The widget preview scaffold requires that previews are defined within
importable libraries. Since Dart does not support absolute paths for
imports or relative imports outside of the project, it's not possible
for the widget previewer to display previews defined outside of `lib/`.
This change updates the preview detector to ignore libraries that don't
have a package name (e.g., libraries under `test/`) and updates
`packageName` properties to not allow for null to make it clear that
package names are required for previews.
Fixes https://github.com/flutter/flutter/issues/178651
## Description
This PR replaces `wcslen` with `wcsnlen` in the Windows runner template
and all example/dev/integration test files to address CWE-126 (Buffer
Over-read) flagged by static analysis tools (Semgrep/GitLab SAST).
## Changes
The `Utf8FromUtf16` function now uses `wcsnlen` with the
`UNICODE_STRING_MAX_CHARS` constant (32767) as the maximum length,
providing defensive programming against potential buffer over-reads.
**Key improvements:**
1. Calculate `input_length` **first** using `wcsnlen(utf16_string,
UNICODE_STRING_MAX_CHARS)`
2. Use that bounded length for **both** `WideCharToMultiByte` calls
(eliminates the `-1` unbounded read)
3. Remove the `-1` adjustment since explicit length excludes null
terminator
4. Use `static_cast` instead of C-style casts per Google C++ Style Guide
## Test Coverage
Added comprehensive edge case tests for `Utf8FromUtf16` in
`windows_startup_test`:
- **nullptr input**: Verifies function returns empty string
- **Empty string input**: Verifies function returns empty string
- **Invalid UTF-16 (unpaired surrogate)**: Verifies function handles
malformed input gracefully
These tests address reviewer feedback from @loic-sharma requesting
coverage for corner cases.
## Files Updated
**Template (source of truth):**
- `packages/flutter_tools/templates/app/windows.tmpl/runner/utils.cpp`
**Integration tests (4 files):**
- `dev/integration_tests/flutter_gallery/windows/runner/utils.cpp`
- `dev/integration_tests/ui/windows/runner/utils.cpp`
- `dev/integration_tests/windowing_test/windows/runner/utils.cpp`
- `dev/integration_tests/windows_startup_test/windows/runner/utils.cpp`
**Examples and dev apps (10 files):**
- `examples/hello_world/windows/runner/utils.cpp`
- `examples/layers/windows/runner/utils.cpp`
- `examples/platform_view/windows/runner/utils.cpp`
- `examples/flutter_view/windows/runner/utils.cpp`
- `examples/platform_channel/windows/runner/utils.cpp`
- `examples/api/windows/runner/utils.cpp`
- `examples/multiple_windows/windows/runner/utils.cpp`
- `dev/manual_tests/windows/runner/utils.cpp`
- `dev/benchmarks/complex_layout/windows/runner/utils.cpp`
- `dev/a11y_assessments/windows/runner/utils.cpp`
**Test files (4 files):**
-
`dev/integration_tests/windows_startup_test/windows/runner/flutter_window.cpp`
- `dev/integration_tests/windows_startup_test/lib/main.dart`
- `dev/integration_tests/windows_startup_test/lib/windows.dart`
-
`dev/integration_tests/windows_startup_test/test_driver/main_test.dart`
## Rationale
While the Windows API guarantees null-termination for strings returned
by `CommandLineToArgvW`, using `wcsnlen` with an explicit bound is a
defensive programming best practice that:
- Satisfies static analysis tools
- Provides an extra safety layer
- Follows the principle of defense in depth
The limit of 32767 (`UNICODE_STRING_MAX_CHARS`) is the maximum length of
a `UNICODE_STRING` structure and is far beyond any realistic
command-line argument length.
## Related Issues
Fixes https://github.com/flutter/flutter/issues/180418
## Pre-launch Checklist
- [x] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [x] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [x] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [x] I signed the [CLA].
- [x] I listed at least one issue that this PR fixes in the description
above.
- [x] I updated/added relevant documentation (doc comments with `///`).
- [x] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [x] I followed the [breaking change policy] and labeled this PR with
`severe: API break` if it contains a breaking change.
- [x] All existing and new tests are passing.
[Contributor Guide]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#overview
[Tree Hygiene]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md
[test-exempt]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#tests
[Flutter Style Guide]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Style-guide-for-Flutter-repo.md
[Features we expect every widget to implement]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement
[CLA]: https://cla.developers.google.com/
[breaking change policy]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#breaking-changes
The tool performs various checks to determine whether or not to
regenerate version information as part of a `flutter upgrade` instead of
just regenerating `flutter.version.json` as part of each `flutter
upgrade`. This has lead to some situations where the actual framework
version doesn't match that reported by the `flutter.version.json`.
This change updates `flutter upgrade` to always regenerate
`flutter.version.json` after checking out the new version of the
framework to ensure that it contains the latest version information.
Fixes https://github.com/flutter/flutter/issues/178926
The main purpose of this PR is to add the Flutter framework as a Swift
Package dependency. As such, Xcode will now handle the copying,
thinning, and codesigning of the framework and therefore the Flutter
Xcode Run Scripts shouldn't.
