Runner Release 3.1.5

Container Runner:

• Version 3.1.5 introduces Windows support for container runner in open preview. For detailed setup instructions and configuration guidance, visit our Windows container runner documentation.
• Container runner now filters for pods specifically managed by each replica, rather than watching all task pods with the managed-by: circleci-container-agent label. This optimization reduces API load when running multiple container agent instances within the same cluster.
• Added support for running the primary container under a custom user ID (UID). You can now specify a valid UID using the docker.user key in your CircleCI configuration, which will be mapped to the task pod container user.

New and improved docs site

We’re excited to launch our revamped documentation site at https://circleci.com/docs with better navigation, organization, and layout.

What’s new:

• Improved navigation structure
• Version switching for CircleCI Server docs
• Cleaner visual layout

Behind the scenes: We’ve migrated from our custom-built platform to Antora, which brings a number of benefits

• Improved organization of our source files
• Enhanced collaboration opportunities. Once our repo is public (coming soon) anyone can contribute including building the site in their local environment
• A more stable site with lower upkeep requirements
• Significantly faster publishing pipeline

Share your feedback: Try out the new site and let us know what you think on our community forum.

Known issues

• The docs repo (from which this new site is built) is not yet public. This means that all links from our docs to the repo are currently broken. This will be fixed in the coming days.
• Our 404 page is currently broken.

We have added automatic workflow retry functionality to help you handle flaky resources and intermittent failures without manual intervention. You can now specify max-auto-reruns in your workflow configuration with a value between 1 and 5 to automatically rerun failed workflows. Just like the manual “re-run from failed” feature, only failed jobs will be retried - successfully finished jobs will not be rerun during automatic retries. This eliminates the need to manually monitor and restart workflows that fail due to environmental issues beyond your control.

The UI will provide clear indicators when a workflow is being automatically retried and show how many retry attempts have been made. This feature is available to all CircleCI customers across all plan types.

For teams dealing with flaky tests or unreliable external dependencies, this update significantly improves operational efficiency by reducing the manual overhead of workflow management. For more details on configuring automatic workflow reruns, visit the documentation.

Note: For those needing to auto-retry individual steps, automatic step retry is in the works!

You can now delete your own Standalone and VCS organizations directly from the CircleCI web app.

How to delete your organization:

Navigate to Organization Settings > Overview and scroll to the bottom of the page.

What to expect:

• Deletions may take up to 24 hours to process completely.
• Standalone organizations: Will be removed entirely after a few hours.
• VCS organizations: All projects and data will be removed, but the organization will remain visible.

Requirements:

• Organization must be on the Free plan.
• You must be an organization admin.

This self-service feature eliminates the need to contact support for organization deletions.

For customers who are using rollback via pipeline, you can now add an optional rollback reason when triggering your rollback.

What’s Changed

Status checks for skipped jobs are no longer reported to GitHub when using the GitHub App integration. Previously, we reported skipped jobs as “pending” before they were skipped.

Why This Matters

• Improved PR workflow: Prevents situations where required checks could be bypassed when jobs are skipped
• Consistent behavior: Aligns with our existing behavior in the CircleCI GitHub OAuth integrations
• Better security: Ensures all required checks must actually run and pass before PRs can be merged

Who This Affects

This change only applies to users who have connected CircleCI to GitHub using the GitHub App integration. Users of our GitHub OAuth integration already experience this behavior.

What You Need to Do

No action is required. This change has been applied automatically to all pipelines using the GitHub App integration.

We’ve updated the CircleCI VS Code extension to support a new set of pipeline values used by the Rollbacks feature.

You can now view and work with these deployment-specific values directly within your development environment.

Newly supported pipeline values:

• pipeline.deploy.component_name
• pipeline.deploy.environment_name
• pipeline.deploy.target_version
• pipeline.deploy.current_version
• pipeline.deploy.namespace

For customers using CircleCI’s release-agent, the CircleCI web app now lets you invoke a rollback from the Project Overview Page. We’ve removed other rollback options from the Project Overview page for simplicity in these cases.

Based on user feedback, we have added the ability see your component’s current version in the deploys card on the project overview page. This is available for all who use manual deploy markers.

You can create and delete CircleCI organizations programmatically through newly released Organization endpoints:

• Create organization
• Delete organization

Server 4.8.0 Changelog

Before Upgrading

See the CircleCI server 4.8 release notes and upgrade guide for this release.

NOTE: Vault is being deprecated and will no longer be supported in server 5.0. Refer to our script for steps to migrate to Tink.

