pipeline { agent { label 'agent1' } stages { stage('Install Dependencies') { steps { script { def dependencies = sh(script: "jq -r '.dependencies | keys[]' package.json", returnStdout: true).split('\n') def unsignedPackages = [] for (dep in dependencies) { sh "npm pack ${dep}@\$(jq -r '.dependencies[\"${dep}\"]' package.json)" def result = sh( script: """ wget -q --spider https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc || echo 'NOT_FOUND' """, returnStdout: true ).trim() if (result == 'NOT_FOUND') { unsignedPackages.add(dep) } else { sh "wget https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc" sh "gpg --verify ${dep}.tgz.asc ${dep}-*.tgz" } sh """ FILENAME=\$(ls ${dep}-*.tgz) SHA256_SUM=\$(sha256sum \$FILENAME | awk '{ print \$1 }') echo \"\${SHA256_SUM} \$FILENAME\" > ${dep}.sha256 sha256sum -c ${dep}.sha256 """ } if (unsignedPackages.size() > 0) { echo "Packages without digital signatures: ${unsignedPackages.join(', ')}" } else { echo "All packages have digital signatures." } } } } stage('Test') { steps { sh 'npm test' } } stage('Build') { steps { sh 'npm run build' } } } }