chore(cloud_hub): Updates to use distroless base images (#330)

- Updates cloud_hub to use distroless base images
- Updates distroless Dart to use the `base` variant which includes ca-certs

Author: dnys1

apps/distroless/bin/list_sdks.dart

@@ -3,7 +3,7 @@ import 'dart:convert';
 import 'package:distroless/src/sdk/sdk_manager.dart';
 import 'package:pub_semver/pub_semver.dart';
 
-final Version minDartSdkVersion = Version(3, 5, 0);
+final Version minDartSdkVersion = Version(3, 7, 0);
 final Version minFlutterSdkVersion = Version(3, 29, 0);
 
 /// The last version of Flutter published under the old engine repo.

apps/distroless/dart/build/Dockerfile

@@ -117,7 +117,7 @@ RUN CFLAGS='-DSQLITE_ENABLE_FTS5 -DSQLITE_ENABLE_JSON1' \
     && make install DESTDIR=/sqlite_install
 
 # Copy just the parts of the Dart SDK we need to build an AOT snapshot
-FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:nonroot AS builder
+FROM gcr.io/distroless/static-debian${DEBIAN_VERSION} AS builder
 
 COPY --from=sdk /runtime/ /
 COPY --from=sdk /usr/lib/dart/bin/utils/gen_snapshot /usr/lib/dart/bin/utils/gen_snapshot
@@ -127,7 +127,7 @@ ENTRYPOINT ["/usr/lib/dart/bin/utils/gen_snapshot", "--snapshot_kind=app-aot-elf
 CMD ["--elf=/app/main.aot", "/app/main.aot.dill"]
 
 # Copy the Dart runtime and AOT runtime into a minimal runtime image
-FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:nonroot AS runtime
+FROM gcr.io/distroless/base-debian${DEBIAN_VERSION} AS runtime
 
 COPY --from=dart /runtime/ /
 COPY --from=dart /usr/lib/dart/bin/dartaotruntime /usr/lib/dart/bin/dartaotruntime

apps/distroless/flutter/build/Dockerfile

@@ -36,15 +36,15 @@ RUN sed -i 's/libdart_jit/libdart_aotruntime_product/g' shell/testing/BUILD.gn
 WORKDIR /flutter/engine/src
 RUN ./flutter/bin/et build --no-rbe --config=host_release
 
-FROM gcr.io/distroless/cc-debian${DEBIAN_VERSION}:nonroot AS engine
+FROM gcr.io/distroless/cc-debian${DEBIAN_VERSION} AS engine
 
 COPY --from=build-engine /flutter/engine/src/out/host_release /engine
 ENV DART_SDK="/flutter/engine/dart-sdk"
 
 WORKDIR /engine
 ENV LD_LIBRARY_PATH="/engine"
 
-FROM gcr.io/distroless/cc-debian${DEBIAN_VERSION}:nonroot AS builder
+FROM gcr.io/distroless/cc-debian${DEBIAN_VERSION} AS builder
 
 COPY --from=engine /engine/dart-sdk/bin/utils/gen_snapshot /usr/lib/dart/bin/utils/gen_snapshot
 COPY --from=engine /engine/dart-sdk/bin/utils/gen_snapshot.sym /usr/lib/dart/bin/utils/gen_snapshot.sym