This will allow plugins to declare a dependency on the Flutter framework
package and eliminate the need for the Pre-Action "prepare" script.
This PR does not technically make the Flutter framework a local package
override, that will be added in a follow up PR:
https://github.com/flutter/flutter/pull/179512
This change includes:
* Generation of the FlutterFramework swift package (this will generate a
Package.swift and symlink to the Flutter framework in the artifact
cache)
<img width="400" height="271" alt="Screenshot 2025-12-04 at 4 54 43 PM"
src="https://github.com/user-attachments/assets/6cfde6da-3698-4b76-b3b1-725f91fbf58d"
/>
* Adding the FlutterFramework as a dependency to the
FlutterGeneratedPluginSwiftPackage (which the the Swift package the
Xcode project has a dependency on)
<img width="400" height="195" alt="Screenshot 2025-12-04 at 4 55 13 PM"
src="https://github.com/user-attachments/assets/30fa402a-6a11-4df0-b2cd-a4a82197e50a"
/>
### Change to Flutter Run Scripts
Flutter currently has 3 Xcode Run Scripts:
* prepare (happens in a scheme pre-action)
* [PREVIOUS] Via `flutter assemble` - copies the Flutter framework from
engine build cache to `BUILT_PRODUCTS_DIR`
* [NEW] Same as previous except skips codesigning. This is still
included to accommodate plugins that don't have a dependency declared on
the Flutter framework.
* build (happens in first Run Script in the Xcode build phases that
happens before compiling)
* [PREVIOUS] Via `flutter assemble` - copies, thins, and codesigns
Flutter framework into `BUILT_PRODUCTS_DIR`
* [NEW] Is skipped, Xcode now does this
* embed_and_thin (happens in second Run Script in the Xcode build phases
after compiling, linking, and embedding)
* [PREVIOUS] Copies Flutter framework from `BUILT_PRODUCTS_DIR` to
`TARGET_BUILD_DIR`
* [NEW]
* Validates Flutter framework in `BUILT_PRODUCTS_DIR` &
`TARGET_BUILD_DIR` (which would have been put there by Xcode via
SwiftPM) matches the Flutter framework in the engine cache.
* If it matches, do not copy. Xcode now does this.
* If it doesn't:
* Call `flutter assemble` to copy the correct Flutter framework into
`BUILT_PRODUCTS_DIR`
* Then copy from `BUILT_PRODUCTS_DIR` to `TARGET_BUILD_DIR`.
Fixes https://github.com/flutter/flutter/issues/166489.
## Pre-launch Checklist
- [x] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [x] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [x] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [x] I signed the [CLA].
- [x] I listed at least one issue that this PR fixes in the description
above.
- [x] I updated/added relevant documentation (doc comments with `///`).
- [x] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [x] I followed the [breaking change policy] and added [Data Driven
Fixes] where supported.
- [x] All existing and new tests are passing.
If you need help, consider asking for advice on the #hackers-new channel
on [Discord].
**Note**: The Flutter team is currently trialing the use of [Gemini Code
Assist for
GitHub](https://developers.google.com/gemini-code-assist/docs/review-github-code).
Comments from the `gemini-code-assist` bot should not be taken as
authoritative feedback from the Flutter team. If you find its comments
useful you can update your code accordingly, but if you are unsure or
disagree with the feedback, please feel free to wait for a Flutter team
member's review for guidance on which automated comments should be
addressed.
<!-- Links -->
[Contributor Guide]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#overview
[Tree Hygiene]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md
[test-exempt]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#tests
[Flutter Style Guide]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md
[Features we expect every widget to implement]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement
[CLA]: https://cla.developers.google.com/
[flutter/tests]: https://github.com/flutter/tests
[breaking change policy]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#handling-breaking-changes
[Discord]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Chat.md
[Data Driven Fixes]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Data-driven-Fixes.md
DWDS can throw `DartDvelopmentServiceException` if DDS fails to connect
to DWDS due to the target application shutting down immediately after
launch.
This change adds logic to catch this exception and exit gracefully.
Fixes https://github.com/flutter/flutter/issues/178151
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Manually updating test dependencies because the pub autoroller seems
busted, https://github.com/flutter/flutter/issues/180503.
This one required manually updating the pubspec files because `flutter
update-packages --force-upgrade` also seemed unable to deal with the
fact that multiple dependencies across packages had to be updated in
sync. There's probably also something broken with the `flutter
update-packages` command. This is something that used to work.
661b8edef229499c0a919f4fd6ceebf935529243 introduced changes related to
build hooks that made assumptions about the value of the detected target
platform, effectively restricting `flutter run` to targeting single
devices.
This change fixes the regression which prevented developers from
deploying their application to multiple devices with `flutter run -d
all`.
Fixes https://github.com/flutter/flutter/issues/179857
In #178711, `packages/flutter_tools/lib/src/flutter_cache.dart` was
updated to add 'riscv' downloading in the `FlutterRunnerDebugSymbols`.
This class is not well named and is responsible for downloading "the
debug symbols for flutter runner for Fuchsia development."
We do not produce fuchsia riscv.
