chore(release): update flutter dependencies in version.json for 3.32.1 (#345)

Co-authored-by: verified-commit[bot] <180343340+verified-commit[bot]@users.noreply.github.com>

.env.example

@@ -2,4 +2,6 @@ FLUTTER_VERSION=3.7.7
 FASTLANE_VERSION=2.213.0
 ANDROID_BUILD_TOOLS_VERSION=30.0.3
 ANDROID_PLATFORM_VERSIONS=28 31 33
-ENABLE_ANALYTICS=true
+ENABLE_ANALYTICS=true
+ANDROID_NDK_VERSION=26.3.11579264
+CMAKE_VERSION=3.22.1

.github/renovate.json

@@ -9,9 +9,13 @@
   ],
   "packageRules": [
     {
+      "description": "Schedule Github Actions updates on the first day of the month",
       "groupName": "github-actions",
       "matchDatasources": [
         "github-tags"
+      ],
+      "schedule": [
+        "* 0-3 1 * *"
       ]
     }
   ],
@@ -22,9 +26,10 @@
         "^Dockerfile$"
       ],
       "matchStrings": [
-        "#\\s*renovate:\\s*datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\sARG .*?_VERSION=\"(?<currentValue>.*)\"\\s"
+        "#\\s*renovate:\\s*release=(?<release>.*?) depName=(?<depName>.*?)\\sARG .*?_VERSION=\"(?<currentValue>.*)\"\\s"
       ],
-      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
+      "registryUrlTemplate": "https://deb.debian.org/debian?{{#if release }}release={{release}}{{else}}suite=stable{{/if}}&components=main,contrib,non-free&binaryArch=amd64",
+      "datasourceTemplate": "deb"
     }
   ]
 }

.github/workflows/build.yml

@@ -2,10 +2,14 @@ on:
   pull_request:
   workflow_dispatch:
 
-# Declare default permissions as read only.
+# Read-only permissions by default
 permissions:
   contents: read
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
+
 jobs:
   test_image:
     permissions:
@@ -21,43 +25,48 @@ jobs:
       VERSION_MANIFEST: config/version.json
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Docker Hub
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
- 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
+
+      - name: Setup CUE
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
 
       - name: Read environment variables from version.json
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
           GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
-        run: ./script/set_environment_variables.sh
+          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
+          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
 
       - name: Load image metadata
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         id: metadata
         with:
           images: |
             ${{ env.IMAGE_REPOSITORY_PATH }}
-            ghcr.io/${{ env.IMAGE_REPOSITORY_PATH }}
-            quay.io/${{ env.IMAGE_REPOSITORY_PATH }}
           tags: |
             type=raw,value=${{ env.FLUTTER_VERSION }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
       - name: Build image and push to local Docker daemon
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
         with:
+          file: android.Dockerfile
           load: true
           cache-from: type=gha
           cache-to: type=gha,mode=max
@@ -81,7 +90,7 @@ jobs:
       # TODO: Parallelize testing and vulnerability scanning
       - name: Scan with Docker Scout
         id: docker-scout
-        uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1
+        uses: docker/scout-action@381b657c498a4d287752e7f2cfb2b41823f566d9 # v1.17.1
         with:
           command: compare, recommendations
           # Use the Docker Hub image that is the first tag in the metadata
@@ -100,26 +109,36 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Setup Cue for JSON validation
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
+      - name: Setup CUE
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
 
-      - name: Validate version.json and flutter_version.json
+      - name: Validate version.json and flutter_version.json with CUE
         run: |
-          cue vet config/version.cue config/version.json
-          cue vet config/flutter_version.cue config/flutter_version.json
+          cue vet config/version.cue -d '#FlutterVersion' config/flutter_version.json
+          cue vet config/version.cue -d '#Version' config/version.json
 
   validate_generated_config:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Generate test files
-        uses: mikefarah/yq@bbdd97482f2d439126582a59689eb1c855944955 # v4
+      - name: Setup CUE
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
         with:
-          cmd: ./script/update_test.sh
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
+
+      - name: Generate test files with CUE
+        run: |
+          ./script/update_test.sh
 
       - name: Check if there are any changes in the git working tree
         run: |
@@ -130,10 +149,10 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       
       - name: Setup NodeJS
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           cache: 'npm'
           cache-dependency-path: docs/src/package-lock.json
@@ -162,7 +181,7 @@ jobs:
         password: ${{ github.token }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Read version.json
         id: version-json
@@ -182,7 +201,7 @@ jobs:
         run: |
           cd $FLUTTER_ROOT
           git fetch origin ${{ env.FLUTTER_VERSION }}:${{ env.FLUTTER_VERSION }}
-          git switch ${{ env.FLUTTER_VERSION }}
+          git switch --discard-changes ${{ env.FLUTTER_VERSION }}
 
       - name: Create test application
         run: |
@@ -194,8 +213,12 @@ jobs:
           cat ../../script/updateAndroidVersions.gradle.kts >> app/build.gradle.kts
           ./gradlew --warning-mode all updateAndroidVersions
 
-      - name: Setup Cue for JSON validation
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
+      - name: Setup CUE
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
 
-      - name: Validate version.json
-        run: cue vet config/version.cue config/version.json
+      - name: Validate version.json with CUE
+        run: cue vet config/version.cue -d '#Version' config/version.json

.github/workflows/ci.yml

@@ -0,0 +1,130 @@
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+# Read-only permissions by default
+permissions:
+  contents: read
+
+env:
+  IMAGE_REPOSITORY_NAME: flutter-android
+  VERSION_MANIFEST: config/version.json
+
+jobs:
+  test_image:
+    runs-on: ubuntu-24.04
+    env:
+      ANDROID_BUILD_TOOLS_VERSION: 30.0.3
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Setup CUE
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
+
+      - name: Read environment variables from version.json
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
+          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
+          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
+
+      - name: Load image metadata
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        id: metadata
+        with:
+          images: |
+            ${{ env.IMAGE_REPOSITORY_PATH }}
+          tags: |
+            type=raw,value=${{ env.FLUTTER_VERSION }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: Build image and push to local Docker daemon
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        with:
+          file: android.Dockerfile
+          load: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          target: android
+          build-args: |
+            flutter_version=${{ env.FLUTTER_VERSION }}
+            fastlane_version=${{ env.FASTLANE_VERSION }}
+            android_build_tools_version=${{ env.ANDROID_BUILD_TOOLS_VERSION }}
+            android_platform_versions=${{ env.ANDROID_PLATFORM_VERSIONS }}
+            android_ndk_version=${{ env.ANDROID_NDK_VERSION }}
+            cmake_version=${{ env.CMAKE_VERSION }}
+
+      - name: Test image
+        uses: plexsystems/container-structure-test-action@c0a028aa96e8e82ae35be556040340cbb3e280ca # v0.3.0
+        with:
+          image: ${{ fromJSON(steps.metadata.outputs.json).tags[0] }}
+          config: test/android.yml
+
+  create_git_tag:
+    permissions:
+      # Allow to write contents to push tags
+      contents: write
+    needs: test_image
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Generate authentication token with GitHub App to trigger Actions
+        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
+        id: app-token
+        with:
+          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
+          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
+          repositories: ${{ github.event.repository.name }}
+          owner: ${{ github.repository_owner }}
+
+      - name: Setup CUE
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
+
+      - name: Read environment variables from version.json
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
+          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
+          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
+      
+      - name: Create Tag for a New Flutter Version
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          OLD_FLUTTER_VERSION: ${{ vars.FLUTTER_VERSION }}
+          NEW_FLUTTER_VERSION: ${{ env.FLUTTER_VERSION }}
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const script = require('./script/createGitTag.js')
+            await script({ core, context, github })

.github/workflows/release.yml

@@ -1,22 +1,15 @@
 on:
   push:
-    branches:
-      - main
-    # paths:
-    #   - .github/workflows/release.yml
-    #   - Dockerfile
-    #   - config/version.json
-    #   - script/docker-entrypoint.sh
-    #   - script/set_environment_variables.sh
-    #   - test/**
+    tags:
+    - '*'
   workflow_dispatch:
 
-# Declare default permissions as read only.
+# Read-only permissions by default
 permissions:
   contents: read
 
 jobs:
-  build_push_android:
+  release_android:
     permissions:
       # Allow to write packages to push the container image to the Github Container Registry
       packages: write
@@ -29,47 +22,57 @@ jobs:
       VERSION_MANIFEST: config/version.json
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Generate authentication token with GitHub App
-        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
-        id: generate-token
+      - name: Generate authentication token with GitHub App to trigger Actions
+        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
+        id: app-token
         with:
           app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
           private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
+          repositories: ${{ github.event.repository.name }}
+          owner: ${{ github.repository_owner }}
 
       - name: Login to Docker Hub
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
       - name: Login to Quay.io
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_ROBOT_TOKEN }}
 
+      - name: Setup CUE
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
+
       - name: Read environment variables from version.json
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
           GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
-        run: ./script/set_environment_variables.sh
-
-      - name: Set environment variable for image repository and tag
-        run: |
-          IMAGE_REPOSITORY_PATH="${{ github.repository_owner }}/${{ env.IMAGE_REPOSITORY_NAME }}"
-          echo "IMAGE_REPOSITORY_PATH=$IMAGE_REPOSITORY_PATH" >> $GITHUB_ENV
+          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
+          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
 
       - name: Load image metadata
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         id: metadata
         with:
           images: |
@@ -80,34 +83,12 @@ jobs:
             type=raw,value=${{ env.FLUTTER_VERSION }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
-
-      - name: Build image and push to local Docker daemon
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
-        with:
-          load: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          tags: ${{ steps.metadata.outputs.tags }}
-          labels: ${{ steps.metadata.outputs.labels }}
-          target: android
-          build-args: |
-            flutter_version=${{ env.FLUTTER_VERSION }}
-            fastlane_version=${{ env.FASTLANE_VERSION }}
-            android_build_tools_version=${{ env.ANDROID_BUILD_TOOLS_VERSION }}
-            android_platform_versions=${{ env.ANDROID_PLATFORM_VERSIONS }}
-            android_ndk_version=${{ env.ANDROID_NDK_VERSION }}
-            cmake_version=${{ env.CMAKE_VERSION }}
-
-      - name: Test image
-        uses: plexsystems/container-structure-test-action@c0a028aa96e8e82ae35be556040340cbb3e280ca # v0.3.0
-        with:
-          image: ${{ fromJSON(steps.metadata.outputs.json).tags[0] }}
-          config: test/android.yml
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
       - name: Build image and push it to registries
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
         with:
+          file: android.Dockerfile
           push: true
           cache-from: type=gha
           cache-to: type=gha,mode=max
@@ -123,7 +104,7 @@ jobs:
             cmake_version=${{ env.CMAKE_VERSION }}
 
       - name: Update Docker Hub description
-        uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4
+        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
@@ -133,7 +114,7 @@ jobs:
 
       - name: Record image in Docker Scout environment
         id: docker-scout-environment
-        uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1
+        uses: docker/scout-action@381b657c498a4d287752e7f2cfb2b41823f566d9 # v1.17.1
         with:
           command: environment, cves
           # Use the Docker Hub image that is the first tag in the metadata
@@ -146,12 +127,12 @@ jobs:
       - name: Update bootstrap image tag in environment variable
         run: gh variable set FLUTTER_VERSION --body "${{ env.FLUTTER_VERSION }}"
         env:
-          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
 
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3
+        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           sarif_file: sarif.json
 

.github/workflows/scorecard.yml

@@ -34,12 +34,12 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
       - name: Run analysis
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -61,7 +61,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: Upload artifact
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: SARIF file
           path: results.sarif
@@ -70,6 +70,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3
+        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           sarif_file: results.sarif

