Make arch badges clickable to Docker Hub tags page

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.gitea/workflows/sync-readme-badges.yaml

@@ -0,0 +1,68 @@
+name: Sync README Badges
+
+on:
+  workflow_run:
+    workflows: ["Build and Push Flutter SDK Image"]
+    types:
+      - completed
+  workflow_dispatch:
+
+jobs:
+  sync-badges:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Extract versions from Dockerfiles
+        id: versions
+        run: |
+          # Android SDK build-tools version
+          ANDROID_SDK=$(grep -oP 'ANDROID_BUILD_TOOLS=\K[0-9.]+' Dockerfile.android || echo "")
+          echo "android_sdk=${ANDROID_SDK}" >> $GITHUB_OUTPUT
+          echo "Android SDK: ${ANDROID_SDK}"
+
+          # Flutter version (from ARG default)
+          FLUTTER=$(grep -oP 'ARG FLUTTER_VERSION=\K[0-9.]+' Dockerfile.android || echo "")
+          echo "flutter=${FLUTTER}" >> $GITHUB_OUTPUT
+          echo "Flutter: ${FLUTTER}"
+
+      - name: Update README badges
+        run: |
+          ANDROID_SDK="${{ steps.versions.outputs.android_sdk }}"
+          FLUTTER="${{ steps.versions.outputs.flutter }}"
+
+          if [ -n "$ANDROID_SDK" ]; then
+            # Update Android SDK badge version
+            sed -i "s|Android%20SDK-[0-9.]*-green|Android%20SDK-${ANDROID_SDK}-green|g" README.md
+            echo "Updated Android SDK badge to ${ANDROID_SDK}"
+          fi
+
+          if [ -n "$FLUTTER" ]; then
+            # Update Flutter version in variant badges and size badges
+            sed -i "s|web--[0-9.]*-blue|web--${FLUTTER}-blue|g" README.md
+            sed -i "s|android--[0-9.]*-blue|android--${FLUTTER}-blue|g" README.md
+            sed -i "s|linux--[0-9.]*-blue|linux--${FLUTTER}-blue|g" README.md
+            sed -i "s|/web-[0-9.]*?|/web-${FLUTTER}?|g" README.md
+            sed -i "s|/android-[0-9.]*?|/android-${FLUTTER}?|g" README.md
+            sed -i "s|/linux-[0-9.]*?|/linux-${FLUTTER}?|g" README.md
+            echo "Updated Flutter version badges to ${FLUTTER}"
+          fi
+
+      - name: Check for changes
+        id: changes
+        run: |
+          if git diff --quiet README.md; then
+            echo "changed=false" >> $GITHUB_OUTPUT
+          else
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Commit and push
+        if: steps.changes.outputs.changed == 'true'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add README.md
+          git commit -m "Update README badges to match Dockerfile versions"
+          git push

Dockerfile

@@ -8,21 +8,12 @@ LABEL org.opencontainers.image.version="${FLUTTER_VERSION}"
 
 USER 0
 
-# Download Flutter SDK and strip unnecessary files in a single layer
-RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" \
-      -o /tmp/flutter.tar.xz && \
-    tar xf /tmp/flutter.tar.xz -C /opt && \
-    rm /tmp/flutter.tar.xz && \
-    rm -rf /opt/flutter/dev \
-           /opt/flutter/examples \
-           /opt/flutter/bin/cache/artifacts/engine/android-* \
-           /opt/flutter/bin/cache/artifacts/engine/linux-* && \
+# Clone Flutter SDK from git (supports both amd64 and arm64)
+RUN git clone --depth 1 --branch ${FLUTTER_VERSION} https://github.com/flutter/flutter.git /opt/flutter && \
+    git config --global --add safe.directory /opt/flutter && \
+    rm -rf /opt/flutter/dev /opt/flutter/examples && \
     chown -R 65532:65532 /opt/flutter
 
-# Mark git directory as safe and compact git history
-RUN git config --global --add safe.directory /opt/flutter && \
-    cd /opt/flutter && git gc --prune=all
-
 USER 65532
 
 # Configure for web-only (disable everything else)

Dockerfile.android

@@ -28,20 +28,17 @@ RUN mkdir -p "${ANDROID_HOME}/cmdline-tools" && \
       "platforms;android-${ANDROID_COMPILE_SDK}" \
       "build-tools;${ANDROID_BUILD_TOOLS}" && \
     # Remove lint-psi to eliminate protobuf-java 2.6.1 CVEs (saves 86MB)
-    rm -rf "${ANDROID_HOME}/cmdline-tools/latest/lib/external/lint-psi"
+    rm -rf "${ANDROID_HOME}/cmdline-tools/latest/lib/external/lint-psi" && \
+    # Upgrade commons-lang3 from 3.16.0 to 3.18.0 to fix CVE-2025-48924
+    rm -f "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.16.0/commons-lang3-3.16.0.jar" && \
+    mkdir -p "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.18.0" && \
+    curl -fsSL "https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar" \
+      -o "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar"
 
