pipeline {
  agent any
  parameters {
    string(name: 'ALLOWED_TELEGRAM_IDS', defaultValue: '792742394', description: '')
  }
  environment {
    BOT_TOKEN = credentials('tg-bot-token')
    BASE_DIR = '/srv/files'
    BOT_HOST = 'storage.fymio.us'
    REMOTE_USER = 'deploy'
    SSH_CRED = 'bot-ssh'
    REMOTE_DIR = '/srv/tg-bot'
    REPO_URL = 'https://git.fymio.us/fymious/fymious_tg_bot'
    BRANCH = 'main'
  }
  stages {
    stage('Checkout') {
      steps { checkout scm }
    }
    stage('TrustHost') {
      steps {
        sh '''
          mkdir -p ~/.ssh
          ssh-keyscan -H ${BOT_HOST} >> ~/.ssh/known_hosts
        '''
      }
    }
    stage('Ship & Restart') {
        steps {
            sshagent(credentials: [env.SSH_CRED]) {
            sh '''
                ssh -o StrictHostKeyChecking=no ${REMOTE_USER}@${BOT_HOST} "
                export REMOTE_DIR='${REMOTE_DIR}'
                export REPO_URL='${REPO_URL}'
                export BRANCH='${BRANCH}'
                export REMOTE_USER='${REMOTE_USER}'
                export BOT_TOKEN='${BOT_TOKEN}'
                export BASE_DIR='${BASE_DIR}'
                export ALLOWED_TELEGRAM_IDS='${ALLOWED_TELEGRAM_IDS}'

                set -euo pipefail
                DIR=\\$REMOTE_DIR
                REPO=\\$REPO_URL
                BR=\\$BRANCH

                # Create directory without sudo first
                mkdir -p \\$DIR || echo 'Directory might already exist'

                # Clone or update repository
                if [ -d \\\"\\$DIR/.git\\\" ]; then
                    cd \\$DIR
                    git fetch origin \\$BR
                    git reset --hard origin/\\$BR
                else
                    if [ -z \\\"\\\$(ls -A \\\"\\$DIR\\\" 2>/dev/null || true)\\\" ]; then
                        git clone --depth 1 -b \\$BR \\$REPO \\$DIR
                    else
                        rm -rf \\$DIR/*
                        git clone --depth 1 -b \\$BR \\$REPO \\$DIR
                    fi
                fi

                # Create .env file
                cd \\$DIR
                echo \\\"BOT_TOKEN=\\$BOT_TOKEN\\\" > .env
                echo \\\"BASE_DIR=\\$BASE_DIR\\\" >> .env
                echo \\\"ALLOWED_TELEGRAM_IDS=\\$ALLOWED_TELEGRAM_IDS\\\" >> .env

                # Install npm dependencies if needed
                if [ -f package.json ]; then
                    if command -v npm >/dev/null 2>&1; then
                        npm ci || npm install
                    fi
                fi

                # Try to restart service with sudo (might need NOPASSWD configured)
                echo 'Attempting to restart service...'
                sudo systemctl restart tg_filebrowser_bot || echo 'Service restart failed - might need manual restart'

                # Show service status for debugging
                sudo systemctl status tg_filebrowser_bot || systemctl --user status tg_filebrowser_bot || echo 'Could not get service status'
                "
            '''
            }
        }
    }
    stage('LogsIfFailed') {
      when { expression { currentBuild.currentResult == 'FAILURE' } }
      steps {
        sshagent(credentials: [env.SSH_CRED]) {
          sh 'ssh ${REMOTE_USER}@${BOT_HOST} "journalctl -u tg_filebrowser_bot -n 200 --no-pager || journalctl --user -u tg_filebrowser_bot -n 200 --no-pager || echo \\"Could not get logs\\""'
        }
      }
    }
  }
}