feat(sync-secret): add app connection and secret sync for Travis CI

backend/src/lib/api-docs/constants.ts

@@ -2640,6 +2640,9 @@ export const AppConnections = {
     VERCEL: {
       apiToken: "The API token used to authenticate with Vercel."
     },
+    TRAVISCI: {
+      apiToken: "The API token used to authenticate with Travis CI."
+    },
     CAMUNDA: {
       clientId: "The client ID used to authenticate with Camunda.",
       clientSecret: "The client secret used to authenticate with Camunda."
@@ -3078,6 +3081,12 @@ export const SecretSyncs = {
       projectId: "The ID of the project on the external Infisical instance to sync secrets to.",
       environment: "The environment slug on the external Infisical instance to sync secrets to.",
       secretPath: "The secret path on the external Infisical instance to sync secrets to."
+    },
+    TRAVIS_CI: {
+      repositoryId: "The ID of the Travis CI repository to sync secrets to.",
+      repositorySlug: "The slug (owner/repo) of the Travis CI repository to sync secrets to.",
+      branch:
+        "The branch of the Travis CI repository to sync secrets to. If omitted, secrets sync to the repository-level scope."
     }
   }
 };

backend/src/server/routes/v1/app-connection-routers/app-connection-endpoints.ts

@@ -54,7 +54,8 @@ export const registerAppConnectionEndpoints = <T extends TAppConnection, I exten
     [AppConnection.MsSql]: "MsSql",
     [AppConnection.MySql]: "MySql",
     [AppConnection.OracleDB]: "OracleDb",
-    [AppConnection.MongoDB]: "MongoDb"
+    [AppConnection.MongoDB]: "MongoDb",
+    [AppConnection.TravisCI]: "TravisCI"
   };
   const appNameForOpId =
     specialCases[app] ??

backend/src/server/routes/v1/app-connection-routers/app-connection-router.ts

@@ -162,6 +162,10 @@ import {
   SanitizedTerraformCloudConnectionSchema,
   TerraformCloudConnectionListItemSchema
 } from "@app/services/app-connection/terraform-cloud";
+import {
+  SanitizedTravisCIConnectionSchema,
+  TravisCIConnectionListItemSchema
+} from "@app/services/app-connection/travis-ci";
 import { SanitizedVenafiConnectionSchema, VenafiConnectionListItemSchema } from "@app/services/app-connection/venafi";
 import { SanitizedVercelConnectionSchema, VercelConnectionListItemSchema } from "@app/services/app-connection/vercel";
 import {
@@ -228,7 +232,8 @@ const SanitizedAppConnectionSchema = z.union([
   ...SanitizedAzureEntraIdConnectionSchema.options,
   ...SanitizedVenafiConnectionSchema.options,
   ...SanitizedExternalInfisicalConnectionSchema.options,
-  ...SanitizedNetScalerConnectionSchema.options
+  ...SanitizedNetScalerConnectionSchema.options,
+  ...SanitizedTravisCIConnectionSchema.options
 ]);
 
 const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
@@ -287,7 +292,8 @@ const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
   VenafiConnectionListItemSchema,
   ExternalInfisicalConnectionListItemSchema,
   NetScalerConnectionListItemSchema,
-  AnthropicConnectionListItemSchema
+  AnthropicConnectionListItemSchema,
+  TravisCIConnectionListItemSchema
 ]);
 
 export const registerAppConnectionRouter = async (server: FastifyZodProvider) => {

backend/src/server/routes/v1/app-connection-routers/index.ts

@@ -52,6 +52,7 @@ import { registerSshConnectionRouter } from "./ssh-connection-router";
 import { registerSupabaseConnectionRouter } from "./supabase-connection-router";
 import { registerTeamCityConnectionRouter } from "./teamcity-connection-router";
 import { registerTerraformCloudConnectionRouter } from "./terraform-cloud-router";
+import { registerTravisCIConnectionRouter } from "./travis-ci-connection-router";
 import { registerVenafiConnectionRouter } from "./venafi-connection-router";
 import { registerVercelConnectionRouter } from "./vercel-connection-router";
 import { registerWindmillConnectionRouter } from "./windmill-connection-router";
@@ -116,5 +117,6 @@ export const APP_CONNECTION_REGISTER_ROUTER_MAP: Record<AppConnection, (server:
     [AppConnection.Venafi]: registerVenafiConnectionRouter,
     [AppConnection.ExternalInfisical]: registerExternalInfisicalConnectionRouter,
     [AppConnection.NetScaler]: registerNetScalerConnectionRouter,
-    [AppConnection.Anthropic]: registerAnthropicConnectionRouter
+    [AppConnection.Anthropic]: registerAnthropicConnectionRouter,
+    [AppConnection.TravisCI]: registerTravisCIConnectionRouter
   };