.github/workflows/update_flutter_dependencies.yml

@@ -1,106 +0,0 @@
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - .github/workflows/update_flutter_dependencies.yml
-      - config/flutter_version.json
-  workflow_dispatch:
-
-# Declare default permissions as read only.
-permissions:
-  contents: read
-
-jobs:
-  update_version:
-    permissions:
-      # Allow to write contents to push commits
-      contents: write
-      # Allow to read packages to pull the container image from GitHub Container Registry
-      packages: read
-      # Allow to write pull requests to create a pull request
-      pull-requests: write
-    runs-on: ubuntu-24.04
-    container:
-      image: ghcr.io/${{ github.repository_owner }}/flutter-android:${{ vars.FLUTTER_VERSION }}
-      credentials:
-        username: ${{ github.actor }}
-        password: ${{ github.token }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-
-      - name: Generate authentication token with GitHub App
-        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
-        id: generate-token
-        with:
-          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
-          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
-
-      - name: Copy Flutter version into version manifest and export FLUTTER_* environment variables
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
-        with:
-          script: |
-            const script = require('./script/copyFlutterVersion.js')
-            await script({core})
-
-      - name: Update latest Fastlane version
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
-        with:
-          script: |
-            const script = require('./script/updateFastlaneVersion.js')
-            await script({core, fetch})
-
-      - name: Setup Flutter
-        run: |
-          cd $FLUTTER_ROOT
-          git fetch origin ${{ env.FLUTTER_VERSION }}:${{ env.FLUTTER_VERSION }}
-          git switch ${{ env.FLUTTER_VERSION }}
-
-      # TODO: Create test app in specific folder with step id, to allow parallel execution
-      - name: Create test application
-        run: |
-          flutter create test_app
-
-      # TODO: Cache gradle https://github.com/gradle/gradle-build-action
-      - name: Update default Android platform versions in Flutter
-        working-directory: test_app/android
-        run: |
-          cat ../../script/updateAndroidVersions.gradle.kts >> app/build.gradle.kts
-          ./gradlew --warning-mode all updateAndroidVersions
-
-      - name: Clean test application
-        run: |
-          rm -rf test_app
-
-      - name: Setup Cue for JSON validation
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
-
-      - name: Validate version.json
-        run: cue vet config/version.cue config/version.json
-
-      - name: Setup NodeJS
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
-        with:
-          cache: 'npm'
-          cache-dependency-path: docs/src/package-lock.json
-          node-version-file: docs/src/package.json
-
-      - name: Update documentation
-        working-directory: docs/src
-        run: |
-          npm ci --prefer-offline
-          npm run build
-
-      - name: Create commit message variable
-        run: |
-          echo "COMMIT_MESSAGE=chore: update flutter dependencies in version.json for ${{ env.FLUTTER_VERSION }}" >> $GITHUB_ENV
-
-      - name: Create pull request if there are changes
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7
-        with:
-          commit-message: ${{ env.COMMIT_MESSAGE }}
-          branch: update-flutter-dependencies/${{ env.FLUTTER_VERSION }}
-          sign-commits: true
-          title: ${{ env.COMMIT_MESSAGE }}
-          token: ${{ steps.generate-token.outputs.token }}

.github/workflows/update_flutter_version.yml

@@ -1,53 +0,0 @@
-on:
-  schedule:
-    - cron: '0 0 * * MON-FRI'
-  workflow_dispatch:
-
-# Declare default permissions as read only.
-permissions:
-  contents: read
-
-jobs:
-  update_flutter_version:
-    permissions:
-      # Allow to write contents to push commits
-      contents: write
-      # Allow to write pull requests to push commits and write comments
-      pull-requests: write
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-
-      - name: Generate authentication token with GitHub App
-        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
-        id: generate-token
-        with:
-          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
-          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
-
-      - name: Update latest Flutter version
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
-        with:
-          script: |
-            const script = require('./script/updateFlutterVersion.js')
-            await script({core, fetch})
-
-      - name: Setup Cue for JSON validation
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
-
-      - name: Validate version.json
-        run: cue vet config/flutter_version.cue config/flutter_version.json
-
-      - name: Create commit message variable
-        run: |
-          echo "COMMIT_MESSAGE=chore: update flutter version in flutter_version.json to ${{ env.FLUTTER_VERSION }}" >> $GITHUB_ENV
-
-      - name: Create pull request if there are changes
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7
-        with:
-          commit-message: ${{ env.COMMIT_MESSAGE }}
-          branch: update-flutter-version/${{ env.FLUTTER_VERSION }}
-          sign-commits: true
-          title: ${{ env.COMMIT_MESSAGE }}
-          token: ${{ steps.generate-token.outputs.token }}

.github/workflows/update_version.yml

@@ -0,0 +1,185 @@
+on:
+  schedule:
+    - cron: '0 0 * * MON-FRI'
+  workflow_dispatch:
+
+# Declare default permissions as read only.
+permissions:
+  contents: read
+
+jobs:
+  update_flutter_version:
+    permissions:
+      # Allow to write contents to push commits
+      contents: write
+      # Allow to write pull requests to push commits and write comments
+      pull-requests: write
+    runs-on: ubuntu-24.04
+    outputs:
+      new_version: ${{ steps.update_flutter_version.outputs.result }}
+      version_artifact_id: ${{ steps.upload-version.outputs.artifact-id }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Update latest Flutter version
+        id: update_flutter_version
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const script = require('./script/updateFlutterVersion.js')
+            return await script({core, fetch})
+
+      - name: Setup CUE
+        if: ${{ steps.update_flutter_version.outputs.result == 'true' }}
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
+
+      - name: Validate version.json with CUE
+        if: ${{ steps.update_flutter_version.outputs.result == 'true' }}
+        run: cue vet config/version.cue -d '#FlutterVersion' config/flutter_version.json
+
+      - name: Upload artifact with the new Flutter version
+        if: ${{ steps.update_flutter_version.outputs.result == 'true' }}
+        id: upload-version
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: flutter_version.json
+          path: config/flutter_version.json
+  
+  update_android_version:
+    permissions:
+      # Allow to write contents to push commits
+      contents: write
+      # Allow to read packages to pull the container image from GitHub Container Registry
+      packages: read
+      # Allow to write pull requests to create a pull request
+      pull-requests: write
+    needs: update_flutter_version
+    if: ${{ needs.update_flutter_version.outputs.new_version == 'true' }}
+    runs-on: ubuntu-24.04
+    container:
+      image: ghcr.io/${{ github.repository_owner }}/flutter-android:${{ vars.FLUTTER_VERSION }}
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # TODO: Fetch only a few commits after using --unreleased in git-cliff
+          # Fetch all commits to use as input for the changelog generation
+          fetch-depth: 0
+          # Fetch all tags to use as input for the changelog generation
+          fetch-tags: true
+
+      # TODO: Workaround because actions/download-artifact can't overwrite existing files
+      # Check if this workaround can be removed after the following issues are fixed:
+      # https://github.com/actions/download-artifact/issues/225
+      # https://github.com/actions/download-artifact/issues/138
+      - name: Delete flutter_version.json
+        run: rm config/flutter_version.json
+
+      - name: Download artifact with the new Flutter version
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          artifact-ids: ${{ needs.update_flutter_version.outputs.version_artifact_id }}
+          path: config
+          # Download to the configured path instead of separated directories by artifact id
+          merge-multiple: true
+
+      - name: Generate authentication token with GitHub App to trigger Actions
+        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
+        id: app-token
+        with:
+          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
+          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
+          repositories: ${{ github.event.repository.name }}
+          owner: ${{ github.repository_owner }}
+
+      - name: Copy Flutter version into version manifest and export FLUTTER_* environment variables
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const script = require('./script/copyFlutterVersion.js')
+            await script({core})
+
+      - name: Update latest Fastlane version
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const script = require('./script/updateFastlaneVersion.js')
+            await script({core, fetch})
+
+      - name: Setup Flutter
+        run: |
+          cd $FLUTTER_ROOT
+          git fetch origin ${{ env.FLUTTER_VERSION }}:${{ env.FLUTTER_VERSION }}
+          git switch --discard-changes ${{ env.FLUTTER_VERSION }}
+
+      # TODO: Create test app in specific folder with step id, to allow parallel execution
+      - name: Create test application
+        run: |
+          flutter create test_app
+
+      # TODO: Cache gradle https://github.com/gradle/gradle-build-action
+      - name: Update default Android platform versions in Flutter
+        working-directory: test_app/android
+        run: |
+          cat ../../script/updateAndroidVersions.gradle.kts >> app/build.gradle.kts
+          ./gradlew --warning-mode all updateAndroidVersions
+
+      - name: Clean test application
+        run: |
+          rm -rf test_app
+
+      - name: Setup CUE
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
+
+      - name: Validate version.json with CUE
+        run: cue vet config/version.cue -d '#Version' config/version.json
+
+      - name: Setup NodeJS
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: docs/src/package-lock.json
+          node-version-file: docs/src/package.json
+
+      - name: Update documentation
+        working-directory: docs/src
+        run: |
+          npm ci --prefer-offline
+          npm run build
+
+      - name: Setup git-cliff
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: orhun/git-cliff
+          tag: v2.8.0
+          digest: 17da092783079c63a0fb14c24fbfa0d3b589e225c6ef01c93111e39cecbc88e8
+
+      - name: Update changelog
+        run: |
+          git-cliff -v --tag ${{ env.FLUTTER_VERSION }} --github-repo ${{ github.repository }} --output changelog.md
+
+      - name: Create commit message variable
+        run: |
+          echo "COMMIT_MESSAGE=chore(release): update flutter dependencies in version.json for ${{ env.FLUTTER_VERSION }}" >> $GITHUB_ENV
+
+      # TODO: Generate changelog for the new flutter version, that will be the new tag
+      - name: Create pull request if there are changes
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+          commit-message: ${{ env.COMMIT_MESSAGE }}
+          branch: update-flutter-dependencies/${{ env.FLUTTER_VERSION }}
+          sign-commits: true
+          title: ${{ env.COMMIT_MESSAGE }}
+          token: ${{ steps.app-token.outputs.token }}

.github/workflows/windows.yml

@@ -0,0 +1,99 @@
+on:
+  pull_request:
+  workflow_dispatch:
+
+# Read-only permissions by default
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
+
+jobs:
+  test_windows:
+    permissions:
+      # Allow to write packages for the docker/scout-action to write a comment
+      packages: write
+      # Allow to write pull requests for the docker/scout-action to write a comment
+      pull-requests: write
+      # Allow to write security events for github/codeql-action/upload-sarif to upload SARIF results
+      security-events: write 
+    runs-on: windows-2025
+    env:
+      IMAGE_REPOSITORY_NAME: flutter-android
+      VERSION_MANIFEST: config/version.json
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Read environment variables from version.json
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
+          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
+          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
+
+      # - name: Load image metadata
+      #   uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+      #   id: metadata
+      #   with:
+      #     images: |
+      #       ${{ env.IMAGE_REPOSITORY_PATH }}
+      #     tags: |
+      #       type=raw,value=${{ env.FLUTTER_VERSION }}
+
+      # - name: Set up Docker Buildx
+      #   uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: Build image and push to local Docker daemon
+        shell: powershell
+        run: |
+          docker build . -f windows.Dockerfile --build-arg flutter_version=${{ env.FLUTTER_VERSION }} -t ${{ env.IMAGE_REPOSITORY_PATH }}
+
+      # - name: Build image and push to local Docker daemon
+      #   uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+      #   with:
+      #     file: windows.Dockerfile
+      #     load: true
+      #     cache-from: type=gha
+      #     cache-to: type=gha,mode=max
+      #     labels: ${{ steps.metadata.outputs.labels }}
+      #     tags: ${{ steps.metadata.outputs.tags }}
+      #     target: android
+      #     build-args: |
+      #       flutter_version=${{ env.FLUTTER_VERSION }}
+
+    #   - name: Test image
+    #     uses: plexsystems/container-structure-test-action@c0a028aa96e8e82ae35be556040340cbb3e280ca # v0.3.0
+    #     with:
+    #       image: ${{ fromJSON(steps.metadata.outputs.json).tags[0] }}
+    #       config: test/android.yml
+
+    #   # TODO: Parallelize testing and vulnerability scanning
+    #   - name: Scan with Docker Scout
+    #     id: docker-scout
+    #     uses: docker/scout-action@0133ff88fe16d4a412dc4827a8fccbccb6b583e0 # v1.16.3
+    #     with:
+    #       command: compare, recommendations
+    #       # Use the Docker Hub image that is the first tag in the metadata
+    #       image: local://${{ fromJson(steps.metadata.outputs.json).tags[0] }}
+    #       # github-token is needed to be able to write the PR comment
+    #       github-token: ${{ github.token }}
+    #       only-fixed: true
+    #       organization: ${{ secrets.DOCKER_HUB_USERNAME }}
+    #       # sarif-file: output.sarif.json
+    #       to-env: prod
+    #       # Enable debug logging when needed
+    #       # debug: true
+    #       # verbose-debug: true

android.Dockerfile

@@ -1,18 +1,18 @@
-FROM debian:12-slim@sha256:40b107342c492725bc7aacbe93a49945445191ae364184a6d24fedb28172f6f7 AS flutter
+FROM debian:12.11-slim@sha256:90522eeb7e5923ee2b871c639059537b30521272f10ca86fdbbbb2b75a8c40cd AS flutter
 
 SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
 
 ENV LANG=C.UTF-8
 
-# renovate: datasource=repology depName=debian_12/curl versioning=loose
-ARG CURL_VERSION="7.88.1-10+deb12u8"
-# renovate: datasource=repology depName=debian_12/git versioning=loose
+# renovate: release=bullseye depName=curl
+ARG CURL_VERSION="7.88.1-10+deb12u12"
+# renovate: release=bullseye depName=git
 ARG GIT_VERSION="1:2.39.5-0+deb12u2"
-# renovate: datasource=repology depName=debian_12/lcov versioning=loose
+# renovate: release=bullseye depName=lcov
 ARG LCOV_VERSION="1.16-1"
-# renovate: datasource=repology depName=debian_12/ca-certificates versioning=loose
+# renovate: release=bullseye depName=ca-certificates
 ARG CA_CERTIFICATES_VERSION="20230311"
-# renovate: datasource=repology depName=debian_12/unzip versioning=loose
+# renovate: release=bullseye depName=unzip
 ARG UNZIP_VERSION="6.0-28"
 
 USER root
@@ -58,13 +58,14 @@ ENV PATH="$PATH:$FLUTTER_ROOT/bin:$FLUTTER_ROOT/bin/cache/dart-sdk/bin"
 
 ARG flutter_version
 
-# TODO: Add --depth 1 after https://github.com/flutter/flutter/issues/163198 is fixed
 RUN git clone \
+    --depth 1 \
     --branch "$flutter_version" \
     https://github.com/flutter/flutter.git \
     "$FLUTTER_ROOT" \
     && chown -R flutter:flutter "$FLUTTER_ROOT" \
     && flutter --version \
+    && flutter config --no-cli-animations \
     && dart --disable-analytics \
     && flutter config \
     --no-cli-animations \
@@ -79,10 +80,10 @@ RUN git clone \
     --no-enable-macos-desktop \
     && flutter doctor
 
-COPY --chown=flutter:flutter ./script/docker-entrypoint.sh "$HOME/docker-entrypoint.sh"
-RUN chmod +x "$HOME/docker-entrypoint.sh"
+COPY --chown=flutter:flutter ./script/docker_linux_entrypoint.sh "$HOME/docker_entrypoint.sh"
+RUN chmod +x "$HOME/docker_entrypoint.sh"
 
-ENTRYPOINT [ "/home/flutter/docker-entrypoint.sh" ]
+ENTRYPOINT [ "/home/flutter/docker_entrypoint.sh" ]
 
 #-----------------------------------------------
 #-----------------------------------------------
@@ -92,9 +93,9 @@ FROM flutter AS fastlane
 
 SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
 
-# renovate: datasource=repology depName=debian_12/ruby-dev versioning=loose
+# renovate: release=bullseye depName=ruby-dev
 ARG RUBY_VERSION="1:3.1"
-# renovate: datasource=repology depName=debian_12/build-essential versioning=loose
+# renovate: release=bullseye depName=build-essential
 ENV BUILD_ESSENTIAL_VERSION="12.9"
 
 USER root
@@ -148,9 +149,9 @@ ENV ANDROID_HOME="$SDK_ROOT/android-sdk" \
     JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
 ENV PATH="$PATH:$ANDROID_HOME/cmdline-tools/latest/bin:$ANDROID_HOME/platform-tools:$HOME/.local/bin"
 
-# renovate: datasource=repology depName=debian_12/openjdk-17-jdk-headless versioning=loose
-ARG OPENJDK_17_JDK_HEADLESS_VERSION="17.0.14+7-1~deb12u1"
-# renovate: datasource=repology depName=debian_12/sudo versioning=loose
+# renovate: release=bullseye depName=openjdk-17-jdk-headless
+ARG OPENJDK_17_JDK_HEADLESS_VERSION="17.0.15+6-1~deb12u1"
+# renovate: release=bullseye depName=sudo
 ARG SUDO_VERSION="1.9.13p3-1+deb12u1"
 
