diff --git a/Jenkinsfile b/Jenkinsfile index f7371e8..8def127 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,20 +1,30 @@ pipeline { - agent { - label 'agent1' // Określenie agenta o nazwie 'agent1' - } + agent any stages { stage('Install Dependencies') { steps { script { - // Pobierz dependencies z package.json def dependencies = sh(script: "jq -r '.dependencies | keys[]' package.json", returnStdout: true).split('\n') - echo "Zależności: ${dependencies}" + def unsignedPackages = [] - // Weryfikacja sumy kontrolnej dla każdego pakietu for (dep in dependencies) { sh "npm pack ${dep}@\$(jq -r '.dependencies[\"${dep}\"]' package.json)" + def result = sh( + script: """ + wget -q --spider https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc || echo 'NOT_FOUND' + """, + returnStdout: true + ).trim() + + if (result == 'NOT_FOUND') { + unsignedPackages.add(dep) + } else { + sh "wget https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc" + sh "gpg --verify ${dep}.tgz.asc ${dep}-*.tgz" + } + sh """ FILENAME=\$(ls ${dep}-*.tgz) SHA256_SUM=\$(sha256sum \$FILENAME | awk '{ print \$1 }') @@ -23,21 +33,10 @@ pipeline { """ } - // Instalacja dependencies - sh 'npm install' - } - } - } - - stage('Verify GPG Signatures') { - steps { - script { - // Weryfikacja podpisów cyfrowych - def dependencies = sh(script: "jq -r '.dependencies | keys[]' package.json", returnStdout: true).split('\n') - - for (dep in dependencies) { - sh "wget https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc" - sh "gpg --verify ${dep}.tgz.asc ${dep}-*.tgz" + if (unsignedPackages.size() > 0) { + echo "Packages without digital signatures: ${unsignedPackages.join(', ')}" + } else { + echo "All packages have digital signatures." } } }