chore: prefer BOT_TOKEN env var over secrets file

Backward-compatible reorder: env var wins, then file. This lets multiple instances on the same host (prod + shipyard staging) each load a distinct token via systemd EnvironmentFile, instead of fighting over the single ~/.secrets/bigbiggerbiggestbot file. Also documents the new two-environment workflow in README. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-10 12:43:42 +02:00 · 2026-05-10 12:43:42 +02:00 · 967c7880fc
commit 967c7880fc
parent c0caf6cdf4
3 changed files with 43 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -60,11 +60,27 @@ nix develop --command pytest tests/ -v

 ## Deployment

-Runs as a systemd service. A timer pulls this repo periodically and
-restarts the service when the remote has new commits — push to `main`
-and the bot redeploys itself within ~15 minutes.
+Two environments share one host (`sunken-ship`):

-The SQLite database lives next to the code at `workouts.db` (gitignored).
+- **Production** — `fitness-bot.service`, working dir `/home/danny/tg_fitness_bot`,
+  watches `origin/main`, served behind a stable URL via the VPS Caddy.
+- **Shipyard staging** — `fitness-bot-shipyard.service`, working dir
+  `/home/danny/tg_fitness_bot_shipyard`, watches `origin/staging`, separate
+  bot token, ephemeral cloudflared URL each restart.
+
+Each has its own pull timer that fetches every ~15 minutes and restarts
+the service when its branch has new commits.
+
+**Workflow:**
+
+```
+# 1. land changes on a working branch (or main locally)
+git push origin <branch>:staging   # → shipyard auto-deploys, test there
+git push origin <branch>:main      # → production auto-deploys
+```
+
+Each environment keeps its own `workouts.db` next to its code (gitignored),
+so testing on shipyard never touches production data.

 ## Architecture