 USER root

changelog.md

@@ -0,0 +1,454 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [3.32.0] - 2025-05-23
+
+### ⚙️ Miscellaneous Tasks
+
+- Generate changelog with git-cliff (#330)
+- Set tools digest to verify integrity (#331)
+- Download immutable artifact by id (#337)
+- Update artifact download configuration (#342)
+- *(release)* Update flutter dependencies in version.json for 3.32.0 (#343)
+
+## [3.29.3] - 2025-04-17
+
+### 🚀 Features
+
+- Build windows image (#314)
+
+### 🐛 Bug Fixes
+
+- *(deps)* Update dependency mdx-to-md to ^0.5.0 (#324)
+
+### 💼 Other
+
+- *(deps)* Bump @babel/runtime (#312)
+- Update windows image to ltsc2025 (#317)
+- *(deps)* Bump estree-util-value-to-estree from 3.3.2 to 3.3.3 in /docs/src in the npm_and_yarn group across 1 directory (#325)
+
+### 📚 Documentation
+
+- Add table of contents and image table (#323)
+
+### ⚙️ Miscellaneous Tasks
+
+- Single workflow to update versions (#311)
+- Get version from parsed JSON (#313)
+- Schedule GitHub Actions updates on the first day of the month (#318)
+- Upgrade artifact actions to use digest (#319)
+- Grant app token only  current repository (#320)
+- Download-artifact can not overwrite existing files (#327)
+- Path is a folder in download-artifact (#328)
+- Update flutter dependencies in version.json for 3.29.3 (#329)
+
+## [3.29.2] - 2025-03-15
+
+### ⚙️ Miscellaneous Tasks
+
+- Generate tag with Github App token to trigger Actions (#305)
+- Run pr build only from latest commit (#306)
+- Upgrade actions only for new major or minor versions (#308)
+- Update flutter version in flutter_version.json to 3.29.2 (#309)
+- Update flutter dependencies in version.json for 3.29.2 (#310)
+
+## [3.29.1] - 2025-03-09
+
+### 🐛 Bug Fixes
+
+- Use github context because octokit is not available (#293)
+
+### 💼 Other
+
+- Replace yq with cue to reduce tool dependencies (#296)
+
+### 📚 Documentation
+
+- Mention Flutter license (#301)
+
+### ⚙️ Miscellaneous Tasks
+
+- Split ci and release workflows (#291)
+- Checkout repository (#292)
+- Read environment variables in create_git_tag (#294)
+- Define VERSION_MANIFEST at workflow level (#295)
+- Replace jq with cue to reduce tool dependencies (#297)
+- Use deb renovate datasource instead of repology (#300)
+- Update flutter version in flutter_version.json to 3.29.1 (#302)
+- Discard changes to flutter source code when switching tags (#303)
+- Update flutter dependencies in version.json for 3.29.1 (#304)
+
+## [3.29.0] - 2025-02-17
+
+### 🐛 Bug Fixes
+
+- Update version.json path
+- Remove annotation CompileDynamic
+- Remove ecr registry
+- Don't print message on entrypoint to allow initial calls from CI systems (#155)
+
+### 💼 Other
+
+- Move Dockerfile to root
+- Remove locale env and update regex and update git version
+- Create flutter base image and then android
+- Set non-root user as flutter
+- Flutter downloads obsolete Android SDK Tools (revision: 26.1.1)
+- Add entrypoint to change ownership of CI_PROJECT_DIR
+- Leave sudo but remove entrypoint
+- Add logical and before modifying sudoers
+- Add pattern /builds/* to sudoers
+- Add image opencontainers labels
+- Set JAVA_HOME
+- Explicitly set java home
+- Join env statements
+- Add multiple platform versions
+- Use platforms_versions
+- Do not quote array of arguments in build args
+- Upgrade curl to 7.81.0-1ubuntu1.8
+- Upgrade openjdk-11-jdk to 11.0.18+10-0ubuntu1~22.04 and sudo to 1.9.9-1ubuntu2.2
+- Add ENABLE_ANALYTICS to entrypoint
+- Upgrade curl to 7.81.0-1ubuntu1.10
+- Update sudo to 1.9.9-1ubuntu2.4
+- Add repology source ubuntu 22:04
+- Remove os specifc versioning
+- Fix typo between curl and git
+- Fix ubuntu package names
+- Upgrade git to 2.34.1-1ubuntu1.8
+- Add args for openjdk and sudo
+- Make entrypoint executable
+- Copy entrypoint with flutter user permissions
+- Upgrade openjdk-11-jdk to 11.0.19+7~us1-0ubuntu1~22.04.1
+- Chmod entrypoint
+- Migrate to openjdk-11-jdk-headless
+- Migrate to JRE with openjdk-11-jre-headless
+- Restore openjdk-11-jdk-headless
+- Uncomment flutter installation
+- Switch to debian/debian:11-slim
+- Add cross-env
+- Add fastlane stage
+- Install fastlane with bundler
+- Update dependencies versions in manifest with flutter 3.13.0' (#33)
+- Upgrade to openjdk 17 to 17.0.7+7-1~deb11u1 (#37)
+- Upgrade to debian 12 (#78)
+- Change debian registry to docker hub (#90)
+- Upgrade openjdk-17-jdk-headless to 17.0.10+7-1~deb12u1 (#158)
+- Join parsed platform versions with space
+- *(deps)* Bump braces (#196)
+- *(deps)* Bump cross-spawn from 7.0.3 to 7.0.6 in /docs/src in the npm_and_yarn group across 1 directory (#267)
+- *(deps)* Bump esbuild (#285)
+- Remove --depth 1 from git clone in Dockerfile (#287)
+
+### 🚜 Refactor
+
+- Format version.json with prettier
+- Update renovate according to validator (#122)
+- Migrate Android version update script to Kotlin DSL and remove Groovy version (#288)
+
+### 📚 Documentation
+
+- Add todo to get latest versions
+- Clarify readme
+- Leave registry link only
+- Add mdx readme
+- Update readme.mdx
+- Add license
+- Add url to badges
+- Delete images.json
+- Reorganize readme
+- Mention gitlab ci yaml
+- Render docs
+- Update tool versions
+- Rename usage to getting started
+- Add source repository
+- Reorganize readme
+- Add interpolating expressions and className to code blocks
+- Replace triple backtick with pre code block to remove exceeding line
+- Delete unused sha from readme
+- Explain more why not latest
+- Split readme and ecr about
+- Add fastlane related project
+- Change wording of related projects
+- Remove todo URLs from Dockerfile
+- Add command to render both docs
+- Add channel badge
+- Update android badges
+- Add space after first badge
+- Use .com github domain
+- Group sections related to features (#42)
+- Update documents (#233)
+- Update license path (#234)
+- Add a security policy (#238)
+- Add openssf scorecard (#241)
+- Reorganize sections in readme.md (#264)
+
+### 🧪 Testing
+
+- Add test_app
+- Add test commands for downloads
+- Increase timeout to 4m
+- Verify analytics are disabled
+- Check dart and flutter analytics are disabled
+- Fastlane can run lanes
+- Update expected android sdk command line tools to version 11.0 (#38)
+- Gradle can have a patch version
+- Platforms can have multiple versions
+
+### ⚙️ Miscellaneous Tasks
+
+- Add example workflow
+- Sync after commit in vscode
+- Move scripts to a new directory
+- Build and push to ecr
+- Add variable IMAGE_REPOSITORY_TAG
+- Update scripts
+- Give write permission to packages to github token
+- Give read permission to contents to github token
+- Use variables for container registries
+- Use kaniko to build and push
+- Upgrade flutter to 3.7.3
+- Add --use-new-run to kaniko
+- Use --snapshotMode=redo in kaniko
+- Upgrade flutter to 3.7.4
+- Add env variables FLUTTER_VERSION and ANDROID_BUILD_TOOLS_VERSION
+- Add env variable PLATFORMS_VERSIONS
+- Read version json
+- Read version.json
+- Add outputs
+- Format echo
+- Use release version in action zoexx/github-action-json-file-properties
+- Echo all outputs
+- Print all outputs
+- Output only flutter
+- FromJson version and commit
+- Use fromJson in flutter_version
+- Add github action for graphql
+- Updating github-token to GH_API_TOKEN
+- Log more output
+- Keep only latest tag
+- Unescape regex
+- Write latest tag to file
+- Add property node
+- Read current version json
+- Create pull request
+- Add permissions for create pull request
+- Add flutter version to tag
+- Add variable env.FLUTTER_VERSION
+- Setup flutter
+- Use fromJson
+- Create test app
+- Running gradlew
+- Add extension to updateAndroidPlatform.gradle
+- Use forward slash for path separator
+- Restore create pull request
+- Clean test app
+- Run on every day
+- Push to docker hub
+- Push to quay
+- Load image metadata with docker/metadata-action
+- Use raw tags in metadata
+- Get last 20 tags to increase change of matching regex
+- Add renovate
+- Change ENV to ARG in renovate
+- Disable docker major updates
+- Disable docker minor update
+- Pin version of ca-certificates
+- Add version epoch to git ubuntu version
+- Add environment variable GITHUB_SHORT_SHA
+- Use snapshotMode redo in kaniko
+- Update openjdk-11-jre-headless in renovate annotation
+- Update gradle version
+- Rename gradle script to updateAndroidVersions
+- Delete unused test_app
+- Show platform versions
+- Use jq to extract variables from version.json
+- Add xargs to convert multiline string to string with spaces
+- Migrate to docker/build-push-action to allow testing image
+- Setup buildx with docker/setup-buildx-action
+- Use ghcr for image cache
+- Test image structure
+- Add build args and cache to local docker image
+- Setup docker buildx before testing image
+- Add target android
+- Change path triggers
+- Update docs after version
+- Set the docs path to docs/src
+- Add npm cache to documentation update job
+- Change setup-node path
+- Change working directory for update android versions
+- Update docker hub description
+- Fix gradle script path
+- Update ecr repository description
+- Use preinstalled jq in github actions
+- Remove exceeding single quote
+- Remove sha from tag
+- Export flutter version from javascript
+- Check in which channel the tag exists
+- Remove semicolon
+- Move github script to script directory
+- Fix typo in script directory
+- Reorganize files to clean root directory
+- Add variable CACHE_REPOSITORY_PATH
+- Rename android test to bundle test
+- Update fastlane version
+- Log version
+- Await json
+- Initialize data in js
+- Require fs
+- Increase tags returned from query to 60
+- Add flutter-version to renovate.json
+- Add flutter regex to renovate
+- Use recursive matchStringsStrategy for flutter-version
+- Escape dot in fileMatch regex
+- Set config directory for flutter version
+- Remove recursive strategy from renovate
+- Split update workflow into flutter and dependencies
+- Declare version variable
+- Add workflow_dispatch trigger
+- Correct flutter version to 3.10.6
+- Update trigger to flutter_version
+- Run update_flutter_dependencies after pr is merged
+- Change automatic pr title
+- Add other trigger to job if
+- Move paths to pull request event (#31)
+- Override version json with flutter version (#32)
+- Use gitsign to sign commits in github workflows (#34)
+- Add tag chainguard-dev/actions/setup-gitsign@main (#35)
+- Update openjdk11 to 11.0.20+8-1~deb11u1 (#36)
+- Use commit sha for github action versions (#39)
+- Trigger workflow on push to main instead of pr closed (#41)
+- Search in releases json file instead of github query (#43)
+- LinuxReleasesResponse variable (#44)
+- Use volta to reproduce nodejs version (#45)
+- Get node version from package.json (#47)
+- Merge old and new maps in gradle (#48)
+- Use putAll to merge maps (#49)
+- Validate json schema with cue (#50)
+- Update dependencies versions in manifest with flutter 3.13.1 (#51)
+- Update dependencies versions in manifest with flutter 3.13.1 (#54)
+- Remove quote from pr title (#53)
+- Update dependencies versions in manifest with flutter 3.13.2 (#57)
+- Update dependencies versions in manifest with flutter 3.13.2 (#58)
+- Update dependencies versions in manifest with flutter 3.13.3 (#62)
+- Update dependencies versions in manifest with flutter 3.13.3 (#64)
+- Pin cue-lang/setup-cue action to digest (#66)
+- Update dependencies versions in manifest with flutter 3.13.4 (#72)
+- Update dependencies versions in manifest with flutter 3.13.4 (#73)
+- Add workflow for changes that affect the dockerfile (#77)
+- Automerge chainguard digest changes (#79)
+- Update dependencies versions in manifest with flutter 3.13.4 (#80)
+- Change action host os to ubuntu-22.04 (#81)
+- Change setup-flutter action to follow tag v2.2 (#82)
+- Update dependencies versions in manifest with flutter 3.13.5 (#86)
+- Update dependencies versions in manifest with flutter 3.13.5 (#87)
+- Ignore .vscode folder (#89)
+- Add renovate groups (#94)
+- Update dependencies versions in manifest with flutter 3.13.6 (#95)
+- Update dependencies versions in manifest with flutter 3.13.6 (#96)
+- Rename jobs to separate status checks (#97)
+- Update path of readme.md (#100)
+- Update dependencies versions in manifest with flutter 3.13.7 (#101)
+- Update dependencies versions in manifest with flutter 3.13.7 (#102)
+- Update pull request titles created with action (#103)
+- Update flutter version in flutter_version.json to 3.13.8 (#107)
+- Use GH_APP_TOKEN to trigger workflows on created pull requests (#109)
+- Update flutter dependencies in version.json for 3.13.8 (#108)
+- Update flutter version in flutter_version.json to 3.13.9 (#112)
+- Update flutter dependencies in version.json for 3.13.9 (#113)
+- Update flutter version in flutter_version.json to 3.16.0 (#120)
+- Update flutter dependencies in version.json for 3.16.0 (#121)
+- Update flutter version in flutter_version.json to 3.16.1 (#129)
+- Update flutter dependencies in version.json for 3.16.1 (#130)
+- Update flutter version in flutter_version.json to 3.16.2 (#131)
+- Update flutter dependencies in version.json for 3.16.2 (#132)
+- Run renovate monthly (#134)
+- Update flutter version in flutter_version.json to 3.16.3 (#135)
+- Update flutter dependencies in version.json for 3.16.3 (#136)
+- Update flutter version in flutter_version.json to 3.16.4 (#137)
+- Update flutter dependencies in version.json for 3.16.4 (#138)
+- Update flutter version in flutter_version.json to 3.16.5 (#139)
+- Update flutter dependencies in version.json for 3.16.5 (#140)
+- Update flutter version in flutter_version.json to 3.16.6 (#143)
+- Update flutter dependencies in version.json for 3.16.6 (#144)
+- Update flutter version in flutter_version.json to 3.16.7 (#145)
+- Update flutter dependencies in version.json for 3.16.7 (#146)
+- Update flutter version in flutter_version.json to 3.16.8 (#147)
+- Update flutter dependencies in version.json for 3.16.8 (#148)
+- Update flutter version in flutter_version.json to 3.16.9 (#149)
+- Update flutter dependencies in version.json for 3.16.9 (#150)
+- Run build if entrypoint changes (#156)
+- Split config validation (#157)
+- Check if files were changed (#159)
+- Update flutter version in flutter_version.json to 3.19.0 (#160)
+- Update flutter dependencies in version.json for 3.19.0 (#163)
+- Update flutter version in flutter_version.json to 3.19.1 (#165)
+- Update flutter dependencies in version.json for 3.19.1 (#166)
+- Update flutter version in flutter_version.json to 3.19.2 (#167)
+- Update flutter dependencies in version.json for 3.19.2 (#168)
+- Update cron schedule to run only on weekdays (#173)
+- Update flutter version in flutter_version.json to 3.19.3 (#174)
+- Update flutter dependencies in version.json for 3.19.3 (#175)
+- Update flutter version in flutter_version.json to 3.19.4 (#176)
+- Update flutter dependencies in version.json for 3.19.4 (#177)
+- Update flutter version in flutter_version.json to 3.19.5 (#178)
+- Update flutter dependencies in version.json for 3.19.5 (#179)
+- Update flutter version in flutter_version.json to 3.19.6 (#182)
+- Update flutter dependencies in version.json for 3.19.6 (#183)
+- Update flutter version in flutter_version.json to 3.22.0 (#186)
+- Update flutter dependencies in version.json for 3.22.0 (#187)
+- Update flutter version in flutter_version.json to 3.22.1 (#188)
+- Update flutter dependencies in version.json for 3.22.1 (#189)
+- Update flutter version in flutter_version.json to 3.22.2 (#192)
+- Update flutter dependencies in version.json for 3.22.2 (#193)
+- Update flutter dependencies in version.json for 3.22.2 (#197)
+- Update flutter version in flutter_version.json to 3.22.3 (#202)
+- Update flutter dependencies in version.json for 3.22.3 (#203)
+- Update fastlane in version.json for 3.22.3 (#206)
+- Upgrade peter-evans/create-pull-request to v6 (#207)
+- Upgrade cue-lang/setup-cue to v1.0.1 (#208)
+- Upgrade cue-lang/setup-cue to v1.0.1 in other workflows (#209)
+- Update flutter version in flutter_version.json to 3.24.0 (#210)
+- Update flutter dependencies in version.json for 3.24.0 (#211)
+- Update flutter version in flutter_version.json to 3.24.1 (#212)
+- Update flutter dependencies in version.json for 3.24.1 (#213)
+- Use github integration for docker buildx cache (#218)
+- Add docker/scout-action to compare differences (#219)
+- Record only docker hub image (#220)
+- Scout compare (#221)
+- Pin docker/scount-action (#226)
+- Update flutter version in flutter_version.json to 3.24.2 (#227)
+- Run job in ghcr.io/gmeligio/flutter-android image (#228)
+- Update flutter dependencies in version.json for 3.24.2 (#229)
+- Update repo flutter version after pushing new image (#230)
+- Update flutter version in flutter_version.json to 3.24.3 (#231)
+- Update flutter dependencies in version.json for 3.24.3 (#232)
+- Add scorecard (#235)
+- Set default permission to contents:read (#236)
+- Add CODEOWNERS (#237)
+- Upload docker hub CVEs to code scanning (#239)
+- Pin yq action with sha (#240)
+- Show only fixable CVEs (#242)
+- Update flutter dependencies in version.json for 3.24.3 (#247)
+- Unify PR workflows into build.yml (#248)
+- Rename build_and_push workflow to release (#249)
+- Update flutter dependencies in version.json for 3.24.3 (#250)
+- Update flutter version in flutter_version.json to 3.24.4 (#251)
+- Update flutter dependencies in version.json for 3.24.4 (#252)
+- Run renovate weekly to keep low noise with prHourlyLimit 2 (#255)
+- Update flutter version in flutter_version.json to 3.24.5 (#262)
+- Update flutter dependencies in version.json for 3.24.5 (#263)
+- Update flutter version in flutter_version.json to 3.27.0 (#270)
+- Update flutter dependencies in version.json for 3.27.0 (#271)
+- Update flutter version in flutter_version.json to 3.27.1 (#272)
+- Update flutter dependencies in version.json for 3.27.1 (#273)
+- Update flutter version in flutter_version.json to 3.27.2 (#276)
+- Update flutter dependencies in version.json for 3.27.2 (#277)
+- Update flutter version in flutter_version.json to 3.27.3 (#279)
+- Update flutter dependencies in version.json for 3.27.3 (#280)
+- Update flutter version in flutter_version.json to 3.27.4 (#282)
+- Update flutter dependencies in version.json for 3.27.4 (#283)
+- Update flutter version in flutter_version.json to 3.29.0 (#286)
+- Update flutter dependencies in version.json for 3.29.0 (#289)
+
+<!-- generated by git-cliff -->

config/android.cue

@@ -0,0 +1,29 @@
+#FileContentTests: {
+	name: string
+	path: _
+	expectedContents: [string]
+}
+
+#ContainerStructureTest: {
+	schemaVersion: _
+	commandTests: _
+	fileContentTests: [...#FileContentTests]
+}
+
+input: #ContainerStructureTest
+
+android_cmdline_tools_version: string @tag(android_cmdline_tools_version)
+android_cmdline_tools_test_expected_content: string @tag(android_cmdline_tools_test_expected_content)
+
+output: {
+	schemaVersion: input.schemaVersion
+	commandTests: input.commandTests
+	fileContentTests: [
+		{
+			name: "Android SDK Command-line Tools is version \(android_cmdline_tools_version)"
+			path: input.fileContentTests[0].path
+			expectedContents: [android_cmdline_tools_test_expected_content]
+		},
+		input.fileContentTests[1]
+	]
+}

config/flutter_version.json

@@ -1,7 +1,7 @@
 {
     "flutter": {
         "channel": "stable",
-        "commit": "35c388afb57ef061d06a39b537336c87e0e3d1b1",
-        "version": "3.29.0"
+        "commit": "b25305a8832cfc6ba632a7f87ad455e319dccce8",
+        "version": "3.32.1"
     }
 }

config/version.cue

@@ -13,20 +13,27 @@ import "list"
 	version!: =~ "^\\d+.\\d+.\\d+$"
 }
 
+#FlutterVersion: {
+	flutter: {
+		channel!: "stable" | "beta"
+		commit!:  strings.MaxRunes(40)
+		#PatchVersion
+	}
+}
 
