Changelog

Agent Job Tokens

Access tokens for agents will now be limited to the lifetime of the job. There is now a unique BUILDKITE_AGENT_ACCESS_TOKEN for each job that is run, which will stop working once the job finishes. This reduces the period of impact to the lifetime of the job if a BUILDKITE_AGENT_ACCESS_TOKEN is leaked from the agent’s environment.

Ensure you are running Buildkite Agent version v3.39.0 or later to take advantage of these tokens and v3.62.0 for all the latest improvements.

For more details, see the documentation.

Tessa

REST API Rate Limit Changes

Today, we updated our REST API rate limits. ​This update will improve performance, enhance security, and ensure fair usage.

For more information on rate limits please consult our documentation.

Himal

Docs updates to Pipelines landing page, GraphQL cookbook, and visual style

pipelines-landing-new.png We tackled some quick wins the last week, including:

  • Creating a new landing page for Pipelines. This helps distinguish the product from the feature and provides clearer entry points for new users.
  • Adding a dedicated page to describe Pipelines' hybrid architecture.
  • Highlighting H3s when scrolling on a page.
  • Splitting the GraphQL cookbook into multiple pages to make it easier to navigate.
  • Updating the search component.
  • Applying general style updates across the site, from typography and tables to page layout and spacing.

And many more small changes. See the documentation to check them all out. ✨

Michael

Enforce edit permissions check when accessing pipeline provider webhook URLs

Pipeline edit permissions are now required to view pipeline.provider.webhook_url. If the user does not have the correct permissions, a blank string will be shown in place of the webhook URL.

This change will also affect webhook payloads containing pipeline data. To ensure the greatest level of security, pipeline.provider.webhook_url will no longer be visible in these payloads.

Read more about the REST API

Laura

Single Organization Access Tokens

Starting today, newly created API Access Tokens will only access one organization. This update aims to enhance organizations' security by simplifying access token management. Administrators should be aware that tokens cannot be modified to include their organization after they have been originally created.

This change only affects newly created tokens. All existing tokens will remain unaffected by this change; however, existing tokens will not be able to add any additional organizations to their scope.

James

Upcoming change to the Buildkite API

To enhance the overall reliability and scalability, we are implementing changes to how Buildkite handles API GET requests that include a body in the payload starting September 18th.

As a result of these changes, any GET request to api.buildkite.com that includes a body will receive a 403 status (Forbidden) as a response.

This may impact legacy clients, particularly older versions of Buildkite's Terraform provider (< 0.15). To ensure compatibility, we recommend upgrading to the latest version of our Terraform provider.

During the week commencing August 28th, Buildkite will intermittently enable this change for short periods as a low-impact method of uncovering issues.

We value our customers and their experience with Buildkite, so we will directly communicate with any customers continuing to submit API GET requests with a body.

Thank you for your understanding and cooperation as we continue to improve our platform.

Update: We originally advised this change would occur on August 14th, we have delayed this change to September 18th.

James

GraphQL Rate Limits

Buildkite has introduced new rate limits for the GraphQL API.

This update will improve performance, enhance security, and ensure fair usage across the Buildkite platform.

Please read the documentation to learn more about the GraphQL rate limits, specifically how to check your current usage:

James

GraphQL Build Retention Objects Deprecation

On 13 July 2023, there will be some deprecations in the GraphQL API. The following objects from the pipeline will be deprecated: buildRetentionEnabled, buildRetentionNumber, and buildRetentionPeriod.

To get more information about the pipeline schema and its changes, please refer to the documentation.

Oz

Agent Tokens Removed from Buildkite UI after Creation

Effective from 24 July 2023, agent tokens in the Buildkite UI will undergo a significant modification. They will now behave similarly to API tokens, meaning that after creation, they will no longer be visible in the UI.

To ensure you have access to the complete token, it is crucial to save it immediately upon creation. This change aims to enhance the security of agent tokens within the Buildkite platform.

Please make a note of this update and adjust your workflows accordingly. If you have any questions or concerns, feel free to reach out to our support team (support@buildkite.com) for assistance.

Oz

Now available: June 2023 Release

Today we’re shipping 30+ new features to Buildkite 🚀

Q2 Release Preview

Some of the features I’m most excited about are:

  • 🗂 Pipeline Templates let you have a shared set of step definitions you can use across your pipelines, and better yet, you can lock down all your pipelines in the organization to only those templates. Great for security and control at scale.
  • 📈 We’ve added metrics to your cluster queues. You’ll now be able to see how many agents are connected, how many jobs are running, and what the current scheduled wait time for a job is.
  • 🔨 Building upon our local Agent Job API that we shipped in the last release, Agent hooks can be written in any language, not just Bash. This allows us to work towards a future where you can write your hooks once and run them anywhere.

