I recently logged in to CircleCI for the first time using GitHub. On the first screen I saw a bunch of (pre-checked) checkboxes which I assumed were builds we already had set up, and a big blue “follow” (I think) button. I figured clicking the button would only change the state of which projects I follow, and would have no side effects in GitHub.
Once I clicked the button I received a number of emails from GitHub saying that public keys had been added to repos using my credentials. This was probably harmless, but I did not intend for it to happen, so it was very jarring. I’ve removed the public keys that Circle added.
I’m now not sure whether the repositories that got the new public key were previously enabled or disabled. They’re enabled now, but perhaps that’s because of some other side effect that I don’t remember authorizing. I can’t see any history of my actions to determine whether they’re enabled because I enabled them by accident, or if they were always enabled.
I’m sure there’s nothing majorly wrong here, but as a first time user of CircleCI this was a very jarring user experience. I still don’t fully understand what happened.