 #MinorOrPatchVersion: #MinorVersion | #PatchVersion
 
-flutter: {
-	channel!: "stable" | "beta"
-	commit!:  strings.MaxRunes(40)
-	#PatchVersion
-}
+#Version: {
+	#FlutterVersion
 
-android: {
-	platforms!: [...#PlatformVersion] & list.MinItems(1) & list.UniqueItems
-	gradle!: #MinorOrPatchVersion
-	buildTools!: #PatchVersion
-	cmdlineTools!: #MinorVersion
-}
+	android: {
+		platforms!: [...#PlatformVersion] & list.MinItems(1) & list.UniqueItems
+		gradle!: #MinorOrPatchVersion
+		buildTools!: #PatchVersion
+		cmdlineTools!: #MinorVersion
+		ndk!: #PatchVersion
+		cmake!: #PatchVersion
+	}
 
-fastlane!: #PatchVersion
+	fastlane!: #PatchVersion
+}

config/version.json

@@ -1,8 +1,8 @@
 {
     "flutter": {
         "channel": "stable",
-        "commit": "35c388afb57ef061d06a39b537336c87e0e3d1b1",
-        "version": "3.29.0"
+        "commit": "b25305a8832cfc6ba632a7f87ad455e319dccce8",
+        "version": "3.32.1"
     },
     "android": {
         "platforms": [
@@ -11,13 +11,13 @@
             }
         ],
         "gradle": {
-            "version": "8.10.2"
+            "version": "8.12"
         },
         "buildTools": {
             "version": "34.0.0"
         },
         "cmdlineTools": {
-            "version": "12.0"
+            "version": "19.0"
         },
         "ndk": {
             "version": "26.3.11579264"
@@ -27,6 +27,6 @@
         }
     },
     "fastlane": {
-        "version": "2.226.0"
+        "version": "2.227.2"
     }
 }

docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   flutter:
     build:
-      context: .
+      dockerfile: ./android.Dockerfile
       target: flutter
       args:
         flutter_version: $FLUTTER_VERSION
@@ -10,7 +10,6 @@ services:
   
   fastlane:
     build:
-      context: .
       target: fastlane
       args:
         flutter_version: $FLUTTER_VERSION
@@ -20,7 +19,7 @@ services:
   
   android:
     build:
-      context: .
+      dockerfile: ./android.Dockerfile
       target: android
       args:
         flutter_version: $FLUTTER_VERSION
@@ -31,3 +30,9 @@ services:
         cmake_version: $CMAKE_VERSION
     environment:
       ENABLE_ANALYTICS: $ENABLE_ANALYTICS
+
+  windows:
+    build:
+      dockerfile: ./windows.Dockerfile
+      args:
+        flutter_version: $FLUTTER_VERSION

docs/contributing.md

@@ -6,4 +6,10 @@
 
 When adding new Github Actions the `.github\renovate.json` needs to be checked and add the new action to:
 
-* the automerge array if it's not an important action
+* the automerge array if it's not an important action
+
+### Dockerfile stages
+
+1. `flutter` stage hast only the dependencies required to install flutter and common tools used by flutter internal commands, like `git`.
+2. `fastlane` stage has the dependencies required to install fastlane but doesn't install fastlane.
+3. `android` stage has the dependencies required to install the Android SDK and to develop Flutter apps for Android.

docs/src/compile.js

@@ -0,0 +1,31 @@
+import { writeFile } from 'node:fs/promises'
+import { mdxToMd } from 'mdx-to-md'
+import { resolve } from 'node:path'
+import remarkGfm from 'remark-gfm'
+import remarkToc from 'remark-toc'
+
+/**
+ * @see https://github.com/kentcdodds/mdx-bundler?tab=readme-ov-file#mdxoptions
+ */
+function mdxOptions(options) {
+  options.remarkPlugins = [
+    ...(options.remarkPlugins ?? []),
+    remarkGfm,
+    remarkToc,
+  ]
+
+  return options
+}
+
+const args = process.argv.slice(2)
+const sourceRelativePath = args[0]
+const outputRelativePath = args[1]
+const markdown = await mdxToMd(resolve(sourceRelativePath), {
+  mdxOptions,
+})
+const banner = `This markdown file was auto-generated from "${sourceRelativePath}"`
+const readme = `<!--- ${banner} -->\n\n${markdown}`
+
+await writeFile(outputRelativePath, readme)
+
+console.log(`📝 Converted ${sourceRelativePath} -> ${outputRelativePath}`)

docs/src/content.mdx

@@ -5,7 +5,9 @@ export const androidJson = versionJson.android
 export const gradleVersion = androidJson.gradle.version
 export const buildToolsVersion = androidJson.buildTools.version
 export const repositoryPath = 'gmeligio/flutter-android'
-export const imageUri = `${repositoryPath}:${flutterVersion}`
+export const dockerHubUri = `${repositoryPath}:${flutterVersion}`
+export const githubUri = `ghcr.io/${dockerHubUri}`
+export const quayUri = `quay.io/${dockerHubUri}`
 export const androidPlatformVersions = androidJson.platforms.map(p => p.version).join(', ')
 export const androidNdkVersion = androidJson.ndk.version
 export const dockerHubUrl = `https://hub.docker.com/r/${repositoryPath}`
@@ -17,6 +19,8 @@ Docker images for Flutter Continuous Integration (CI). The source is available [
 
 The images includes the minimum tools to run Flutter and build apps. The versions of the tools installed are based on the official [Flutter](https://github.com/flutter/flutter) repository. The final goal is that Flutter doesn't need to download anything like tools or SDKs when running the container.
 
+## Contents
+
 ## Features
 
 - Installed Flutter SDK {flutterVersion}.
@@ -32,50 +36,40 @@ Predownloaded SDKs and tools in Android:
 - Android NDK: {androidNdkVersion}
 - Gradle: {gradleVersion}
 
-## Alpha Stability
-
-The images are experimental and are in active development. They are being used for small projects but there is no confirmation of production usage yet.
-
 ## Running Containers
 
-Registries:
-
-- <a href={dockerHubUrl}>Docker Hub</a>
-- [Github Container Registry](https://github.com/gmeligio/flutter-docker-image/pkgs/container/flutter-android)
-- <a href={quayUrl}>Quay</a>
+| Registry                  | flutter-android                                        |
+|---------------------------|--------------------------------------------------------|
+| Docker Hub                | <a href={dockerHubUrl}>{dockerHubUri}</a>    |
+| GitHub Container Registry | <a href="https://github.com/gmeligio/flutter-docker-image/pkgs/container/flutter-android">{githubUri}</a> |
+| Quay                      | <a href={quayUrl}>{quayUri}</a> |
 
 On the terminal:
 <pre><code className="language-bash">
-{`# From Docker Hub
-docker run --rm -it ${imageUri} bash
-
-# From GitHub Container Registry
-docker run --rm -it ghcr.io/${imageUri} bash
-
-# From Quay.io
-docker run --rm -it quay.io/${imageUri} bash`}
+{`# From GitHub Container Registry
+docker run --rm -it ${githubUri} bash`}
 </code></pre>
 
 On a workflow in GitHub Actions:
 <pre><code className="language-yaml">
 {`jobs:
-  build:
-    runs-on: ubuntu-22.04
-    container:
-      image: ghcr.io/${imageUri}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Build
-        run: flutter build apk`}
+    build:
+      runs-on: ubuntu-22.04
+      container:
+        image: ${githubUri}
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v2
+        - name: Build
+          run: flutter build apk`}
 </code></pre>
 
 On a `.gitlab-ci.yml` in GitLab CI:
 <pre><code className="language-yaml">
 {`build:
-  image: ghcr.io/${imageUri}
-  script:
-    - flutter build apk`}
+    image: ${githubUri}
+    script:
+      - flutter build apk`}
 </code></pre>
 
 Fastlane:
@@ -89,45 +83,37 @@ bundle install --prefer-local
 bundle exec fastlane`}
 </code></pre>
 
-## Versions
+## Tags
 
-There is no `latest` Docker tag on purpose. You need to specify the version of the image you want to use. The reason for that is that `latest` is a dynamic tag that can be confusing when reading the image URI because doesn't necessarily point to the latest image built and can cause unexpected behavior when rerunning a past CI job that runs with an overwritten latest tags. There are multiple articles explaining more about this reasoning like [What's Wrong With The Docker :latest Tag?](https://vsupalov.com/docker-latest-tag/) and [The misunderstood Docker tag: latest](https://medium.com/@mccode/the-misunderstood-docker-tag-latest-af3babfd6375).
-
-The tag is composed of the Flutter version used to build the image. For example:
-- Docker image: {imageUri}
+Every new tag on the flutter stable channel gets built. The tag is composed of the Flutter version used to build the image:
+- Docker image: {dockerHubUri}
 - Flutter version: {flutterVersion}
 
-## Developing Locally
+## Building Locally
 
-### Running The Container
+The android.Dockerfile expects a few arguments:
 
-The Dockerfile expects a few parameters:
 - `flutter_version <string>`: The version of Flutter to use when building. Example: {flutterVersion}
 - `android_build_tools_version <string>`: The version of the Android SDK Build Tools to install. Example: {buildToolsVersion}
-- `android_platform_versions <list>`: The versions of the Android SDK Platforms to install, separated by spaces. Example: 28 31 33
+- `android_platform_versions <list>`: The versions of the Android SDK Platforms to install, separated by spaces. Example: {androidPlatformVersions}
   
 <pre><code className="language-bash">
 {`# Android
 docker build --target android --build-arg flutter_version=${flutterVersion} --build-arg fastlane_version=${fastlaneVersion} --build-arg android_build_tools_version=${buildToolsVersion} --build-arg android_platform_versions="${androidPlatformVersions}" -t android-test .`}
 </code></pre>
 
-### Dockerfile stages
-
-The base image is `debian/debian:12-slim` and from there multiple stages are created:
-1. `flutter` stage hast only the dependencies required to install flutter and common tools used by flutter internal commands, like `git`.
-1. `fastlane` stage has the dependencies required to install fastlane but doesn't install fastlane.
-1. `android` stage has the dependencies required to install the Android SDK and to develop Flutter apps for Android.
-
 ## Roadmap
 
 - Minimal image with predownloaded SDKs and tools ready to run `flutter` commands for the platforms:
-   - [ ] iOS
-   - [ ] Linux
-   - [ ] Windows
-   - [ ] Web
+   
+   - iOS
+   - Linux
+   - Windows
+   - Web
 
 - Android features:
-   - [ ] Android emulator
+   
+   - Android emulator
 
 ## FAQ
 
@@ -135,24 +121,20 @@ The base image is `debian/debian:12-slim` and from there multiple stages are cre
 
 The storage of the images starts to cost after 50 GB and increases with every pushed image because the AWS Free Tier covers up to 50 GB of total storage for free in ECR Public.
 
