Change config.yaml using API

Hello there,
I was wondering if there is a way to change a config.yml file using CircleCI API?
When using GUI, I can change the file, Save, Run and commit it to repository.
Is it possible to do the same using API?

To code any changes to the config.yml you would just script it using git and yaml tools directly as the file is under your direct ownership. This is all that the circleci GUI is doing when it allows you direct access to the config.yml.

The API will be required to do everything else, including providing the details needed so that you can retrieve the correct instance of config.yml from within your repo.

1 Like

Thank you for the answer.
Problem with that approach is that I do not have direct access to the git repo.
App that we will be building has only access to CircleCI API using personal API token. That is a reason why I am asking for a way of saving config.yml changes using CircleCI API.
Does the CircleCI save the config.yml to their cloud or it reads it always ‘on the fly’ from the repo? Can the file be saved to CircleCI using API? It does not have to be pushed to the repo.
If that makes sense :slight_smile:

First I have to make it clear that I’m just an external volunteer so I can not be sure what the CircleCI team was aiming for with this feature.

When I use this feature I am given the ability to save changes to an existing branch or even create a new branch within the repo. The update/create is then performed with the account that I am using from within the CircleCI GUI. So the GUI does allow someone to modify the config.yml file held within the repo.

In terms of the API layer, this is not really a feature that the API could offer as the website/GUI is offering a working environment that itself is dependent on the CircleCI API but also other tools such as git to allow that type of interaction with the repo and the account keys needed to perform such an action. The API uses different account keys and if you were granted keys from the repo with the required rights you could just use git directly.

I’ll send a message to the contact I have within CircleCI who looks after the volunteers (as well as 101 other tasks) to see if they can add anything to this thread.

One reason for involving them is the slight issue you yourself have raised - you do not have direct access to the git repo to make changes, but via the GUI you do end up with indirect access to the git repo that allows you to make changes. That is a level of feature creep that some security teams may be unaware of. Originally CircleCI required such write access so that its application code could make required changes to the repo environment. Providing GUI-based editing of the main control file opens up other issues.

Thanks again for very detailed answer.

My bad, I was not clear enough.
When I said that I don’t have direct access, what I meant is that I would like to avoid cloning my client’s repo to my server just to be able to commit/push changes on the config.yml file.
I know that I can access the repo using SSH keys that CircleCI uses to checkout the repo, but it would be nice if there is a workaround for “saving” the changes through CircleCI API, just like we do it using CircleCI GUI.

I guess there is no such API endpoint.
Thanks anyway.

That is the reason for me raising this as a possible issue with those who know the status of things far better than I do.

Most git-based workflows are built around the idea of cloning/pull requests, merging, and reviews, with config.yml rightly existing within this workflow. So much so that Dev, DevOps, and DevSecOps processes are all built on this process cycle.

Being able to directly change the config.yml file from within the CirceCI web GUI that expresses the automated master build and deployment of a system could be seen as a bit of a problem.


Hi there, and thanks @rit1010 for flagging.

I think I can see where you’re coming from.
At the moment, it should be possible to to do something similar - by using dynamic config.

Basically, the continuation config (after the setup phase) uses an API call that takes a config in string format. I don’t think this is the cleanest solution, but it is doable if commit permissions are truly out of the picture. API Docs here.

I’ll check with the teams whether there are any plans to streamline this further.

Thank you very much zmarkan.
I will try that solution.