What’s New in Release 4.8.0

The v4.8 release introduces further security improvements and support for flexible job dependencies.

NEW FEATURES

• Nomad UI is now accessible.
• Amazon Message Queue (AMQ) is now supported.
• Added support for configuring IOPS and throughput parameters for EC2 instances in the machine provisioner. New parameters can be found in the values.yaml reference.
• CircleCI Server now supports nomad servers externalized from your Kubernetes cluster. You may now deploy nomad servers on your own VM instances. This should improve the performance and stability of your nomad clusters.
• Support for Expression-based job filters
• Support for flexible job dependency.
• Support for Dynamic When Statements for Workflows (Breaking Change)
• Support for Windows container runner preview

NEW SERVICE:

• public-api-service

REMOVALS:

• web-ui-user-settings
• web-ui-org-settings
• web-ui-insights
• web-ui-project-settings
• web-ui-runners
• Support for launch-agent.
• Already-disabled v2 runner API endpoints.

CHANGES

• Moved from CircleCI fork back to upstream Hashicorp Nomad for improved stability and security updates.
• Nomad clients require IPv6 support within the kernel.
• JSON logging is enabled for Clojure services. This change allows customers to ingest logs from these services to their log aggregators in a familiar and consistent format.
• All containers now run with runAsNonRoot: true
• Telegraf will now include circleci_server_version in all the metrics it collects.
• The frontend container now uses the circleci-www-api image instead of the previously named frontend image.
• Clojure containers have moved to Java 21.
• Kong has been updated to 3.4.2
• Rerun workflow endpoint now has a rate limit of 20 requests per 5 seconds (max burst: 10)
• In server-terraform, the included Nomad images are now based on Ubuntu 22.04 with CgroupsV1 enabled. CgroupsV2 is currently unsupported. These nomad AMIs are built automatic security updates enabled.

PERFORMANCE IMPROVEMENTS:

• Database Operations: Optimized workflow storage to avoid N+1 database queries, reducing latency and improving concurrency.
• Workflow Status API: Now uses stored workflow status instead of generating it from job data, improving response times.
• Compiled Config Size: Removed unused job definitions from compiled configs, reducing size for customers with large configurations.

BUG FIXES

• Expression based restrictions via API have been fixed.
• Job handlers no longer silently drop on partial failure.
• Fixed broken branch picker functionality.
• SSH reruns in air-gapped installs have been restored.
• Broken pipelines now show triggering information in the UI.

DATABASE MIGRATIONS

The following services will run migrations when upgrading to this version:

• workflows-conductor
• authentication-svc
• builds-service
• branch-service
• contexts-service
• cron-service
• distributor
• domain-service
• insights-service
• machine-provisioner
• orb-service
• permissions-service
• runner-admin

NOTES

Customers that are using “S3-compatible” object storage should ensure that their object storage supports S3’s default data integrity protections. This includes (but is not limited to) Minio RELEASE.2025-01-20T14-49-07Z and Nutanix Objects v5.1.1.

KNOWN ISSUES

• Docker jobs may take an extra 60 seconds to conclude under certain circumstances.
• RDS is not compatible due to certain permissions checks; this will be fixed in 4.8.1.
• Vault may not refresh its client token after a month of uptime. Migrate to Tink to resolve this issue.
• Retry with SSH for jobs using the machine executor advertises a private IP address. For this reason, retry with SSH for jobs using the machine executor works as standard for public installations, but for private installs you would need to ensure that you can access the private IP advertised. For example, by using a VPN into your VPC.
• Machine builds using instances with IMDSv1 enabled is not supported

To learn more about Server 4.8 installation, migration, or operations please review our documentation.

We’ve expanded the Project settings > Project Setup page with new editing capabilities. Previously view-only, this page now allows some management of pipelines and triggers in one unified location.

What’s new:

Users can now use this page to:

• View all pipelines integrated with GitHub (both OAuth app and GitHub App integration) and their trigger
• Add GitHub App and Custom Webhook triggers
• Edit existing GitHub App, GitHub OAuth and Custom Webhook triggers
• Delete Custom webhook triggers

Coming soon:

• Add and delete GitHub OAuth triggers. The “delete” functionality will ensure that OAuth pipelines stop building, without the need to manually remove the webhook from GitHub
• Add, edit and delete schedule triggers for OAuth pipelines
• Add, edit and delete pipelines
• Delete GitHub App triggers

For pipelines connected to Bitbucket or GitLab, please continue using the existing Pipelines and Triggers tabs.

This unified experience will eventually replace the separate Pipelines and Triggers tabs.