Fixes#180775
<!-- start_original_pr_link -->
Reverts: flutter/flutter#180573
<!-- end_original_pr_link -->
<!-- start_initiating_author -->
Initiated by: jtmcdole
<!-- end_initiating_author -->
<!-- start_revert_reason -->
Reason for reverting: broke in post submit. Requires running the
lockfile generation script
<!-- end_revert_reason -->
<!-- start_original_pr_author -->
Original PR Author: goderbauer
<!-- end_original_pr_author -->
<!-- start_reviewers -->
Reviewed By: {vashworth}
<!-- end_reviewers -->
<!-- start_revert_body -->
This change reverts the following previous change:
Fixes https://github.com/flutter/flutter/issues/156912.
Fly-by clean-up: With the recent bump to Xcode I believe pinning
`google_mobile_ads` is no longer necessary.
I verified locally with `flutter build ios --verbose` that the
`dev/benchmarks/platform_views_layout` build successfully.
<details>
<summary>Build Log</summary>
```
$ flutter build ios
Resolving dependencies in `/Users/goderbauer/dev/flutter`...
Downloading packages...
_fe_analyzer_shared 89.0.0 (92.0.0 available)
adaptive_breakpoints 0.1.7 (discontinued)
analyzer 8.2.0 (9.0.0 available)
archive 3.6.1 (4.0.7 available)
device_info 2.0.3 (discontinued replaced by device_info_plus)
ffigen 18.1.0 (20.1.1 available)
gcloud 0.8.19 (0.9.0 available)
googleapis 12.0.0 (15.0.0 available)
googleapis_auth 1.6.0 (2.0.0 available)
isolate 2.1.1 (discontinued)
js 0.7.2 (discontinued)
metrics_center 1.0.13 (1.0.14 available)
pedantic 1.11.1 (discontinued replaced by lints)
petitparser 6.1.0 (7.0.1 available)
shelf_web_socket 2.0.1 (3.0.0 available)
xml 6.5.0 (6.6.1 available)
Got dependencies in `/Users/goderbauer/dev/flutter`!
5 packages are discontinued.
11 packages have newer versions incompatible with dependency constraints.
Try `flutter pub outdated` for more information.
Building com.yourcompany.platformViewsLayout for device (ios-release)...
To ensure your app continues to launch on upcoming iOS versions, UIScene lifecycle support will soon be required. Please see https://flutter.dev/to/uiscene-migration for the migration guide.
Warning: Missing build name (CFBundleShortVersionString).
Warning: Missing build number (CFBundleVersion).
Action Required: You must set a build name and number in the pubspec.yaml file version field before submitting to the App Store.
Found saved certificate choice "Apple Development: Michael Goderbauer (WY4DWBNV57)". To clear, use "flutter config --clear-ios-signing-settings".
Developer identity "Apple Development: Michael Goderbauer (WY4DWBNV57)" selected for iOS code signing
Running pod install... 1,233ms
Running Xcode build...
Xcode build done. 32.5s
✓ Built build/ios/iphoneos/Runner.app (20.9MB)
```
</details>
<!-- end_revert_body -->
Co-authored-by: auto-submit[bot] <flutter-engprod-team@google.com>
Fixes https://github.com/flutter/flutter/issues/156912.
Fly-by clean-up: With the recent bump to Xcode I believe pinning
`google_mobile_ads` is no longer necessary.
I verified locally with `flutter build ios --verbose` that the
`dev/benchmarks/platform_views_layout` build successfully.
<details>
<summary>Build Log</summary>
```
$ flutter build ios
Resolving dependencies in `/Users/goderbauer/dev/flutter`...
Downloading packages...
_fe_analyzer_shared 89.0.0 (92.0.0 available)
adaptive_breakpoints 0.1.7 (discontinued)
analyzer 8.2.0 (9.0.0 available)
archive 3.6.1 (4.0.7 available)
device_info 2.0.3 (discontinued replaced by device_info_plus)
ffigen 18.1.0 (20.1.1 available)
gcloud 0.8.19 (0.9.0 available)
googleapis 12.0.0 (15.0.0 available)
googleapis_auth 1.6.0 (2.0.0 available)
isolate 2.1.1 (discontinued)
js 0.7.2 (discontinued)
metrics_center 1.0.13 (1.0.14 available)
pedantic 1.11.1 (discontinued replaced by lints)
petitparser 6.1.0 (7.0.1 available)
shelf_web_socket 2.0.1 (3.0.0 available)
xml 6.5.0 (6.6.1 available)
Got dependencies in `/Users/goderbauer/dev/flutter`!
5 packages are discontinued.
11 packages have newer versions incompatible with dependency constraints.
Try `flutter pub outdated` for more information.
Building com.yourcompany.platformViewsLayout for device (ios-release)...
To ensure your app continues to launch on upcoming iOS versions, UIScene lifecycle support will soon be required. Please see https://flutter.dev/to/uiscene-migration for the migration guide.
Warning: Missing build name (CFBundleShortVersionString).
Warning: Missing build number (CFBundleVersion).
Action Required: You must set a build name and number in the pubspec.yaml file version field before submitting to the App Store.