+## Why there is no dynamic tag like `latest`?
+
+There is no `latest` Docker tag on purpose. You need to specify the version of the image you want to use. The reason for that is that `latest` can cause unexpected behavior when rerunning a past CI job that was expected to use the old build of the `latest` tag. There are multiple articles explaining more about this reasoning like [What's Wrong With The Docker :latest Tag?](https://vsupalov.com/docker-latest-tag/) and [The misunderstood Docker tag: latest](https://medium.com/@mccode/the-misunderstood-docker-tag-latest-af3babfd6375).
+
 ## Contributing
 
 See [Contributing](docs/contributing.md).
 
-## Other Docker projects for mobile development
-
-- [docker-android-fastlane](https://github.com/softartdev/docker-android-fastlane)
-
-## Acknowledgments
-
-- [docker-android-build-box](https://github.com/mingchen/docker-android-build-box)
-- [flutter-fastlane-android](https://github.com/gmemstr/flutter-fastlane-android)
-- [circleci-images](https://github.com/circleci/circleci-images)
-- [docker-images-android](https://github.com/cirruslabs/docker-images-android)
-- [docker-images-flutter](https://github.com/cirruslabs/docker-images-flutter)
-- [flutter-docker-image](https://github.com/instrumentisto/flutter-docker-image)
-- [DockerFlutter](https://github.com/fischerscode/DockerFlutter)
-
 ## License
 
-[MIT License](LICENSE.md)
+Flutter is licensed under [BSD 3-Clause "New" or "Revised" license](https://github.com/flutter/flutter/blob/master/LICENSE).
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+The [sources](https://github.com/gmeligio/flutter-docker-image) for producing {repositoryPath} Docker images are licensed under [MIT License](LICENSE.md).

docs/src/contributing.mdx

@@ -5,3 +5,9 @@
 When adding new Github Actions the `.github\renovate.json` needs to be checked and add the new action to:
 
 - the automerge array if it's not an important action
+
+### Dockerfile stages
+
+1. `flutter` stage hast only the dependencies required to install flutter and common tools used by flutter internal commands, like `git`.
+2. `fastlane` stage has the dependencies required to install fastlane but doesn't install fastlane.
+3. `android` stage has the dependencies required to install the Android SDK and to develop Flutter apps for Android.

docs/src/package.json

@@ -3,20 +3,25 @@
   "version": "1.0.0",
   "description": "",
   "main": "index.js",
+  "type": "module",
   "scripts": {
     "build": "npm run readme && npm run contributing && npm run license",
-    "readme": "cross-env NODE_ENV=production mdx-to-md readme.mdx ../../readme.md",
-    "license": "cross-env NODE_ENV=production mdx-to-md license.mdx ../../LICENSE.md",
-    "contributing": "cross-env NODE_ENV=production mdx-to-md contributing.mdx ../contributing.md",
+    "readme": "cross-env NODE_ENV=production node compile.js readme.mdx ../../readme.md",
+    "license": "cross-env NODE_ENV=production node compile.js license.mdx ../../LICENSE.md",
+    "contributing": "cross-env NODE_ENV=production node compile.js contributing.mdx ../contributing.md",
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "author": "",
   "license": "ISC",
   "dependencies": {
     "cross-env": "^7.0.3",
-    "mdx-to-md": "^0.3.2"
+    "mdx-to-md": "^0.5.0",
+    "react": "^19.1.0",
+    "react-dom": "^19.1.0",
+    "remark-gfm": "^4.0.1",
+    "remark-toc": "^9.0.0"
   },
   "volta": {
-    "node": "22.14.0"
+    "node": "22.16.0"
   }
 }

readme.md

@@ -8,12 +8,25 @@ Docker images for Flutter Continuous Integration (CI). The source is available [
 
 The images includes the minimum tools to run Flutter and build apps. The versions of the tools installed are based on the official [Flutter](https://github.com/flutter/flutter) repository. The final goal is that Flutter doesn't need to download anything like tools or SDKs when running the container.
 
+## Contents
+
+* [Features](#features)
+* [Running Containers](#running-containers)
+* [Tags](#tags)
+* [Building Locally](#building-locally)
+* [Roadmap](#roadmap)
+* [FAQ](#faq)  
+   * [Why the images are not published in the AWS ECR Public registry?](#why-the-images-are-not-published-in-the-aws-ecr-public-registry)
+* [Why there is no dynamic tag like latest?](#why-there-is-no-dynamic-tag-like-latest)
+* [Contributing](#contributing)
+* [License](#license)
+
 ## Features
 
-* Installed Flutter SDK 3.29.0.
+* Installed Flutter SDK 3.32.1.
 * Analytics disabled by default, opt-in if `ENABLE_ANALYTICS` environment variable is passed when running the container.
 * Rootless user `flutter:flutter`, with permissions to run on Github workflows and GitLab CI.
-* Cached Fastlane gem 2.226.0.
+* Cached Fastlane gem 2.227.2.
 * Minimal image with predownloaded SDKs and tools ready to run `flutter` commands for the Android platform.
 
 Predownloaded SDKs and tools in Android:
@@ -21,31 +34,21 @@ Predownloaded SDKs and tools in Android:
 * Licenses accepted
 * Android SDK Platforms: 35
 * Android NDK: 26.3.11579264
-* Gradle: 8.10.2
-
-## Alpha Stability
-
-The images are experimental and are in active development. They are being used for small projects but there is no confirmation of production usage yet.
+* Gradle: 8.12
 
 ## Running Containers
 
-Registries:
-
-* [Docker Hub](https://hub.docker.com/r/gmeligio/flutter-android)
-* [Github Container Registry](https://github.com/gmeligio/flutter-docker-image/pkgs/container/flutter-android)
-* [Quay](https://quay.io/repository/gmeligio/flutter-android)
+| Registry                  | flutter-android                                                                                                            |
+| ------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
+| Docker Hub                | [gmeligio/flutter-android:3.32.1](https://hub.docker.com/r/gmeligio/flutter-android)                                       |
+| GitHub Container Registry | [ghcr.io/gmeligio/flutter-android:3.32.1](https://github.com/gmeligio/flutter-docker-image/pkgs/container/flutter-android) |
+| Quay                      | [quay.io/gmeligio/flutter-android:3.32.1](https://quay.io/repository/gmeligio/flutter-android)                             |
 
 On the terminal:
 
 ```bash
-# From Docker Hub
-docker run --rm -it gmeligio/flutter-android:3.29.0 bash
-
 # From GitHub Container Registry
-docker run --rm -it ghcr.io/gmeligio/flutter-android:3.29.0 bash
-
-# From Quay.io
-docker run --rm -it quay.io/gmeligio/flutter-android:3.29.0 bash
+docker run --rm -it ghcr.io/gmeligio/flutter-android:3.32.1 bash
 ```
 
 On a workflow in GitHub Actions:
@@ -55,7 +58,7 @@ jobs:
   build:
     runs-on: ubuntu-22.04
     container:
-      image: ghcr.io/gmeligio/flutter-android:3.29.0
+      image: ghcr.io/gmeligio/flutter-android:3.32.1
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -67,7 +70,7 @@ On a `.gitlab-ci.yml` in GitLab CI:
 
 ```yaml
 build:
-  image: ghcr.io/gmeligio/flutter-android:3.29.0
+  image: ghcr.io/gmeligio/flutter-android:3.32.1
   script:
     - flutter build apk
 ```
@@ -84,47 +87,35 @@ bundle install --prefer-local
 bundle exec fastlane
 ```
 
-## Versions
+## Tags
 
-There is no `latest` Docker tag on purpose. You need to specify the version of the image you want to use. The reason for that is that `latest` is a dynamic tag that can be confusing when reading the image URI because doesn't necessarily point to the latest image built and can cause unexpected behavior when rerunning a past CI job that runs with an overwritten latest tags. There are multiple articles explaining more about this reasoning like [What's Wrong With The Docker :latest Tag?](https://vsupalov.com/docker-latest-tag/) and [The misunderstood Docker tag: latest](https://medium.com/@mccode/the-misunderstood-docker-tag-latest-af3babfd6375).
+Every new tag on the flutter stable channel gets built. The tag is composed of the Flutter version used to build the image:
 
-The tag is composed of the Flutter version used to build the image. For example:
+* Docker image: gmeligio/flutter-android:3.32.1
+* Flutter version: 3.32.1
 
-* Docker image: gmeligio/flutter-android:3.29.0
-* Flutter version: 3.29.0
+## Building Locally
 
-## Developing Locally
+The android.Dockerfile expects a few arguments:
 
-### Running The Container
-
-The Dockerfile expects a few parameters:
-
-* `flutter_version <string>`: The version of Flutter to use when building. Example: 3.29.0
+* `flutter_version <string>`: The version of Flutter to use when building. Example: 3.32.1
 * `android_build_tools_version <string>`: The version of the Android SDK Build Tools to install. Example: 34.0.0
-* `android_platform_versions <list>`: The versions of the Android SDK Platforms to install, separated by spaces. Example: 28 31 33
+* `android_platform_versions <list>`: The versions of the Android SDK Platforms to install, separated by spaces. Example: 35
 