-# Download Flutter SDK and strip unnecessary files
-RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" \
-      -o /tmp/flutter.tar.xz && \
-    tar xf /tmp/flutter.tar.xz -C /opt && \
-    rm /tmp/flutter.tar.xz && \
-    rm -rf /opt/flutter/dev \
-           /opt/flutter/examples \
-           /opt/flutter/bin/cache/artifacts/engine/linux-* \
-           /opt/flutter/bin/cache/flutter_web_sdk
-
-RUN git config --global --add safe.directory /opt/flutter && \
-    cd /opt/flutter && git gc --prune=all
+# Clone Flutter SDK from git (supports both amd64 and arm64)
+RUN git clone --depth 1 --branch ${FLUTTER_VERSION} https://github.com/flutter/flutter.git /opt/flutter && \
+    git config --global --add safe.directory /opt/flutter && \
+    rm -rf /opt/flutter/dev /opt/flutter/examples
 
 # Fix ownership before switching to flutter user
 RUN chown -R 65532:65532 /opt/flutter "${ANDROID_HOME}"

Dockerfile.linux

@@ -8,18 +8,13 @@ LABEL org.opencontainers.image.version="${FLUTTER_VERSION}"
 
 USER 0
 
-# Download Flutter SDK and strip unnecessary files
-RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" \
-      -o /tmp/flutter.tar.xz && \
-    tar xf /tmp/flutter.tar.xz -C /opt && \
-    rm /tmp/flutter.tar.xz && \
-    rm -rf /opt/flutter/dev \
-           /opt/flutter/examples \
-           /opt/flutter/bin/cache/artifacts/engine/android-* \
-           /opt/flutter/bin/cache/flutter_web_sdk
+# Remove rav1e to eliminate CVE in paste crate (not needed for Flutter)
+RUN rm -f /usr/bin/rav1e /usr/lib/librav1e.so* /var/lib/db/sbom/rav1e-*.spdx.json
 
-RUN git config --global --add safe.directory /opt/flutter && \
-    cd /opt/flutter && git gc --prune=all
+# Clone Flutter SDK from git (supports both amd64 and arm64)
+RUN git clone --depth 1 --branch ${FLUTTER_VERSION} https://github.com/flutter/flutter.git /opt/flutter && \
+    git config --global --add safe.directory /opt/flutter && \
+    rm -rf /opt/flutter/dev /opt/flutter/examples
 
