+          echo "Current cmdline-tools: ${CURRENT_CMDLINE}"
+          echo "Current build-tools: ${CURRENT_BUILD_TOOLS}"
+          echo "Current platform: ${CURRENT_PLATFORM}"
+
+      - name: Check if Flutter release already exists
         id: existing
         run: |
           VERSION="${{ steps.flutter.outputs.version }}"
@@ -31,7 +74,29 @@ jobs:
             echo "Release ${VERSION} not found, will create"
           fi
 
-      - name: Create release for new version
+      - name: Determine if Android SDK update is needed
+        id: android_update
+        run: |
+          NEEDS_UPDATE=false
+
+          if [ "${{ steps.android.outputs.cmdline_tools }}" != "${{ steps.current.outputs.cmdline_tools }}" ]; then
+            echo "cmdline-tools update available: ${{ steps.current.outputs.cmdline_tools }} -> ${{ steps.android.outputs.cmdline_tools }}"
+            NEEDS_UPDATE=true
+          fi
+
+          if [ "${{ steps.android.outputs.build_tools }}" != "${{ steps.current.outputs.build_tools }}" ]; then
+            echo "build-tools update available: ${{ steps.current.outputs.build_tools }} -> ${{ steps.android.outputs.build_tools }}"
+            NEEDS_UPDATE=true
+          fi
+
+          if [ "${{ steps.android.outputs.platform }}" != "${{ steps.current.outputs.platform }}" ]; then
+            echo "platform update available: ${{ steps.current.outputs.platform }} -> ${{ steps.android.outputs.platform }}"
+            NEEDS_UPDATE=true
+          fi
+
+          echo "needs_update=${NEEDS_UPDATE}" >> $GITHUB_OUTPUT
+
+      - name: Create release for new Flutter version
         if: steps.existing.outputs.exists == 'false' && steps.flutter.outputs.version != ''
         run: |
           VERSION="${{ steps.flutter.outputs.version }}"
@@ -47,3 +112,33 @@ jobs:
               \"draft\": false,
               \"prerelease\": false
             }"
+
+      - name: Create issue for Android SDK updates
+        if: steps.android_update.outputs.needs_update == 'true'
+        run: |
+          BODY="Android SDK updates are available:\n\n"
+          BODY+="| Component | Current | Latest |\n"
+          BODY+="|-----------|---------|--------|\n"
+          BODY+="| cmdline-tools | ${{ steps.current.outputs.cmdline_tools }} | ${{ steps.android.outputs.cmdline_tools }} |\n"
+          BODY+="| build-tools | ${{ steps.current.outputs.build_tools }} | ${{ steps.android.outputs.build_tools }} |\n"
+          BODY+="| platform | ${{ steps.current.outputs.platform }} | ${{ steps.android.outputs.platform }} |\n"
+          BODY+="\nUpdate \`Dockerfile.android\` to use the latest versions."
+
+          # Check if issue already exists
+          EXISTING=$(curl -s -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
+            "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues?state=open&labels=android-sdk-update" | jq length)
+
+          if [ "$EXISTING" = "0" ]; then
+            curl -fsSL -X POST \
+              -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
+              -H "Content-Type: application/json" \
+              "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues" \
+              -d "{
+                \"title\": \"Android SDK updates available\",
+                \"body\": \"$(echo -e "$BODY")\",
+                \"labels\": [\"android-sdk-update\"]
+              }"
+            echo "Created issue for Android SDK updates"
+          else
+            echo "Issue for Android SDK updates already exists"
+          fi

Dockerfile

@@ -8,21 +8,12 @@ LABEL org.opencontainers.image.version="${FLUTTER_VERSION}"
 
 USER 0
 
-# Download Flutter SDK and strip unnecessary files in a single layer
-RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" \
-      -o /tmp/flutter.tar.xz && \
-    tar xf /tmp/flutter.tar.xz -C /opt && \
-    rm /tmp/flutter.tar.xz && \
-    rm -rf /opt/flutter/dev \
-           /opt/flutter/examples \
-           /opt/flutter/bin/cache/artifacts/engine/android-* \
-           /opt/flutter/bin/cache/artifacts/engine/linux-* && \
+# Clone Flutter SDK from git (supports both amd64 and arm64)
+RUN git clone --depth 1 --branch ${FLUTTER_VERSION} https://github.com/flutter/flutter.git /opt/flutter && \
+    git config --global --add safe.directory /opt/flutter && \
+    rm -rf /opt/flutter/dev /opt/flutter/examples && \
     chown -R 65532:65532 /opt/flutter
 
-# Mark git directory as safe and compact git history
-RUN git config --global --add safe.directory /opt/flutter && \
-    cd /opt/flutter && git gc --prune=all
-
 USER 65532
 
 # Configure for web-only (disable everything else)

Dockerfile.android

@@ -1,73 +1,39 @@
-FROM svrnty/base-distro:flutter-sdk-latest AS base
+FROM svrnty/base-distro:flutter-sdk-android-latest
 