backend/src/server/routes/v1/app-connection-routers/travis-ci-connection-router.ts

@@ -0,0 +1,93 @@
+import z from "zod";
+
+import { readLimit } from "@app/server/config/rateLimiter";
+import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import {
+  CreateTravisCIConnectionSchema,
+  SanitizedTravisCIConnectionSchema,
+  UpdateTravisCIConnectionSchema
+} from "@app/services/app-connection/travis-ci";
+import { AuthMode } from "@app/services/auth/auth-type";
+
+import { registerAppConnectionEndpoints } from "./app-connection-endpoints";
+
+export const registerTravisCIConnectionRouter = async (server: FastifyZodProvider) => {
+  registerAppConnectionEndpoints({
+    app: AppConnection.TravisCI,
+    server,
+    sanitizedResponseSchema: SanitizedTravisCIConnectionSchema,
+    createSchema: CreateTravisCIConnectionSchema,
+    updateSchema: UpdateTravisCIConnectionSchema
+  });
+
+  // The below endpoints are not exposed and for Infisical App use
+  server.route({
+    method: "GET",
+    url: `/:connectionId/repositories`,
+    config: {
+      rateLimit: readLimit
+    },
+    schema: {
+      operationId: "listTravisCIRepositories",
+      params: z.object({
+        connectionId: z.string().uuid()
+      }),
+      response: {
+        200: z
+          .object({
+            id: z.string(),
+            name: z.string(),
+            slug: z.string()
+          })
+          .array()
+      }
+    },
+    onRequest: verifyAuth([AuthMode.JWT]),
+    handler: async (req) => {
+      const { connectionId } = req.params;
+
+      const repositories = await server.services.appConnection.travisCI.listRepositories(connectionId, req.permission);
+
+      return repositories;
+    }
+  });
+
+  server.route({
+    method: "GET",
+    url: `/:connectionId/branches`,
+    config: {
+      rateLimit: readLimit
+    },
+    schema: {
+      operationId: "listTravisCIBranches",
+      params: z.object({
+        connectionId: z.string().uuid()
+      }),
+      querystring: z.object({
+        repositoryId: z.string().min(1, "Repository ID is required")
+      }),
+      response: {
+        200: z
+          .object({
+            name: z.string(),
+            isDefault: z.boolean()
+          })
+          .array()
+      }
+    },
+    onRequest: verifyAuth([AuthMode.JWT]),
+    handler: async (req) => {
+      const { connectionId } = req.params;
+      const { repositoryId } = req.query;
+
+      const branches = await server.services.appConnection.travisCI.listBranches(
+        connectionId,
+        repositoryId,
+        req.permission
+      );
+
+      return branches;
+    }
+  });
+};

backend/src/server/routes/v1/secret-sync-routers/index.ts

@@ -34,6 +34,7 @@ import { registerRenderSyncRouter } from "./render-sync-router";
 import { registerSupabaseSyncRouter } from "./supabase-sync-router";
 import { registerTeamCitySyncRouter } from "./teamcity-sync-router";
 import { registerTerraformCloudSyncRouter } from "./terraform-cloud-sync-router";
+import { registerTravisCISyncRouter } from "./travis-ci-sync-router";
 import { registerVercelSyncRouter } from "./vercel-sync-router";
 import { registerWindmillSyncRouter } from "./windmill-sync-router";
 import { registerZabbixSyncRouter } from "./zabbix-sync-router";
@@ -77,5 +78,6 @@ export const SECRET_SYNC_REGISTER_ROUTER_MAP: Record<SecretSync, (server: Fastif
   [SecretSync.OctopusDeploy]: registerOctopusDeploySyncRouter,
   [SecretSync.CircleCI]: registerCircleCISyncRouter,
   [SecretSync.AzureEntraIdScim]: registerAzureEntraIdScimSyncRouter,
-  [SecretSync.ExternalInfisical]: registerExternalInfisicalSyncRouter
+  [SecretSync.ExternalInfisical]: registerExternalInfisicalSyncRouter,
+  [SecretSync.TravisCI]: registerTravisCISyncRouter
 };

