chore(release): prepare for 3.32.8

Automated changes by
[create-pull-request](https://github.com/peter-evans/create-pull-request)
GitHub action

Co-authored-by: verified-commit[bot] <180343340+verified-commit[bot]@users.noreply.github.com>

.env.example

@@ -2,4 +2,6 @@ FLUTTER_VERSION=3.7.7
 FASTLANE_VERSION=2.213.0
 ANDROID_BUILD_TOOLS_VERSION=30.0.3
 ANDROID_PLATFORM_VERSIONS=28 31 33
-ENABLE_ANALYTICS=true
+ENABLE_ANALYTICS=true
+ANDROID_NDK_VERSION=26.3.11579264
+CMAKE_VERSION=3.22.1

.github/renovate.json

@@ -9,13 +9,13 @@
   ],
   "packageRules": [
     {
+      "description": "Schedule Github Actions updates on the first day of the month",
       "groupName": "github-actions",
-      "matchUpdateTypes": [
-        "major",
-        "minor"
-      ],
       "matchDatasources": [
         "github-tags"
+      ],
+      "schedule": [
+        "* 0-3 1 * *"
       ]
     }
   ],

.github/workflows/build.yml

@@ -27,28 +27,16 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_TOKEN }}
- 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-
-      - name: Setup CUE
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
-
-      - name: Read environment variables from version.json with CUE
+      - name: Read environment variables from the version manifest
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
           GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
           IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
           VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
-        run: ./script/set_environment_variables.sh
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
 
       - name: Load image metadata
         uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
@@ -56,17 +44,22 @@ jobs:
         with:
           images: |
             ${{ env.IMAGE_REPOSITORY_PATH }}
-            ghcr.io/${{ env.IMAGE_REPOSITORY_PATH }}
-            quay.io/${{ env.IMAGE_REPOSITORY_PATH }}
           tags: |
             type=raw,value=${{ env.FLUTTER_VERSION }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
       - name: Build image and push to local Docker daemon
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
+          file: android.Dockerfile
           load: true
           cache-from: type=gha
           cache-to: type=gha,mode=max
@@ -90,7 +83,7 @@ jobs:
       # TODO: Parallelize testing and vulnerability scanning
       - name: Scan with Docker Scout
         id: docker-scout
-        uses: docker/scout-action@0133ff88fe16d4a412dc4827a8fccbccb6b583e0 # v1.16.3
+        uses: docker/scout-action@aceeb83b88f2ae54376891227858dda7af647183 # v1.18.1
         with:
           command: compare, recommendations
           # Use the Docker Hub image that is the first tag in the metadata
@@ -105,14 +98,18 @@ jobs:
           # debug: true
           # verbose-debug: true
 
-  validate_version:
+  validate_version_files:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup CUE
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
 
       - name: Validate version.json and flutter_version.json with CUE
         run: |
@@ -126,7 +123,11 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup CUE
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
 
       - name: Generate test files with CUE
         run: |
@@ -144,11 +145,11 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       
       - name: Setup NodeJS
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          cache: 'npm'
+          cache: npm
           cache-dependency-path: docs/src/package-lock.json
-          node-version-file: docs/src/package.json
+          node-version: lts/*
 
       - name: Update documentation
         working-directory: docs/src
@@ -206,7 +207,11 @@ jobs:
           ./gradlew --warning-mode all updateAndroidVersions
 
       - name: Setup CUE
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
 
       - name: Validate version.json with CUE
         run: cue vet config/version.cue -d '#Version' config/version.json

.github/workflows/changelog.yml

@@ -0,0 +1,61 @@
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - config/version.json
+  workflow_dispatch:
+
+jobs:
+  changelog:
+    runs-on: ubuntu-24.04
+    env:
+      IMAGE_REPOSITORY_NAME: flutter-android
+      VERSION_MANIFEST: config/version.json
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # TODO: Fetch only a few commits after using --unreleased in git-cliff
+          # Fetch all commits to use as input for the changelog generation
+          fetch-depth: 0
+          # Fetch all tags to use as input for the changelog generation
+          fetch-tags: true
+      
+      - name: Setup git-cliff
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: orhun/git-cliff
+          tag: v2.8.0
+          digest: 17da092783079c63a0fb14c24fbfa0d3b589e225c6ef01c93111e39cecbc88e8
+
+      - name: Read environment variables from the version manifest
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
+          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
+          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
+      
+      - name: Update changelog
+        run: |
+          git-cliff -v --tag ${{ env.FLUTTER_VERSION }} --github-repo ${{ github.repository }} --output changelog.md
+      
+      - name: Generate authentication token with GitHub App to trigger Actions
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        id: app-token
+        with:
+          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
+          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
+          repositories: ${{ github.event.repository.name }}
+          owner: ${{ github.repository_owner }}
+
+      - name: Commit and push changelog
+        uses: grafana/github-api-commit-action@b1d81091e8480dd11fcea8bc1f0ab977a0376ca5 # v1.0.0
+        with:
+          commit-message: "chore(release): prepare for ${{ env.FLUTTER_VERSION }}"
+          stage-all-files: true
+          token: ${{ steps.app-token.outputs.token }}

.github/workflows/ci.yml

@@ -2,6 +2,8 @@ on:
   push:
     branches:
       - main
+    paths-ignore:
+      - changelog.md
   workflow_dispatch:
 
 # Read-only permissions by default
@@ -22,34 +24,28 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Docker Hub
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-
-      - name: Login to Quay.io
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          registry: quay.io
-          username: ${{ secrets.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
-
       - name: Setup CUE
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
 
-      - name: Read environment variables from version.json with CUE
+      - name: Read environment variables from the version manifest
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
           GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
           IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
           VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
-        run: ./script/set_environment_variables.sh
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
 
       - name: Load image metadata
         uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
@@ -57,17 +53,16 @@ jobs:
         with:
           images: |
             ${{ env.IMAGE_REPOSITORY_PATH }}
-            ghcr.io/${{ env.IMAGE_REPOSITORY_PATH }}
-            quay.io/${{ env.IMAGE_REPOSITORY_PATH }}
           tags: |
             type=raw,value=${{ env.FLUTTER_VERSION }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
       - name: Build image and push to local Docker daemon
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
+          file: android.Dockerfile
           load: true
           cache-from: type=gha
           cache-to: type=gha,mode=max
@@ -87,41 +82,4 @@ jobs:
         with:
           image: ${{ fromJSON(steps.metadata.outputs.json).tags[0] }}
           config: test/android.yml
-
-  create_git_tag:
-    permissions:
-      # Allow to write contents to push tags
-      contents: write
-    needs: test_image
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Generate authentication token with GitHub App to trigger Actions
-        uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1.11.6
-        id: generate-token
-        with:
-          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
-          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
-
-      - name: Setup CUE
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
-
-      - name: Read environment variables from version.json with CUE
-        env:
-          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
-          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
-          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
-        run: ./script/set_environment_variables.sh
-      
-      - name: Create Tag for a New Flutter Version
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        env:
-          OLD_FLUTTER_VERSION: ${{ vars.FLUTTER_VERSION }}
-          NEW_FLUTTER_VERSION: ${{ env.FLUTTER_VERSION }}
-        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
-          script: |
-            const script = require('./script/createGitTag.js')
-            await script({ core, context, github })
+  

.github/workflows/release.yml

@@ -1,20 +1,21 @@
 on:
   push:
     tags:
-    - '*'
+      - '*'
   workflow_dispatch:
 
 # Read-only permissions by default
 permissions:
   contents: read
 
+env:
+  FLUTTER_VERSION: ${{ github.ref_name }}
+
 jobs:
   release_android:
     permissions:
       # Allow to write packages to push the container image to the Github Container Registry
       packages: write
-      # Allow to write security events to upload the results to code-scanning dashboard.
-      security-events: write
     runs-on: ubuntu-24.04
     env:
       IMAGE_REPOSITORY_NAME: flutter-android
@@ -24,42 +25,16 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Generate authentication token with GitHub App
-        uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1.11.6
-        id: generate-token
-        with:
-          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
-          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_TOKEN }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-
-      - name: Login to Quay.io
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          registry: quay.io
-          username: ${{ secrets.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
-
-      - name: Setup CUE
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
-
-      - name: Read environment variables from version.json with CUE
+      - name: Read environment variables from the version manifest
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
           GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
           IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
           VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
-        run: ./script/set_environment_variables.sh
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
 
       - name: Load image metadata
         uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
@@ -73,11 +48,32 @@ jobs:
             type=raw,value=${{ env.FLUTTER_VERSION }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Login to Quay.io
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
 
       - name: Build image and push it to registries
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
+          file: android.Dockerfile
           push: true
           cache-from: type=gha
           cache-to: type=gha,mode=max
@@ -92,8 +88,29 @@ jobs:
             android_ndk_version=${{ env.ANDROID_NDK_VERSION }}
             cmake_version=${{ env.CMAKE_VERSION }}
 
+  update_description:
+    runs-on: ubuntu-24.04
+    needs: release_android
+    env:
+      IMAGE_REPOSITORY_NAME: flutter-android
+      VERSION_MANIFEST: config/version.json
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Read environment variables from the version manifest
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
+          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
+          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
+
       - name: Update Docker Hub description
-        uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
+        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
@@ -101,54 +118,98 @@ jobs:
           short-description: ${{ github.event.repository.description }}
           readme-filepath: readme.md
 