Found saved certificate choice "Apple Development: Michael Goderbauer (WY4DWBNV57)". To clear, use "flutter config --clear-ios-signing-settings".
Developer identity "Apple Development: Michael Goderbauer (WY4DWBNV57)" selected for iOS code signing
Running pod install... 1,233ms
Running Xcode build...
Xcode build done. 32.5s
✓ Built build/ios/iphoneos/Runner.app (20.9MB)
```
</details>
<!-- start_original_pr_link -->
Reverts: flutter/flutter#180355
<!-- end_original_pr_link -->
<!-- start_initiating_author -->
Initiated by: jmagman
<!-- end_initiating_author -->
<!-- start_revert_reason -->
Reason for reverting: this broke post-submit
<!-- end_revert_reason -->
<!-- start_original_pr_author -->
Original PR Author: Saqib198
<!-- end_original_pr_author -->
<!-- start_reviewers -->
Reviewed By: {vashworth, jmagman}
<!-- end_reviewers -->
<!-- start_revert_body -->
This change reverts the following previous change:
Fixed iOS code signing failures caused by extended attributes like
com.apple.provenance.
Problem: On macOS 15+ with Xcode 26.1+, iOS builds fail during code
signing with:
resource fork, Finder information, or similar detritus not allowed
This happens because com.apple.provenance (added by cloud storage
services, Finder, or file downloads) was not being removed - only
com.apple.FinderInfo was cleared.
Fix: Changed xattr -r -d com.apple.FinderInfo to xattr -cr to remove ALL
extended attributes recursively.
Fixes#180351
Pre-launch Checklist
- I read the [Contributor Guide] and followed the process outlined there
for submitting PRs.
- I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- I read and followed the [Flutter Style Guide], including [Features we
expect every widget to implement].
- I signed the [CLA].
- I listed at least one issue that this PR fixes in the description
above.
- I updated/added relevant documentation (doc comments with ///).
- I added new tests to check the change I am making, or this PR is
[test-exempt].
- I followed the [breaking change policy] and added [Data Driven Fixes]
where supported.
- All existing and new tests are passing.
<!-- end_revert_body -->
The error:
```
Could not delete `/opt/s/w/ir/x/w/rc/tmpxc3h1o2b/flutter sdk/dev/integration_tests/flavors/build/ios/Debug Paid-iphoneos/Flutter` because it was not created by the build system and it is not a subfolder of derived data.
note: To mark this directory as deletable by the build system, run `xattr -w com.apple.xcode.CreatedByBuildSystem true '/opt/s/w/ir/x/w/rc/tmpxc3h1o2b/flutter sdk/dev/integration_tests/flavors/build/ios/Debug Paid-iphoneos/Flutter'` when it is created.
```
https://logs.chromium.org/logs/flutter/buildbucket/cr-buildbucket/8693206125415137281/+/u/run_flavors_test_ios/stdout
Co-authored-by: auto-submit[bot] <flutter-engprod-team@google.com>
Fixed iOS code signing failures caused by extended attributes like
com.apple.provenance.
Problem: On macOS 15+ with Xcode 26.1+, iOS builds fail during code
signing with:
resource fork, Finder information, or similar detritus not allowed
This happens because com.apple.provenance (added by cloud storage
services, Finder, or file downloads) was not being removed - only
com.apple.FinderInfo was cleared.
Fix: Changed xattr -r -d com.apple.FinderInfo to xattr -cr to remove ALL
extended attributes recursively.
Fixes#180351
Pre-launch Checklist
- I read the [Contributor Guide] and followed the process outlined there
for submitting PRs.
- I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- I read and followed the [Flutter Style Guide], including [Features we
expect every widget to implement].
- I signed the [CLA].
- I listed at least one issue that this PR fixes in the description
above.
- I updated/added relevant documentation (doc comments with ///).
- I added new tests to check the change I am making, or this PR is
[test-exempt].
- I followed the [breaking change policy] and added [Data Driven Fixes]
where supported.
- All existing and new tests are passing.
The diagnostics string builder responsible for building diagnostics
messages can sometimes wrap lines that are too long. This caused the
expectation for the 'flutter error messages include a DevTools links' to
sometimes be incorrect when run on systems where the absolute file path
of the file referenced in the diagnostic was too long.
This change updates the test expectation to allow for both wrapping and
non-wrapping scenarios to be accepted.
Fixes https://github.com/flutter/flutter/issues/174502
# flutter_tools: Auto-generate ExportOptions.plist for manual iOS code
signing
## Summary
Enhance `flutter build ipa` to automatically generate a complete
ExportOptions.plist for manual code signing configurations, eliminating
the need for users to create and maintain one manually.
**Fixes:** #177853
## Problem
When using manual code signing (`CODE_SIGN_STYLE=Manual`) with `flutter
build ipa` for Release/Profile builds, the archive succeeds but the
export step fails with:
```
error: exportArchive: "Runner.app" requires a provisioning profile with the Push Notifications and Sign in with Apple features.
