jenkins_organization/checksum_verification_and_signature_verification
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Jenkinsfile
Some checks failed
jenkins_organization/checksum_verification_and_signature_verification/pipeline/head There was a failure building this commit
Details

Browse Source
This commit is contained in:
first_admin 2024-09-01 20:29:38 +00:00
parent ec2603cd19
commit 401d631b97
1 changed files with 20 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
Jenkinsfile vendored
View File

@ -1,20 +1,30 @@
pipeline {
agent {
label 'agent1' // Określenie agenta o nazwie 'agent1'
}
agent any
stages {
stage('Install Dependencies') {
steps {
script {
// Pobierz dependencies z package.json
def dependencies = sh(script: "jq -r '.dependencies | keys[]' package.json", returnStdout: true).split('\n')
echo "Zależności: ${dependencies}"
def unsignedPackages = []
// Weryfikacja sumy kontrolnej dla każdego pakietu
for (dep in dependencies) {
sh "npm pack ${dep}@\$(jq -r '.dependencies[\"${dep}\"]' package.json)"
def result = sh(
script: """
wget -q --spider https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc || echo 'NOT_FOUND'
""",
returnStdout: true
).trim()
if (result == 'NOT_FOUND') {
unsignedPackages.add(dep)
} else {
sh "wget https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc"
sh "gpg --verify ${dep}.tgz.asc ${dep}-*.tgz"
}
sh """
FILENAME=\$(ls ${dep}-*.tgz)
SHA256_SUM=\$(sha256sum \$FILENAME | awk '{ print \$1 }')
@ -23,21 +33,10 @@ pipeline {
"""
}
// Instalacja dependencies
sh 'npm install'
}
}
}
stage('Verify GPG Signatures') {
steps {
script {
// Weryfikacja podpisów cyfrowych
def dependencies = sh(script: "jq -r '.dependencies | keys[]' package.json", returnStdout: true).split('\n')
for (dep in dependencies) {
sh "wget https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc"
sh "gpg --verify ${dep}.tgz.asc ${dep}-*.tgz"
if (unsignedPackages.size() > 0) {
echo "Packages without digital signatures: ${unsignedPackages.join(', ')}"
} else {
echo "All packages have digital signatures."
}
}
}