feat(ci): automate play upload from PRO

.gitea/workflows/build.yml

@@ -1,24 +1,28 @@
-name: Build & Deploy Pluriwave
+name: Build & Deploy PluriWave
 
 on:
   push:
-    branches: [main]
+    branches: [main, PRO]
 
 env:
   PATH: /opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
   ANDROID_HOME: /Users/freetlab/Library/Android/sdk
   KEYSTORE_PATH: /Users/freetlab/.openclaw/workspace/.secure/pluriwave/pluriwave-upload.jks
   KEYSTORE_ALIAS: pluriwave-upload
+  PLAY_PACKAGE_NAME: es.freetimelab.pluriwave
+  CURRENT_REF: ${{ gitea.ref }}
 
 jobs:
   analizar:
     name: Análisis de código
     runs-on: [self-hosted, macos, arm64, flutter]
     steps:
-      - name: Clonar repo
+      - name: Clonar rama actual
         run: |
+          BRANCH="${CURRENT_REF#refs/heads/}"
           git clone https://ShanaiaBot:${{ secrets.GITEA_TOKEN }}@git.freetimelab.es/FreeTLab/pluriwave.git .
-          git fetch origin main
+          git fetch origin "$BRANCH"
+          git checkout "$BRANCH"
 
       - name: Obtener dependencias
         run: flutter pub get
@@ -30,12 +34,13 @@ jobs:
     name: Build APK + AAB release
     runs-on: [self-hosted, macos, arm64, flutter]
     needs: analizar
-    if: ${{ gitea.ref == 'refs/heads/main' }}
     steps:
-      - name: Clonar repo
+      - name: Clonar rama actual
         run: |
+          BRANCH="${CURRENT_REF#refs/heads/}"
           git clone https://ShanaiaBot:${{ secrets.GITEA_TOKEN }}@git.freetimelab.es/FreeTLab/pluriwave.git .
-          git fetch origin main
+          git fetch origin "$BRANCH"
+          git checkout "$BRANCH"
 
       - name: Configurar keystore de firma
         env:
@@ -53,29 +58,32 @@ jobs:
 
       - name: Bump versión patch + commit
         run: |
+          BRANCH="${CURRENT_REF#refs/heads/}"
           git config user.name "ShanaiaBot"
           git config user.email "shanaia@freetimelab.es"
           CURRENT=$(grep '^version:' pubspec.yaml | awk '{print $2}')
-          SEMVER=$(echo $CURRENT | cut -d'+' -f1)
-          BUILD=$(echo $CURRENT | cut -d'+' -f2)
-          MAJOR=$(echo $SEMVER | cut -d. -f1)
-          MINOR=$(echo $SEMVER | cut -d. -f2)
-          PATCH=$(echo $SEMVER | cut -d. -f3)
+          SEMVER=$(echo "$CURRENT" | cut -d'+' -f1)
+          BUILD=$(echo "$CURRENT" | cut -d'+' -f2)
+          MAJOR=$(echo "$SEMVER" | cut -d. -f1)
+          MINOR=$(echo "$SEMVER" | cut -d. -f2)
+          PATCH=$(echo "$SEMVER" | cut -d. -f3)
           NEW_PATCH=$((PATCH + 1))
           NEW_BUILD=$((BUILD + 1))
           NEW_VERSION="${MAJOR}.${MINOR}.${NEW_PATCH}+${NEW_BUILD}"
           sed -i '' "s/^version: .*/version: ${NEW_VERSION}/" pubspec.yaml
           git add pubspec.yaml
           git commit -m "chore: bump version to ${NEW_VERSION} [ci skip]"
-          git push origin main
+          git push origin "HEAD:${BRANCH}"
 
       - name: Extraer versión
         id: version
         run: |
           VERSION=$(grep '^version:' pubspec.yaml | awk '{print $2}' | cut -d'+' -f1)
+          BUILD_NUMBER=$(grep '^version:' pubspec.yaml | awk '{print $2}' | cut -d'+' -f2)
           COMMIT=$(git rev-parse --short HEAD)
-          echo "version=$VERSION" >> $GITHUB_OUTPUT
-          echo "commit=$COMMIT" >> $GITHUB_OUTPUT
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          echo "build_number=$BUILD_NUMBER" >> "$GITHUB_OUTPUT"
+          echo "commit=$COMMIT" >> "$GITHUB_OUTPUT"
 
