name: Build & Deploy PluriWave on: push: branches: [main, PRO] env: PATH: /opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin ANDROID_HOME: /Users/freetlab/Library/Android/sdk KEYSTORE_PATH: /Users/freetlab/.openclaw/workspace/.secure/pluriwave/pluriwave-upload.jks KEYSTORE_ALIAS: pluriwave-upload PLAY_PACKAGE_NAME: es.freetimelab.pluriwave CURRENT_REF: ${{ gitea.ref }} jobs: analizar: name: Análisis de código runs-on: [self-hosted, macos, arm64, flutter] steps: - name: Clonar rama actual run: | BRANCH="${CURRENT_REF#refs/heads/}" git clone https://ShanaiaBot:${{ secrets.GITEA_TOKEN }}@git.freetimelab.es/FreeTLab/pluriwave.git . git fetch origin "$BRANCH" git checkout "$BRANCH" - name: Obtener dependencias run: flutter pub get - name: Analizar código run: flutter analyze --no-fatal-infos --no-fatal-warnings build: name: Build APK + AAB release runs-on: [self-hosted, macos, arm64, flutter] needs: analizar steps: - name: Clonar rama actual run: | BRANCH="${CURRENT_REF#refs/heads/}" git clone https://ShanaiaBot:${{ secrets.GITEA_TOKEN }}@git.freetimelab.es/FreeTLab/pluriwave.git . git fetch origin "$BRANCH" git checkout "$BRANCH" - name: Configurar keystore de firma env: KEYSTORE_PASSWORD: ${{ secrets.PLURIWAVE_KEYSTORE_PASSWORD }} run: | if [ ! -f "$KEYSTORE_PATH" ]; then echo "ERROR: Keystore no encontrado en $KEYSTORE_PATH" exit 1 fi echo "storeFile=$KEYSTORE_PATH" > android/key.properties echo "storePassword=$KEYSTORE_PASSWORD" >> android/key.properties echo "keyAlias=$KEYSTORE_ALIAS" >> android/key.properties echo "keyPassword=$KEYSTORE_PASSWORD" >> android/key.properties echo "✅ Keystore configurado" - name: Bump versión patch + commit run: | BRANCH="${CURRENT_REF#refs/heads/}" git config user.name "ShanaiaBot" git config user.email "shanaia@freetimelab.es" CURRENT=$(grep '^version:' pubspec.yaml | awk '{print $2}') SEMVER=$(echo "$CURRENT" | cut -d'+' -f1) BUILD=$(echo "$CURRENT" | cut -d'+' -f2) MAJOR=$(echo "$SEMVER" | cut -d. -f1) MINOR=$(echo "$SEMVER" | cut -d. -f2) PATCH=$(echo "$SEMVER" | cut -d. -f3) NEW_PATCH=$((PATCH + 1)) NEW_BUILD=$((BUILD + 1)) NEW_VERSION="${MAJOR}.${MINOR}.${NEW_PATCH}+${NEW_BUILD}" sed -i '' "s/^version: .*/version: ${NEW_VERSION}/" pubspec.yaml git add pubspec.yaml git commit -m "chore: bump version to ${NEW_VERSION} [ci skip]" git push origin "HEAD:${BRANCH}" - name: Extraer versión id: version run: | VERSION=$(grep '^version:' pubspec.yaml | awk '{print $2}' | cut -d'+' -f1) BUILD_NUMBER=$(grep '^version:' pubspec.yaml | awk '{print $2}' | cut -d'+' -f2) COMMIT=$(git rev-parse --short HEAD) echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "build_number=$BUILD_NUMBER" >> "$GITHUB_OUTPUT" echo "commit=$COMMIT" >> "$GITHUB_OUTPUT" - name: Obtener dependencias run: flutter pub get - name: Build APK release run: flutter build apk --release - name: Build AAB release run: flutter build appbundle --release - name: Verificar firma del AAB env: KEYSTORE_PASSWORD: ${{ secrets.PLURIWAVE_KEYSTORE_PASSWORD }} run: | echo "=== Huellas del keystore ===" KEYSTORE_INFO=$(keytool -list -v -keystore "$KEYSTORE_PATH" -alias "$KEYSTORE_ALIAS" -storepass "$KEYSTORE_PASSWORD" 2>/dev/null) || { echo "ERROR: no se pudo leer el keystore de firma" exit 1 } echo "$KEYSTORE_INFO" | grep -E "SHA1:|SHA256:" || true echo "" echo "=== Huellas del AAB (desde ZIP) ===" unzip -p build/app/outputs/bundle/release/app-release.aab META-INF/CERT.RSA | keytool -printcert 2>/dev/null | grep -E "SHA1:|SHA256:" || echo "(huellas no extraídas, build generado)" - name: Publicar en ftl-builds (Zimaboard) run: | VERSION="${{ steps.version.outputs.version }}" APK_NOMBRE="pluriwave-v${VERSION}.apk" AAB_NOMBRE="pluriwave-v${VERSION}.aab" DESTINO="/opt/ftl-builds/builds/pluriwave/v${VERSION}" SSH_KEY="/Users/freetlab/.openclaw/workspace/.secure/zimaboard_ed25519" ssh -i "$SSH_KEY" -o StrictHostKeyChecking=no ShanaiaBot@192.168.0.33 "mkdir -p ${DESTINO}" scp -i "$SSH_KEY" -o StrictHostKeyChecking=no \ build/app/outputs/flutter-apk/app-release.apk \ "ShanaiaBot@192.168.0.33:${DESTINO}/${APK_NOMBRE}" scp -i "$SSH_KEY" -o StrictHostKeyChecking=no \ build/app/outputs/bundle/release/app-release.aab \ "ShanaiaBot@192.168.0.33:${DESTINO}/${AAB_NOMBRE}" echo "✅ APK: builds.freetimelab.es → pluriwave → v${VERSION}" echo "✅ AAB: builds.freetimelab.es → pluriwave → v${VERSION}" - name: Preparar credenciales de Google Play if: ${{ gitea.ref == 'refs/heads/PRO' }} env: GOOGLE_PLAY_SERVICE_ACCOUNT_JSON: ${{ secrets.GOOGLE_PLAY_SERVICE_ACCOUNT_JSON }} run: | if [ -z "$GOOGLE_PLAY_SERVICE_ACCOUNT_JSON" ]; then echo "ERROR: falta el secreto GOOGLE_PLAY_SERVICE_ACCOUNT_JSON" exit 1 fi mkdir -p fastlane/credentials printf '%s' "$GOOGLE_PLAY_SERVICE_ACCOUNT_JSON" > fastlane/credentials/google-play-service-account.json - name: Instalar Fastlane if: ${{ gitea.ref == 'refs/heads/PRO' }} run: | gem list -i fastlane >/dev/null 2>&1 || gem install fastlane --no-document - name: Publicar AAB en Google Play Internal Testing if: ${{ gitea.ref == 'refs/heads/PRO' }} env: PLAY_JSON_KEY_PATH: fastlane/credentials/google-play-service-account.json PLAY_AAB_PATH: build/app/outputs/bundle/release/app-release.aab PLAY_TRACK: internal PLAY_RELEASE_STATUS: completed run: fastlane android upload_internal - name: Notificar Telegram if: always() run: | VERSION="${{ steps.version.outputs.version }}" COMMIT="${{ steps.version.outputs.commit }}" BRANCH="${CURRENT_REF#refs/heads/}" BOT_TOKEN=$(plutil -extract 'EnvironmentVariables:TELEGRAM_BOT_TOKEN' raw /Users/freetlab/Library/LaunchAgents/ai.openclaw.gateway.plist 2>/dev/null || echo "") if [ -z "$BOT_TOKEN" ]; then exit 0; fi if [ "${{ job.status }}" = "success" ]; then MSG="✅ *PluriWave* v${VERSION} · rama ${BRANCH} · ${COMMIT}%0AAPK + AAB generados" if [ "$BRANCH" = "PRO" ]; then MSG="${MSG}%0APublicado en Google Play · Internal Testing" else MSG="${MSG}%0APublicado en builds.freetimelab.es" fi else MSG="❌ *PluriWave* build FAILED · rama ${BRANCH} · ${COMMIT}" fi curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \ -d "chat_id=221721467" -d "parse_mode=Markdown" -d "text=${MSG}" || true