- Pin `pnpm = "11.2.2"` in `mise.toml` so the `docs/src` build uses a
manifest-pinned package manager, bringing the docs toolchain under the
`ci-runtime-tool-versioning` invariant alongside `cue`, `node`, `gx`,
and `git-cliff`.
- Fix the `update_android_version` extractor in `update_version.yml`.
Flutter's `engine/src/flutter/tools/android_sdk/packages.txt` now lists
multiple `build-tools;X.Y.Z` entries on one comma-joined line
(`build-tools;36.1.0,build-tools;35.0.0,...:build-tools`), and the
previous `awk -F'[;:]' '{print $2}'` returned `36.1.0,build-tools`,
which failed `cue vet` one job downstream as
`android.buildTools.version: invalid value "36.1.0,build-tools"`. Anchor
`grep` to `^build-tools` and add `,` to the awk field separator so the
first (highest) version is picked cleanly.
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Replaces per-step `jaxxstorm/action-install-gh-release` and
`actions/setup-node` calls across 7 workflows with a single
`jdx/mise-action@v4` step that reads `mise.toml`. Tool versions now live
in one place — `cue`, `node`, `gx`, `git-cliff`.
- Extends the manifest-first discipline (already used for
Flutter/Android) to the Windows toolchain. `config/version.json` now
carries `windows.git`, `windows.vsBuildTools.cmakeProject`,
`windows.vsBuildTools.windows11Sdk.build`, and
`windows.vsBuildTools.vcTools`; `config/schema.cue` validates them via
new `#SemverQuad` and `#WindowsToolchain` definitions.
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: verified-commit[bot] <180343340+verified-commit[bot]@users.noreply.github.com>
Adds the handoff plumbing that future parallelized validation (p3) will consume.
- New `Compute handoff tag` step: emits `tag` (`pr-N` or `branch-<slug>`) and `is_fork` predicate.
- `Build image` step: `load: true` replaced with multi-line `outputs:` — emits both `type=docker` (local) and `type=registry,push=true,name=...` (registry) in a single buildx run. Registry output is gated on non-fork; multi-output requires buildx ≥ 0.13 (Feb 2024, stable).
- New `Save image as artifact` + `Upload image artifact` steps (fork-PR only): `docker save | gzip` → `actions/upload-artifact@v5` with `retention-days: 1`, `compression-level: 0`.
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: verified-commit[bot] <180343340+verified-commit[bot]@users.noreply.github.com>
- Swaps `cache-from`/`cache-to` in `build.yml/test_image` from
`type=gha` to a GHCR registry tag at
`ghcr.io/<owner>/flutter-android:buildcache`.
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: verified-commit[bot] <180343340+verified-commit[bot]@users.noreply.github.com>
- Replaces the two drifting `clean-runner-disk` /
`clean-runner-disk-windows` composite actions with a single
OS-dispatched action at `.github/actions/clean-runner-disk/`.
- Swaps the Windows hot path from PowerShell `Remove-Item -Recurse
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Repository variables are not exposed to PRs from forks, so jobs that
reference vars.FLUTTER_VERSION at the container.image level fail to
resolve and the workflow template errors out before any step runs.
Replace it with a setup job that reads the latest published release tag
via the GitHub API using the read-only GITHUB_TOKEN, which is available
in fork-PR contexts.
Co-authored-by: Claude <noreply@anthropic.com>
Two related units of work landing together:
**p2-release-windows-image** — adds a `release_windows` job to
`.github/workflows/release.yml` so that cutting a tag publishes
`flutter-windows:<flutter-version>` to Docker Hub, GHCR, and Quay.io
alongside the existing `flutter-android` image. Implementation details:
- Plain `docker build` with multiple `--tag`/`--label` flags parsed from
`docker/metadata-action` outputs, then `docker push` per
registry-prefixed tag. `docker/build-push-action` is not viable on
Windows containers ([issue
#18](https://github.com/docker/build-push-action/issues/18)) and
buildkit's experimental WCOW worker is not available on hosted runners.
**p1-fix-windows-ci-tests archive** — moves the completed change to
`openspec/changes/archive/2026-05-10-p1-fix-windows-ci-tests/` and
promotes the `windows-image-testing` capability spec to
`openspec/specs/`. Also picks up the refined `flutter doctor`
requirement merged from #442.
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: verified-commit[bot] <180343340+verified-commit[bot]@users.noreply.github.com>
- Adds a DeepWiki badge to the README header (sourced in
`docs/src/badges.mdx`, compiled into `readme.md`) linking to
`https://deepwiki.com/gmeligio/flutter-docker-image`
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: verified-commit[bot] <180343340+verified-commit[bot]@users.noreply.github.com>
- **`windows.Dockerfile`** — fixes the `COPY` source path from
`./test/Windows.Tests.ps1` to `./test/windows/Windows.Tests.ps1` (root
cause of the 12-month "in_progress forever" state); adds `COPY
./config/version.json` to the `test` stage; replaces the commented `CMD`
with a real `CMD` so `docker run`/`docker compose run` invokes Pester
without arguments.
- **`test/windows/Windows.Tests.ps1`** — fixes the `VC.CMake.Project`
pattern typo (`,versiona*` → `,version=*`) and standardises all three
VS-component patterns to `,version=*`; adds a `Flutter version` test
that reads `config/version.json` and asserts `flutter --version` inside
the container reports the same version; adds a `Flutter doctor` test
with a per-line parser (skip disabled platforms, fail on any non-`[✓]`
for Windows toolchain lines, fail on `[✗]` elsewhere).
- **`script/RunPester.ps1`** — forces `[Console]::OutputEncoding = UTF8`
so the `[✓]`/`[!]`/`[✗]` doctor glyphs survive the `windows-2025`
runner's default OEM codepage.
- **`test/windows/`** — deletes the dead `ory/dockertest` Go skeleton
(`main.go`, `main_test.go`, `go.mod`, `go.sum`) that was never wired
into CI and had its only meaningful assertion commented out.
- **`.github/workflows/windows.yml`** — deletes three commented-out
blocks (`Scan with Docker Scout`, `Push to Docker Hub`,
`validate_version` job referencing the deleted `config/version.cue`);
drops the now-unused elevated permissions (`packages: write`,
`pull-requests: write`, `security-events: write`).
---------
Co-authored-by: verified-commit[bot] <180343340+verified-commit[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Fixes a broken pipeline: the `single_update` branch had a
half-migrated step that pre-wrote `flutter_version.json` before the JS
comparator ran, causing every scheduled run to emit `result=false` and
skip all downstream jobs — meaning no update PRs were ever opened
- Replaces `script/updateFlutterVersion.js` with a single shell+jq step
that fetches `releases_linux.json`, reads the pinned version, compares,
and only writes when the upstream stable version actually changed
- Sources `android.buildTools.version` from Flutter's own
`engine/src/flutter/tools/android_sdk/packages.txt` at the new tag
(instead of being orphaned with no write path into `version.json`)
- Fixes `config/schema.cue` undefined reference (`#PatchVersion` →
`#SemverPatch`) that caused `cue vet` to fail
- Fixes `config/android.cue` length guard typo (`fileContentTests` →
`commandTests`)
- Fixes the PR creation step writing `commit_message` to `$GITHUB_ENV`
instead of `$GITHUB_OUTPUT`, which resulted in PRs with empty titles and
commit messages
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adopts [`gmeligio/gx`](https://github.com/gmeligio/gx) (0.7.1) as the
source of truth for GitHub Actions versions in this repo:
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Eligio Mariño
renovate[bot]
verified-commit[bot]