As of May 25, 2022, at 19:52 UTC, GitHub integration has been re-enabled:
We are happy to report that the GitHub integration is re-enabled! You can now reconnect with GitHub and restore your Heroku pipeline functionality, including Review Apps, with newly generated tokens.
You can connect to GitHub immediately or wait for the enhanced integration as described in this blog post. To re-establish your GitHub connection now, please follow these instructions.
Here is what the referenced blog post says about “enhanced integration”:
In an effort to improve the security model of the integration, we are exploring additional enhancements in partnership with GitHub, which include moving to GitHub Apps for more granular permissions and enabling RFC8705 for better protection of OAuth tokens. As these enhancements require changes by both Heroku and GitHub, we will post more information as the engagement evolves.
No timeline is mentioned for availability of the enhanced integration.
Between April 15 and May 25, 2022, Heroku’s GitHub integration feature was disabled while Heroku investigated a security breach. During that time, deploying was still possible via other means, most notably via git push.
To mitigate impact from potentially compromised OAuth tokens, we will revoke over the next several hours all existing tokens from the Heroku GitHub integration. We are also preventing new OAuth tokens from being created until further notice. Your GitHub repositories will not be affected in any way by this action.
Which Heroku features have become non-operative due to the removal of the Heroku-GitHub integration?
- Enabling review apps
- Creating (automatic and manual) review apps
- Deploying (automatic and manual) review apps
- Deploying an app from GitHub (either manual or automatic)
- Heroku CI cannot create new runs (automatically or manually) or see GitHub branch list
- Heroku Button: unable to create button apps from private repositories
- ChatOps: unable to deploy or get deploy notifications
- Any app with a GitHub integration may be affected by this issue. To address specific integration issues, please open a case with Heroku Support
Migrating from GitHub deployment to Git deployment
At 2022-04-21 23:53 UTC, Heroku provided extended instructions for migrating from GitHub-based deployment to Git-based deployment:
While our customers remain unable to reconnect to GitHub via the Heroku dashboard, we wanted to share a supplement to the code deployment methods previously provided. For instructions on how to change your deployment method from GitHub to Heroku Git, please refer to the following Help article: How to switch deployment method from GitHub to Heroku Git with all the changes/app code available in a GitHub repo.