Check out the rest of the release here: https://buildkite.com/releases/2023-06

I'd love to hear your feedback on the release, send me an email any time: keith@buildkite.com

Keith

API token expiry policies

Security is job zero, it’s important for organizations to harden their defenses against lost or leaked credentials. Buildkite’s token expiry policy will automatically revoke tokens that are no longer in use from accessing your organizational information

Set your token expiry policy to either 30, 60, 90, 180, or 365 days. After which if a token has not been used for that period of time it will expire and no longer have access to your organization.

Learn more about revoking tokens automatically

James

Access Token Notifications

Buildkite has implemented additional security notifications to keep your data safer.

Security notifications empower customers to promptly address any token changes made to their accounts, ensuring data security and preventing unauthorised access.

Users will now receive an email when they create or update an access token associated with their account.

James

Important Update to Terraform Provider

We're removing support for Import of agent tokens in the Terraform provider. This change coincides with the announcement in this changelog. From 4 July 2023 onwards, any resources or data-sources which are dependent on an agent token being present will likely fail to apply.

We recommend that you update your provider version to >=0.19.0. Any version below this will run a state refresh on the next Terraform operation and cause agent tokens in state to be set to nil, "". If these changes are then deployed, there is a risk that all agents in your organisation will have their tokens removed and no longer be able to connect to Buildkite.

Go to the v0.19.0 release

Go to the terraform registry

Oz

Agent Token being Deprecated from GraphQL APIs

At Buildkite we take your security seriously, because of that starting 22 June 2023 you will not be able to retrieve agent tokens for clustered and unclustered agents through the token attribute after it has been created through GraphQL APIs.

Read more about how to create Agent Tokens

Read more about how to create Cluster Agent Tokens

Update: The date for deprecation will be delayed to 4 July 2023 due to the breaking change introduced to Buildkite terraform provider. If you are a customer using the Terraform provider, please make sure to upgrade to version 0.19.0 beforehand.

Oz

New Security settings section

We've introduced a new 🔒 Security section under Settings for all security related features.

Moving all security related controls into the same space will make them easier to find and manage.

You'll find:

  • Security contact
  • Permissions settings
  • Pipelines permissions
  • Test Analytics permissions
  • API access allowlist

consolidated in this new page: https://buildkite.com/organizations/~/security

Jason

Jenkins migration guide added to the docs

We’ve added a guide in the docs to help you migrate from Jenkins to Buildkite.

The new page:

  • Provides a general approach for migration.
  • Explains the key differences.
  • Highlights the most important considerations.

We hope it makes the migration process more straightforward and transparent.

The new page shown in the docs

See Migrate from Jenkins to check it out. ✨

Michael

AWS Elastic CI Stack v5.19.0 release

The v5.19.0 version of the Elastic CI Stack is now avaliable. This includes a fix for an error encountered when creating a new stack from its cloudformation template due to an attempt to create an ACL for object ownership when they are now disabled by default.

For further details of the fix and what else is included in the release, see the Elastic CI Stack's release notes.

Narthana

Docs home page redesign

We've redesigned the documentation home page to make getting to the content you want easier.

The new design of the documentation home page

Notice:

  • A clearer path to get started for new users.
  • Quick access to popular content for everyone.
  • Links to look up reference data for experienced users.
  • A consistent global navigation to make jumping to the section you want easier.

See Buildkite docs to check it out! ✨

Michael

Elastic CI Stack for AWS docs restructure

We've restructured the documentation for the Elastic CI Stack for AWS to create clearer and more focused pages that are easier to navigate.

The new navigation structure for the Elastic CI Stack for AWS section in the docs

See the Overview to check out the changes. ✨

Michael

Shaziya

Start turning complexity into an advantage

Create an account to get started with a 30-day free trial. No credit card required.

Buildkite Pipelines

Platform

  1. Pipelines
  2. Pipeline templates
  3. Public pipelines
  4. Test Engine
  5. Package Registries
  6. Mobile Delivery Cloud
  7. Pricing

Hosting options

  1. Self-hosted agents
  2. Mac hosted agents
  3. Linux hosted agents

Resources

  1. Docs
  2. Blog
  3. Changelog
  4. Webinars
  5. Plugins
  6. Case studies
  7. Events

Company

  1. About
  2. Careers
  3. Press
  4. Brand assets
  5. Contact

Solutions

  1. Replace Jenkins
  2. Workflows for AI/ML

Support

  1. System status
  2. Forum