Questions or feedback? Reach out to benedetta@circleci.com.

Previously, we had planned to report skipped jobs as “success”, but after careful consideration, we’ve decided to not report them at all.

What’s Changed Currently, we report skipped jobs as “pending”. We are now working to implement a change so that Status checks for skipped jobs will no longer be reported to GitHub when using the GitHub App integration.

Why This Matters

• Improved PR workflow: Prevents situations where required checks could be bypassed when jobs are skipped
• Consistent behavior: Aligns with our existing behavior in the CircleCI GitHub OAuth integrations
• Better security: Ensures all required checks must actually run and pass before PRs can be merged

Who This Affects This change only applies to users who have connected CircleCI to GitHub using the GitHub App integration. Users of our GitHub OAuth integration already experience this behavior.

What You Need to Do No action is required. This change will be applied automatically to all pipelines using the GitHub App integration when it is rolled out. We expect to complete the rollout by the end of June 2025.

Mac M4 Pro resources are now available on CircleCI, bringing Apple’s most advanced silicon directly to your CI/CD pipelines. Experience cutting edge performance with optimized CPU and memory configurations designed to effectively tackle your most challenging tasks.

Mac M4 Pro is available for customers on Performance and Scale plans in the following configurations:

Supported Xcode versions: 16.4.0, 16.3.0, 16.2.0, 16.1.0, 16.0.0, 15.4.0, 15.3.0, 15.2.0, 15.1.0, 14.3.1, 13.4.1

See the macOS documentation and CircleCI price list for details.

The CircleCI Terraform Provider enable customers to manage CircleCI projects with IaC patterns. For large-scale organizations, this enables automated project creation for new teams or projects. For existing projects and teams Terraform offers consistent settings and controls across all projects.

There is a planned breaking change in the public-api-service that affects the Get Trigger operation. We are working to fix this on the next release. change will remove name and description from the API response for the getTrigger endpoint.

We will move the terraform provider to General Availability once we have addressed the planned API changes.

https://github.com/CircleCI-Public/terraform-provider-circleci

From the “Project Overview” page, you can now set up a rollback pipeline that lets you quickly revert to a previous deployment version when invoked. Read more in our community forum, send any questions/comments to sebastian@circleci.com.

Platform Team Toolkit enables enterprise CI/CD optimization and governance that eliminates duplication, enforces security compliance, and accelerates delivery while empowering developers with the flexibility and speed they need.

It’s a combination of features that unlock efficiency and reduce operational toil for platform teams managing pipelines at scale, all while enhancing developer experience and velocity.

Key components of Platform Team Toolkit:

Terraform Module (coming soon) - Built on top of our Administration APIs. Provides a centralized tool to manage all projects on CircleCI. With infrastructure as code policies, you can set standards and maintain settings in one place.

URL Addressable Orbs - Removes the barriers to reusable config by allowing any file in your VCS to become a CircleCI orb. Allowlist rules maintain security and compliance.

Centralized Configuration, Templates, and Overrides - Gives the platform team the ability to manage pipelines from a central template while still providing dev team autonomy where it’s required.

To get the most from these features we recommend you review the documentation.

Reminder

Maintenance window for Runner is scheduled for June 3rd, 2025, at 19:00 PST/22:00 EST. The maintenance window will last until 19:10 PST/22:10 EST.

During this period:

• Resource management will not be available
• The Runner web UI for inventory and installation will not be available
• Up to a 5-minute delayed start time for runner jobs.

On June 25, 2025, the Insights pages in the CircleCI web app will be updated with the following changes:

• The organization overview “landing page” will show a more concise summary view
• Historical resource utilization graphs (CPU/RAM) for individual jobs will be removed from the web app.

Historical resource utilization data via the CircleCI Usage API and resource utilization in the “Resources” tab of the Job Details page in the CircleCI web app will still be available. More details on our community forum Discuss.

Maintenance window for Runner is scheduled for June 3rd, 2025, at 19:00 PST/22:00 EST. The maintenance window will last until 19:10 PST/22:10 EST.

During this period:

• Resource management will not be available
• The Runner web UI for inventory and installation will not be available
• Up to a 5-minute delayed start time for runner jobs.

CircleCI is making an upgrade to its local CLI which will require all local CLI users to upgrade to v0.1.31425 or higher if using the following two commands:

• circleci setup (circleci_setup)
• circleci diagnostic (circleci_diagnostic)

This upgrade must occur before May 31, 2025. After May 31, 2025, the two commands listed above will no longer work on versions of the CLI that are older than v0.1.31425.