+  record_image:
+    permissions:
+      # Allow to write code scanning results to GitHub's code scanning dashboard
+      security-events: write
+    runs-on: ubuntu-24.04
+    needs: release_android
+    env:
+      IMAGE_REPOSITORY_NAME: flutter-android
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
       - name: Record image in Docker Scout environment
-        id: docker-scout-environment
-        uses: docker/scout-action@0133ff88fe16d4a412dc4827a8fccbccb6b583e0 # v1.16.3
+        uses: docker/scout-action@aceeb83b88f2ae54376891227858dda7af647183 # v1.18.1
         with:
           command: environment, cves
-          # Use the Docker Hub image that is the first tag in the metadata
-          image: registry://${{ fromJson(steps.metadata.outputs.json).tags[0] }}
+          image: registry://${{ github.repository_owner }}/${{ env.IMAGE_REPOSITORY_NAME }}:${{ env.FLUTTER_VERSION }}
           environment: prod
           only-fixed: true
           organization: ${{ secrets.DOCKER_HUB_USERNAME }}
           sarif-file: sarif.json
-      
-      - name: Update bootstrap image tag in environment variable
-        run: gh variable set FLUTTER_VERSION --body "${{ env.FLUTTER_VERSION }}"
-        env:
-          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
 
-      # Upload the results to GitHub's code scanning dashboard (optional).
-      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
-      - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+      - name: Upload the results to GitHub's code scanning dashboard
+        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
         with:
           sarif_file: sarif.json
 
-      # TODO: Use kaniko for building and pushing after slowness is solved
-      # TODO: https://github.com/GoogleContainerTools/kaniko/issues/970
-      # TODO: https://github.com/GoogleContainerTools/kaniko/issues/875
-      # TODO: Use kaniko for building and pushing after pushing to Docker daemon is solved, to be able to test Docker image, with the following issues
-      # TODO: https://github.com/GoogleContainerTools/kaniko/issues/1331
-      # - name: Build image and push it to registries
-      #   uses: int128/kaniko-action@v1
-      #   with:
-      #     push: true
-      #     cache: true
-      #     cache-repository: ${{ steps.ecr-cache.outputs.repository-uri }}
-      #     tags: ${{ steps.metadata.outputs.tags }}
-      #     labels: ${{ steps.metadata.outputs.labels }}
-      #     build-args: |
-      #       flutter_version=${{ env.FLUTTER_VERSION }}
-      #       android_build_tools_version=${{ env.ANDROID_BUILD_TOOLS_VERSION }}
-      #       android_platform_versions=${{ env.ANDROID_PLATFORM_VERSIONS }}
-      #     kaniko-args: |
-      #       --skip-unused-stages=true
-      #       --use-new-run=true
-      #       --snapshotMode=redo
-      #     target: android
-      #     executor: gcr.io/kaniko-project/executor:latest
-# TODO: https://github.com/snok/container-retention-policy
-# TODO: Push a build image before the final image
-# TODO: Run basic tests with build image
-# TODO: Push final image only if tests pass https://redhat-cop.github.io/ci/publishing-images.html
+  set_bootstrap_image:
+    runs-on: ubuntu-24.04
+    needs: release_android
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Generate authentication token with GitHub App to trigger Actions
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        id: app-token
+        with:
+          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
+          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
+          repositories: ${{ github.event.repository.name }}
+          owner: ${{ github.repository_owner }}
+
+      - name: Update bootstrap image tag in environment variable
+        run: gh variable set FLUTTER_VERSION --body "${{ env.FLUTTER_VERSION }}"
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+
+  create_github_release:
+    permissions:
+      # Allow to create releases and upload assets to them
+      contents: write
+    runs-on: ubuntu-24.04
+    needs: release_android
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # TODO: Fetch only a few commits after using --unreleased in git-cliff
+          # Fetch all commits to use as input for the changelog generation
+          fetch-depth: 0
+          # Fetch all tags to use as input for the changelog generation
+          fetch-tags: true
+
+      - name: Setup git-cliff
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: orhun/git-cliff
+          tag: v2.8.0
+          digest: 17da092783079c63a0fb14c24fbfa0d3b589e225c6ef01c93111e39cecbc88e8
+
+      - name: Get the tag details
+        id: get-tag-details
+        run: |-
+          # Store the changelog in a temporary directory to not pollute the working directory
+          mkdir -p "${{ runner.temp }}/git-cliff"
+          changelog_file="${{ runner.temp }}/git-cliff/changelog.md"
+          echo "changelog_file=${changelog_file}" >>$GITHUB_OUTPUT
+
+          git-cliff -v --latest --strip all --no-exec --github-repo "${{ github.repository }}" --output "$changelog_file"
+
+      - name: Create Github release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |-
+          gh release create "${{ env.FLUTTER_VERSION }}" \
+            --title="${{ env.FLUTTER_VERSION }}" \
+            --notes-file="${{ steps.get-tag-details.outputs.changelog_file }}"

.github/workflows/scorecard.yml

@@ -39,7 +39,7 @@ jobs:
           persist-credentials: false
 
       - name: Run analysis
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif
@@ -61,7 +61,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: Upload artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: SARIF file
           path: results.sarif
@@ -70,6 +70,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
         with:
           sarif_file: results.sarif

.github/workflows/tag.yml

@@ -0,0 +1,48 @@
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - changelog.md
+  workflow_dispatch:
+
+jobs:
+  create_git_tag:
+    runs-on: ubuntu-24.04
+    env:
+      IMAGE_REPOSITORY_NAME: flutter-android
+      VERSION_MANIFEST: config/version.json
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Generate authentication token with GitHub App to trigger Actions
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        id: app-token
+        with:
+          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
+          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
+          repositories: ${{ github.event.repository.name }}
+          owner: ${{ github.repository_owner }}
+
+      - name: Read environment variables from the version manifest
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
+          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
+          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
+      
+      - name: Create Tag for a New Flutter Version
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          OLD_FLUTTER_VERSION: ${{ vars.FLUTTER_VERSION }}
+          NEW_FLUTTER_VERSION: ${{ env.FLUTTER_VERSION }}
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const script = require('./script/createGitTag.js')
+            await script({ core, context, github })

.github/workflows/update_flutter_dependencies.yml

@@ -1,107 +0,0 @@
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - .github/workflows/update_flutter_dependencies.yml
-      - config/flutter_version.json
-  workflow_dispatch:
-
-# Declare default permissions as read only.
-permissions:
-  contents: read
-
-jobs:
-  update_version:
-    permissions:
-      # Allow to write contents to push commits
-      contents: write
-      # Allow to read packages to pull the container image from GitHub Container Registry
-      packages: read
-      # Allow to write pull requests to create a pull request
-      pull-requests: write
-    runs-on: ubuntu-24.04
-    container:
-      image: ghcr.io/${{ github.repository_owner }}/flutter-android:${{ vars.FLUTTER_VERSION }}
-      credentials:
-        username: ${{ github.actor }}
-        password: ${{ github.token }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Generate authentication token with GitHub App to trigger Actions
-        uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1.11.6
-        id: generate-token
-        with:
-          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
-          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
-
-      - name: Copy Flutter version into version manifest and export FLUTTER_* environment variables
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          script: |
-            const script = require('./script/copyFlutterVersion.js')
-            await script({core})
-
-      - name: Update latest Fastlane version
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          script: |
-            const script = require('./script/updateFastlaneVersion.js')
-            await script({core, fetch})
-
-      - name: Setup Flutter
-        run: |
-          cd $FLUTTER_ROOT
-          git fetch origin ${{ env.FLUTTER_VERSION }}:${{ env.FLUTTER_VERSION }}
-          git switch --discard-changes ${{ env.FLUTTER_VERSION }}
-
-      # TODO: Create test app in specific folder with step id, to allow parallel execution
-      - name: Create test application
-        run: |
-          flutter create test_app
-
-      # TODO: Cache gradle https://github.com/gradle/gradle-build-action
-      - name: Update default Android platform versions in Flutter
-        working-directory: test_app/android
-        run: |
-          cat ../../script/updateAndroidVersions.gradle.kts >> app/build.gradle.kts
-          ./gradlew --warning-mode all updateAndroidVersions
-
-      - name: Clean test application
-        run: |
-          rm -rf test_app
-
-      - name: Setup CUE
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
-
-      - name: Validate version.json with CUE
-        run: cue vet config/version.cue -d '#Version' config/version.json
-
-      - name: Setup NodeJS
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
-        with:
-          cache: 'npm'
-          cache-dependency-path: docs/src/package-lock.json
-          node-version-file: docs/src/package.json
-
-      - name: Update documentation
-        working-directory: docs/src
-        run: |
-          npm ci --prefer-offline
-          npm run build
-
-      - name: Create commit message variable
-        run: |
-          echo "COMMIT_MESSAGE=chore: update flutter dependencies in version.json for ${{ env.FLUTTER_VERSION }}" >> $GITHUB_ENV
-
-      # TODO: Generate changelog for the new flutter version, that will be the new tag
-      - name: Create pull request if there are changes
-        uses: peter-evans/create-pull-request@dd2324fc52d5d43c699a5636bcf19fceaa70c284 # v7.0.7
-        with:
-          commit-message: ${{ env.COMMIT_MESSAGE }}
-          branch: update-flutter-dependencies/${{ env.FLUTTER_VERSION }}
-          sign-commits: true
-          title: ${{ env.COMMIT_MESSAGE }}
-          token: ${{ steps.generate-token.outputs.token }}