```
**Root cause:** Flutter generated an incomplete ExportOptions.plist that
only included `method` and `uploadBitcode`. When using manual signing,
`xcodebuild -exportArchive` requires:
- `teamID` (from project's `DEVELOPMENT_TEAM`)
- `signingStyle=manual`
- `provisioningProfiles` (mapping bundle ID to provisioning profile
UUID)
Without these, Xcode cannot resolve the provisioning profile for export,
even if the profile is correctly configured and contains the required
entitlements.
## Solution
Enhanced `_createExportPlist()` in `BuildIOSArchiveCommand` to
automatically generate a complete ExportOptions.plist when:
1. `CODE_SIGN_STYLE=Manual` is detected for the main app target
2. Build mode is Release or Profile (production builds only)
3. A valid provisioning profile can be located and parsed
The generated plist includes:
- `method` (app-store, ad-hoc, enterprise, etc. - respects user's
`--export-method` flag)
- `teamID` (from `DEVELOPMENT_TEAM` build setting)
- `signingStyle=manual`
- `provisioningProfiles` mapping main app bundle ID to provisioning
profile UUID
**Fallback behavior:**
- If profile lookup fails: silently fall back to simple plist (no
regression)
- For Automatic signing: unchanged behavior
- For Debug builds: unchanged behavior (not App Store export)
- For multi-target apps (extensions): falls back to simple plist today
(see TODO below)
## Changes
### Core Implementation
- Added `ProfileData` class to encapsulate provisioning profile info
(UUID and name)
- Refactored profile handling into reusable static methods for
testability
- Enhanced `_createExportPlist()` with manual signing detection and
profile lookup
- Added `_findProvisioningProfileUuid()` to locate provisioning profiles
by specifier
- Added `_parseProvisioningProfileInfo()` to decode provisioning profile
data once
- Added comprehensive trace logging for debugging
### Testing
- Created `build_ipa_export_plist_test.dart` with 7 unit tests covering:
- Manual signing with profile found → enhanced plist generated ✓
- Automatic signing → simple plist (unchanged behavior) ✓
- Debug builds → simple plist (unchanged behavior) ✓
- Different export methods → respected in generated plist ✓
- Profile lookup failures → fallback to simple plist ✓
- Null codeSignStyle → handled gracefully ✓
- All existing flutter_tools tests continue to pass
## Documentation
Added extensive inline comments explaining:
- Enhancement conditions and fallback behavior
- Provisioning profile search strategy and error handling
- Performance and security considerations
- Future enhancements (multi-target support)
## Safety & Scope
### What This Fixes
- ✅ Manual signing export failures for apps with Push Notifications /
Sign in with Apple
- ✅ Auto-generates correct plist for **any** entitlements covered by
provisioning profile
- ✅ Unblocks users from manual `--export-options-plist` workaround
- ✅ Improves iOS build UX for enterprise teams doing manual signing
### What This Does NOT Change
- ✅ Automatic signing behavior (unchanged)
- ✅ Debug builds (unchanged)
- ✅ CLI interface (no new flags)
- ✅ Ad-hoc / enterprise distributions (unchanged if not using manual
signing)
### Known Limitations (Future Enhancements)
- Currently only supports single-target apps (main app bundle ID only)
- TODO: Multi-target apps with extensions (notification service,
widgets, watch, etc.) - each extension target bundle ID may need
separate entry in provisioningProfiles dict
- TODO: Support for multiple provisioning profiles if app uses multiple
signing identities
---
## Pre-merge Checklist
- [x] I have signed the CLA
- [x] I read the Contributor Guide and Tree Hygiene docs
- [x] I linked the issue this fixes (#177853) and explained the failure
scenario
- [x] I added documentation and trace logs so developers understand what
changed
- [x] I added comprehensive unit tests for the new behavior
- [x] All existing and new tests pass locally (`flutter test
packages/flutter_tools`)
- [x] Code passes linting (`dart analyze`)
## Safety Notes
- [x] This code only runs for manual code signing in `flutter build ipa`
for Release/Profile builds
- [x] Debug builds and automatic signing behavior are completely
unchanged
- [x] If no provisioning profile UUID is found, we silently fall back to
the old exportOptions.plist logic instead of failing
- [x] Added trace-level logging explaining success/fallback scenarios
for debugging
- [x] No breaking changes - existing workarounds continue to work
- [x] Minimal blast radius - only affects manual signing export path
## Verification
Users can verify the fix by:
1. Creating an iOS app with `CODE_SIGN_STYLE=Manual`, `DEVELOPMENT_TEAM`
set, and Push Notifications entitlements
2. Running `flutter build ipa --release --verbose`
3. Confirming the trace log shows "Generated ExportOptions.plist with
teamID, signingStyle=manual, and provisioningProfiles"
4. Verifying the IPA is successfully created without needing
`--export-options-plist`
---
## Related Issues
- #106612 - Support `flutter build ipa` with manual signing and
provisioning profiles
- #113977 - Flutter build IPA with --export-options-plist not working
---------
Co-authored-by: Elijah Okoroh <okorohelijah@google.com>
Fly-by clean-up: My understanding from the
[changelog](https://pub.dev/packages/dds/changelog) is that the change
causing the bug in 5.0.4 has been reverted in 5.0.5. Therefore, the pin
should be no longer necessary? Unpinning to find out...
