This article covers the most common symptoms reported after a CircleCI project moves from the classic GitHub OAuth integration to the CircleCI GitHub App, or after the App is installed on top of an OAuth-connected project ("hybrid" project).
Symptoms covered
- An old OAuth pipeline still appears in the Trigger Pipeline dropdown after you removed its trigger from Project setup.
- Two pipelines run for every push or tag, about one second apart.
- A pull request stays blocked on GitHub even though the CircleCI workflow completed successfully.
Both pipeline symptoms trace back to how OAuth pipelines coexist with GitHub App pipelines on the same project. The merge-blocking symptom usually means branch protection rules still reference OAuth-era check names.
Why the OAuth pipeline stays around
For any project that exists in a GitHub OAuth organization, CircleCI keeps an OAuth pipeline for that project. Per the Pipeline types documentation, the OAuth pipeline:
- Is created automatically for OAuth organizations (one and only one per project).
- Cannot be deleted.
- Cannot be renamed.
- Can still be triggered via API or manually through the web app, even after its GitHub trigger is removed.
When you install the GitHub App for the same project, a second pipeline (a GitHub App pipeline) is created. Both can coexist, and the OAuth pipeline remains visible in Project setup and in the Trigger Pipeline dropdown. The OAuth pipeline does not start builds on its own unless something triggers it (a GitHub trigger, a webhook delivery, or a manual or API run). GitHub App pipelines post PR checks as circleci-app[bot].
Symptom 1: Persistent OAuth pipeline in the Trigger Pipeline dropdown
You removed the OAuth trigger but the OAuth pipeline is still listed in the Trigger Pipeline dropdown. It may also still appear as a card on Project setup with no delete control.
Why this happens
The dropdown lists every pipeline on the project, and per the Pipeline types docs the OAuth pipeline cannot be deleted.
What you can do
- Confirm the OAuth pipeline has no triggers attached. In Project settings → Project setup, locate the OAuth (GitHub) card and check the Trigger on section. It should be empty.
- With no triggers, the OAuth pipeline will not start automatically. Per the Pipeline types docs, it can still be triggered manually or via API, but that requires intentional action.
Symptom 2: Two pipelines run for every push or tag
Every push or tag creates two pipeline runs within about one second of each other.
Why this happens
Two webhook deliveries are reaching CircleCI for the same event. The two most common causes (covered in the docs) are:
- A GitHub App trigger and a GitHub OAuth trigger are both configured on the same project. Per the docs, this is a known cause of duplicate builds.
- The repository has more than one CircleCI webhook in its GitHub webhooks list, so the same event is delivered to CircleCI twice. Covered in the Troubleshooting duplicate builds support article.
What you can do
- Delete the OAuth trigger from Project setup. In the CircleCI web app, go to Project settings → Project setup. Find the OAuth (GitHub) card and look at the Trigger on section. Delete any triggers listed there. This is the fix the docs recommend in How do I prevent duplicate builds?
- Check GitHub repository webhooks. Go to your GitHub repository → Settings → Webhooks. If you see more than one CircleCI webhook here, remove the duplicates. The Troubleshooting duplicate builds support article covers the full walkthrough.
Symptom 3: PR merge blocked despite a successful CircleCI run
GitHub shows Expected - waiting for status to be reported for a required check, or the pull request cannot merge even though the CircleCI workflow is green.
Required check names from the OAuth era often look like:
ci/circleci: <job-name>
GitHub App checks look like:
<workflow-name> - <short-id>
Why this happens
GitHub branch protection rules match exact check names. After migration, CircleCI posts checks through the GitHub App as circleci-app[bot]. Rules that still require OAuth-era names wait for checks that GitHub App pipelines do not post under those names.
What you can do
- Open the pull request on GitHub and note the exact green check names posted by
circleci-app[bot]. - In GitHub, go to Settings → Branches → Branch protection rules → Edit.
- Under Require status checks to pass, remove stale
ci/circleci: ...entries and add the GitHub App workflow check name(s) from step 1. - Confirm Symptom 2 is resolved so only one pipeline runs per push.
Quick reference: symptom to fix
| Symptom | Where to fix |
|---|---|
| Persistent OAuth pipeline in Trigger Pipeline dropdown | Cannot be removed (platform behavior). Ensure no triggers are attached so it does not start automatically. |
| Two pipelines per push or tag | Project setup → delete OAuth trigger. GitHub repo → remove duplicate webhook |
| PR merge blocked despite green CircleCI run | GitHub branch protection → update required checks to GitHub App check names |
Comments
Article is closed for comments.