 ```bash
 # Android
-docker build --target android --build-arg flutter_version=3.29.0 --build-arg fastlane_version=2.226.0 --build-arg android_build_tools_version=34.0.0 --build-arg android_platform_versions="35" -t android-test .
+docker build --target android --build-arg flutter_version=3.32.1 --build-arg fastlane_version=2.227.2 --build-arg android_build_tools_version=34.0.0 --build-arg android_platform_versions="35" -t android-test .
 ```
 
-### Dockerfile stages
-
-The base image is `debian/debian:12-slim` and from there multiple stages are created:
-
-1. `flutter` stage hast only the dependencies required to install flutter and common tools used by flutter internal commands, like `git`.
-2. `fastlane` stage has the dependencies required to install fastlane but doesn't install fastlane.
-3. `android` stage has the dependencies required to install the Android SDK and to develop Flutter apps for Android.
-
 ## Roadmap
 
 * Minimal image with predownloaded SDKs and tools ready to run `flutter` commands for the platforms:  
-   * \[ \] iOS  
-   * \[ \] Linux  
-   * \[ \] Windows  
-   * \[ \] Web
+   * iOS  
+   * Linux  
+   * Windows  
+   * Web
 * Android features:  
-   * \[ \] Android emulator
+   * Android emulator
 
 ## FAQ
 
@@ -132,24 +123,20 @@ The base image is `debian/debian:12-slim` and from there multiple stages are cre
 
 The storage of the images starts to cost after 50 GB and increases with every pushed image because the AWS Free Tier covers up to 50 GB of total storage for free in ECR Public.
 
+## Why there is no dynamic tag like `latest`?
+
+There is no `latest` Docker tag on purpose. You need to specify the version of the image you want to use. The reason for that is that `latest` can cause unexpected behavior when rerunning a past CI job that was expected to use the old build of the `latest` tag. There are multiple articles explaining more about this reasoning like [What's Wrong With The Docker :latest Tag?](https://vsupalov.com/docker-latest-tag/) and [The misunderstood Docker tag: latest](https://medium.com/@mccode/the-misunderstood-docker-tag-latest-af3babfd6375).
+
 ## Contributing
 
 See [Contributing](docs/contributing.md).
 
-## Other Docker projects for mobile development
-
-* [docker-android-fastlane](https://github.com/softartdev/docker-android-fastlane)
-
-## Acknowledgments
-
-* [docker-android-build-box](https://github.com/mingchen/docker-android-build-box)
-* [flutter-fastlane-android](https://github.com/gmemstr/flutter-fastlane-android)
-* [circleci-images](https://github.com/circleci/circleci-images)
-* [docker-images-android](https://github.com/cirruslabs/docker-images-android)
-* [docker-images-flutter](https://github.com/cirruslabs/docker-images-flutter)
-* [flutter-docker-image](https://github.com/instrumentisto/flutter-docker-image)
-* [DockerFlutter](https://github.com/fischerscode/DockerFlutter)
-
 ## License
 
-[MIT License](LICENSE.md)
+Flutter is licensed under [BSD 3-Clause "New" or "Revised" license](https://github.com/flutter/flutter/blob/master/LICENSE).
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+The [sources](https://github.com/gmeligio/flutter-docker-image) for producing gmeligio/flutter-android Docker images are licensed under [MIT License](LICENSE.md).

script/build_windows.sh

@@ -0,0 +1,5 @@
+# cmake generate
+cmake -S . -B ../build/windows/x64 -G "Visual Studio 16 2019" -A x64 -DFLUTTER_TARGET_PLATFORM=windows-x64
+
+# cmake build
+cmake --build ../build/windows/x64 --config Release --target INSTALL --verbose

script/copyFlutterVersion.js

@@ -1,27 +1,46 @@
+const fs = require('fs')
+const path = require('path')
+
 module.exports = async ({ core }) => {
-  const fs = require('fs')
+  try {
+    const flutterVersionPath = 'config/flutter_version.json'
 
-  const flutterVersionPath = 'config/flutter_version.json'
-  const flutterVersionData = fs.readFileSync(flutterVersionPath, 'utf8')
-  const fluterVersionJson = JSON.parse(flutterVersionData)
+    if (
+      !fs.existsSync(flutterVersionPath) ||
+      fs.lstatSync(flutterVersionPath).isDirectory()
+    ) {
+      throw new Error(`${flutterVersionPath} is missing or is a directory.`)
+    }
 
-  const versionPath = 'config/version.json'
-  const versionData = fs.readFileSync(versionPath, 'utf8')
-  let versionJson = JSON.parse(versionData)
+    const flutterVersionData = fs.readFileSync(flutterVersionPath, 'utf8')
+    const flutterVersionJson = JSON.parse(flutterVersionData)
 
-  const resultPath = 'config/version.json'
-  const result = {
-    ...versionJson,
-    ...fluterVersionJson,
+    const versionPath = 'config/version.json'
+    if (
+      !fs.existsSync(versionPath) ||
+      fs.lstatSync(versionPath).isDirectory()
+    ) {
+      throw new Error(`${versionPath} is missing or is a directory.`)
+    }
+
+    const versionData = fs.readFileSync(versionPath, 'utf8')
+    let versionJson = JSON.parse(versionData)
+
+    const resultPath = 'config/version.json'
+    const result = {
+      ...versionJson,
+      ...flutterVersionJson,
+    }
+
+    const resultJson = JSON.stringify(result, null, 4)
+    fs.writeFileSync(resultPath, `${resultJson}\n`)
+
+    const version = flutterVersionJson.flutter.version
+    const channel = flutterVersionJson.flutter.channel
+
+    core.exportVariable('FLUTTER_VERSION', version)
+    core.exportVariable('FLUTTER_CHANNEL', channel)
+  } catch (error) {
+    core.setFailed(`Error in copyFlutterVersion script: ${error.message}`)
   }
-
-  resultJson = JSON.stringify(result, null, 4)
-  fs.writeFileSync(resultPath, `${resultJson}\n`)
-
-  const version = fluterVersionJson.flutter.version
-  const channel = fluterVersionJson.flutter.channel
-
-  // Export FLUTTER_VERSION and FLUTTER_CHANNEL for the next workflow steps
-  core.exportVariable('FLUTTER_VERSION', version)
-  core.exportVariable('FLUTTER_CHANNEL', channel)
 }

script/createGitTag.js

@@ -0,0 +1,23 @@
+module.exports = async ({ core, context, github }) => {
+  const { OLD_FLUTTER_VERSION, NEW_FLUTTER_VERSION } = process.env
+
+  if (!OLD_FLUTTER_VERSION) {
+    core.setFailed('Environment variable OLD_FLUTTER_VERSION is required.')
+  }
+
+  if (!NEW_FLUTTER_VERSION) {
+    core.setFailed('Environment variable NEW_FLUTTER_VERSION is required.')
+  }
+
+  if (OLD_FLUTTER_VERSION === NEW_FLUTTER_VERSION) {
+    return
+  }
+
+  // Create a git tag using the GitHub API instead of the git client to skip SSH/GPG key setup.
+  github.rest.git.createRef({
+    owner: context.repo.owner,
+    repo: context.repo.repo,
+    ref: `refs/tags/${NEW_FLUTTER_VERSION}`,
+    sha: context.sha,
+  })
+}

script/docker_windows_entrypoint.ps1

@@ -0,0 +1,26 @@
+$analytic_tools_str = "Dart, Flutter and Fastlane"
+
+if ($env:ENABLE_ANALYTICS -eq "true") {
+    Write-Output "Received 'ENABLE_ANALYTICS=true'.`nEnabling analytics for $analytic_tools_str."
+
+    dart --enable-analytics
+    flutter config --analytics
+
+    if (Test-Path env:FASTLANE_OPT_OUT_USAGE) {
+        Remove-Item env:FASTLANE_OPT_OUT_USAGE
+    }
+}
+else {
+    dart --disable-analytics
+    flutter --disable-analytics
+    $env:POWERSHELL_TELEMETRY_OPTOUT = 1
+    $env:FASTLANE_OPT_OUT_USAGE = "YES"
+    # TODO: $env:COCOAPODS_DISABLE_STATS = 1
+}
+
+if ($args.length -gt 0) {
+    Invoke-Expression "$args"
+}
+else {
+    powershell
+}

script/renovate_validate.sh

@@ -1 +1 @@
-renovate-config-validator --strict
+npx --yes --package renovate -- renovate-config-validator --strict

script/setEnvironmentVariables.js

@@ -0,0 +1,43 @@
+module.exports = async ({ core }) => {
+  const { VERSION_MANIFEST, GITHUB_REPOSITORY_OWNER, IMAGE_REPOSITORY_NAME } =
+    process.env
+
+  if (!VERSION_MANIFEST) {
+    core.setFailed('Environment variable VERSION_MANIFEST is required.')
+    return false
+  }
+
+  if (!GITHUB_REPOSITORY_OWNER) {
+    core.setFailed('Environment variable GITHUB_REPOSITORY_OWNER is required.')
+    return false
+  }
+
+  if (!IMAGE_REPOSITORY_NAME) {
+    core.setFailed('Environment variable IMAGE_REPOSITORY_NAME is required.')
+    return false
+  }
+
+  const fs = require('fs')
+  const text = fs.readFileSync(VERSION_MANIFEST, 'utf8')
+  const data = JSON.parse(text)
+
+  const platforms = data.android.platforms
+    .map((platform) => platform.version)
+    .join(' ')
+
+  core.exportVariable('FLUTTER_VERSION', data.flutter.version)
+  core.exportVariable('FASTLANE_VERSION', data.fastlane.version)
+  core.exportVariable(
+    'ANDROID_BUILD_TOOLS_VERSION',
+    data.android.buildTools.version
+  )
+  core.exportVariable('ANDROID_PLATFORM_VERSIONS', platforms)
+  core.exportVariable('ANDROID_NDK_VERSION', data.android.ndk.version)
+  core.exportVariable('CMAKE_VERSION', data.android.cmake.version)
+  core.exportVariable(
+    'IMAGE_REPOSITORY_PATH',
+    `${GITHUB_REPOSITORY_OWNER}/${IMAGE_REPOSITORY_NAME}`
+  )
+
+  return true
+}

script/set_environment_variables.sh

@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-
-IMAGE_REPOSITORY_PATH="$GITHUB_REPOSITORY_OWNER/$IMAGE_REPOSITORY_NAME"
-
-{
-    echo "FLUTTER_VERSION=$(jq -r '.flutter.version' "$VERSION_MANIFEST")"
-
-    echo "FASTLANE_VERSION=$(jq -r '.fastlane.version' "$VERSION_MANIFEST")"
-
-    echo "ANDROID_BUILD_TOOLS_VERSION=$(jq -r '.android.buildTools.version' "$VERSION_MANIFEST")"
-
-    echo "ANDROID_PLATFORM_VERSIONS=$(jq -r '.android.platforms[].version' "$VERSION_MANIFEST" | tr '\n' ' ' | sed 's/ $//')"
-
-    echo "ANDROID_NDK_VERSION=$(jq -r '.android.ndk.version' "$VERSION_MANIFEST")"
-
-    echo "CMAKE_VERSION=$(jq -r '.android.cmake.version' "$VERSION_MANIFEST")"
-
-    echo "IMAGE_REPOSITORY_PATH=$IMAGE_REPOSITORY_PATH"
-} >>"$GITHUB_ENV"

script/updateFlutterVersion.js

@@ -10,22 +10,21 @@ module.exports = async ({ core, fetch }) => {
    * @param {*} fileUrl
    * @returns object|boolean
    */
-  async function downloadReleases(fileUrl) {
+  async function downloadReleases(core, fileUrl) {
     try {
       const response = await fetch(fileUrl)
 
       return response.json()
     } catch (error) {
-      console.error(
-        `An error occurred while requesting the file URL: ${fileUrl}`,
-        error
+      core.error(
+        `An error occurred while requesting the file URL ${fileUrl}: ${error}`
       )
 
       return false
     }
   }
 
-  const linuxReleasesResponse = await downloadReleases(linuxReleasesUrl)
+  const linuxReleasesResponse = await downloadReleases(core, linuxReleasesUrl)
 
   if (linuxReleasesResponse === false) {
     core.setFailed(
@@ -46,6 +45,12 @@ module.exports = async ({ core, fetch }) => {
 
   const { version, channel, hash: commit } = latestRelease
 
+  if (oldJson.flutter.version === version) {
+    core.info(`Flutter version ${version} is already set.`)
+
+    return false
+  }
+
   // Update result file, i.e. version.json
   const newJson = {
     ...oldJson,
@@ -60,4 +65,6 @@ module.exports = async ({ core, fetch }) => {
   resultJson = JSON.stringify(newJson, null, 4)
   fs.writeFileSync(resultPath, `${resultJson}\n`)
   core.exportVariable('FLUTTER_VERSION', version)
+
+  return true
 }

script/update_changelog.sh

@@ -0,0 +1,3 @@
+# TODO: Add image registry URLs to the release changelog
+
+npx git-cliff -t 3.29.3 -o changelog.md

script/update_test.sh

@@ -1,11 +1,14 @@
 #!/usr/bin/env sh
 
+# TODO: Update all versions used in android.yml from version.json, like NDK, CMake, etc.
+
 # Path to the JSON and YAML files
 version_file_path="./config/version.json"
 test_file_path="./test/android.yml"
+temp_file_path="./test/temp.yml"
 
 # Extracting the version value from the version.json file
-android_cmdline_tools_version=$(yq -oy '.android.cmdlineTools.version' "$version_file_path")
+android_cmdline_tools_version=$(cue eval -e 'android.cmdlineTools.version' "$version_file_path" | tr -d '"')
 android_cmdline_tools_test_expected_content="Pkg.Revision=$android_cmdline_tools_version
 Pkg.Path=cmdline-tools;$android_cmdline_tools_version
 Pkg.Desc=Android SDK Command-line Tools"
@@ -16,9 +19,10 @@ if [ -z "$android_cmdline_tools_version" ]; then
     exit 1
 fi
 
-# Update the YAML file using yq
-# Replace 'path.to.version' with the actual path to the version field in the YAML file
-yq -i ".fileContentTests[0].name = \"Android SDK Command-line Tools is version $android_cmdline_tools_version\" | .fileContentTests[0].expectedContents[0] = \"$android_cmdline_tools_test_expected_content\"" "$test_file_path"
 
