refactor: build Android bundle locally via fvm instead of Dagger

Extracts the unique contribution from PR #455: a local shell script that
builds the release AAB using fvm directly, bypassing the Dagger pipeline.
Adds the `build-android-bundle-local` task and updates `deploy-android-bundle`
to depend on it.

Closes #462

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Taskfile.yml

@@ -529,12 +529,26 @@ tasks:
     cmds:
       - ANDROID_HOME=${ANDROID_HOME:-$HOME/Android/Sdk} fvm flutter build apk --release --no-pub --dart-define=GIT_HASH=$(git rev-parse --short HEAD) | grep -Ev "was tree-shaken|Tree-shaking can be disabled"
 
+  build-android-bundle-local:
+    desc: Build a release App Bundle (AAB) locally via fvm (not Dagger)
+    deps: [_preflight, _android-sdk-check, _codegen, generate-changelog]
+    dotenv: [".env"]
+    method: timestamp
+    sources:
+      - lib/**/*.dart
+      - android/**/*
+      - pubspec.yaml
+    generates:
+      - build/app/outputs/bundle/release/app-release.aab
+    cmds:
+      - sops exec-env secrets.enc.yaml 'bash scripts/build_android_bundle_local.sh'
+
   deploy-android-bundle:
-    desc: Build, sign, and upload AAB to Play Store internal track via Dagger
+    desc: Build release AAB and upload to Play Store internal track (local/fvm)
-    deps: [generate-changelog]
+    deps: [build-android-bundle-local]
     dotenv: [".env"]
     cmds:
-      - sops exec-env secrets.enc.yaml 'HASH=$(git rev-parse --short HEAD) && scripts/silent_on_success.sh timeout --kill-after=10 1800 dagger call --progress=plain -q -m ci --source=. publish-android --play-store-config env:PLAY_STORE_CONFIG_JSON --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --commit-hash "$HASH"'
+      - sops exec-env secrets.enc.yaml 'python3 scripts/deploy_playstore.py'
 
   deploy-android:
     desc: Build release APK and upload via scp to $ANDROID_APK_SCP_USER@$ANDROID_APK_SCP_HOST:$ANDROID_APK_SCP_PATH

scripts/build_android_bundle_local.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+tmp=$(mktemp /dev/shm/keystore.XXXXXX.jks)
+trap "rm -f $tmp" EXIT
+
+printf '%s' "$ANDROID_KEYSTORE_BASE64" | base64 -d > "$tmp"
+
+ANDROID_KEYSTORE_PATH="$tmp" \
+ANDROID_HOME="${ANDROID_HOME:-$HOME/Android/Sdk}" \
+fvm flutter build appbundle --release --no-pub \
+  --build-number "$(date +%s)" \
+  --build-name "$(date +%y%m%d-%H%M)" \
+  --dart-define="GIT_HASH=$(git rev-parse --short HEAD)" \
+  | grep -Ev "was tree-shaken|Tree-shaking can be disabled"