.github/workflows/update_flutter_version.yml

@@ -1,53 +0,0 @@
-on:
-  schedule:
-    - cron: '0 0 * * MON-FRI'
-  workflow_dispatch:
-
-# Declare default permissions as read only.
-permissions:
-  contents: read
-
-jobs:
-  update_flutter_version:
-    permissions:
-      # Allow to write contents to push commits
-      contents: write
-      # Allow to write pull requests to push commits and write comments
-      pull-requests: write
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Generate authentication token with GitHub App to trigger Actions
-        uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1.11.6
-        id: generate-token
-        with:
-          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
-          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
-
-      - name: Update latest Flutter version
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          script: |
-            const script = require('./script/updateFlutterVersion.js')
-            await script({core, fetch})
-
-      - name: Setup CUE
-        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
-
-      - name: Validate version.json with CUE
-        run: cue vet config/version.cue -d '#FlutterVersion' config/flutter_version.json
-
-      - name: Create commit message variable
-        run: |
-          echo "COMMIT_MESSAGE=chore: update flutter version in flutter_version.json to ${{ env.FLUTTER_VERSION }}" >> $GITHUB_ENV
-
-      - name: Create pull request if there are changes
-        uses: peter-evans/create-pull-request@dd2324fc52d5d43c699a5636bcf19fceaa70c284 # v7.0.7
-        with:
-          commit-message: ${{ env.COMMIT_MESSAGE }}
-          branch: update-flutter-version/${{ env.FLUTTER_VERSION }}
-          sign-commits: true
-          title: ${{ env.COMMIT_MESSAGE }}
-          token: ${{ steps.generate-token.outputs.token }}

.github/workflows/update_version.yml

@@ -0,0 +1,239 @@
+on:
+  schedule:
+    - cron: '0 0 * * MON-FRI'
+  workflow_dispatch:
+
+# Declare default permissions as read only.
+permissions:
+  contents: read
+
+jobs:
+  update_flutter_version:
+    permissions:
+      # Allow to write contents to push commits
+      contents: write
+      # Allow to write pull requests to push commits and write comments
+      pull-requests: write
+    runs-on: ubuntu-24.04
+    outputs:
+      new_version: ${{ steps.update_flutter_version.outputs.result }}
+      flutter_version_artifact_id: ${{ steps.upload-version.outputs.artifact-id }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Update latest Flutter version
+        id: update_flutter_version
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const script = require('./script/updateFlutterVersion.js')
+            return await script({core, fetch})
+
+      - name: Setup CUE
+        if: ${{ steps.update_flutter_version.outputs.result == 'true' }}
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
+
+      - name: Validate version.json with CUE
+        if: ${{ steps.update_flutter_version.outputs.result == 'true' }}
+        run: cue vet config/version.cue -d '#FlutterVersion' config/flutter_version.json
+
+      - name: Upload artifact with the new Flutter version
+        if: ${{ steps.update_flutter_version.outputs.result == 'true' }}
+        id: upload-version
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: flutter_version.json
+          path: config/flutter_version.json
+  
+  update_android_version:
+    permissions:
+      # Allow to write contents to push commits
+      contents: write
+      # Allow to read packages to pull the container image from GitHub Container Registry
+      packages: read
+      # Allow to write pull requests to create a pull request
+      pull-requests: write
+    needs: update_flutter_version
+    if: ${{ needs.update_flutter_version.outputs.new_version == 'true' }}
+    outputs:
+      version_artifact_id: ${{ steps.upload-version.outputs.artifact-id }}
+    runs-on: ubuntu-24.04
+    container:
+      image: ghcr.io/${{ github.repository_owner }}/flutter-android:${{ vars.FLUTTER_VERSION }}
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      # TODO: Workaround because actions/download-artifact can't overwrite existing files
+      # Check if this workaround can be removed after the following issues are fixed:
+      # https://github.com/actions/download-artifact/issues/225
+      # https://github.com/actions/download-artifact/issues/138
+      - name: Delete flutter_version.json
+        run: rm config/flutter_version.json
+
+      - name: Download artifact with the new Flutter version
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          artifact-ids: ${{ needs.update_flutter_version.outputs.flutter_version_artifact_id }}
+          path: config
+          # Download to the configured path instead of separated directories by artifact id
+          merge-multiple: true
+
+      - name: Copy Flutter version into version manifest and export FLUTTER_* environment variables
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const script = require('./script/copyFlutterVersion.js')
+            await script({core})
+
+      - name: Update latest Fastlane version
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const script = require('./script/updateFastlaneVersion.js')
+            await script({core, fetch})
+
+      - name: Setup Flutter
+        run: |
+          cd $FLUTTER_ROOT
+          git fetch origin ${{ env.FLUTTER_VERSION }}:${{ env.FLUTTER_VERSION }}
+          git switch --discard-changes ${{ env.FLUTTER_VERSION }}
+
+      # TODO: Create test app in specific folder with step id, to allow parallel execution
+      - name: Create test application
+        run: |
+          flutter create test_app
+
+      # TODO: Cache gradle https://github.com/gradle/gradle-build-action
+      - name: Update default Android platform versions in Flutter
+        working-directory: test_app/android
+        run: |
+          cat ../../script/updateAndroidVersions.gradle.kts >> app/build.gradle.kts
+          ./gradlew --warning-mode all updateAndroidVersions
+
+      - name: Clean test application
+        run: |
+          rm -rf test_app
+
+      - name: Upload artifact with the updated version.json
+        id: upload-version
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: version.json
+          path: config/version.json
+
+  validate_config_version:
+    needs: update_android_version
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      # TODO: Workaround because actions/download-artifact can't overwrite existing files
+      # Check if this workaround can be removed after the following issues are fixed:
+      # https://github.com/actions/download-artifact/issues/225
+      # https://github.com/actions/download-artifact/issues/138
+      - name: Delete version.json
+        run: rm config/version.json
+
+      - name: Download artifact with the new Flutter version
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          artifact-ids: ${{ needs.update_android_version.outputs.version_artifact_id }}
+          path: config
+          # Download to the configured path instead of separated directories by artifact id
+          merge-multiple: true
+
+      - name: Setup CUE
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
+        with:
+          repo: cue-lang/cue
+          tag: v0.13.0
+          digest: 59ba96137da07cd2cdd2e17ec33af81f850126f022f25dd96516f0b42071b6a9
+
+      - name: Validate version.json with CUE
+        run: cue vet config/version.cue -d '#Version' config/version.json
+
+  update_docs_and_create_pr:
+    needs:
+      - update_flutter_version
+      - update_android_version
+      - validate_config_version
+    runs-on: ubuntu-24.04
+    env:
+      IMAGE_REPOSITORY_NAME: flutter-android
+      VERSION_MANIFEST: config/version.json
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      # TODO: Workaround because actions/download-artifact can't overwrite existing files
+      # Check if this workaround can be removed after the following issues are fixed:
+      # https://github.com/actions/download-artifact/issues/225
+      # https://github.com/actions/download-artifact/issues/138
+      - name: Delete flutter_version.json and version.json
+        run: |-
+          rm config/flutter_version.json config/version.json
+
+      - name: Download artifact with the new Flutter version
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          artifact-ids: ${{ needs.update_flutter_version.outputs.flutter_version_artifact_id }},${{ needs.update_android_version.outputs.version_artifact_id }}
+          path: config
+          # Download to the configured path instead of separated directories by artifact id
+          merge-multiple: true
+
+      - name: Setup NodeJS
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          cache: npm
+          cache-dependency-path: docs/src/package-lock.json
+          node-version: lts/*
+
+      - name: Update documentation
+        working-directory: docs/src
+        run: |
+          npm ci --prefer-offline
+          npm run build
+
+      - name: Read environment variables from the version manifest
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
+          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
+          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })      
+
+      - name: Create commit message variable
+        run: |
+          echo "COMMIT_MESSAGE=chore(release): update flutter dependencies in version.json for ${{ env.FLUTTER_VERSION }}" >> $GITHUB_ENV
+
+      - name: Generate authentication token with GitHub App to trigger Actions
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        id: app-token
+        with:
+          app-id: ${{ secrets.VERIFIED_COMMIT_ID }}
+          private-key: ${{ secrets.VERIFIED_COMMIT_KEY }}
+          repositories: ${{ github.event.repository.name }}
+          owner: ${{ github.repository_owner }}
+      
+      # TODO: Generate changelog for the new flutter version, that will be the new tag
+      - name: Create pull request if there are changes
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+          commit-message: ${{ env.COMMIT_MESSAGE }}
+          branch: update-flutter-dependencies/${{ env.FLUTTER_VERSION }}
+          sign-commits: true
+          title: ${{ env.COMMIT_MESSAGE }}
+          token: ${{ steps.app-token.outputs.token }}