> 5.0.5
[DAP] The change in DDS 5.0.4 to individually add/remove breakpoints has
been reverted and may be restored in a future version.
>
>5.0.4
[DAP] Breakpoints are now added/removed individually instead of all
being cleared and re-added during a setBreakpoints request. This
improves performance and can avoid breakpoints flickering between
unresolved/resolved when adding new breakpoints in the same file.
Adds logic to pass `--include-unsupported-platform-library-stubs` to the
CFE when launched via `flutter widget-preview start`, as well as logic
to ensure the flag can't be passed as an extra frontend option to bypass
compile time errors due to imports of unsupported libraries.
Fixes https://github.com/flutter/flutter/issues/166431
<!--
Thanks for filing a pull request!
Reviewers are typically assigned within a week of filing a request.
To learn more about code review, see our documentation on Tree Hygiene:
https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md
-->
## Add --web-define option for runtime variable injection in Flutter web
templates
This PR adds support for injecting environment-specific variables into
Flutter web templates during development and build processes through a
new `--web-define` command-line option.
### What this changes
**Before**: Developers had to manually edit HTML templates or use
build-time workarounds to inject environment-specific values (API URLs,
feature flags, etc.) into Flutter web applications.
**After**: Developers can now use `--web-define KEY=VALUE` to inject
variables directly into web templates using `{{VARIABLE_NAME}}`
placeholders.
### Key features
- **Template variable substitution**: Support for `{{VARIABLE_NAME}}`
placeholders in `index.html` and `flutter_bootstrap.js`
- **Runtime validation**: Throws clear errors when required variables
are missing with helpful suggestions
- **Command-line integration**: Works with both `flutter run` and
`flutter build web` commands
- **Multiple variable support**: Can define multiple variables in a
single command
- **Built-in variable protection**: Ignores Flutter's built-in template
variables during validation
### Usage examples
```bash
# Development with API configuration
flutter run -d chrome --web-define=API_URL=https://dev-api.example.com --web-define=DEBUG_MODE=true
# Production build with environment variables
flutter build web --web-define=API_URL=https://api.example.com --web-define=ANALYTICS_ID=GA-123456 --web-define=DEBUG_MODE=false
# Multiple environments
flutter run -d chrome --web-define=ENV=staging --web-define=FEATURE_X=enabled
```
### Template usage
In your `web/index.html`:
```html
<script>
window.config = {
apiUrl: '{{API_URL}}',
environment: '{{ENV}}',
debugMode: {{DEBUG_MODE}}
};
</script>
```
### Error handling
If a variable is missing, the tool provides clear feedback:
```
Missing web-define variable: API_URL
Please provide the missing variable using:
flutter run --web-define=API_URL=VALUE
or
flutter build web --web-define=API_URL=VALUE
```
## Issues fixed
Fixes https://github.com/flutter/flutter/issues/127853
## Additional Usage Examples
### Environment-Specific Configurations (Flavors)
```bash
# Development
flutter run -d chrome --web-define=ENV=dev --web-define=API_URL=http://localhost:3000 --web-define=DEBUG=true
# Production
flutter build web --web-define=ENV=prod --web-define=API_URL=https://api.example.com --web-define=DEBUG=false
```
**Template:**
```html
<script>
window.config = {
environment: '{{ENV}}',
apiUrl: '{{API_URL}}',
debugMode: {{DEBUG}}
};
</script>
```
### Dynamic Asset Loading
```bash
flutter build web --web-define=CDN_URL=https://cdn.example.com --web-define=LOGO_PATH=/assets/logo.png
```
**Template:**
```html
<link rel="icon" href="{{CDN_URL}}{{LOGO_PATH}}">
<link rel="stylesheet" href="{{CDN_URL}}/styles/theme.css">
```
### Analytics Integration
```bash
flutter build web --web-define=GA_ID=G-XXXXXXXXXX --web-define=SENTRY_DSN=https://xxx@sentry.io/123
```
**Template:**
```html
<script async src="https://www.googletagmanager.com/gtag/js?id={{GA_ID}}"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', '{{GA_ID}}');
</script>
```
### Feature Flags
```bash
flutter run -d chrome --web-define=FEATURE_X=true --web-define=FEATURE_Y=false
```
**Template:**
```html
<script>
window.features = { featureX: {{FEATURE_X}}, featureY: {{FEATURE_Y}} };
</script>
```
### Multi-Tenant/White-Label Apps
```bash
flutter build web --web-define=TENANT=acme --web-define=PRIMARY_COLOR=#FF5733 --web-define=LOGO_URL=https://cdn.acme.com/logo.png
```
**Template:**
```html
<head>
<title>{{TENANT}} Portal</title>
<link rel="icon" href="{{LOGO_URL}}">
<style>:root { --primary: {{PRIMARY_COLOR}}; }</style>
</head>
```
### Backend Service URLs
```bash
flutter build web \
--web-define=API_URL=https://api.example.com \
--web-define=WS_URL=wss://ws.example.com \
--web-define=AUTH_DOMAIN=auth.example.com
```
**Template:**
```html
<script>
window.services = {
api: '{{API_URL}}',
websocket: '{{WS_URL}}',
auth: '{{AUTH_DOMAIN}}'
};
</script>
```
### SEO & Meta Tags
```bash
flutter build web --web-define=APP_TITLE="My App" --web-define=APP_DESC="Description" --web-define=OG_IMAGE=https://example.com/og.png
```
**Template:**
```html
<head>
<title>{{APP_TITLE}}</title>
<meta name="description" content="{{APP_DESC}}">
<meta property="og:title" content="{{APP_TITLE}}">
<meta property="og:image" content="{{OG_IMAGE}}">
</head>
```
### Build Automation
```json
{
"scripts": {
"dev": "flutter run -d chrome --web-define=ENV=dev --web-define=API_URL=http://localhost:3000",
"prod": "flutter build web --web-define=ENV=prod --web-define=API_URL=https://api.example.com"
}
}
```
### Important Notes
- **Security**: Never expose secrets via `--web-define` (client-side
only)
## Pre-launch Checklist
- [x] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [x] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [x] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [x] I signed the [CLA].