-# Verify the update
+# Update the version YAML file using cue
+cue export config/android.cue -l input: ./test/android.yml -t android_cmdline_tools_version="$android_cmdline_tools_version" -t android_cmdline_tools_test_expected_content="$android_cmdline_tools_test_expected_content" -e output --out yaml >"$temp_file_path"
+mv "$temp_file_path" "$test_file_path"
+
+# Write progress
 echo "Updated $test_file_path with android_cmdline_tools_version: $android_cmdline_tools_version"

test/android.yml

@@ -31,6 +31,12 @@ commandTests:
       - /home/flutter/sdks/android-sdk/ndk
     expectedOutput:
       - 26.3.11579264
+  - name: CMake is pinned
+    command: ls
+    args:
+      - /home/flutter/sdks/android-sdk/cmake
+    expectedOutput:
+      - 3.22.1
   - name: Android SDK build tools directory only has one directory
     command: bash
     args:
@@ -50,7 +56,10 @@ commandTests:
         - /home/flutter/test_app/android/fastlane/Appfile
       - - sh
         - -c
-        - "echo 'lane :hello do\n puts \"Hello\"\nend' > /home/flutter/test_app/android/fastlane/Fastfile"
+        - |-
+          echo 'lane :hello do
+           puts "Hello"
+          end' > /home/flutter/test_app/android/fastlane/Fastfile
       - - touch
         - /home/flutter/test_app/android/fastlane/Pluginfile
     teardown:
@@ -75,10 +84,13 @@ commandTests:
     excludedOutput:
       - Sending anonymous analytics information
 fileContentTests:
-  - name: Android SDK Command-line Tools is version 12.0
+  - name: Android SDK Command-line Tools is version 19.0
     path: /home/flutter/sdks/android-sdk/cmdline-tools/latest/source.properties
     expectedContents:
-      - "Pkg.Revision=12.0\nPkg.Path=cmdline-tools;12.0\nPkg.Desc=Android SDK Command-line Tools"
+      - |-
+        Pkg.Revision=19.0
+        Pkg.Path=cmdline-tools;19.0
+        Pkg.Desc=Android SDK Command-line Tools
   - name: Dart and Flutter analytics are disabled
     path: /home/flutter/.dart-tool/dart-flutter-telemetry.config
     expectedContents:

windows.Dockerfile

@@ -0,0 +1,88 @@
+# escape=`
+
+FROM mcr.microsoft.com/windows/servercore:ltsc2025@sha256:c6b2b26058a096cb3f627ed03d0be66bea262c89222c988b516e63ae68f3ea72 as flutter
+
+SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
+
+ARG git_version=2.46.0
+ARG git_installation_path="C:\Program Files\Git"
+
+# TODO: Find a way to pass $env:USERPROFILE instead of hardcoding C:\Users\ContainerUser. It's hardcoded because  environment variables in Windows container works by setting for the Machine scope and that will have $env:USERPROFILE as C:\Users\ContainerAdministrator instead.
+ENV USERPROFILE="C:\Users\ContainerUser"
+ENV SDK_ROOT="${USERPROFILE}\sdks"
+ENV FLUTTER_ROOT="${SDK_ROOT}\flutter"
+# Set FLUTTER_GIT_URL to fix warning: "Upstream repository unknown source is not a standard remote. Set environment variable "FLUTTER_GIT_URL" to unknown source to dismiss this error."
+ENV FLUTTER_GIT_URL="unknown source"
+
+WORKDIR "$USERPROFILE"
+
+# Install Git because is required by Flutter
+RUN $installer = \"MinGit-${env:git_version}-busybox-64-bit.zip\"; `
+    $url = \"https://github.com/git-for-windows/git/releases/download/v${env:git_version}.windows.1/${installer}\"; `
+    Invoke-WebRequest -Uri "$url" -OutFile "$installer"; `
+    Expand-Archive -Path "$installer" -DestinationPath "$env:git_installation_path"; `
+    Remove-Item -Path "$installer"; 
+
+# The user ContainerAdministrator must be used because is the one that has permissions to set the system PATH
+USER ContainerAdministrator
+
+# The PATH variable will be updated in the next shell session, so the RUN command that sets the PATH needs to be separated from the one that uses it
+RUN [Environment]::SetEnvironmentVariable('PATH', \"${env:PATH};${env:git_installation_path}\cmd;${env:git_installation_path}\usr\bin;${env:FLUTTER_ROOT}\bin;${env:FLUTTER_ROOT}\bin\cache\dart-sdk\bin;C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\msbuild\current\bin\", 'Machine');
+
+# MinGit has a circular reference in its global configuration, which causes git to crash
+# See https://github.com/git-for-windows/git/issues/2387#issuecomment-679367609
+# hadolint ignore=DL3059
+RUN $env:GIT_CONFIG_NOSYSTEM=1; git config --system --unset-all include.path;
+
+# Switch to the non-admin user when the admin user is not needed anymore
+USER ContainerUser
+
+ARG flutter_version
+
+RUN git clone `
+    --depth 1 `
+    --branch "$env:flutter_version" `
+    https://github.com/flutter/flutter `
+    "$env:FLUTTER_ROOT"; `
+    # To fix fatal: detected dubious ownership in repository at 'C:/Users/ContainerUser/sdks/flutter/.git' owned by BUILTIN/Administrators but the current user is: User Manager/ContainerUser
+    git config --global --add safe.directory "$env:FLUTTER_ROOT"; `
+    flutter --version; `
+    dart --disable-analytics; `
+    flutter config `
+    --no-cli-animations `
+    --no-analytics `
+    --no-enable-android `
+    --no-enable-web `
+    --no-enable-linux-desktop `
+    --enable-windows-desktop `
+    --no-enable-fuchsia `
+    --no-enable-custom-devices `
+    --no-enable-ios `
+    --no-enable-macos-desktop; `
+    flutter doctor --verbose; `
+    flutter precache --windows; `
+    flutter create build_app;
+
+
+# The user ContainerAdministrator must be used because is the one that has permissions to install with vs_BuildTools
+USER ContainerAdministrator
+# Download the Build Tools bootstrapper
+# See https://learn.microsoft.com/en-us/visualstudio/install/build-tools-container?view=vs-2022
+RUN Invoke-WebRequest -Uri https://aka.ms/vs/17/release/vs_buildtools.exe -OutFile vs_BuildTools.exe; `
+    Start-Process vs_BuildTools.exe -ArgumentList '--quiet --wait --norestart --nocache `
+    --add Microsoft.VisualStudio.Component.VC.CMake.Project `
+    --add Microsoft.VisualStudio.Component.Windows11SDK.22621 `
+    --add Microsoft.VisualStudio.Workload.VCTools' `
+    -Wait; `
+    Remove-Item vs_BuildTools.exe;
+USER ContainerUser
+
+WORKDIR "$USERPROFILE/build_app"
+RUN flutter build windows;
+
+WORKDIR "$USERPROFILE"
+COPY ./script/docker_windows_entrypoint.ps1 "docker_entrypoint.ps1"
+
+ENTRYPOINT "C:\Users\ContainerUser\docker_entrypoint.ps1"
+
+RUN Remove-Item -Recurse build_app;

windows.md

@@ -0,0 +1,124 @@
+# Windows
+
+## Swich between Linux and Windows containers
+
+& $Env:ProgramFiles\Docker\Docker\DockerCli.exe -SwitchDaemon
+
+## TODO
+
+1. Install tools
+
+```powershell`
+   # # needed? No
+#    --add Microsoft.Component.MSBuild' `
+   # # needed? No
+   # --add Microsoft.VisualStudio.Component.TestTools.BuildTools `
+   # # needed? No
+   # --add Microsoft.VisualStudio.Component.VC.ASAN `
+   # # needed? no
+   # # --add Microsoft.VisualStudio.Component.VC.Tools.x86.x64 `
+RUN Invoke-WebRequest -Uri https://aka.ms/vs/17/release/vs_buildtools.exe -OutFile vs_BuildTools.exe; `
+    Start-Process vs_BuildTools.exe -ArgumentList '--quiet --wait --norestart --nocache `
+   # # needed? yes
+   # --add Microsoft.VisualStudio.Component.VC.CMake.Project `
+   # # needed? Yes
+   # --add Microsoft.VisualStudio.Component.Windows11SDK.22621 `
+   # # needed?
+   # --add Microsoft.VisualStudio.Workload.VCTools' `
+    -Wait; `
+    Remove-Item vs_BuildTools.exe;
+```
+
+1. Check how it can be run in Github actions.
+1. Check how it can be run in Gitlab CI/CD.
+1. Test where is installed.
+1. Test that path to powershell.exe exists.
+1. Test with a snapshot of flutter config to determine if new feature flags should be enabled or disabled.
+1. Test that Build Tools were installed in C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\msbuild\current\bin
+1. Check [Windows installation requirements for Flutter](https://docs.flutter.dev/get-started/install/windows/desktop)
+1. Add docs explaining to use `$VerbosePreference = 'Continue';` in the SHELL to debug unexpected pwsh problems.
+
+## Open issue in windows Docker images repo
+
+1. Some images can be pulled while others give error:
+
+    ```text
+    Error response from daemon: Get "https://mcr.microsoft.com/v2/": read tcp [2a0c:5a84:e100:e501::a97c]:58039->[2603:1061:f:101::10]:443: wsarecv: An existing connection was forcibly closed by the remote host.
+    ```
+
+Debug with `curl -A github165 -v https://mcr.microsoft.com/v2/powershell/manifests/lts-nanoserver-ltsc2022`
+
+## Contribute flutter upstream
+
+1. Remove `WHERE` in bin\internal\shared.bat and use instead:
+
+    ```batch
+    pwsh.exe -Command "exit" >nul 2>&1 && (
+            SET powershell_executable=pwsh.exe
+        ) || powershell.exe -Command "exit" >nul 2>&1 && (
+            SET powershell_executable=PowerShell.exe
+        ) || (
+            ECHO Error: PowerShell executable not found.                        1>&2
+            ECHO        Either pwsh.exe or PowerShell.exe must be in your PATH. 1>&2
+            EXIT 1
+        )
+    ```
+
+1. Find if the executable should be pwsh or powershell and put it in a service to remove the hardcoded "powershell" in multiple places, like in:
+
+    - dev\devicelab\lib\framework\running_processes.dart
+    - packages\flutter_tools\lib\src\windows\windows_version_validator.dart
+
+## Steps to reproduce in Docker
+
+1. Enable Windows Developer Settings to solve error:
+
+    >Building with plugins requires symlink support.
+    >
+    >Please enable Developer Mode in your system settings. Run
+    > start ms-settings:developers
+    >to open settings.
+
+    ```powershell
+    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"
+    ```
+
+1. For CI/CD
+
+    1. Docker version must be pinned in Github workflow to avoid breaking changes: with escaping `\"` syntax inside RUN directive, etc.
+
+    1. Packaging tool in Windows: <https://pub.dev/packages/msix> . It uses the executables:
+
+        - [makeappx.exe](https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe-)
+        - [makepri.exe](https://learn.microsoft.com/en-us/windows/uwp/app-resources/makepri-exe-command-options)
+        - [signtool.exe](https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe)
+
+        - certificate
+            - Make a note that --install-certificate should be "false" or configured because the certificate can't be installed as ContainerUser.
+            
+            ```powershell
+            # OK
+            Import-PfxCertificate -FilePath "C:\Users\ContainerUser\AppData\Local\Pub\Cache\hosted\pub.dev\msix-3.16.8\lib\assets\test_certificate.pfx" -Password (ConvertTo-SecureString -AsPlainText -Force "1234") -CertStoreLocation Cert:\LocalMachine\Root
+
+            # Doesn't work
+            Import-PfxCertificate -FilePath "C:\Users\ContainerUser\AppData\Local\Pub\Cache\hosted\pub.dev\msix-3.16.8\lib\assets\test_certificate.pfx" -Password (ConvertTo-SecureString -AsPlainText -Force "1234")
+            ```
+
+    1. Install msstore CLI https://github.com/microsoft/msstore-cli It seems behind StoreBroker but it looks that it's going to be the primary and recommended way to publish to Microsoft Store
+        
+        - According to the [msstore guide](https://learn.microsoft.com/en-us/windows/apps/publish/msstore-dev-cli/commands?pivots=msstoredevcli-installer-linux#installation), It will be needed to install Microsoft.NetCore.Component.Runtime.8.0 with vs_BuildTools
+
+    1. From <https://github.com/tauu/flutter-windows-builder/blob/main/Dockerfile> => install <https://github.com/microsoft/StoreBroker> This is currently the primary tool to publish to Microsoft Store
+
+        - Not installed right now
+
+    1. Install the [Windows App Certification Kit](https://learn.microsoft.com/en-us/windows/uwp/debug-test-perf/windows-app-certification-kit) or the [Windows SDK that already includes it](https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/)
+        
+        - Installed currently by one of the workloads in vs_BuildTools
+
+## References
+
+- [How environment variables work on Windows containers?](https://blog.sixeyed.com/windows-weekly-dockerfile-14-environment-variables/)
+- [Windows deployment in Flutter](https://docs.flutter.dev/deployment/windows)
+- [vs_BuildTools workloads](https://learn.microsoft.com/en-us/visualstudio/install/workload-component-id-vs-build-tools?view=vs-2022&preserve-view=true)
+- Useful Dockerfile https://git.openprivacy.ca/openprivacy/flutter-desktop/src/branch/main/windows/Dockerfile