       - name: Obtener dependencias
         run: flutter pub get
@@ -91,10 +99,14 @@ jobs:
           KEYSTORE_PASSWORD: ${{ secrets.PLURIWAVE_KEYSTORE_PASSWORD }}
         run: |
           echo "=== Huellas del keystore ==="
-          keytool -list -v -keystore "$KEYSTORE_PATH" -alias $KEYSTORE_ALIAS -storepass "$KEYSTORE_PASSWORD" 2>/dev/null | grep "SHA1:\|SHA256:"
+          KEYSTORE_INFO=$(keytool -list -v -keystore "$KEYSTORE_PATH" -alias "$KEYSTORE_ALIAS" -storepass "$KEYSTORE_PASSWORD" 2>/dev/null) || {
+            echo "ERROR: no se pudo leer el keystore de firma"
+            exit 1
+          }
+          echo "$KEYSTORE_INFO" | grep -E "SHA1:|SHA256:" || true
           echo ""
           echo "=== Huellas del AAB (desde ZIP) ==="
-          unzip -p build/app/outputs/bundle/release/app-release.aab META-INF/CERT.RSA | keytool -printcert 2>/dev/null | grep "SHA1:\|SHA256:" || echo "(verificado tras build)"
+          unzip -p build/app/outputs/bundle/release/app-release.aab META-INF/CERT.RSA | keytool -printcert 2>/dev/null | grep -E "SHA1:|SHA256:" || echo "(huellas no extraídas, build generado)"
 
       - name: Publicar en ftl-builds (Zimaboard)
         run: |
@@ -114,17 +126,49 @@ jobs:
           echo "✅ APK: builds.freetimelab.es → pluriwave → v${VERSION}"
           echo "✅ AAB: builds.freetimelab.es → pluriwave → v${VERSION}"
 
+      - name: Preparar credenciales de Google Play
+        if: ${{ gitea.ref == 'refs/heads/PRO' }}
+        env:
+          GOOGLE_PLAY_SERVICE_ACCOUNT_JSON: ${{ secrets.GOOGLE_PLAY_SERVICE_ACCOUNT_JSON }}
+        run: |
+          if [ -z "$GOOGLE_PLAY_SERVICE_ACCOUNT_JSON" ]; then
+            echo "ERROR: falta el secreto GOOGLE_PLAY_SERVICE_ACCOUNT_JSON"
+            exit 1
+          fi
+          mkdir -p fastlane/credentials
+          printf '%s' "$GOOGLE_PLAY_SERVICE_ACCOUNT_JSON" > fastlane/credentials/google-play-service-account.json
+
+      - name: Instalar Fastlane
+        if: ${{ gitea.ref == 'refs/heads/PRO' }}
+        run: |
+          gem list -i fastlane >/dev/null 2>&1 || gem install fastlane --no-document
+
+      - name: Publicar AAB en Google Play Internal Testing
+        if: ${{ gitea.ref == 'refs/heads/PRO' }}
+        env:
+          PLAY_JSON_KEY_PATH: fastlane/credentials/google-play-service-account.json
+          PLAY_AAB_PATH: build/app/outputs/bundle/release/app-release.aab
+          PLAY_TRACK: internal
+          PLAY_RELEASE_STATUS: completed
+        run: fastlane android upload_internal
+
       - name: Notificar Telegram
         if: always()
         run: |
           VERSION="${{ steps.version.outputs.version }}"
           COMMIT="${{ steps.version.outputs.commit }}"
+          BRANCH="${CURRENT_REF#refs/heads/}"
           BOT_TOKEN=$(plutil -extract 'EnvironmentVariables:TELEGRAM_BOT_TOKEN' raw /Users/freetlab/Library/LaunchAgents/ai.openclaw.gateway.plist 2>/dev/null || echo "")
           if [ -z "$BOT_TOKEN" ]; then exit 0; fi
           if [ "${{ job.status }}" = "success" ]; then
-            MSG="✅ *Pluriwave* v${VERSION} build OK (firma release) · ${COMMIT}%0AAPK + AAB en builds.freetimelab.es"
+            MSG="✅ *PluriWave* v${VERSION} · rama ${BRANCH} · ${COMMIT}%0AAPK + AAB generados"
+            if [ "$BRANCH" = "PRO" ]; then
+              MSG="${MSG}%0APublicado en Google Play · Internal Testing"
+            else
+              MSG="${MSG}%0APublicado en builds.freetimelab.es"
+            fi
           else
-            MSG="❌ *Pluriwave* v${VERSION} build FAILED · ${COMMIT}"
+            MSG="❌ *PluriWave* build FAILED · rama ${BRANCH} · ${COMMIT}"
           fi
           curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \
             -d "chat_id=221721467" -d "parse_mode=Markdown" -d "text=${MSG}" || true