Added JWT addon

Gemfile

@@ -5,6 +5,7 @@ ruby File.read(File.expand_path('../.ruby-version', __FILE__)).strip if ENV.key?
 gem 'travis-support',  github: 'travis-ci/travis-support'
 gem 'activesupport', '~> 4.0'
 gem 'addressable', '~> 2.3'
+gem 'jwt'
 
 gem 'sinatra', '~> 1.4'
 gem 'puma'

Gemfile.lock

@@ -37,6 +37,7 @@ GEM
     hitimes (1.2.2)
     i18n (0.6.9)
     json (1.8.1)
+    jwt (1.2.0)
     listen (2.7.5)
       celluloid (>= 0.15.2)
       rb-fsevent (>= 0.9.3)
@@ -117,6 +118,7 @@ DEPENDENCIES
   activesupport (~> 4.0)
   addressable (~> 2.3)
   coder
+  jwt
   metriks (= 0.9.9.6)
   metriks-librato_metrics!
   mocha (~> 0.10.0)

lib/travis/build/addons.rb

@@ -9,6 +9,7 @@
 require 'travis/build/addons/hosts'
 require 'travis/build/addons/postgresql'
 require 'travis/build/addons/sauce_connect'
+require 'travis/build/addons/jwt'
 require 'travis/build/addons/ssh_known_hosts'
 
 module Travis

lib/travis/build/addons/jwt.rb

@@ -0,0 +1,38 @@
+require 'travis/build/addons/base'
+require 'jwt'
+
+module Travis
+  module Build
+    class Addons
+      class Jwt < Base
+        SUPER_USER_SAFE = true
+
+        def before_before_script
+          secrets = nil
+          if config.is_a?(String)
+            secrets = [config]
+          else
+            secrets = config.values
+          end
+
+          tokens = {}
+          secrets.each do |secret|
+            key, secret = secret.split('=').map(&:strip)
+            pull_request = self.data.pull_request ? self.data.pull_request : ""
+            payload = {"slug" => self.data.slug,
+                      "pull-request" => pull_request,
+                      "iat" => Time.now.to_i()}
+            token = JWT.encode(payload, secret)
+            tokens[key] = token
+          end
+          sh.fold 'addons_jwt' do
+            sh.echo 'Initializing JWT', ansi: :yellow
+            tokens.each do |key, val|
+              sh.export key, val, echo: false
+            end
+          end
+        end
+      end
+    end
+  end
+end

spec/build/addons/jwt_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe Travis::Build::Addons::Jwt, :sexp do
+  let(:script) { stub('script') }
+  let(:data)   { payload_for(:push, :ruby, config: { addons: { jwt: config } }) }
+  let(:sh)     { Travis::Shell::Builder.new }
+  let(:addon)  { described_class.new(script, sh, Travis::Build::Data.new(data), config) }
+  subject      { sh.to_sexp }
+  before       { Time.stubs(:now).returns(Time.mktime(1970,1,1)) }
+  before       { addon.before_before_script }
+
+  describe 'jwt token, one secret' do
+    let(:config) { 'MY_ACCESS_KEY=987654321' }
+    it "should work" do
+      subject.should include_sexp [:echo, 'Initializing JWT', ansi: :yellow]
+      expected = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzbHVnIjoidHJhdmlzLWNpL3RyYXZpcy1jaSIsInB1bGwtcmVxdWVzdCI6IiIsImlhdCI6MH0.vHZdjuxQt6CdFmWPEJLAsVbI_KCxbwJVbgT7jaTxkK4"
+      subject.should include_sexp [:export, ['MY_ACCESS_KEY', expected]]
+    end
+  end
+
+  describe 'jwt token, several secrets' do
+    let(:config) { {
+      secret1: 'MY_ACCESS_KEY_1=123456789',
+      secret2: 'MY_ACCESS_KEY_2=ABCDEF'
+    } }
+    it "should work" do
+      subject.should include_sexp [:echo, 'Initializing JWT', ansi: :yellow]
+      expected1 = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzbHVnIjoidHJhdmlzLWNpL3RyYXZpcy1jaSIsInB1bGwtcmVxdWVzdCI6IiIsImlhdCI6MH0.iO-I8CNXhQlgw_dL8R9CDaDPplSC3yf9J399Uumn6CE"
+      subject.should include_sexp [:export, ['MY_ACCESS_KEY_1', expected1]]
+      expected2 = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzbHVnIjoidHJhdmlzLWNpL3RyYXZpcy1jaSIsInB1bGwtcmVxdWVzdCI6IiIsImlhdCI6MH0.p1B9HnYCh-z5Igek5tr_QVPb1zV1ucwcPZNvY039WKg"
+      subject.should include_sexp [:export, ['MY_ACCESS_KEY_2', expected2]]
+    end
+  end
+end
+