.github/workflows/windows.yml

@@ -0,0 +1,99 @@
+on:
+  pull_request:
+  workflow_dispatch:
+
+# Read-only permissions by default
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
+
+jobs:
+  test_windows:
+    permissions:
+      # Allow to write packages for the docker/scout-action to write a comment
+      packages: write
+      # Allow to write pull requests for the docker/scout-action to write a comment
+      pull-requests: write
+      # Allow to write security events for github/codeql-action/upload-sarif to upload SARIF results
+      security-events: write 
+    runs-on: windows-2025
+    env:
+      IMAGE_REPOSITORY_NAME: flutter-android
+      VERSION_MANIFEST: config/version.json
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Read environment variables from the version manifest
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
+          IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
+          VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
+        with:
+          script: |
+            const script = require('./script/setEnvironmentVariables.js')
+            return await script({ core })
+
+      # - name: Load image metadata
+      #   uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+      #   id: metadata
+      #   with:
+      #     images: |
+      #       ${{ env.IMAGE_REPOSITORY_PATH }}
+      #     tags: |
+      #       type=raw,value=${{ env.FLUTTER_VERSION }}
+
+      # - name: Set up Docker Buildx
+      #   uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: Build image and push to local Docker daemon
+        shell: powershell
+        run: |
+          docker build . -f windows.Dockerfile --build-arg flutter_version=${{ env.FLUTTER_VERSION }} -t ${{ env.IMAGE_REPOSITORY_PATH }}
+
+      # - name: Build image and push to local Docker daemon
+      #   uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+      #   with:
+      #     file: windows.Dockerfile
+      #     load: true
+      #     cache-from: type=gha
+      #     cache-to: type=gha,mode=max
+      #     labels: ${{ steps.metadata.outputs.labels }}
+      #     tags: ${{ steps.metadata.outputs.tags }}
+      #     target: android
+      #     build-args: |
+      #       flutter_version=${{ env.FLUTTER_VERSION }}
+
+    #   - name: Test image
+    #     uses: plexsystems/container-structure-test-action@c0a028aa96e8e82ae35be556040340cbb3e280ca # v0.3.0
+    #     with:
+    #       image: ${{ fromJSON(steps.metadata.outputs.json).tags[0] }}
+    #       config: test/android.yml
+
+    #   # TODO: Parallelize testing and vulnerability scanning
+    #   - name: Scan with Docker Scout
+    #     id: docker-scout
+    #     uses: docker/scout-action@0133ff88fe16d4a412dc4827a8fccbccb6b583e0 # v1.16.3
+    #     with:
+    #       command: compare, recommendations
+    #       # Use the Docker Hub image that is the first tag in the metadata
+    #       image: local://${{ fromJson(steps.metadata.outputs.json).tags[0] }}
+    #       # github-token is needed to be able to write the PR comment
+    #       github-token: ${{ github.token }}
+    #       only-fixed: true
+    #       organization: ${{ secrets.DOCKER_HUB_USERNAME }}
+    #       # sarif-file: output.sarif.json
+    #       to-env: prod
+    #       # Enable debug logging when needed
+    #       # debug: true
+    #       # verbose-debug: true

android.Dockerfile

@@ -1,11 +1,11 @@
-FROM debian:12.9-slim@sha256:12c396bd585df7ec21d5679bb6a83d4878bc4415ce926c9e5ea6426d23c60bdc AS flutter
+FROM debian:12.11-slim@sha256:2424c1850714a4d94666ec928e24d86de958646737b1d113f5b2207be44d37d8 AS flutter
 
 SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
 
 ENV LANG=C.UTF-8
 
 # renovate: release=bullseye depName=curl
-ARG CURL_VERSION="7.88.1-10+deb12u8"
+ARG CURL_VERSION="7.88.1-10+deb12u12"
 # renovate: release=bullseye depName=git
 ARG GIT_VERSION="1:2.39.5-0+deb12u2"
 # renovate: release=bullseye depName=lcov
@@ -65,6 +65,7 @@ RUN git clone \
     "$FLUTTER_ROOT" \
     && chown -R flutter:flutter "$FLUTTER_ROOT" \
     && flutter --version \
+    && flutter config --no-cli-animations \
     && dart --disable-analytics \
     && flutter config \
     --no-cli-animations \
@@ -79,10 +80,10 @@ RUN git clone \
     --no-enable-macos-desktop \
     && flutter doctor
 
-COPY --chown=flutter:flutter ./script/docker-entrypoint.sh "$HOME/docker-entrypoint.sh"
-RUN chmod +x "$HOME/docker-entrypoint.sh"
+COPY --chown=flutter:flutter ./script/docker_linux_entrypoint.sh "$HOME/docker_entrypoint.sh"
+RUN chmod +x "$HOME/docker_entrypoint.sh"
 
-ENTRYPOINT [ "/home/flutter/docker-entrypoint.sh" ]
+ENTRYPOINT [ "/home/flutter/docker_entrypoint.sh" ]
 
 #-----------------------------------------------
 #-----------------------------------------------
@@ -149,7 +150,7 @@ ENV ANDROID_HOME="$SDK_ROOT/android-sdk" \
 ENV PATH="$PATH:$ANDROID_HOME/cmdline-tools/latest/bin:$ANDROID_HOME/platform-tools:$HOME/.local/bin"
 
 # renovate: release=bullseye depName=openjdk-17-jdk-headless
-ARG OPENJDK_17_JDK_HEADLESS_VERSION="17.0.14+7-1~deb12u1"
+ARG OPENJDK_17_JDK_HEADLESS_VERSION="17.0.15+6-1~deb12u1"
 # renovate: release=bullseye depName=sudo
 ARG SUDO_VERSION="1.9.13p3-1+deb12u1"
 

config/flutter_version.json

@@ -1,7 +1,7 @@
 {
     "flutter": {
         "channel": "stable",
-        "commit": "c23637390482d4cf9598c3ce3f2be31aa7332daf",
-        "version": "3.29.2"
+        "commit": "edada7c56edf4a183c1735310e123c7f923584f1",
+        "version": "3.32.8"
     }
 }

config/version.json

@@ -1,8 +1,8 @@
 {
     "flutter": {
         "channel": "stable",
-        "commit": "c23637390482d4cf9598c3ce3f2be31aa7332daf",
-        "version": "3.29.2"
+        "commit": "edada7c56edf4a183c1735310e123c7f923584f1",
+        "version": "3.32.8"
     },
     "android": {
         "platforms": [
@@ -11,13 +11,13 @@
             }
         ],
         "gradle": {
-            "version": "8.10.2"
+            "version": "8.12"
         },
         "buildTools": {
             "version": "34.0.0"
         },
         "cmdlineTools": {
-            "version": "12.0"
+            "version": "19.0"
         },
         "ndk": {
             "version": "26.3.11579264"
@@ -27,6 +27,6 @@
         }
     },
     "fastlane": {
-        "version": "2.227.0"
+        "version": "2.228.0"
     }
 }

docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   flutter:
     build:
-      context: .
+      dockerfile: ./android.Dockerfile
       target: flutter
       args:
         flutter_version: $FLUTTER_VERSION
@@ -10,7 +10,6 @@ services:
   
   fastlane:
     build:
-      context: .
       target: fastlane
       args:
         flutter_version: $FLUTTER_VERSION
@@ -20,7 +19,7 @@ services:
   
   android:
     build:
-      context: .
+      dockerfile: ./android.Dockerfile
       target: android
       args:
         flutter_version: $FLUTTER_VERSION
@@ -31,3 +30,9 @@ services:
         cmake_version: $CMAKE_VERSION
     environment:
       ENABLE_ANALYTICS: $ENABLE_ANALYTICS
+
+  windows:
+    build:
+      dockerfile: ./windows.Dockerfile
+      args:
+        flutter_version: $FLUTTER_VERSION

docs/contributing.md

@@ -6,4 +6,10 @@
 
 When adding new Github Actions the `.github\renovate.json` needs to be checked and add the new action to:
 
-* the automerge array if it's not an important action
+* the automerge array if it's not an important action
+
+### Dockerfile stages
+
+1. `flutter` stage hast only the dependencies required to install flutter and common tools used by flutter internal commands, like `git`.
+2. `fastlane` stage has the dependencies required to install fastlane but doesn't install fastlane.
+3. `android` stage has the dependencies required to install the Android SDK and to develop Flutter apps for Android.

docs/src/compile.js

@@ -0,0 +1,31 @@
+import { writeFile } from 'node:fs/promises'
+import { mdxToMd } from 'mdx-to-md'
+import { resolve } from 'node:path'
+import remarkGfm from 'remark-gfm'
+import remarkToc from 'remark-toc'
+
+/**
+ * @see https://github.com/kentcdodds/mdx-bundler?tab=readme-ov-file#mdxoptions
+ */
+function mdxOptions(options) {
+  options.remarkPlugins = [
+    ...(options.remarkPlugins ?? []),
+    remarkGfm,
+    remarkToc,
+  ]
+
+  return options
+}
+
+const args = process.argv.slice(2)
+const sourceRelativePath = args[0]
+const outputRelativePath = args[1]
+const markdown = await mdxToMd(resolve(sourceRelativePath), {
+  mdxOptions,
+})
+const banner = `This markdown file was auto-generated from "${sourceRelativePath}"`
+const readme = `<!--- ${banner} -->\n\n${markdown}`
+
+await writeFile(outputRelativePath, readme)
+
+console.log(`📝 Converted ${sourceRelativePath} -> ${outputRelativePath}`)

docs/src/content.mdx

@@ -5,7 +5,9 @@ export const androidJson = versionJson.android
 export const gradleVersion = androidJson.gradle.version
 export const buildToolsVersion = androidJson.buildTools.version
 export const repositoryPath = 'gmeligio/flutter-android'
-export const imageUri = `${repositoryPath}:${flutterVersion}`
+export const dockerHubUri = `${repositoryPath}:${flutterVersion}`
+export const githubUri = `ghcr.io/${dockerHubUri}`
+export const quayUri = `quay.io/${dockerHubUri}`
 export const androidPlatformVersions = androidJson.platforms.map(p => p.version).join(', ')
 export const androidNdkVersion = androidJson.ndk.version
 export const dockerHubUrl = `https://hub.docker.com/r/${repositoryPath}`
@@ -17,6 +19,8 @@ Docker images for Flutter Continuous Integration (CI). The source is available [
 
 The images includes the minimum tools to run Flutter and build apps. The versions of the tools installed are based on the official [Flutter](https://github.com/flutter/flutter) repository. The final goal is that Flutter doesn't need to download anything like tools or SDKs when running the container.
 