backend/src/server/routes/v1/secret-sync-routers/secret-sync-endpoints.ts

@@ -48,7 +48,8 @@ export const registerSyncSecretsEndpoints = <T extends TSecretSync, I extends TS
   const specialCases: Record<string, string> = {
     [SecretSync.OnePass]: "OnePassword",
     [SecretSync.GitHub]: "GitHub",
-    [SecretSync.GitLab]: "GitLab"
+    [SecretSync.GitLab]: "GitLab",
+    [SecretSync.TravisCI]: "TravisCI"
   };
   const destinationNameForOpId =
     specialCases[destination] ??

backend/src/server/routes/v1/secret-sync-routers/secret-sync-router.ts

@@ -63,6 +63,7 @@ import { RenderSyncListItemSchema, RenderSyncSchema } from "@app/services/secret
 import { SupabaseSyncListItemSchema, SupabaseSyncSchema } from "@app/services/secret-sync/supabase";
 import { TeamCitySyncListItemSchema, TeamCitySyncSchema } from "@app/services/secret-sync/teamcity";
 import { TerraformCloudSyncListItemSchema, TerraformCloudSyncSchema } from "@app/services/secret-sync/terraform-cloud";
+import { TravisCISyncListItemSchema, TravisCISyncSchema } from "@app/services/secret-sync/travis-ci";
 import { VercelSyncListItemSchema, VercelSyncSchema } from "@app/services/secret-sync/vercel";
 import { WindmillSyncListItemSchema, WindmillSyncSchema } from "@app/services/secret-sync/windmill";
 import { ZabbixSyncListItemSchema, ZabbixSyncSchema } from "@app/services/secret-sync/zabbix";
@@ -104,7 +105,8 @@ const SecretSyncSchema = z.discriminatedUnion("destination", [
   OctopusDeploySyncSchema,
   CircleCISyncSchema,
   AzureEntraIdScimSyncSchema,
-  ExternalInfisicalSyncSchema
+  ExternalInfisicalSyncSchema,
+  TravisCISyncSchema
 ]);
 
 const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
@@ -144,7 +146,8 @@ const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
   OctopusDeploySyncListItemSchema,
   CircleCISyncListItemSchema,
   AzureEntraIdScimSyncListItemSchema,
-  ExternalInfisicalSyncListItemSchema
+  ExternalInfisicalSyncListItemSchema,
+  TravisCISyncListItemSchema
 ]);
 
 export const registerSecretSyncRouter = async (server: FastifyZodProvider) => {

backend/src/server/routes/v1/secret-sync-routers/travis-ci-sync-router.ts

@@ -0,0 +1,17 @@
+import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
+import {
+  CreateTravisCISyncSchema,
+  TravisCISyncSchema,
+  UpdateTravisCISyncSchema
+} from "@app/services/secret-sync/travis-ci";
+
+import { registerSyncSecretsEndpoints } from "./secret-sync-endpoints";
+
+export const registerTravisCISyncRouter = async (server: FastifyZodProvider) =>
+  registerSyncSecretsEndpoints({
+    destination: SecretSync.TravisCI,
+    server,
+    responseSchema: TravisCISyncSchema,
+    createSchema: CreateTravisCISyncSchema,
+    updateSchema: UpdateTravisCISyncSchema
+  });

backend/src/services/app-connection/app-connection-enums.ts

@@ -54,7 +54,8 @@ export enum AppConnection {
   Venafi = "venafi",
   ExternalInfisical = "external-infisical",
   NetScaler = "netscaler",
-  Anthropic = "anthropic"
+  Anthropic = "anthropic",
+  TravisCI = "travis-ci"
 }
 