- [x] I listed at least one issue that this PR fixes in the description
above.
- [x] I updated/added relevant documentation (doc comments with `///`).
- [x] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [x] I followed the [breaking change policy] and added [Data Driven
Fixes] where supported.
- [x] All existing and new tests are passing.
If you need help, consider asking for advice on the #hackers-new channel
on [Discord].
**Note**: The Flutter team is currently trialing the use of [Gemini Code
Assist for
GitHub](https://developers.google.com/gemini-code-assist/docs/review-github-code).
Comments from the `gemini-code-assist` bot should not be taken as
authoritative feedback from the Flutter team. If you find its comments
useful you can update your code accordingly, but if you are unsure or
disagree with the feedback, please feel free to wait for a Flutter team
member's review for guidance on which automated comments should be
addressed.
<!-- Links -->
[Contributor Guide]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#overview
[Tree Hygiene]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md
[test-exempt]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#tests
[Flutter Style Guide]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md
[Features we expect every widget to implement]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement
[CLA]: https://cla.developers.google.com/
[flutter/tests]: https://github.com/flutter/tests
[breaking change policy]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#handling-breaking-changes
[Discord]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Chat.md
[Data Driven Fixes]:
https://github.com/flutter/flutter/blob/main/docs/contributing/Data-driven-Fixes.md
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Ben Konyi <bkonyi@google.com>
Co-authored-by: Mouad Debbar <mdebbar@google.com>
This PR restores the correct precedence behavior for web development
server configuration. Since Flutter 3.38, CLI arguments were being
ignored when `web_dev_config.yaml` was present — specifically for HTTPS
and headers.
According to the design and documentation, the precedence should be:
1. Command-line arguments (highest priority)
2. `web_dev_config.yaml`
3. Built-in defaults (lowest priority)
## Root Cause
The regression affected:
* **HTTP headers** — merge order was reversed, causing file config to
override CLI
* **HTTPS config** — CLI TLS arguments were ignored under certain
conditions
Note:
`--web-port` and `--web-hostname` were already working correctly due to
the `host ?? this.host` and `port ?? this.port` pattern.
The observed issue was due to headers + HTTPS only.
## Changes Made
* Fixed header merge order so CLI takes precedence
* Corrected HTTPS config resolution and precedence logic
* Unified logic across `run` and `drive` commands
* Simplified HTTPS handling using `HttpsConfig.parse()`
* Added tests for CLI precedence behavior
## Before (broken)
```
flutter run -d chrome --web-tls-cert-path cert.pem
```
❌ CLI TLS args ignored when config file existed
❌ headers overridden by file config
## After (fixed)
```
flutter run -d chrome --web-tls-cert-path cert.pem
```
✅ CLI TLS args respected
✅ headers override config as expected
## Tests
* Added tests verifying CLI takes precedence
* All existing and new tests pass
* No breaking changes introduced
## Fixes
Fixes: #179014
---------
Co-authored-by: Kevin Moore <kevmoo@google.com>
Co-authored-by: Kevin Moore <kevmoo@users.noreply.github.com>
Co-authored-by: Ben Konyi <bkonyi@google.com>
When targeting Android, don't fail in Flutter tools if the NDK is not
installed. Instead, pass a `null` c compiler config to the hooks. The
hooks can then decide to fail if they need the NDK. If no hook happened
to require the NDK, Flutter for Android apps can be built without the
NDK installed.
Bug: https://github.com/flutter/flutter/issues/180163
## Pre-launch Checklist
- [x] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [x] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [x] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [x] I signed the [CLA].
- [x] I listed at least one issue that this PR fixes in the description
above.
- [x] I updated/added relevant documentation (doc comments with `///`).
- [x] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [x] I followed the [breaking change policy] and added [Data Driven
Fixes] where supported.
- [x] All existing and new tests are passing.
DTD only supports a single instance of a registered service with a given
name. For widget preview development, we sometimes want to use a DTD
instance that's attached to an IDE to test IDE integration. However,
IDEs frequently spawn their own widget preview instances which register
services with DTD. In the case where `flutter widget-preview start
--dtd-url=<dtd-url>` is run and `dtd-url` points to a DTD instance with
another widget preview service running, the process simply crashes.