+## Contents
+
 ## Features
 
 - Installed Flutter SDK {flutterVersion}.
@@ -32,50 +36,40 @@ Predownloaded SDKs and tools in Android:
 - Android NDK: {androidNdkVersion}
 - Gradle: {gradleVersion}
 
-## Alpha Stability
-
-The images are experimental and are in active development. They are being used for small projects but there is no confirmation of production usage yet.
-
 ## Running Containers
 
-Registries:
-
-- <a href={dockerHubUrl}>Docker Hub</a>
-- [Github Container Registry](https://github.com/gmeligio/flutter-docker-image/pkgs/container/flutter-android)
-- <a href={quayUrl}>Quay</a>
+| Registry                  | flutter-android                                        |
+|---------------------------|--------------------------------------------------------|
+| Docker Hub                | <a href={dockerHubUrl}>{dockerHubUri}</a>    |
+| GitHub Container Registry | <a href="https://github.com/gmeligio/flutter-docker-image/pkgs/container/flutter-android">{githubUri}</a> |
+| Quay                      | <a href={quayUrl}>{quayUri}</a> |
 
 On the terminal:
 <pre><code className="language-bash">
-{`# From Docker Hub
-docker run --rm -it ${imageUri} bash
-
-# From GitHub Container Registry
-docker run --rm -it ghcr.io/${imageUri} bash
-
-# From Quay.io
-docker run --rm -it quay.io/${imageUri} bash`}
+{`# From GitHub Container Registry
+docker run --rm -it ${githubUri} bash`}
 </code></pre>
 
 On a workflow in GitHub Actions:
 <pre><code className="language-yaml">
 {`jobs:
-  build:
-    runs-on: ubuntu-22.04
-    container:
-      image: ghcr.io/${imageUri}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Build
-        run: flutter build apk`}
+    build:
+      runs-on: ubuntu-22.04
+      container:
+        image: ${githubUri}
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v2
+        - name: Build
+          run: flutter build apk`}
 </code></pre>
 
 On a `.gitlab-ci.yml` in GitLab CI:
 <pre><code className="language-yaml">
 {`build:
-  image: ghcr.io/${imageUri}
-  script:
-    - flutter build apk`}
+    image: ${githubUri}
+    script:
+      - flutter build apk`}
 </code></pre>
 
 Fastlane:
@@ -89,45 +83,37 @@ bundle install --prefer-local
 bundle exec fastlane`}
 </code></pre>
 
-## Versions
+## Tags
 
-There is no `latest` Docker tag on purpose. You need to specify the version of the image you want to use. The reason for that is that `latest` is a dynamic tag that can be confusing when reading the image URI because doesn't necessarily point to the latest image built and can cause unexpected behavior when rerunning a past CI job that runs with an overwritten latest tags. There are multiple articles explaining more about this reasoning like [What's Wrong With The Docker :latest Tag?](https://vsupalov.com/docker-latest-tag/) and [The misunderstood Docker tag: latest](https://medium.com/@mccode/the-misunderstood-docker-tag-latest-af3babfd6375).
-
-The tag is composed of the Flutter version used to build the image. For example:
-- Docker image: {imageUri}
+Every new tag on the flutter stable channel gets built. The tag is composed of the Flutter version used to build the image:
+- Docker image: {dockerHubUri}
 - Flutter version: {flutterVersion}
 
-## Developing Locally
+## Building Locally
 
-### Running The Container
+The android.Dockerfile expects a few arguments:
 
-The Dockerfile expects a few parameters:
 - `flutter_version <string>`: The version of Flutter to use when building. Example: {flutterVersion}
 - `android_build_tools_version <string>`: The version of the Android SDK Build Tools to install. Example: {buildToolsVersion}
-- `android_platform_versions <list>`: The versions of the Android SDK Platforms to install, separated by spaces. Example: 28 31 33
+- `android_platform_versions <list>`: The versions of the Android SDK Platforms to install, separated by spaces. Example: {androidPlatformVersions}
   
 <pre><code className="language-bash">
 {`# Android
 docker build --target android --build-arg flutter_version=${flutterVersion} --build-arg fastlane_version=${fastlaneVersion} --build-arg android_build_tools_version=${buildToolsVersion} --build-arg android_platform_versions="${androidPlatformVersions}" -t android-test .`}
 </code></pre>
 
-### Dockerfile stages
-
-The base image is `debian/debian:12-slim` and from there multiple stages are created:
-1. `flutter` stage hast only the dependencies required to install flutter and common tools used by flutter internal commands, like `git`.
-1. `fastlane` stage has the dependencies required to install fastlane but doesn't install fastlane.
-1. `android` stage has the dependencies required to install the Android SDK and to develop Flutter apps for Android.
-
 ## Roadmap
 
 - Minimal image with predownloaded SDKs and tools ready to run `flutter` commands for the platforms:
-   - [ ] iOS
-   - [ ] Linux
-   - [ ] Windows
-   - [ ] Web
+   
+   - iOS
+   - Linux
+   - Windows
+   - Web
 
 - Android features:
-   - [ ] Android emulator
+   
+   - Android emulator
 
 ## FAQ
 
@@ -135,24 +121,14 @@ The base image is `debian/debian:12-slim` and from there multiple stages are cre
 
 The storage of the images starts to cost after 50 GB and increases with every pushed image because the AWS Free Tier covers up to 50 GB of total storage for free in ECR Public.
 
+## Why there is no dynamic tag like `latest`?
+
+There is no `latest` Docker tag on purpose. You need to specify the version of the image you want to use. The reason for that is that `latest` can cause unexpected behavior when rerunning a past CI job that was expected to use the old build of the `latest` tag. There are multiple articles explaining more about this reasoning like [What's Wrong With The Docker :latest Tag?](https://vsupalov.com/docker-latest-tag/) and [The misunderstood Docker tag: latest](https://medium.com/@mccode/the-misunderstood-docker-tag-latest-af3babfd6375).
+
 ## Contributing
 
 See [Contributing](docs/contributing.md).
 
-## Other Docker projects for mobile development
-
-- [docker-android-fastlane](https://github.com/softartdev/docker-android-fastlane)
-
-## Acknowledgments
-
-- [docker-android-build-box](https://github.com/mingchen/docker-android-build-box)
-- [flutter-fastlane-android](https://github.com/gmemstr/flutter-fastlane-android)
-- [circleci-images](https://github.com/circleci/circleci-images)
-- [docker-images-android](https://github.com/cirruslabs/docker-images-android)
-- [docker-images-flutter](https://github.com/cirruslabs/docker-images-flutter)
-- [flutter-docker-image](https://github.com/instrumentisto/flutter-docker-image)
-- [DockerFlutter](https://github.com/fischerscode/DockerFlutter)
-
 ## License
 
 Flutter is licensed under [BSD 3-Clause "New" or "Revised" license](https://github.com/flutter/flutter/blob/master/LICENSE).
@@ -161,4 +137,4 @@ As with all Docker images, these likely also contain other software which may be
 
 As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
 
-The [sources](https://github.com/gmeligio/flutter-docker-image) for producing gmeligio/flutter-android Docker images are licensed under [MIT License](LICENSE.md).
+The [sources](https://github.com/gmeligio/flutter-docker-image) for producing {repositoryPath} Docker images are licensed under [MIT License](LICENSE.md).

docs/src/contributing.mdx

@@ -5,3 +5,9 @@
 When adding new Github Actions the `.github\renovate.json` needs to be checked and add the new action to:
 
 - the automerge array if it's not an important action
+
+### Dockerfile stages
+
+1. `flutter` stage hast only the dependencies required to install flutter and common tools used by flutter internal commands, like `git`.
+2. `fastlane` stage has the dependencies required to install fastlane but doesn't install fastlane.
+3. `android` stage has the dependencies required to install the Android SDK and to develop Flutter apps for Android.

docs/src/package.json

@@ -3,20 +3,22 @@
   "version": "1.0.0",
   "description": "",
   "main": "index.js",
+  "type": "module",
   "scripts": {
     "build": "npm run readme && npm run contributing && npm run license",
-    "readme": "cross-env NODE_ENV=production mdx-to-md readme.mdx ../../readme.md",
-    "license": "cross-env NODE_ENV=production mdx-to-md license.mdx ../../LICENSE.md",
-    "contributing": "cross-env NODE_ENV=production mdx-to-md contributing.mdx ../contributing.md",
+    "readme": "cross-env NODE_ENV=production node compile.js readme.mdx ../../readme.md",
+    "license": "cross-env NODE_ENV=production node compile.js license.mdx ../../LICENSE.md",
+    "contributing": "cross-env NODE_ENV=production node compile.js contributing.mdx ../contributing.md",
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "cross-env": "^7.0.3",
-    "mdx-to-md": "^0.3.2"
-  },
-  "volta": {
-    "node": "22.14.0"
+    "cross-env": "^10.0.0",
+    "mdx-to-md": "^0.5.0",
+    "react": "^19.1.0",
+    "react-dom": "^19.1.0",
+    "remark-gfm": "^4.0.1",
+    "remark-toc": "^9.0.0"
   }
 }

readme.md

@@ -8,12 +8,25 @@ Docker images for Flutter Continuous Integration (CI). The source is available [
 
 The images includes the minimum tools to run Flutter and build apps. The versions of the tools installed are based on the official [Flutter](https://github.com/flutter/flutter) repository. The final goal is that Flutter doesn't need to download anything like tools or SDKs when running the container.
 