 export enum AWSRegion {

backend/src/services/app-connection/app-connection-fns.ts

@@ -200,6 +200,11 @@ import {
   TerraformCloudConnectionMethod,
   validateTerraformCloudConnectionCredentials
 } from "./terraform-cloud";
+import {
+  getTravisCIConnectionListItem,
+  TravisCIConnectionMethod,
+  validateTravisCIConnectionCredentials
+} from "./travis-ci";
 import { getVenafiConnectionListItem, validateVenafiConnectionCredentials, VenafiConnectionMethod } from "./venafi";
 import { VercelConnectionMethod } from "./vercel";
 import { getVercelConnectionListItem, validateVercelConnectionCredentials } from "./vercel/vercel-connection-fns";
@@ -292,7 +297,8 @@ export const listAppConnectionOptions = (projectType?: ProjectType) => {
     getAzureEntraIdConnectionListItem(),
     getVenafiConnectionListItem(),
     getExternalInfisicalConnectionListItem(),
-    getNetScalerConnectionListItem()
+    getNetScalerConnectionListItem(),
+    getTravisCIConnectionListItem()
   ]
     .filter((option) => {
       switch (projectType) {
@@ -439,6 +445,7 @@ export const validateAppConnectionCredentials = async (
     [AppConnection.AzureEntraId]: validateAzureEntraIdConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.Venafi]: validateVenafiConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.NetScaler]: validateNetScalerConnectionCredentials as TAppConnectionCredentialsValidator,
+    [AppConnection.TravisCI]: validateTravisCIConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.ExternalInfisical]: ((config: TAppConnectionConfig) =>
       validateExternalInfisicalConnectionCredentials(
         config as TExternalInfisicalConnectionConfig,
@@ -490,6 +497,7 @@ export const getAppConnectionMethodName = (method: TAppConnection["method"]) =>
     case LaravelForgeConnectionMethod.ApiToken:
     case DbtConnectionMethod.ApiToken:
     case CircleCIConnectionMethod.ApiToken:
+    case TravisCIConnectionMethod.ApiToken:
       return "API Token";
     case DNSMadeEasyConnectionMethod.APIKeySecret:
       return "API Key & Secret";
@@ -647,7 +655,8 @@ export const TRANSITION_CONNECTION_CREDENTIALS_TO_PLATFORM: Record<
   [AppConnection.AzureEntraId]: platformManagedCredentialsNotSupported,
   [AppConnection.Venafi]: platformManagedCredentialsNotSupported,
   [AppConnection.ExternalInfisical]: platformManagedCredentialsNotSupported,
-  [AppConnection.NetScaler]: platformManagedCredentialsNotSupported
+  [AppConnection.NetScaler]: platformManagedCredentialsNotSupported,
+  [AppConnection.TravisCI]: platformManagedCredentialsNotSupported
 };
 
 export const enterpriseAppCheck = async (

backend/src/services/app-connection/app-connection-maps.ts

@@ -56,7 +56,8 @@ export const APP_CONNECTION_NAME_MAP: Record<AppConnection, string> = {
   [AppConnection.Venafi]: "Venafi TLS Protect Cloud",
   [AppConnection.ExternalInfisical]: "Infisical",
   [AppConnection.NetScaler]: "NetScaler",
-  [AppConnection.Anthropic]: "Anthropic"
+  [AppConnection.Anthropic]: "Anthropic",
+  [AppConnection.TravisCI]: "Travis CI"
 };
 
 export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanType> = {
@@ -115,5 +116,6 @@ export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanTyp
   [AppConnection.Venafi]: AppConnectionPlanType.Regular,
   [AppConnection.ExternalInfisical]: AppConnectionPlanType.Regular,
   [AppConnection.NetScaler]: AppConnectionPlanType.Regular,
-  [AppConnection.Anthropic]: AppConnectionPlanType.Regular
+  [AppConnection.Anthropic]: AppConnectionPlanType.Regular,
+  [AppConnection.TravisCI]: AppConnectionPlanType.Regular
 };

