Update Jenkinsfile
Some checks failed
jenkins_organization/checksum_verification_and_signature_verification/pipeline/head There was a failure building this commit
Some checks failed
jenkins_organization/checksum_verification_and_signature_verification/pipeline/head There was a failure building this commit
This commit is contained in:
parent
ec2603cd19
commit
401d631b97
41
Jenkinsfile
vendored
41
Jenkinsfile
vendored
@ -1,20 +1,30 @@
|
||||
pipeline {
|
||||
agent {
|
||||
label 'agent1' // Określenie agenta o nazwie 'agent1'
|
||||
}
|
||||
agent any
|
||||
|
||||
stages {
|
||||
stage('Install Dependencies') {
|
||||
steps {
|
||||
script {
|
||||
// Pobierz dependencies z package.json
|
||||
def dependencies = sh(script: "jq -r '.dependencies | keys[]' package.json", returnStdout: true).split('\n')
|
||||
echo "Zależności: ${dependencies}"
|
||||
def unsignedPackages = []
|
||||
|
||||
// Weryfikacja sumy kontrolnej dla każdego pakietu
|
||||
for (dep in dependencies) {
|
||||
sh "npm pack ${dep}@\$(jq -r '.dependencies[\"${dep}\"]' package.json)"
|
||||
|
||||
def result = sh(
|
||||
script: """
|
||||
wget -q --spider https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc || echo 'NOT_FOUND'
|
||||
""",
|
||||
returnStdout: true
|
||||
).trim()
|
||||
|
||||
if (result == 'NOT_FOUND') {
|
||||
unsignedPackages.add(dep)
|
||||
} else {
|
||||
sh "wget https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc"
|
||||
sh "gpg --verify ${dep}.tgz.asc ${dep}-*.tgz"
|
||||
}
|
||||
|
||||
sh """
|
||||
FILENAME=\$(ls ${dep}-*.tgz)
|
||||
SHA256_SUM=\$(sha256sum \$FILENAME | awk '{ print \$1 }')
|
||||
@ -23,21 +33,10 @@ pipeline {
|
||||
"""
|
||||
}
|
||||
|
||||
// Instalacja dependencies
|
||||
sh 'npm install'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Verify GPG Signatures') {
|
||||
steps {
|
||||
script {
|
||||
// Weryfikacja podpisów cyfrowych
|
||||
def dependencies = sh(script: "jq -r '.dependencies | keys[]' package.json", returnStdout: true).split('\n')
|
||||
|
||||
for (dep in dependencies) {
|
||||
sh "wget https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc"
|
||||
sh "gpg --verify ${dep}.tgz.asc ${dep}-*.tgz"
|
||||
if (unsignedPackages.size() > 0) {
|
||||
echo "Packages without digital signatures: ${unsignedPackages.join(', ')}"
|
||||
} else {
|
||||
echo "All packages have digital signatures."
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user