Start Building for Free
CircleCI.comAcademyBlogCommunitySupport

GitHub App integration overview

1 week ago8 min read
Cloud

If your CircleCI organization is authenticated with GitHub through the GitHub App, the content on this page is for you.

This page walks you through integrating a GitHub project with CircleCI. The sections below introduce you to concepts and ways to manage CI/CD (continuous integration and continuous delivery) pipelines for your GitHub project. CircleCI features that are in development for GitHub App projects are detailed in the Currently not supported section.

The following limits are currently in place for GitHub App integrations:

  • Each user can create up to three organizations.

  • Each organization under a Free Plan can have up to 10 projects.

If you need more organizations or projects, consider upgrading to a Paid plan, or contact our Support team. If you need to delete an organization, contact our Support team.

Steps to integrate GitHub projects with CircleCI

Follow the steps on the Sign up and try CircleCI page to connect your GitHub account, which creates your CircleCI organization.

When you create a new organization, you will be guided to start creating projects, as follows:

  1. The first project you create will prompt you to install the CircleCI GitHub App in a GitHub organization.

  2. After installing the GitHub App, you will select a repository to use for your project’s first pipeline.

  3. CircleCI will automatically generate a custom configuration file based on the programming languages and frameworks detected in your repository for this pipeline. If you already have a YAML configuration file on the default branch of the repository that you selected, CircleCI will use the configuration file that exists in the repository instead of generating a new one for your project’s first pipeline.

  4. If CircleCI generated a custom configuration file for you, CircleCI will commit the generated configuration to a new branch (circleci-project-setup).

Can I integrate a GitHub org with multiple CircleCI orgs?

A GitHub org with the CircleCI GitHub App installed can only be integrated with one CircleCI organization.

If you attempt to integrate a GitHub org with the CircleCI GitHub App installed with a second CircleCI organization, you will find yourself on a GitHub App integration settings page when attempting to create a project.

Create a project

Trigger a pipeline in CircleCI

When you choose Commit and Run, as described above, a pipeline is triggered. You will see the pipeline running when you are taken to the CircleCI dashboard.

If you choose to review the configuration file in the config editor first, the pipeline is triggered after you save the .circleci/config.yml by clicking the Commit and Run button.

Each time you push changes to your GitHub repository, a new pipeline is triggered. You will see the pipeline running in the CircleCI web app.

Successful pipeline run

Project settings

Within CircleCI, a project can have one or more Pipelines. Each pipeline is defined by two key characteristics:

  • A configuration file, which is stored in a repository referred to as config source, at a path of your choosing. The default config source location is .circleci/config.yml, but any file path with extension *.yml can be used.

  • A checkout source, which determines which repository will be checked out when running a checkout step. This model allows your CircleCI config to be stored in a different repository from your code.

Each pipeline can have zero or many triggers, which are events that cause a pipeline to run.

The following settings are found by clicking the Project Settings button within your project.

People

Project roles give control over which users have access to which projects within an organization. This enables teams to have limited access to only their projects, while managers and others can have broader organizational access. The access options are:

  • Admin: Read and write access to the project and all settings and ability to manage other users' access.

  • Contributor: Read and write access to the project and some settings.

  • Viewer: Read only access to the project and some settings.

For a complete list of permissions, see the Roles and permissions overview page.

Pipelines and triggers

You can add or delete pipelines for your project. For details see the pipelines overview.

Advanced

  • You can enable dynamic configuration using setup workflows in CircleCI. To learn about dynamic configuration, read the Dynamic configuration guide.

Organization settings

For GitHub App integrations, organizations and users are managed independently from your VCS. Organizations and users are considered CircleCI organizations and users, with their own roles and permissions that do not rely on those defined in your VCS.

To manage settings at the organization level, select Organization Settings in the CircleCI web app sidebar.

People

Add or remove users, and manage user roles for the organization as well as user invites. See the Roles and permissions overview page for full details.

Roles and permissions

CircleCI users have different abilities depending on assigned roles in a particular organization. For a detailed list of CircleCI org and project roles and associated permissions, see the Roles and permissions page.

Deprecated system environment variables

A subset of built-in environment variables are not available in GitHub-based projects authorized through the GitHub App. VCS support for each environment variable is indicated in the Built-in environment variables table on the Project values and variables page. If your pipelines need these environment variables, we recommend you use suitable replacements from the available pipeline values.

Moving from the GitHub OAuth app integration to the GitHub App integration

CircleCI’s GitHub App integration provides fine-grained permissions, uses short-lived tokens, and gives you more control over which repositories CircleCI has access to. The CircleCI GitHub App also enables the following functions:

You can not currently automate migrating your organization from the GitHub OAuth app to CircleCI’s GitHub App integration.

Before attempting to move your information from an org integrated with the GitHub OAuth app to an org integrated with CircleCI’s GitHub App, consider the following:

  • If the motivation for moving is to leverage new functionality that is only available to the GitHub App integration, consider using your existing organization and installing the GitHub App alongside your OAuth app integration as described in our community forum.

  • If the motivation is to completely remove the OAuth app, confirm that you do not immediately need any of the functionality listed in the Currently not supported section below. If you have a dedicated account team at CircleCI, contact them first to discuss your migration.

If you would like to switch from the OAuth app integration to the GitHub App integration, follow these steps:

  1. From your existing CircleCI organization in the CircleCI web app, select the organization dropdown in the top-left corner.

  2. At the bottom of the drop-down, select Create New Organization.

  3. On the "Connect your code" page, select Connect next to "GitHub".

  4. You will be redirected to GitHub to install the CircleCI GitHub App into your GitHub organization.

  5. Follow the instructions to create a project that is connected to one of your GitHub repositories.

  6. If you are on a paid pricing plan:

    1. Navigate back to the organization that is connected to the GitHub OAuth app

    2. Select Plan in the CircleCI web app

    3. Select the "Share and Transfer" tab

    4. Select Add shared organization and choose the new organization that you just created that integrates with CircleCI’s GitHub App.

  7. Navigate to the project that was created in step 4 in the "new" organization that is integrated with the GitHub App. Match any custom project settings that you had from your previous project to this new project on the Project Settings page. This includes things like environment variables and outbound webhooks.

  8. Perform a test push of code to your repository to ensure that a pipeline is triggered and is working as expected in your new CircleCI organization.

  9. Assuming the repository you connected is also connected to your previous CircleCI organization, CircleCI will start pipelines when a push event happens to the repository in both the old and new organizations. If your test from step 8 above was successful, go to Project Settings in your organization connected to the GitHub OAuth App (your "old" org), scroll down and select Stop Building. This will ensure that push events to your repository only trigger pipelines in the project connected to your GitHub App organization.

  10. Repeat steps 6-9 by selecting Projects  Create a Project for each project that you had set up in your previous organization.

  11. If you are using contexts, you will need to recreate the contexts in your new organization.

  12. Invite your teammates to the new organization (the one that is integrated with the CircleCI GitHub App) using the instructions on this page.

  13. If you are on a paid pricing plan and followed step 6:

    1. Navigate back to the "old" organization and select Plan  Share and Transfer.

    2. Select the next to the "new" organization to remove the shared relationship between the "new" and "old" organizations.

    3. Select Transfer Plan and follow the instructions to transfer the plan from the "old" organization to the "new" organization.

  14. At this point, you will be left with a GitHub App-integrated organization that has the same payment plan and projects as your previous organization. If you get logged out, you can continue to use the "Login with GitHub" button on the CircleCI login page as long as the old organization is not deleted.

Currently not supported

If one of these pieces of functionality is especially critical to you, tell us why.

The following sections are features of CircleCI which are not currently supported. These features are planned for future releases.

Restrict a context to a security group

The ability to restrict a context to a security group is not supported for GitHub App projects.

In-app config editor

The in-app config editor is currently only available for GitHub App accounts during project creation.

Account integrations

You cannot currently manage the connection with GitHub outside of the project setup, trigger, and configuration settings. CircleCI is working on enabling users to manage their users’ GitHub identity as part of their user profile’s account integration settings.

Scheduled pipelines

The ability to schedule pipelines is not currently supported for GitHub App projects. This feature is planned for a future release. One alternative is to use a custom webhook to generate a URL that you curl with a 3rd party scheduling tool.

Build forked pull requests

The Build forked pull requests feature is not currently supported.

Passing secrets to forked pull requests

Passing secrets to forked pull requests is not currently supported.

Stop building

GitHub App integrations do not currently support the Stop Building option that can normally be found in Project settings.

The recommendation is to either:

  • Suspend your installation. This would stop sending all events to CircleCI, so all builds will stop. This option is available in GitHub Organization settings under the GitHub Apps menu option.

  • Stop a single project from sending events to CircleCI. This option is available in GitHub Organization settings under the GitHub Apps menu option. Under Repository access, select Only select repositories and deselect the repository you want to stop building.

Additional SSH keys only

Deploy keys and user keys are not used by GitHub App integrations. All keys are stored in Project Settings  Additional SSH Keys. If you are looking to set up an SSH key to check out code from additional repositories in GitHub, see Add additional SSH keys.

Test Insights

Test Insights is currently not supported.

Only build pull requests

The Only Build Pull Requests option (usually available in Project Settings  Advanced or within trigger setup options) is not currently supported for GitHub App integrations

GitHub checks

GitHub checks are currently not supported.

Known limitation: commit status when using "rerun workflow from failed"

When using the "rerun from failed" functionality, there is currently a known limitation where the commit status reported to GitHub is set to "Pending" for jobs that were not re-run.


Suggest an edit to this page

Make a contribution
Learn how to contribute