This change adds a unique identifier to the widget preview DTD service
and stream names that allows for each `flutter widget-preview start`
instance to register its own unique widget preview DTD services, even if
other widget preview instances are using the same DTD instance.
Fixes https://github.com/flutter/flutter/issues/179883
Previously, this made little difference as DWDS used this only in one
case with expression evaluation but now that the load strategies have
diverged based on this flag, we should correctly always pipe this flag.
This fixes an issue with a future DWDS version.
## Pre-launch Checklist
- [x] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [x] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [x] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [x] I signed the [CLA].
- [ ] I listed at least one issue that this PR fixes in the description
above.
- [x] I updated/added relevant documentation (doc comments with `///`).
- [ ] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [x] I followed the [breaking change policy] and added [Data Driven
Fixes] where supported.
- [x] All existing and new tests are passing.
Fixes https://github.com/flutter/flutter/issues/163479
This adds a flag,
`--cross-origin-isolation`/`--no-cross-origin-isolation` that allows the
user to explicitly control whether `flutter run`/`drive`/`test` serves
files with COOP/COEP headers. If the user doesn't specify, it uses cross
origin isolation when wasm is enabled and no cross origin isolation when
wasm is disabled.
Uses new event structure to capture package info from wasm dry run
errors.
Uses the `package_info.json` to gather the set of public packages and
only includes package names when the package is in that set of publicly
available packages.
Prepends "-p" for when an error type is found in a private package (i.e.
a `package:*` that isn't in the set of public packages), a "-h" for
non-public packages (i.e. any non-"package" packages or otherwise
unrecognized uris), or a "-ph" for both.
Adds a special "error" entry when the package_config can't be loaded and
instead includes the findings in the same format as today
(comma-separated codes).
Also adds tests for dry runs.
See https://github.com/flutter/flutter/issues/178894 for more context.
---------
Co-authored-by: Nate Biggs <natebiggs@google.com>
Each project's `pubspec.yaml` is copied into a temporary directory
before trying to determine which packages can be updated, but this
`pubspec.yaml` is currently deleted immediately after the dependencies
have been determined for the single package. This means that projects
that have path dependencies on other projects in the repository don't
have their dependencies updated properly as the path dependencies fail
to resolve.
This change updates the `update-packages` logic to copy each project's
`pubspec.yaml` to a temporary directory with a consistent relative
directory structure. The `_upgrade` function has been updated to support
processing multiple projects before deleting the temporary directory,
allowing for projects with path dependencies on each other to have their
pubspecs placed in the correct relative directories for them to resolve
correctly.
Fixes https://github.com/flutter/flutter/issues/179941
## Description
This PR adds support for Cyrillic (Russian ЙЦУКЕН) keyboard layout in
the flutter_tools terminal handler, allowing users to use hot reload,
hot restart, and other terminal commands without switching keyboard
layouts.
## Motivation
Developers working with Cyrillic keyboard layouts currently must switch
to a Latin layout every time they want to use terminal commands like hot
reload (r/R) or help (h). This disrupts the development workflow and
reduces productivity.
## Changes
The implementation maps Cyrillic characters to their corresponding Latin
equivalents based on physical key positions on QWERTY/ЙЦУКЕН layouts:
- **к/К** → r/R (hot reload/restart)
- **й/Й** → q/Q (exit)
- **ц/Ц** → w/W (dump widget tree)
- **в/В** → d/D (detach)
- **р/Р** → h/H (help)
- **ш/Ш** → i/I (widget inspector/invert images)
- **ы/Ы** → s/S (screenshot/semantics)
- **е/Е** → t/T (render tree)
- **м/М** → v/V (DevTools)
- **а** → f (focus tree)
- **п** → g (source generators)
- **Д** → L (layer tree)
- **щ/Щ** → o/O (platform toggle)
- **з/З** → p/P (debug paint/performance overlay)
- **Г** → U (semantics inverse order)
- **ф** → a (profile widgets)
- **и** → b (brightness)
- **с** → c (clear)
## Testing
- Added comprehensive test coverage for Cyrillic keyboard commands
- All existing terminal_handler tests pass
- Verified that Cyrillic characters trigger the same actions as their
Latin equivalents
## Impact
This change improves the developer experience for users working with
Cyrillic keyboard layouts by eliminating the need for constant layout
switching during development. The implementation follows Flutter code
style guidelines and does not affect existing functionality.
---------
Co-authored-by: Ben Konyi <bkonyi@google.com>
Passing the DTD URI via a Dart define results in a new
`<hash>.cache.dill.track.dill` being created on each run as the DTD URI
is never the same and the `cache.dill.track.dill` hash is partly based
on the set of Dart defines. These files are not cleaned up
automatically, so they could take up a significant amount of memory over
time.
This change adds an additional code generation step to the widget
previewer which populates
`widget_preview_scaffold/lib/src/dtd/dtd_connection_info.dart` with a
constant containing the DTD URI provided by the tool.
Fixes https://github.com/flutter/flutter/issues/179139
