diff --git a/Jenkinsfile b/Jenkinsfile index b47859a..48775fb 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -57,91 +57,91 @@ pipeline { } } - stage('Security: Verify Dependencies') { - steps { - script { - sh """#!/bin/bash - set -e - - WORKSPACE_DIR="\$(pwd)" - echo "Working directory: \${WORKSPACE_DIR}" - - echo "1. Checking Python dependencies..." - if [ -f "\${WORKSPACE_DIR}/requirements.txt" ]; then - echo " - Found requirements.txt" - - echo "" - echo "2. Running security checks inside Python container..." - - # Buat container, copy file, jalankan check - CONTAINER_ID=\$(docker create python:3.11-slim bash -c ' - set -e - - echo "Installing security tools..." - pip install --upgrade pip setuptools wheel > /dev/null 2>&1 - pip install pip-audit safety > /dev/null 2>&1 - - echo "" - echo "Installing dependencies from requirements.txt..." - pip install -r /tmp/requirements.txt - - echo "" - echo "Running pip-audit for known vulnerabilities..." - pip-audit --desc || { - echo "Security vulnerabilities detected" - exit 1 - } - - echo "" - echo "Running safety check..." - safety check || { - echo "Safety check found issues" - exit 1 - } - - echo "" - echo "Checking for outdated packages..." - pip list --outdated || echo "All packages are up to date" - - echo "" - echo "Verifying package integrity..." - pip check || { - echo "Dependency conflicts detected" - exit 1 - } - - echo "All Python dependencies verified successfully" - ') - - echo " - Container ID: \${CONTAINER_ID}" - - # Copy requirements.txt langsung ke container (tanpa volume mount) - docker cp "\${WORKSPACE_DIR}/requirements.txt" "\${CONTAINER_ID}:/tmp/requirements.txt" - - # Copy Pipfile jika ada - if [ -f "\${WORKSPACE_DIR}/Pipfile.lock" ]; then - docker cp "\${WORKSPACE_DIR}/Pipfile.lock" "\${CONTAINER_ID}:/tmp/Pipfile.lock" - fi - - # Jalankan container dan pastikan cleanup - docker start --attach "\${CONTAINER_ID}" || { - EXIT_CODE=\$? - docker rm "\${CONTAINER_ID}" > /dev/null 2>&1 || true - exit \${EXIT_CODE} - } - - docker rm "\${CONTAINER_ID}" > /dev/null 2>&1 || true - - echo "✓ All Python dependencies are verified and up to date" - else - echo " - requirements.txt not found, skipping dependency check" - echo " Directory contents:" - ls -la "\${WORKSPACE_DIR}/" - fi - """ - } - } - } + // stage('Security: Verify Dependencies') { + // steps { + // script { + // sh """#!/bin/bash + // set -e + + // WORKSPACE_DIR="\$(pwd)" + // echo "Working directory: \${WORKSPACE_DIR}" + + // echo "1. Checking Python dependencies..." + // if [ -f "\${WORKSPACE_DIR}/requirements.txt" ]; then + // echo " - Found requirements.txt" + + // echo "" + // echo "2. Running security checks inside Python container..." + + // # Buat container, copy file, jalankan check + // CONTAINER_ID=\$(docker create python:3.11-slim bash -c ' + // set -e + + // echo "Installing security tools..." + // pip install --upgrade pip setuptools wheel > /dev/null 2>&1 + // pip install pip-audit safety > /dev/null 2>&1 + + // echo "" + // echo "Installing dependencies from requirements.txt..." + // pip install -r /tmp/requirements.txt + + // echo "" + // echo "Running pip-audit for known vulnerabilities..." + // pip-audit --desc || { + // echo "Security vulnerabilities detected" + // exit 1 + // } + + // echo "" + // echo "Running safety check..." + // safety check || { + // echo "Safety check found issues" + // exit 1 + // } + + // echo "" + // echo "Checking for outdated packages..." + // pip list --outdated || echo "All packages are up to date" + + // echo "" + // echo "Verifying package integrity..." + // pip check || { + // echo "Dependency conflicts detected" + // exit 1 + // } + + // echo "All Python dependencies verified successfully" + // ') + + // echo " - Container ID: \${CONTAINER_ID}" + + // # Copy requirements.txt langsung ke container (tanpa volume mount) + // docker cp "\${WORKSPACE_DIR}/requirements.txt" "\${CONTAINER_ID}:/tmp/requirements.txt" + + // # Copy Pipfile jika ada + // if [ -f "\${WORKSPACE_DIR}/Pipfile.lock" ]; then + // docker cp "\${WORKSPACE_DIR}/Pipfile.lock" "\${CONTAINER_ID}:/tmp/Pipfile.lock" + // fi + + // # Jalankan container dan pastikan cleanup + // docker start --attach "\${CONTAINER_ID}" || { + // EXIT_CODE=\$? + // docker rm "\${CONTAINER_ID}" > /dev/null 2>&1 || true + // exit \${EXIT_CODE} + // } + + // docker rm "\${CONTAINER_ID}" > /dev/null 2>&1 || true + + // echo "✓ All Python dependencies are verified and up to date" + // else + // echo " - requirements.txt not found, skipping dependency check" + // echo " Directory contents:" + // ls -la "\${WORKSPACE_DIR}/" + // fi + // """ + // } + // } + // } stage('Setup Vault SSH Tunnel') {