import os, paramiko, time
PW = os.environ["REMOTE_PASS"]
c = paramiko.SSHClient()
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
c.connect("207.57.129.228", port=19717, username="root", password=PW, timeout=15, allow_agent=False, look_for_keys=False)

def run(cmd, t=60):
    si, so, se = c.exec_command(cmd, timeout=t)
    out = so.read().decode("utf-8", "replace")
    err = se.read().decode("utf-8", "replace")
    rc = so.channel.recv_exit_status()
    print(f"$ {cmd}")
    if out: print(out, end="")
    if err: print("[err]", err, end="", file=__import__("sys").stderr)
    print(f"  rc={rc}")
    return out

run("cd /srv/news && sudo -u news git pull --rebase 2>&1 | tail -3")
# 重启 caddy + api
run("cd /srv/news && sg docker -c 'docker compose up -d --force-recreate caddy api' 2>&1 | tail -8")
time.sleep(8)

print("\n=== 验证 ===")
run("curl -s -o /dev/null -w 'healthz: %{http_code}\\n' http://localhost/api/v1/healthz")
run("curl -s http://localhost/api/v1/healthz 2>&1")
run("curl -s -o /dev/null -w 'articles (no auth): %{http_code}\\n' http://localhost/api/v1/articles")
run("curl -s http://localhost/api/v1/articles 2>&1")
run("curl -s -o /dev/null -w 'login OPTIONS: %{http_code}\\n' -X OPTIONS http://localhost/api/v1/auth/login")
c.close()