+## Contents
+
+* [Features](#features)
+* [Running Containers](#running-containers)
+* [Tags](#tags)
+* [Building Locally](#building-locally)
+* [Roadmap](#roadmap)
+* [FAQ](#faq)  
+   * [Why the images are not published in the AWS ECR Public registry?](#why-the-images-are-not-published-in-the-aws-ecr-public-registry)
+* [Why there is no dynamic tag like latest?](#why-there-is-no-dynamic-tag-like-latest)
+* [Contributing](#contributing)
+* [License](#license)
+
 ## Features
 
-* Installed Flutter SDK 3.29.2.
+* Installed Flutter SDK 3.32.8.
 * Analytics disabled by default, opt-in if `ENABLE_ANALYTICS` environment variable is passed when running the container.
 * Rootless user `flutter:flutter`, with permissions to run on Github workflows and GitLab CI.
-* Cached Fastlane gem 2.227.0.
+* Cached Fastlane gem 2.228.0.
 * Minimal image with predownloaded SDKs and tools ready to run `flutter` commands for the Android platform.
 
 Predownloaded SDKs and tools in Android:
@@ -21,31 +34,21 @@ Predownloaded SDKs and tools in Android:
 * Licenses accepted
 * Android SDK Platforms: 35
 * Android NDK: 26.3.11579264
-* Gradle: 8.10.2
-
-## Alpha Stability
-
-The images are experimental and are in active development. They are being used for small projects but there is no confirmation of production usage yet.
+* Gradle: 8.12
 
 ## Running Containers
 
-Registries:
-
-* [Docker Hub](https://hub.docker.com/r/gmeligio/flutter-android)
-* [Github Container Registry](https://github.com/gmeligio/flutter-docker-image/pkgs/container/flutter-android)
-* [Quay](https://quay.io/repository/gmeligio/flutter-android)
+| Registry                  | flutter-android                                                                                                            |
+| ------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
+| Docker Hub                | [gmeligio/flutter-android:3.32.8](https://hub.docker.com/r/gmeligio/flutter-android)                                       |
+| GitHub Container Registry | [ghcr.io/gmeligio/flutter-android:3.32.8](https://github.com/gmeligio/flutter-docker-image/pkgs/container/flutter-android) |
+| Quay                      | [quay.io/gmeligio/flutter-android:3.32.8](https://quay.io/repository/gmeligio/flutter-android)                             |
 
 On the terminal:
 
 ```bash
-# From Docker Hub
-docker run --rm -it gmeligio/flutter-android:3.29.2 bash
-
 # From GitHub Container Registry
-docker run --rm -it ghcr.io/gmeligio/flutter-android:3.29.2 bash
-
-# From Quay.io
-docker run --rm -it quay.io/gmeligio/flutter-android:3.29.2 bash
+docker run --rm -it ghcr.io/gmeligio/flutter-android:3.32.8 bash
 ```
 
 On a workflow in GitHub Actions:
@@ -55,7 +58,7 @@ jobs:
   build:
     runs-on: ubuntu-22.04
     container:
-      image: ghcr.io/gmeligio/flutter-android:3.29.2
+      image: ghcr.io/gmeligio/flutter-android:3.32.8
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -67,7 +70,7 @@ On a `.gitlab-ci.yml` in GitLab CI:
 
 ```yaml
 build:
-  image: ghcr.io/gmeligio/flutter-android:3.29.2
+  image: ghcr.io/gmeligio/flutter-android:3.32.8
   script:
     - flutter build apk
 ```
@@ -84,47 +87,35 @@ bundle install --prefer-local
 bundle exec fastlane
 ```
 
-## Versions
+## Tags
 
-There is no `latest` Docker tag on purpose. You need to specify the version of the image you want to use. The reason for that is that `latest` is a dynamic tag that can be confusing when reading the image URI because doesn't necessarily point to the latest image built and can cause unexpected behavior when rerunning a past CI job that runs with an overwritten latest tags. There are multiple articles explaining more about this reasoning like [What's Wrong With The Docker :latest Tag?](https://vsupalov.com/docker-latest-tag/) and [The misunderstood Docker tag: latest](https://medium.com/@mccode/the-misunderstood-docker-tag-latest-af3babfd6375).
+Every new tag on the flutter stable channel gets built. The tag is composed of the Flutter version used to build the image:
 
-The tag is composed of the Flutter version used to build the image. For example:
+* Docker image: gmeligio/flutter-android:3.32.8
+* Flutter version: 3.32.8
 
-* Docker image: gmeligio/flutter-android:3.29.2
-* Flutter version: 3.29.2
+## Building Locally
 
-## Developing Locally
+The android.Dockerfile expects a few arguments:
 
-### Running The Container
-
-The Dockerfile expects a few parameters:
-
-* `flutter_version <string>`: The version of Flutter to use when building. Example: 3.29.2
+* `flutter_version <string>`: The version of Flutter to use when building. Example: 3.32.8
 * `android_build_tools_version <string>`: The version of the Android SDK Build Tools to install. Example: 34.0.0
-* `android_platform_versions <list>`: The versions of the Android SDK Platforms to install, separated by spaces. Example: 28 31 33
+* `android_platform_versions <list>`: The versions of the Android SDK Platforms to install, separated by spaces. Example: 35
 