 ARG FLUTTER_VERSION=3.38.9
-ARG ANDROID_SDK_TOOLS_VERSION=11076708
+ARG ANDROID_SDK_TOOLS_VERSION=14742923
 ARG ANDROID_COMPILE_SDK=36
-ARG ANDROID_BUILD_TOOLS=36.0.0
+ARG ANDROID_BUILD_TOOLS=36.1.0
 
 LABEL org.opencontainers.image.title="flutter-sdk-android"
 LABEL org.opencontainers.image.description="Flutter SDK for Android CI builds"
 LABEL org.opencontainers.image.version="${FLUTTER_VERSION}"
 
-# --- Install JDK and Android SDK in debian (requires apt + shared libs) ---
-FROM debian:bookworm-slim AS android-stage
+USER 0
 
-ARG ANDROID_SDK_TOOLS_VERSION=11076708
-ARG ANDROID_COMPILE_SDK=36
-ARG ANDROID_BUILD_TOOLS=36.0.0
-
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    curl \
-    unzip \
-    openjdk-17-jdk-headless \
-    && rm -rf /var/lib/apt/lists/*
-
-ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
+# Set up Android SDK environment
 ENV ANDROID_HOME=/opt/android-sdk
-ENV PATH="${JAVA_HOME}/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/platform-tools:${PATH}"
+ENV PATH="${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/platform-tools:${PATH}"
 
+# Download Android SDK command-line tools, install SDK components, and remove vulnerable lint-psi
 RUN mkdir -p "${ANDROID_HOME}/cmdline-tools" && \
     curl -fsSL "https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_SDK_TOOLS_VERSION}_latest.zip" \
       -o /tmp/cmdline-tools.zip && \
     unzip -q /tmp/cmdline-tools.zip -d /tmp/cmdline-tools && \
     mv /tmp/cmdline-tools/cmdline-tools "${ANDROID_HOME}/cmdline-tools/latest" && \
-    rm -rf /tmp/cmdline-tools.zip /tmp/cmdline-tools
-
-RUN yes | sdkmanager --licenses > /dev/null 2>&1 && \
+    rm -rf /tmp/cmdline-tools.zip /tmp/cmdline-tools && \
+    yes | sdkmanager --licenses > /dev/null 2>&1 && \
     sdkmanager --install \
       "platform-tools" \
       "platforms;android-${ANDROID_COMPILE_SDK}" \
-      "build-tools;${ANDROID_BUILD_TOOLS}"
+      "build-tools;${ANDROID_BUILD_TOOLS}" && \
+    # Remove lint-psi to eliminate protobuf-java 2.6.1 CVEs (saves 86MB)
+    rm -rf "${ANDROID_HOME}/cmdline-tools/latest/lib/external/lint-psi"
 
-# --- Build final image ---
-FROM base
-
-USER 0
-
-# Copy JDK and its required shared libraries from debian
-COPY --from=android-stage /usr/lib/jvm/java-17-openjdk-amd64 /usr/lib/jvm/java-17-openjdk-amd64
-COPY --from=android-stage /usr/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu
-COPY --from=android-stage /lib/x86_64-linux-gnu /lib/x86_64-linux-gnu
-ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
-ENV PATH="${JAVA_HOME}/bin:${PATH}"
-
-# Copy Android SDK (already set up with licenses and components)
-COPY --from=android-stage /opt/android-sdk /opt/android-sdk
-ENV ANDROID_HOME=/opt/android-sdk
-ENV PATH="${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/platform-tools:${PATH}"
-
-# Download Flutter SDK and strip unnecessary files in a single layer
-RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" \
-      -o /tmp/flutter.tar.xz && \
-    tar xf /tmp/flutter.tar.xz -C /opt && \
-    rm /tmp/flutter.tar.xz && \
-    rm -rf /opt/flutter/dev \
-           /opt/flutter/examples \
-           /opt/flutter/bin/cache/artifacts/engine/linux-* \
-           /opt/flutter/bin/cache/flutter_web_sdk
-
-RUN git config --global --add safe.directory /opt/flutter && \
-    cd /opt/flutter && git gc --prune=all
+# Clone Flutter SDK from git (supports both amd64 and arm64)
+RUN git clone --depth 1 --branch ${FLUTTER_VERSION} https://github.com/flutter/flutter.git /opt/flutter && \
+    git config --global --add safe.directory /opt/flutter && \
+    rm -rf /opt/flutter/dev /opt/flutter/examples
 
 # Fix ownership before switching to flutter user
 RUN chown -R 65532:65532 /opt/flutter "${ANDROID_HOME}"

Dockerfile.linux

@@ -1,4 +1,4 @@
-FROM svrnty/base-distro:flutter-sdk-latest AS base
+FROM svrnty/base-distro:flutter-sdk-linux-latest
 
 ARG FLUTTER_VERSION=3.38.9
 
@@ -6,75 +6,12 @@ LABEL org.opencontainers.image.title="flutter-sdk-linux"
 LABEL org.opencontainers.image.description="Flutter SDK for Linux desktop CI builds"
 LABEL org.opencontainers.image.version="${FLUTTER_VERSION}"
 