backend/src/services/app-connection/app-connection-service.ts

@@ -138,6 +138,8 @@ import { ValidateTeamCityConnectionCredentialsSchema } from "./teamcity";
 import { teamcityConnectionService } from "./teamcity/teamcity-connection-service";
 import { ValidateTerraformCloudConnectionCredentialsSchema } from "./terraform-cloud";
 import { terraformCloudConnectionService } from "./terraform-cloud/terraform-cloud-connection-service";
+import { ValidateTravisCIConnectionCredentialsSchema } from "./travis-ci";
+import { travisCIConnectionService } from "./travis-ci/travis-ci-connection-service";
 import { ValidateVenafiConnectionCredentialsSchema } from "./venafi/venafi-connection-schema";
 import { venafiConnectionService } from "./venafi/venafi-connection-service";
 import { ValidateVercelConnectionCredentialsSchema } from "./vercel";
@@ -219,7 +221,8 @@ const VALIDATE_APP_CONNECTION_CREDENTIALS_MAP: Record<AppConnection, TValidateAp
   [AppConnection.Venafi]: ValidateVenafiConnectionCredentialsSchema,
   [AppConnection.ExternalInfisical]: ValidateExternalInfisicalConnectionCredentialsSchema,
   [AppConnection.NetScaler]: ValidateNetScalerConnectionCredentialsSchema,
-  [AppConnection.Anthropic]: ValidateAnthropicConnectionCredentialsSchema
+  [AppConnection.Anthropic]: ValidateAnthropicConnectionCredentialsSchema,
+  [AppConnection.TravisCI]: ValidateTravisCIConnectionCredentialsSchema
 };
 
 export const appConnectionServiceFactory = ({
@@ -1097,6 +1100,7 @@ export const appConnectionServiceFactory = ({
     octopusDeploy: octopusDeployConnectionService(connectAppConnectionById),
     dbt: dbtConnectionService(connectAppConnectionById),
     circleci: circleciConnectionService(connectAppConnectionById),
-    azureEntraId: azureEntraIdConnectionService(connectAppConnectionById, appConnectionDAL, kmsService)
+    azureEntraId: azureEntraIdConnectionService(connectAppConnectionById, appConnectionDAL, kmsService),
+    travisCI: travisCIConnectionService(connectAppConnectionById)
   };
 };

backend/src/services/app-connection/app-connection-types.ts

@@ -305,6 +305,12 @@ import {
   TTerraformCloudConnectionInput,
   TValidateTerraformCloudConnectionCredentialsSchema
 } from "./terraform-cloud";
+import {
+  TTravisCIConnection,
+  TTravisCIConnectionConfig,
+  TTravisCIConnectionInput,
+  TValidateTravisCIConnectionCredentialsSchema
+} from "./travis-ci";
 import {
   TValidateVenafiConnectionCredentialsSchema,
   TVenafiConnection,
@@ -387,6 +393,7 @@ export type TAppConnection = { id: string } & (
   | TExternalInfisicalConnection
   | TNetScalerConnection
   | TAnthropicConnection
+  | TTravisCIConnection
 );
 
 export type TAppConnectionRaw = NonNullable<Awaited<ReturnType<TAppConnectionDALFactory["findById"]>>>;
@@ -454,6 +461,7 @@ export type TAppConnectionInput = { id: string } & (
   | TExternalInfisicalConnectionInput
   | TNetScalerConnectionInput
   | TAnthropicConnectionInput
+  | TTravisCIConnectionInput
 );
 
 export type TSqlConnectionInput =
@@ -549,7 +557,8 @@ export type TAppConnectionConfig =
   | TVenafiConnectionConfig
   | TExternalInfisicalConnectionConfig
   | TNetScalerConnectionConfig
-  | TAnthropicConnectionConfig;
+  | TAnthropicConnectionConfig
+  | TTravisCIConnectionConfig;
 
 export type TValidateAppConnectionCredentialsSchema =
   | TValidateAwsConnectionCredentialsSchema
@@ -607,7 +616,8 @@ export type TValidateAppConnectionCredentialsSchema =
   | TValidateVenafiConnectionCredentialsSchema
   | TValidateExternalInfisicalConnectionCredentialsSchema
   | TValidateNetScalerConnectionCredentialsSchema
-  | TValidateAnthropicConnectionCredentialsSchema;
+  | TValidateAnthropicConnectionCredentialsSchema
+  | TValidateTravisCIConnectionCredentialsSchema;
 
 export type TListAwsConnectionKmsKeys = {
   connectionId: string;