 ```bash
 # Android
-docker build --target android --build-arg flutter_version=3.29.2 --build-arg fastlane_version=2.227.0 --build-arg android_build_tools_version=34.0.0 --build-arg android_platform_versions="35" -t android-test .
+docker build --target android --build-arg flutter_version=3.32.8 --build-arg fastlane_version=2.228.0 --build-arg android_build_tools_version=34.0.0 --build-arg android_platform_versions="35" -t android-test .
 ```
 
-### Dockerfile stages
-
-The base image is `debian/debian:12-slim` and from there multiple stages are created:
-
-1. `flutter` stage hast only the dependencies required to install flutter and common tools used by flutter internal commands, like `git`.
-2. `fastlane` stage has the dependencies required to install fastlane but doesn't install fastlane.
-3. `android` stage has the dependencies required to install the Android SDK and to develop Flutter apps for Android.
-
 ## Roadmap
 
 * Minimal image with predownloaded SDKs and tools ready to run `flutter` commands for the platforms:  
-   * \[ \] iOS  
-   * \[ \] Linux  
-   * \[ \] Windows  
-   * \[ \] Web
+   * iOS  
+   * Linux  
+   * Windows  
+   * Web
 * Android features:  
-   * \[ \] Android emulator
+   * Android emulator
 
 ## FAQ
 
@@ -132,24 +123,14 @@ The base image is `debian/debian:12-slim` and from there multiple stages are cre
 
 The storage of the images starts to cost after 50 GB and increases with every pushed image because the AWS Free Tier covers up to 50 GB of total storage for free in ECR Public.
 
+## Why there is no dynamic tag like `latest`?
+
+There is no `latest` Docker tag on purpose. You need to specify the version of the image you want to use. The reason for that is that `latest` can cause unexpected behavior when rerunning a past CI job that was expected to use the old build of the `latest` tag. There are multiple articles explaining more about this reasoning like [What's Wrong With The Docker :latest Tag?](https://vsupalov.com/docker-latest-tag/) and [The misunderstood Docker tag: latest](https://medium.com/@mccode/the-misunderstood-docker-tag-latest-af3babfd6375).
+
 ## Contributing
 
 See [Contributing](docs/contributing.md).
 
-## Other Docker projects for mobile development
-
-* [docker-android-fastlane](https://github.com/softartdev/docker-android-fastlane)
-
-## Acknowledgments
-
-* [docker-android-build-box](https://github.com/mingchen/docker-android-build-box)
-* [flutter-fastlane-android](https://github.com/gmemstr/flutter-fastlane-android)
-* [circleci-images](https://github.com/circleci/circleci-images)
-* [docker-images-android](https://github.com/cirruslabs/docker-images-android)
-* [docker-images-flutter](https://github.com/cirruslabs/docker-images-flutter)
-* [flutter-docker-image](https://github.com/instrumentisto/flutter-docker-image)
-* [DockerFlutter](https://github.com/fischerscode/DockerFlutter)
-
 ## License
 
 Flutter is licensed under [BSD 3-Clause "New" or "Revised" license](https://github.com/flutter/flutter/blob/master/LICENSE).

script/build_windows.sh

@@ -0,0 +1,5 @@
+# cmake generate
+cmake -S . -B ../build/windows/x64 -G "Visual Studio 16 2019" -A x64 -DFLUTTER_TARGET_PLATFORM=windows-x64
+
+# cmake build
+cmake --build ../build/windows/x64 --config Release --target INSTALL --verbose

script/copyFlutterVersion.js

@@ -1,27 +1,46 @@
+const fs = require('fs')
+const path = require('path')
+
 module.exports = async ({ core }) => {
-  const fs = require('fs')
+  try {
+    const flutterVersionPath = 'config/flutter_version.json'
 
-  const flutterVersionPath = 'config/flutter_version.json'
-  const flutterVersionData = fs.readFileSync(flutterVersionPath, 'utf8')
-  const fluterVersionJson = JSON.parse(flutterVersionData)
+    if (
+      !fs.existsSync(flutterVersionPath) ||
+      fs.lstatSync(flutterVersionPath).isDirectory()
+    ) {
+      throw new Error(`${flutterVersionPath} is missing or is a directory.`)
+    }
 
-  const versionPath = 'config/version.json'
-  const versionData = fs.readFileSync(versionPath, 'utf8')
-  let versionJson = JSON.parse(versionData)
+    const flutterVersionData = fs.readFileSync(flutterVersionPath, 'utf8')
+    const flutterVersionJson = JSON.parse(flutterVersionData)
 
-  const resultPath = 'config/version.json'
-  const result = {
-    ...versionJson,
-    ...fluterVersionJson,
+    const versionPath = 'config/version.json'
+    if (
+      !fs.existsSync(versionPath) ||
+      fs.lstatSync(versionPath).isDirectory()
+    ) {
+      throw new Error(`${versionPath} is missing or is a directory.`)
+    }
+
+    const versionData = fs.readFileSync(versionPath, 'utf8')
+    let versionJson = JSON.parse(versionData)
+
+    const resultPath = 'config/version.json'
+    const result = {
+      ...versionJson,
+      ...flutterVersionJson,
+    }
+
+    const resultJson = JSON.stringify(result, null, 4)
+    fs.writeFileSync(resultPath, `${resultJson}\n`)
+
+    const version = flutterVersionJson.flutter.version
+    const channel = flutterVersionJson.flutter.channel
+
+    core.exportVariable('FLUTTER_VERSION', version)
+    core.exportVariable('FLUTTER_CHANNEL', channel)
+  } catch (error) {
+    core.setFailed(`Error in copyFlutterVersion script: ${error.message}`)
   }
-
-  resultJson = JSON.stringify(result, null, 4)
-  fs.writeFileSync(resultPath, `${resultJson}\n`)
-
-  const version = fluterVersionJson.flutter.version
-  const channel = fluterVersionJson.flutter.channel
-
-  // Export FLUTTER_VERSION and FLUTTER_CHANNEL for the next workflow steps
-  core.exportVariable('FLUTTER_VERSION', version)
-  core.exportVariable('FLUTTER_CHANNEL', channel)
 }

script/docker_windows_entrypoint.ps1

@@ -0,0 +1,26 @@
+$analytic_tools_str = "Dart, Flutter and Fastlane"
+
+if ($env:ENABLE_ANALYTICS -eq "true") {
+    Write-Output "Received 'ENABLE_ANALYTICS=true'.`nEnabling analytics for $analytic_tools_str."
+
+    dart --enable-analytics
+    flutter config --analytics
+
+    if (Test-Path env:FASTLANE_OPT_OUT_USAGE) {
+        Remove-Item env:FASTLANE_OPT_OUT_USAGE
+    }
+}
+else {
+    dart --disable-analytics
+    flutter --disable-analytics
+    $env:POWERSHELL_TELEMETRY_OPTOUT = 1
+    $env:FASTLANE_OPT_OUT_USAGE = "YES"
+    # TODO: $env:COCOAPODS_DISABLE_STATS = 1
+}
+
+if ($args.length -gt 0) {
+    Invoke-Expression "$args"
+}
+else {
+    powershell
+}

script/setEnvironmentVariables.js

@@ -0,0 +1,43 @@
+module.exports = async ({ core }) => {
+  const { VERSION_MANIFEST, GITHUB_REPOSITORY_OWNER, IMAGE_REPOSITORY_NAME } =
+    process.env
+
+  if (!VERSION_MANIFEST) {
+    core.setFailed('Environment variable VERSION_MANIFEST is required.')
+    return false
+  }
+
+  if (!GITHUB_REPOSITORY_OWNER) {
+    core.setFailed('Environment variable GITHUB_REPOSITORY_OWNER is required.')
+    return false
+  }
+
+  if (!IMAGE_REPOSITORY_NAME) {
+    core.setFailed('Environment variable IMAGE_REPOSITORY_NAME is required.')
+    return false
+  }
+
+  const fs = require('fs')
+  const text = fs.readFileSync(VERSION_MANIFEST, 'utf8')
+  const data = JSON.parse(text)
+
+  const platforms = data.android.platforms
+    .map((platform) => platform.version)
+    .join(' ')
+
+  core.exportVariable('FLUTTER_VERSION', data.flutter.version)
+  core.exportVariable('FASTLANE_VERSION', data.fastlane.version)
+  core.exportVariable(
+    'ANDROID_BUILD_TOOLS_VERSION',
+    data.android.buildTools.version
+  )
+  core.exportVariable('ANDROID_PLATFORM_VERSIONS', platforms)
+  core.exportVariable('ANDROID_NDK_VERSION', data.android.ndk.version)
+  core.exportVariable('CMAKE_VERSION', data.android.cmake.version)
+  core.exportVariable(
+    'IMAGE_REPOSITORY_PATH',
+    `${GITHUB_REPOSITORY_OWNER}/${IMAGE_REPOSITORY_NAME}`
+  )
+
+  return true
+}

script/set_environment_variables.sh

@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-
-{
-    echo "FLUTTER_VERSION=$(cue eval -e 'flutter.version' "$VERSION_MANIFEST" | tr -d '"')"
-
-    echo "FASTLANE_VERSION=$(cue eval -e 'fastlane.version' "$VERSION_MANIFEST" | tr -d '"')"
-
-    echo "ANDROID_BUILD_TOOLS_VERSION=$(cue eval -e 'android.buildTools.version' "$VERSION_MANIFEST" | tr -d '"')"
-
-    echo "ANDROID_PLATFORM_VERSIONS=$(cue eval -e 'strings.Join([for p in android.platforms {"\(p.version)"}], " ")' "$VERSION_MANIFEST" | tr -d '"\n')"
-
-    echo "ANDROID_NDK_VERSION=$(cue eval -e 'android.ndk.version' "$VERSION_MANIFEST" | tr -d '"')"
-
-    echo "CMAKE_VERSION=$(cue eval -e 'android.cmake.version' "$VERSION_MANIFEST" | tr -d '"')"
-
-    echo "IMAGE_REPOSITORY_PATH=$GITHUB_REPOSITORY_OWNER/$IMAGE_REPOSITORY_NAME"
-} >>"$GITHUB_ENV"

script/updateFlutterVersion.js

@@ -10,22 +10,21 @@ module.exports = async ({ core, fetch }) => {
    * @param {*} fileUrl
    * @returns object|boolean
    */
-  async function downloadReleases(fileUrl) {
+  async function downloadReleases(core, fileUrl) {
     try {
       const response = await fetch(fileUrl)
 
       return response.json()
     } catch (error) {
-      console.error(
-        `An error occurred while requesting the file URL: ${fileUrl}`,
-        error
+      core.error(
+        `An error occurred while requesting the file URL ${fileUrl}: ${error}`
       )
 
       return false
     }
   }
 
-  const linuxReleasesResponse = await downloadReleases(linuxReleasesUrl)
+  const linuxReleasesResponse = await downloadReleases(core, linuxReleasesUrl)
 
   if (linuxReleasesResponse === false) {
     core.setFailed(
@@ -46,6 +45,12 @@ module.exports = async ({ core, fetch }) => {
 
   const { version, channel, hash: commit } = latestRelease
 
+  if (oldJson.flutter.version === version) {
+    core.info(`Flutter version ${version} is already set.`)
+
+    return false
+  }
+
   // Update result file, i.e. version.json
   const newJson = {
     ...oldJson,
@@ -60,4 +65,6 @@ module.exports = async ({ core, fetch }) => {
   resultJson = JSON.stringify(newJson, null, 4)
   fs.writeFileSync(resultPath, `${resultJson}\n`)
   core.exportVariable('FLUTTER_VERSION', version)
+
+  return true
 }

script/update_changelog.sh

@@ -1,3 +1,3 @@
 # TODO: Add image registry URLs to the release changelog
 
-npx git-cliff -t 3.29.2 -c github-keepachangelog -o changelog.md
+npx git-cliff -t 3.29.3 -o changelog.md

test/android.yml

@@ -84,12 +84,12 @@ commandTests:
     excludedOutput:
       - Sending anonymous analytics information
 fileContentTests:
-  - name: Android SDK Command-line Tools is version 12.0
+  - name: Android SDK Command-line Tools is version 19.0
     path: /home/flutter/sdks/android-sdk/cmdline-tools/latest/source.properties
     expectedContents:
       - |-
-        Pkg.Revision=12.0
