upd

Jenkinsfile

@@ -0,0 +1,96 @@
+pipeline {
+  agent any
+  parameters {
+    string(name: 'ALLOWED_TELEGRAM_IDS', defaultValue: '792742394', description: '')
+  }
+  environment {
+    BOT_TOKEN = credentials('tg-bot-token')
+    BASE_DIR = '/srv/files'
+    BOT_HOST = 'storage.fymio.us'
+    REMOTE_USER = 'deploy'
+    SSH_CRED = 'bot-ssh'
+    REMOTE_DIR = '/srv/tg-bot'
+    REPO_URL = 'https://git.fymio.us/nik/fymious_tg_bot'
+    BRANCH = 'main'
+  }
+  stages {
+    stage('Checkout') {
+      steps { checkout scm }
+    }
+    stage('TrustHost') {
+      steps {
+        sh '''
+          mkdir -p ~/.ssh
+          ssh-keyscan -H ${BOT_HOST} >> ~/.ssh/known_hosts
+        '''
+      }
+    }
+    stage('Ship & Restart') {
+        steps {
+            sshagent(credentials: [env.SSH_CRED]) {
+            sh '''
+                ssh -o StrictHostKeyChecking=no ${REMOTE_USER}@${BOT_HOST} "
+                export REMOTE_DIR='${REMOTE_DIR}'
+                export REPO_URL='${REPO_URL}'
+                export BRANCH='${BRANCH}'
+                export REMOTE_USER='${REMOTE_USER}'
+                export BOT_TOKEN='${BOT_TOKEN}'
+                export BASE_DIR='${BASE_DIR}'
+                export ALLOWED_TELEGRAM_IDS='${ALLOWED_TELEGRAM_IDS}'
+
+                set -euo pipefail
+                DIR=\\$REMOTE_DIR
+                REPO=\\$REPO_URL
+                BR=\\$BRANCH
+
+                # Create directory without sudo first
+                mkdir -p \\$DIR || echo 'Directory might already exist'
+
+                # Clone or update repository
+                if [ -d \\\"\\$DIR/.git\\\" ]; then
+                    cd \\$DIR
+                    git fetch origin \\$BR
+                    git reset --hard origin/\\$BR
+                else
+                    if [ -z \\\"\\\$(ls -A \\\"\\$DIR\\\" 2>/dev/null || true)\\\" ]; then
+                        git clone --depth 1 -b \\$BR \\$REPO \\$DIR
+                    else
+                        rm -rf \\$DIR/*
+                        git clone --depth 1 -b \\$BR \\$REPO \\$DIR
+                    fi
+                fi
+
+                # Create .env file
+                cd \\$DIR
+                echo \\\"BOT_TOKEN=\\$BOT_TOKEN\\\" > .env
+                echo \\\"BASE_DIR=\\$BASE_DIR\\\" >> .env
+                echo \\\"ALLOWED_TELEGRAM_IDS=\\$ALLOWED_TELEGRAM_IDS\\\" >> .env
+
+                # Install npm dependencies if needed
+                if [ -f package.json ]; then
+                    if command -v npm >/dev/null 2>&1; then
+                        npm ci || npm install
+                    fi
+                fi
+
+                # Try to restart service with sudo (might need NOPASSWD configured)
+                echo 'Attempting to restart service...'
+                sudo systemctl restart tg_filebrowser_bot || echo 'Service restart failed - might need manual restart'
+
+                # Show service status for debugging
+                sudo systemctl status tg_filebrowser_bot || systemctl --user status tg_filebrowser_bot || echo 'Could not get service status'
+                "
+            '''
+            }
+        }
+    }
+    stage('LogsIfFailed') {
+      when { expression { currentBuild.currentResult == 'FAILURE' } }
+      steps {
+        sshagent(credentials: [env.SSH_CRED]) {
+          sh 'ssh ${REMOTE_USER}@${BOT_HOST} "journalctl -u tg_filebrowser_bot -n 200 --no-pager || journalctl --user -u tg_filebrowser_bot -n 200 --no-pager || echo \\"Could not get logs\\""'
+        }
+      }
+    }
+  }
+}