Skip to content

Instantly share code, notes, and snippets.

@pbiggar pbiggar/up-and-running.md
Last active Jan 31, 2017

Embed
What would you like to do?
Getting your CircleCI builds up and running again

In order to get your builds working again, we need to reauthenticate with GitHub and other services used in your build.

Logging in

When you log in to CircleCI via GitHub's OAuth, we get an API key to call the GitHub API, update the GitHub commit status, list your projects on the add projects page, etc.

We revoked all OAuth tokens to protect your GitHub repositories. The first time you log in to Circle, you'll have to reauthenticate the Circle GitHub application to get a new token.

The checkout phase

When you first follow a repo, we auto-generate a unique SSH key and use your GitHub token to add it to your repo's "deploy" keys. We revoked these keys to protect your code, and so they will need to be replaced with new ones for your checkouts to succeed on CircleCI.

A new key will be created the next time an admin follows the project. You can trigger this by having an admin unfollow and refollow the project from the add projects page or from the project's settings page (https://circleci.com/gh/:orgname/:reponame/settings).

If you see an error about permissions, you should validate that you're an admin, or ask an admin to the unfollow-and-refollow step.

Until you re-add an SSH key to checkout code, your builds will be marked as "not run".

Environment variables

We have not deleted any environment variables from the CircleCI UI. However, we have worked with some providers to revoke their keys, such as Stripe and Coveralls.

If your environment variables include API tokens for 3rd parties, you should revoke those keys and upload new ones.

Multi-repo builds

GitHub "user keys" have access to all of your GitHub repos. We do not use these by default, but they can be useful to run tests which have dependencies in multiple GitHub repositories, which is common with bundler, npm, pip, composer, etc.

If you set yourself as the "GitHub user" for one of your projects, we can automatically generate a user key and add it to your GitHub account. All user keys have been revoked, but you can generate a new one from the Project Settings > GitHub User page.

Deploying to Heroku

We worked with Heroku to revoke any Heroku API keys uploaded to CircleCI, and any Heroku SSH keys we generated. Both are needed to deploy to Heroku.

You can add a new SSH key by following the instructions on the Project Settings > Heroku page (under the "Continuous deployment" heading). You will need to add a Heroku API key first.

Deploying via SSH

If you deploy via SSH, then you uploaded an SSH public/private keypair to CircleCI.

We did not have access to revoke these keys. You should consider them compromised and work to secure the servers they give access to. We haven't deleted these keys from CircleCI so that you can see what keys need to be revoked. You can find them in the UI on the Project Settings > SSH keys page.

After revoking these keys from your servers, you should replace them on CircleCI with new deployment keys.

Notifications

We have contacted upstream to revoke the tokens, but we have left them in the UI for now. Update them with new API tokens to reenable notifications. Revoked keys will give harmless warnings on each build.

Invite your colleagues

When GitHub tokens are disabled, we typically unfollow users from their projects. Unfortunately, this happened accidentally this time. So this is a good time to remind your colleagues to log back into Circle and follow their projects again.

CircleCI API tokens

We've revoked all CircleCI API tokens; both user tokens and project tokens. If you used them in a dashboard, in CCmenu, in an app, or via a Status Badge, you'll need to create a new token. You should prefer a token with the lowest possible privilege: tokens with access to only a single project can be created from Project Settings > API tokens.

@MattiSG

This comment has been minimized.

Copy link

MattiSG commented Oct 31, 2013

Congrats on this guide and on putting up with all that. We were impacted (that “8% time” we were supposed to reclaim is quite paid for this month, let's say), but you handled it well.

@alexislefebvre

This comment has been minimized.

Copy link

alexislefebvre commented Jan 31, 2017

Project Settings > API tokens has been renamed to Project Settings > API Permissions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.