jenkins_organization/checksum_verification_and_signature_verification
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
checksum_verification_and_s.../Jenkinsfile
first_admin b8d355c83b
All checks were successful
jenkins_organization/checksum_verification_and_signature_verification/pipeline/head This commit looks good
Details
Update Jenkinsfile
2024-09-01 21:49:36 +00:00

74 lines
2.5 KiB
Groovy
Raw Permalink Blame History

pipeline {
agent { label 'agent1' }
stages {
stage('Weryfikacja sum kontrolnych') {
steps {
script {
def dependencies = sh(script: "jq -r '.dependencies | keys[]' package.json", returnStdout: true).split('\n')
for (dep in dependencies) {
sh """
FILENAME=\$(ls ${dep}-*.tgz)
SHA256_SUM=\$(sha256sum \$FILENAME | awk '{ print \$1 }')
echo \"\${SHA256_SUM} \$FILENAME\" > ${dep}.sha256
sha256sum -c ${dep}.sha256
"""
}
}
}
}
stage('Weryfikacja podpisów cyfrowych') {
steps {
script {
def dependencies = sh(script: "jq -r '.dependencies | keys[]' package.json", returnStdout: true).split('\n')
def unsignedPackages = []
for (dep in dependencies) {
sh "npm pack ${dep}@\$(jq -r '.dependencies[\"${dep}\"]' package.json)"
def result = sh(
script: """
wget -q --spider https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc || echo 'NOT_FOUND'
""",
returnStdout: true
).trim()
if (result == 'NOT_FOUND') {
unsignedPackages.add(dep)
} else {
sh "wget https://registry.npmjs.org/${dep}/-/\$(jq -r '.dependencies[\"${dep}\"]' package.json)/${dep}.tgz.asc"
sh "gpg --verify ${dep}.tgz.asc ${dep}-*.tgz"
}
}
if (unsignedPackages.size() > 0) {
echo "Packages without digital signatures: ${unsignedPackages.join(', ')}";
} else {
echo "All packages have digital signatures.";
}
}
}
}
stage('Instalacja zależności') {
steps {
sh 'npm install'
}
}
stage('Test') {
steps {
sh 'npm test'
}
}
stage('Build') {
steps {
sh 'npm run build'
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink