"""Jenkinsfile 업데이트 + sudoers 확인 + 재빌드"""
import paramiko, sys, json, base64, time
sys.stdout.reconfigure(encoding='utf-8', errors='replace')
c = paramiko.SSHClient(); c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
c.connect('101.79.17.164', username='root', password='1q2w3e!Q', timeout=15)
sftp = c.open_sftp()
G = base64.b64encode(b'zio:Zio@Admin2026!').decode()
J = 'http://127.0.0.1:9080'; A = 'admin:Admin@2026!'

def run(label, cmd, timeout=20):
    print(f'\n[{label}]')
    _, o, _ = c.exec_command(cmd, timeout=timeout)
    print(o.read().decode('utf-8','replace').strip()[:400])

# 1. sudoers 확인 + 강화
run('sudoers 내용', 'cat /etc/sudoers.d/jenkins-mail 2>/dev/null')
run('sudoers 업데이트',
    'echo "jenkins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/jenkins-mail && '
    'chmod 440 /etc/sudoers.d/jenkins-mail && echo ok')
run('sudo 테스트',
    'sudo -u jenkins sudo systemctl is-active zioinfo-mail 2>/dev/null || echo "sudo 필요"')

# 2. Gitea Jenkinsfile 업데이트
_, o, _ = c.exec_command(
    f'curl -sf "http://127.0.0.1:9003/api/v1/repos/zio/zioinfo-mail/contents/Jenkinsfile" '
    f'-H "Authorization: Basic {G}" 2>/dev/null | python3 -c "import sys,json; print(json.load(sys.stdin).get(\'sha\',\'\'))" 2>/dev/null', timeout=10)
sha = o.read().decode('utf-8','replace').strip()

jf = open('C:/GUARDiA/workspace/zioinfo-mail/Jenkinsfile', encoding='utf-8').read()
enc = base64.b64encode(jf.encode('utf-8')).decode()
payload = json.dumps({"message": "fix: sudo for systemctl", "content": enc, "sha": sha, "branch": "main"})
with sftp.open('/tmp/jf_upd.json', 'w') as f: f.write(payload)
run('Jenkinsfile 업데이트',
    f'curl -sf -X PUT "http://127.0.0.1:9003/api/v1/repos/zio/zioinfo-mail/contents/Jenkinsfile" '
    f'-H "Authorization: Basic {G}" -H "Content-Type: application/json" '
    f'--data @/tmp/jf_upd.json 2>/dev/null | '
    'python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get(\'content\',{}).get(\'name\',d.get(\'message\',\'?\')))" 2>/dev/null')

# 3. workspace 초기화 + 재빌드
run('workspace 초기화', 'rm -rf /var/lib/jenkins/workspace/zioinfo-mail && echo ok')

_, o, _ = c.exec_command(f'curl -sf -u "{A}" {J}/crumbIssuer/api/json 2>/dev/null', timeout=10)
try:
    cd = json.loads(o.read().decode('utf-8','replace').strip())
    CH = f'{cd["crumbRequestField"]}: {cd["crumb"]}'
except: CH = 'Jenkins-Crumb: x'

run('재빌드', f'curl -sf -X POST -u "{A}" -H "{CH}" {J}/job/zioinfo-mail/build 2>/dev/null && echo 트리거됨')

print('\n빌드 대기 (180초)...')
for _ in range(36):
    time.sleep(5)
    _, o2, _ = c.exec_command(
        f'curl -sf -u "{A}" {J}/job/zioinfo-mail/lastBuild/api/json 2>/dev/null', timeout=10)
    try:
        d = json.loads(o2.read().decode('utf-8','replace'))
        num = d.get('number','?'); result = d.get('result','진행중'); building = d.get('building',True)
        print(f'  #{num}: {result} building={building}')
        if not building: break
    except: pass

run('최종 콘솔',
    f'curl -sf -u "{A}" {J}/job/zioinfo-mail/lastBuild/consoleText 2>/dev/null | '
    "grep -v '\\[Pipeline\\]\\|withEnv\\|timeout\\|timestamps' | tail -20")

run('전체 job 상태',
    f'curl -sf -u "{A}" {J}/api/json 2>/dev/null | '
    'python3 -c "import sys,json; [print(j[\'name\'].ljust(22),j[\'color\']) for j in json.load(sys.stdin)[\'jobs\']]" 2>/dev/null')

sftp.close(); c.close()