-        Pkg.Path=cmdline-tools;12.0
+        Pkg.Revision=19.0
+        Pkg.Path=cmdline-tools;19.0
         Pkg.Desc=Android SDK Command-line Tools
   - name: Dart and Flutter analytics are disabled
     path: /home/flutter/.dart-tool/dart-flutter-telemetry.config

windows.Dockerfile

@@ -0,0 +1,88 @@
+# escape=`
+
+FROM mcr.microsoft.com/windows/servercore:ltsc2025@sha256:e4d4b91f739636a7288d0189be0c5d61dccfd719e3d42af3ae591f77e41e58d5 as flutter
+
+SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
+
+ARG git_version=2.46.0
+ARG git_installation_path="C:\Program Files\Git"
+
+# TODO: Find a way to pass $env:USERPROFILE instead of hardcoding C:\Users\ContainerUser. It's hardcoded because  environment variables in Windows container works by setting for the Machine scope and that will have $env:USERPROFILE as C:\Users\ContainerAdministrator instead.
+ENV USERPROFILE="C:\Users\ContainerUser"
+ENV SDK_ROOT="${USERPROFILE}\sdks"
+ENV FLUTTER_ROOT="${SDK_ROOT}\flutter"
+# Set FLUTTER_GIT_URL to fix warning: "Upstream repository unknown source is not a standard remote. Set environment variable "FLUTTER_GIT_URL" to unknown source to dismiss this error."
+ENV FLUTTER_GIT_URL="unknown source"
+
+WORKDIR "$USERPROFILE"
+
+# Install Git because is required by Flutter
+RUN $installer = \"MinGit-${env:git_version}-busybox-64-bit.zip\"; `
+    $url = \"https://github.com/git-for-windows/git/releases/download/v${env:git_version}.windows.1/${installer}\"; `
+    Invoke-WebRequest -Uri "$url" -OutFile "$installer"; `
+    Expand-Archive -Path "$installer" -DestinationPath "$env:git_installation_path"; `
+    Remove-Item -Path "$installer"; 
+
+# The user ContainerAdministrator must be used because is the one that has permissions to set the system PATH
+USER ContainerAdministrator
+
+# The PATH variable will be updated in the next shell session, so the RUN command that sets the PATH needs to be separated from the one that uses it
+RUN [Environment]::SetEnvironmentVariable('PATH', \"${env:PATH};${env:git_installation_path}\cmd;${env:git_installation_path}\usr\bin;${env:FLUTTER_ROOT}\bin;${env:FLUTTER_ROOT}\bin\cache\dart-sdk\bin;C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\msbuild\current\bin\", 'Machine');
+
+# MinGit has a circular reference in its global configuration, which causes git to crash
+# See https://github.com/git-for-windows/git/issues/2387#issuecomment-679367609
+# hadolint ignore=DL3059
+RUN $env:GIT_CONFIG_NOSYSTEM=1; git config --system --unset-all include.path;
+
+# Switch to the non-admin user when the admin user is not needed anymore
+USER ContainerUser
+
+ARG flutter_version
+
+RUN git clone `
+    --depth 1 `
+    --branch "$env:flutter_version" `
+    https://github.com/flutter/flutter `
+    "$env:FLUTTER_ROOT"; `
+    # To fix fatal: detected dubious ownership in repository at 'C:/Users/ContainerUser/sdks/flutter/.git' owned by BUILTIN/Administrators but the current user is: User Manager/ContainerUser
+    git config --global --add safe.directory "$env:FLUTTER_ROOT"; `
+    flutter --version; `
+    dart --disable-analytics; `
+    flutter config `
+    --no-cli-animations `
+    --no-analytics `
+    --no-enable-android `
+    --no-enable-web `
+    --no-enable-linux-desktop `
+    --enable-windows-desktop `
+    --no-enable-fuchsia `
+    --no-enable-custom-devices `
+    --no-enable-ios `
+    --no-enable-macos-desktop; `
+    flutter doctor --verbose; `
+    flutter precache --windows; `
+    flutter create build_app;
+
+
+# The user ContainerAdministrator must be used because is the one that has permissions to install with vs_BuildTools
+USER ContainerAdministrator
+# Download the Build Tools bootstrapper
+# See https://learn.microsoft.com/en-us/visualstudio/install/build-tools-container?view=vs-2022
+RUN Invoke-WebRequest -Uri https://aka.ms/vs/17/release/vs_buildtools.exe -OutFile vs_BuildTools.exe; `
+    Start-Process vs_BuildTools.exe -ArgumentList '--quiet --wait --norestart --nocache `
+    --add Microsoft.VisualStudio.Component.VC.CMake.Project `
+    --add Microsoft.VisualStudio.Component.Windows11SDK.22621 `
+    --add Microsoft.VisualStudio.Workload.VCTools' `
+    -Wait; `
+    Remove-Item vs_BuildTools.exe;
+USER ContainerUser
+
+WORKDIR "$USERPROFILE/build_app"
+RUN flutter build windows;
+
+WORKDIR "$USERPROFILE"
+COPY ./script/docker_windows_entrypoint.ps1 "docker_entrypoint.ps1"
+
+ENTRYPOINT "C:\Users\ContainerUser\docker_entrypoint.ps1"
+
+RUN Remove-Item -Recurse build_app;

windows.md

@@ -0,0 +1,124 @@
+# Windows
+
+## Swich between Linux and Windows containers
+
+& $Env:ProgramFiles\Docker\Docker\DockerCli.exe -SwitchDaemon
+
+## TODO
+
+1. Install tools
+
+```powershell`
+   # # needed? No
+#    --add Microsoft.Component.MSBuild' `
+   # # needed? No
+   # --add Microsoft.VisualStudio.Component.TestTools.BuildTools `
+   # # needed? No
+   # --add Microsoft.VisualStudio.Component.VC.ASAN `
+   # # needed? no
+   # # --add Microsoft.VisualStudio.Component.VC.Tools.x86.x64 `
+RUN Invoke-WebRequest -Uri https://aka.ms/vs/17/release/vs_buildtools.exe -OutFile vs_BuildTools.exe; `
+    Start-Process vs_BuildTools.exe -ArgumentList '--quiet --wait --norestart --nocache `
+   # # needed? yes
+   # --add Microsoft.VisualStudio.Component.VC.CMake.Project `
+   # # needed? Yes
+   # --add Microsoft.VisualStudio.Component.Windows11SDK.22621 `
+   # # needed?
+   # --add Microsoft.VisualStudio.Workload.VCTools' `
+    -Wait; `
+    Remove-Item vs_BuildTools.exe;
+```
+
+1. Check how it can be run in Github actions.
+1. Check how it can be run in Gitlab CI/CD.
+1. Test where is installed.
+1. Test that path to powershell.exe exists.
+1. Test with a snapshot of flutter config to determine if new feature flags should be enabled or disabled.
+1. Test that Build Tools were installed in C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\msbuild\current\bin
+1. Check [Windows installation requirements for Flutter](https://docs.flutter.dev/get-started/install/windows/desktop)
+1. Add docs explaining to use `$VerbosePreference = 'Continue';` in the SHELL to debug unexpected pwsh problems.
+
+## Open issue in windows Docker images repo
+
+1. Some images can be pulled while others give error:
+
+    ```text
+    Error response from daemon: Get "https://mcr.microsoft.com/v2/": read tcp [2a0c:5a84:e100:e501::a97c]:58039->[2603:1061:f:101::10]:443: wsarecv: An existing connection was forcibly closed by the remote host.
+    ```
+
+Debug with `curl -A github165 -v https://mcr.microsoft.com/v2/powershell/manifests/lts-nanoserver-ltsc2022`
+
+## Contribute flutter upstream
+
+1. Remove `WHERE` in bin\internal\shared.bat and use instead:
+
+    ```batch
+    pwsh.exe -Command "exit" >nul 2>&1 && (
+            SET powershell_executable=pwsh.exe
+        ) || powershell.exe -Command "exit" >nul 2>&1 && (
+            SET powershell_executable=PowerShell.exe
+        ) || (
+            ECHO Error: PowerShell executable not found.                        1>&2
+            ECHO        Either pwsh.exe or PowerShell.exe must be in your PATH. 1>&2
+            EXIT 1
+        )
+    ```
+
+1. Find if the executable should be pwsh or powershell and put it in a service to remove the hardcoded "powershell" in multiple places, like in:
+
+    - dev\devicelab\lib\framework\running_processes.dart
+    - packages\flutter_tools\lib\src\windows\windows_version_validator.dart
+
+## Steps to reproduce in Docker
+
+1. Enable Windows Developer Settings to solve error:
+
+    >Building with plugins requires symlink support.
+    >
+    >Please enable Developer Mode in your system settings. Run
+    > start ms-settings:developers
+    >to open settings.
+
+    ```powershell
+    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"
+    ```
+
+1. For CI/CD
+
+    1. Docker version must be pinned in Github workflow to avoid breaking changes: with escaping `\"` syntax inside RUN directive, etc.
+
+    1. Packaging tool in Windows: <https://pub.dev/packages/msix> . It uses the executables:
+
+        - [makeappx.exe](https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe-)
+        - [makepri.exe](https://learn.microsoft.com/en-us/windows/uwp/app-resources/makepri-exe-command-options)
+        - [signtool.exe](https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe)
+
+        - certificate
+            - Make a note that --install-certificate should be "false" or configured because the certificate can't be installed as ContainerUser.
+            
+            ```powershell
+            # OK
+            Import-PfxCertificate -FilePath "C:\Users\ContainerUser\AppData\Local\Pub\Cache\hosted\pub.dev\msix-3.16.8\lib\assets\test_certificate.pfx" -Password (ConvertTo-SecureString -AsPlainText -Force "1234") -CertStoreLocation Cert:\LocalMachine\Root
+
+            # Doesn't work
+            Import-PfxCertificate -FilePath "C:\Users\ContainerUser\AppData\Local\Pub\Cache\hosted\pub.dev\msix-3.16.8\lib\assets\test_certificate.pfx" -Password (ConvertTo-SecureString -AsPlainText -Force "1234")
+            ```
+
+    1. Install msstore CLI https://github.com/microsoft/msstore-cli It seems behind StoreBroker but it looks that it's going to be the primary and recommended way to publish to Microsoft Store
+        
+        - According to the [msstore guide](https://learn.microsoft.com/en-us/windows/apps/publish/msstore-dev-cli/commands?pivots=msstoredevcli-installer-linux#installation), It will be needed to install Microsoft.NetCore.Component.Runtime.8.0 with vs_BuildTools
+
+    1. From <https://github.com/tauu/flutter-windows-builder/blob/main/Dockerfile> => install <https://github.com/microsoft/StoreBroker> This is currently the primary tool to publish to Microsoft Store
+
+        - Not installed right now
+
+    1. Install the [Windows App Certification Kit](https://learn.microsoft.com/en-us/windows/uwp/debug-test-perf/windows-app-certification-kit) or the [Windows SDK that already includes it](https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/)
+        
+        - Installed currently by one of the workloads in vs_BuildTools
+
+## References
+
+- [How environment variables work on Windows containers?](https://blog.sixeyed.com/windows-weekly-dockerfile-14-environment-variables/)
+- [Windows deployment in Flutter](https://docs.flutter.dev/deployment/windows)
+- [vs_BuildTools workloads](https://learn.microsoft.com/en-us/visualstudio/install/workload-component-id-vs-build-tools?view=vs-2022&preserve-view=true)
+- Useful Dockerfile https://git.openprivacy.ca/openprivacy/flutter-desktop/src/branch/main/windows/Dockerfile