FROM svrnty/base-distro:flutter-sdk-android-latest

ARG FLUTTER_VERSION=3.38.9
ARG ANDROID_SDK_TOOLS_VERSION=14742923
ARG ANDROID_COMPILE_SDK=36
ARG ANDROID_BUILD_TOOLS=36.1.0

LABEL org.opencontainers.image.title="flutter-sdk-android"
LABEL org.opencontainers.image.description="Flutter SDK for Android CI builds"
LABEL org.opencontainers.image.version="${FLUTTER_VERSION}"

USER 0

# Set up Android SDK environment
ENV ANDROID_HOME=/opt/android-sdk
ENV PATH="${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/platform-tools:${PATH}"

# Download Android SDK command-line tools, install SDK components, and remove vulnerable lint-psi
RUN mkdir -p "${ANDROID_HOME}/cmdline-tools" && \
    curl -fsSL "https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_SDK_TOOLS_VERSION}_latest.zip" \
      -o /tmp/cmdline-tools.zip && \
    unzip -q /tmp/cmdline-tools.zip -d /tmp/cmdline-tools && \
    mv /tmp/cmdline-tools/cmdline-tools "${ANDROID_HOME}/cmdline-tools/latest" && \
    rm -rf /tmp/cmdline-tools.zip /tmp/cmdline-tools && \
    yes | sdkmanager --licenses > /dev/null 2>&1 && \
    sdkmanager --install \
      "platform-tools" \
      "platforms;android-${ANDROID_COMPILE_SDK}" \
      "build-tools;${ANDROID_BUILD_TOOLS}" && \
    # Remove lint-psi to eliminate protobuf-java 2.6.1 CVEs (saves 86MB)
    rm -rf "${ANDROID_HOME}/cmdline-tools/latest/lib/external/lint-psi" && \
    # Upgrade commons-lang3 from 3.16.0 to 3.18.0 to fix CVE-2025-48924
    rm -f "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.16.0/commons-lang3-3.16.0.jar" && \
    mkdir -p "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.18.0" && \
    curl -fsSL "https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar" \
      -o "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar"

# Clone Flutter SDK from git (supports both amd64 and arm64)
RUN git clone --depth 1 --branch ${FLUTTER_VERSION} https://github.com/flutter/flutter.git /opt/flutter && \
    git config --global --add safe.directory /opt/flutter && \
    rm -rf /opt/flutter/dev /opt/flutter/examples

# Fix ownership before switching to flutter user
RUN chown -R 65532:65532 /opt/flutter "${ANDROID_HOME}"

USER 65532

# Configure Flutter for Android-only
RUN flutter config --enable-android \
    --no-enable-web \
    --no-enable-ios \
    --no-enable-linux-desktop \
    --no-enable-macos-desktop \
    --no-enable-windows-desktop \
    --android-sdk "${ANDROID_HOME}"

# Precache only Android artifacts
RUN flutter precache --android \
    --no-web \
    --no-ios \
    --no-linux \
    --no-macos \
    --no-windows \
    --no-fuchsia \
    --no-universal

RUN flutter doctor -v

WORKDIR /app