 # Fix ownership before switching to flutter user
 RUN chown -R 65532:65532 /opt/flutter

README.md

@@ -0,0 +1,111 @@
+# Flutter SDK Docker Images
+
+<a href="https://git.openharbor.io/svrnty/docker-flutter-sdk" target="_blank"><img src="https://img.shields.io/badge/Git-Repository-orange?logo=gitea" alt="Git Repository"></a>
+<a href="https://hub.docker.com/r/svrnty/flutter-sdk" target="_blank"><img src="https://img.shields.io/badge/Docker%20Hub-svrnty%2Fflutter--sdk-blue?logo=docker" alt="Docker Hub"></a>
+<a href="https://hub.docker.com/r/svrnty/flutter-sdk" target="_blank"><img src="https://img.shields.io/docker/pulls/svrnty/flutter-sdk?logo=docker" alt="Docker Pulls"></a>
+<a href="https://developer.android.com/tools/releases/build-tools" target="_blank"><img src="https://img.shields.io/badge/Android%20SDK-36.1.0-green?logo=android" alt="Android SDK"></a>
+<a href="https://wolfi.dev" target="_blank"><img src="https://img.shields.io/badge/Base-Wolfi-purple?logo=linux" alt="Wolfi"></a>
+
+Lightweight Flutter SDK images for CI/CD pipelines. Built on [Wolfi](https://wolfi.dev), a security-focused Linux distribution designed for containers.
+
+## Images
+
+| Variant | Use Case | Size | Arch |
+|---------|----------|------|------|
+| <a href="https://hub.docker.com/r/svrnty/flutter-sdk/tags?name=web" target="_blank"><img src="https://img.shields.io/badge/flutter--sdk-web--3.38.9-blue?logo=docker" alt="web-3.38.9"></a> | Web/WASM builds | <img src="https://img.shields.io/docker/image-size/svrnty/flutter-sdk/web-3.38.9?label=&logo=docker" alt="size"> | <a href="https://hub.docker.com/r/svrnty/flutter-sdk/tags?name=web" target="_blank"><img src="https://img.shields.io/badge/amd64-orange" alt="amd64"></a> &nbsp; <a href="https://hub.docker.com/r/svrnty/flutter-sdk/tags?name=web" target="_blank"><img src="https://img.shields.io/badge/arm64-2e7d32" alt="arm64"></a> |
+| <a href="https://hub.docker.com/r/svrnty/flutter-sdk/tags?name=android" target="_blank"><img src="https://img.shields.io/badge/flutter--sdk-android--3.38.9-blue?logo=docker" alt="android-3.38.9"></a> | Android APK/AAB builds | <img src="https://img.shields.io/docker/image-size/svrnty/flutter-sdk/android-3.38.9?label=&logo=docker" alt="size"> | <a href="https://hub.docker.com/r/svrnty/flutter-sdk/tags?name=android" target="_blank"><img src="https://img.shields.io/badge/amd64-orange" alt="amd64"></a> &nbsp; <a href="https://hub.docker.com/r/svrnty/flutter-sdk/tags?name=android" target="_blank"><img src="https://img.shields.io/badge/arm64-2e7d32" alt="arm64"></a> |
+| <a href="https://hub.docker.com/r/svrnty/flutter-sdk/tags?name=linux" target="_blank"><img src="https://img.shields.io/badge/flutter--sdk-linux--3.38.9-blue?logo=docker" alt="linux-3.38.9"></a> | Linux desktop builds | <img src="https://img.shields.io/docker/image-size/svrnty/flutter-sdk/linux-3.38.9?label=&logo=docker" alt="size"> | <a href="https://hub.docker.com/r/svrnty/flutter-sdk/tags?name=linux" target="_blank"><img src="https://img.shields.io/badge/amd64-orange" alt="amd64"></a> &nbsp; <a href="https://hub.docker.com/r/svrnty/flutter-sdk/tags?name=linux" target="_blank"><img src="https://img.shields.io/badge/arm64-2e7d32" alt="arm64"></a> |
+
+## Why Wolfi?
+
+[Wolfi](https://wolfi.dev) is a lightweight Linux distribution built specifically for containers. It provides:
+
+- **Minimal footprint** - Only essential packages, nothing extra
+- **Daily security updates** - Patches applied quickly
+- **Designed for containers** - No legacy cruft from traditional distros
+
+## Features
+
+- **Lightweight** - Optimized for fast CI/CD pulls
+- **Secure** - Built on Wolfi with continuous vulnerability scanning
+- **Multi-arch** - Supports both `linux/amd64` and `linux/arm64`
+- **Non-root** - Runs as unprivileged user (UID 65532)
+- **Supply chain security** - SBOM and SLSA provenance attestations included
+
+## Usage
+
+### Web
+
+```bash
+docker run --rm -v $(pwd):/app -w /app svrnty/flutter-sdk:web-latest \
+  flutter build web
+```
+
+### Android
+
+```bash
+docker run --rm -v $(pwd):/app -w /app svrnty/flutter-sdk:android-latest \
+  flutter build apk
+```
+
+### Linux Desktop
+
+```bash
+docker run --rm -v $(pwd):/app -w /app svrnty/flutter-sdk:linux-latest \
+  flutter build linux
+```
+
+## CI/CD Examples
+
+### GitHub Actions
+
+```yaml
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: svrnty/flutter-sdk:android-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: flutter build apk --release
+```
+
+### GitLab CI
+
+```yaml
+build:
+  image: svrnty/flutter-sdk:android-latest
+  script:
+    - flutter build apk --release
+```
+
+### Gitea Actions
+
+```yaml
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: svrnty/flutter-sdk:android-latest
+    steps:
+      - uses: actions/checkout@v3
+      - run: flutter build apk --release
+```
+
+## Tags
+
+- `<variant>-latest` - Latest stable Flutter release
+- `<variant>-<version>` - Specific Flutter version (e.g., `android-3.38.9`)
+- `<variant>-dev` - Pre-release testing
+
+## Automatic Updates
+
+Images are automatically rebuilt when:
+- New Flutter stable versions are released
+- Base image security updates are available
+
+Every build is scanned and includes supply chain attestations (SBOM, SLSA provenance).
+
+## License
+
+MIT