-# --- Install Linux desktop build deps in debian ---
-FROM debian:bookworm-slim AS deps-stage
-
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    clang \
-    cmake \
-    ninja-build \
-    pkg-config \
-    libgtk-3-dev \
-    liblzma-dev \
-    libstdc++-12-dev \
-    && rm -rf /var/lib/apt/lists/*
-
-# --- Build final image ---
-FROM base
-
 USER 0
 
-# Download Flutter SDK and strip unnecessary files in a single layer
-RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" \
-      -o /tmp/flutter.tar.xz && \
-    tar xf /tmp/flutter.tar.xz -C /opt && \
-    rm /tmp/flutter.tar.xz && \
-    rm -rf /opt/flutter/dev \
-           /opt/flutter/examples \
-           /opt/flutter/bin/cache/artifacts/engine/android-* \
-           /opt/flutter/bin/cache/flutter_web_sdk
-
-RUN git config --global --add safe.directory /opt/flutter && \
-    cd /opt/flutter && git gc --prune=all
-
-# Remove symlinks that conflict with COPY from debian stage
-RUN rm -f /usr/lib/terminfo
-
-# Copy only specific toolchain binaries (not all of /usr/bin which would overwrite Wolfi's core utils)
-COPY --from=deps-stage /usr/bin/cmake /usr/bin/cmake
-COPY --from=deps-stage /usr/bin/ninja /usr/bin/ninja
-COPY --from=deps-stage /usr/bin/pkg-config /usr/bin/pkg-config
-COPY --from=deps-stage /usr/bin/clang-14 /usr/bin/clang-14
-RUN ln -sf clang-14 /usr/bin/clang && ln -sf clang-14 /usr/bin/clang++
-
-# Copy libraries from debian stage (specific subdirectories to avoid overwriting Wolfi's core libs)
-COPY --from=deps-stage /usr/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu
-COPY --from=deps-stage /usr/lib/llvm-14 /usr/lib/llvm-14
-COPY --from=deps-stage /usr/lib/cmake /usr/lib/cmake
-COPY --from=deps-stage /usr/lib/gcc /usr/lib/gcc
-COPY --from=deps-stage /usr/include /usr/include
-COPY --from=deps-stage /usr/share/cmake-3.25 /usr/share/cmake-3.25
-COPY --from=deps-stage /usr/share/pkgconfig /usr/share/pkgconfig
-COPY --from=deps-stage /lib/x86_64-linux-gnu /lib/x86_64-linux-gnu
-
-# Remove Debian's glibc/ld files that conflict with Wolfi's newer glibc,
-# then register the Debian library paths and rebuild the linker cache
-RUN rm -f /usr/lib/x86_64-linux-gnu/libc.so* /usr/lib/x86_64-linux-gnu/libm.so* \
-         /usr/lib/x86_64-linux-gnu/libpthread* /usr/lib/x86_64-linux-gnu/libdl.so* \
-         /usr/lib/x86_64-linux-gnu/librt.so* /usr/lib/x86_64-linux-gnu/libresolv* \
-         /usr/lib/x86_64-linux-gnu/libmvec* /usr/lib/x86_64-linux-gnu/libnss_* \
-         /usr/lib/x86_64-linux-gnu/ld-linux* /usr/lib/x86_64-linux-gnu/crt*.o \
-         /usr/lib/x86_64-linux-gnu/libpcre2-8.so* \
-         /lib/x86_64-linux-gnu/libc.so* /lib/x86_64-linux-gnu/libc-* \
-         /lib/x86_64-linux-gnu/libm.so* /lib/x86_64-linux-gnu/libm-* \
-         /lib/x86_64-linux-gnu/libpthread* /lib/x86_64-linux-gnu/libdl.so* \
-         /lib/x86_64-linux-gnu/librt.so* /lib/x86_64-linux-gnu/libresolv* \
-         /lib/x86_64-linux-gnu/libmvec* /lib/x86_64-linux-gnu/libnss_* \
-         /lib/x86_64-linux-gnu/ld-linux* \
-         /lib/x86_64-linux-gnu/libpcre2-8.so* && \
-    echo "/usr/lib/x86_64-linux-gnu" > /etc/ld.so.conf.d/debian-x86_64.conf && \
-    echo "/lib/x86_64-linux-gnu" >> /etc/ld.so.conf.d/debian-x86_64.conf && \
-    ldconfig
+# Clone Flutter SDK from git (supports both amd64 and arm64)
+RUN git clone --depth 1 --branch ${FLUTTER_VERSION} https://github.com/flutter/flutter.git /opt/flutter && \
+    git config --global --add safe.directory /opt/flutter && \
+    rm -rf /opt/flutter/dev /opt/flutter/examples
 
 # Fix ownership before switching to flutter user
 RUN chown -R 65532:65532 /opt/flutter