services/celest_cloud_hub/Dockerfile

@@ -1,36 +1,4 @@
-# Builds SQLite from Source
-#
-# The version shipped with apt is very outdated (3.40.1). This is the only way
-# it seems to get anything newer.
-FROM debian:bookworm-slim AS sqlite
-
-# Install build dependencies
-RUN apt-get update && apt-get install -y \
-    build-essential \
-    tcl-dev \
-    libreadline-dev \
-    wget \
-    unzip \
-    && rm -rf /var/lib/apt/lists/*
-
-# Set up build directory
-WORKDIR /sqlite_build
-
-# Download the latest SQLite source
-ARG SQLITE_VERSION=3490100
-RUN wget https://www.sqlite.org/2025/sqlite-autoconf-${SQLITE_VERSION}.tar.gz \
-    && tar xzf sqlite-autoconf-${SQLITE_VERSION}.tar.gz \
-    && cd sqlite-autoconf-${SQLITE_VERSION}
-
-# Build SQLite with default options
-WORKDIR /sqlite_build/sqlite-autoconf-${SQLITE_VERSION}
-RUN CFLAGS='-DSQLITE_ENABLE_FTS5 -DSQLITE_ENABLE_JSON1' \
-    ./configure --prefix=/usr \
-    --enable-threadsafe \
-    && make -j$(nproc) \
-    && make install DESTDIR=/sqlite_install
-
-FROM dart:stable AS build
+FROM dart:3.7.2 AS build
 
 # Set the dependency versions
 ARG FLY_VERSION=0.3.98
@@ -77,29 +45,14 @@ RUN yq eval 'del(.environment.flutter)' -i pubspec.yaml
 
 WORKDIR /app/services/celest_cloud_hub
 RUN dart pub get
-RUN dart compile exe bin/cloud_hub.dart -o /app/cloud_hub
-
-FROM debian:bookworm-slim
-
-# Configure SQLite
-COPY --from=sqlite /sqlite_install /
-
-# Install dependencies
-RUN apt-get update && apt-get install -y \
-    ca-certificates \
-    libreadline8 \
-    && rm -rf /var/lib/apt/lists/*
+RUN dart compile aot-snapshot bin/cloud_hub.dart -o /app/main.aot
 
-# Verify SQLite installation
-RUN sqlite3 --version && \
-    ldconfig && \
-    ldd $(which sqlite3)
+FROM celestdev/dart-runtime:3.7.2
 
 COPY --from=build /usr/local/bin/flyctl /usr/local/bin/flyctl
-COPY --from=build /app/cloud_hub /app/cloud_hub
+COPY --from=build /app/main.aot /app/main.aot
 
 ENV PORT=8080
 EXPOSE $PORT
 
 WORKDIR /tmp
-CMD ["/app/cloud_hub"]

services/celest_cloud_hub/bin/cloud_hub.dart

@@ -182,4 +182,5 @@ Future<void> _run() async {
   await gateway.close();
   await db.close();
   context.logger.fine('Server stopped');
+  exit(0);
 }

services/celest_cloud_hub/lib/src/deploy/fly/fly_deployment_engine.dart

@@ -188,12 +188,18 @@ final class FlyDeploymentEngine {
   }
 
   String _generateFlyAppName() {
-    var projectId = projectAst.projectId;
-    // Restricted to 30 characters total.
-    if (projectId.length > 24) {
-      projectId = projectId.substring(0, 24);
+    var projectId = projectAst.projectId.toLowerCase();
+
+    // Only lowercase letters, numbers, and dashes are allowed.
+    projectId = projectId.replaceAll(RegExp(r'[^a-z0-9]'), '-');
+
+    // Restricted to 63 characters total.
+    final suffix = _randomSuffix;
+    final maxLength = 63 - suffix.length;
+    if (projectId.length > maxLength) {
+      projectId = projectId.substring(0, maxLength);
     }
-    return '$projectId-$_randomSuffix';
+    return '$projectId-$suffix';
   }
 
   Future<ProjectEnvironmentState> _deployProjectEnvironment() async {
@@ -244,7 +250,7 @@ final class FlyDeploymentEngine {
     // Deploy using `flyctl deploy`
     await _withTempDirectory((dir) async {
       // Write the kernel file to disk
-      final kernelFile = dir.childFile('celest.aot.dill');
+      final kernelFile = dir.childFile('main.aot.dill');
       await kernelFile.writeAsBytes(kernelAsset);
 
       // Write celest.json to disk