⨠ Update schema
The schema, includes data like types, fields, queries, mutations, and even the field-level descriptions.
By default, Escape will always fetch the latest schema from your endpoint. However, if your introspection is closed, you can still update it manually or programmatically. Escape supports the programmatic update of schemas inside the CI/CD. Using this feature, you can automatically keep your introspection schema in sync even if your introspection is closed. By uploading a schema response from a CI/CD environment, Escape will always be aware of your latest schema changes before a scan is started.
info
You can also manually update your application introspection on Escape.
- GitHub Action
- Gitlab CI
- Bitbucket Pipelines
- CircleCI
- Jenkins Pipeline
- Azure DevOps
- CLI
- API
# https://github.com/Escape-Technologies/action
name: Post Deploy
on:
push:
branches:
- staging
jobs:
Escape:
runs-on: ubuntu-latest
steps:
- name: Escape Scan
uses: Escape-Technologies/action@v0
with:
application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
api_key: ${{ secrets.ESCAPE_API_KEY }}
schema_file: relative/path/to/schema/from/repo/root/schema.graphql
// or
introspection_file: relative/path/to/schema/from/repo/root/introspection.json
Escape:
stage: post-deploy
needs:
- deploy # name of your deployment job
variables: # you can find those secrets directly in your Escape Application Settings
- ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
- ESCAPE_API_KEY: $ESCAPE_API_KEY
- SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
// or
- INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
image: node:alpine
before_script:
- npm install -g @escape.tech/action
- npm show @escape.tech/action version
script:
- escape-action
allow_failure: true
only:
refs:
- staging
image: node:alpine
pipelines:
default:
- step:
name: Deploy
script:
# Your deployment scripts here
- step:
name: Escape
trigger: manual # Set to manual if you wish to run this step manually
after-script: # Similar to post-deploy in GitLab
- npm install -g @escape.tech/action
- npm show @escape.tech/action version
- escape-action
deployment: staging # Assuming staging environment for deployment
script:
- echo "Starting Escape scan..."
services:
- docker
caches:
- node
size: 2x
max-time: 10
variables:
ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
ESCAPE_API_KEY: $ESCAPE_API_KEY
SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
# or
# INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
version: 2.1
jobs:
deploy:
docker:
- image: node:alpine
steps:
- checkout
# Your deployment steps here
escape_scan:
docker:
- image: node:alpine
steps:
- checkout
- run:
name: Install Escape CLI
command: |
npm install -g @escape.tech/action
npm show @escape.tech/action version
- run:
name: Run Escape Scan
command: escape-action
environment:
ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
ESCAPE_API_KEY: $ESCAPE_API_KEY
SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
# or
# INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
workflows:
version: 2
deploy_and_scan:
jobs:
- deploy
- escape_scan:
requires:
- deploy
filters:
branches:
only: staging
pipeline {
agent {
docker {
image 'node:alpine'
}
}
environment {
ESCAPE_APPLICATION_ID = credentials('ESCAPE_APPLICATION_ID')
ESCAPE_API_KEY = credentials('ESCAPE_API_KEY')
SCHEMA_FILE = 'relative/path/to/schema/from/repo/root/schema.graphql'
// Alternatively, you can use INTROSPECTION_FILE for the schema
// INTROSPECTION_FILE = 'relative/path/to/schema/from/repo/root/introspection.json'
}
stages {
stage('Checkout') {
steps {
checkout scm // Checkout the codebase from the SCM provider
}
}
stage('Post-Deploy') {
when {
branch 'staging' // Only run on the 'staging' branch
}
steps {
script {
// Install the Escape CLI tool
sh 'npm install -g @escape.tech/action'
// Show the installed Escape CLI version
sh 'npm show @escape.tech/action version'
// Run the Escape action
sh 'escape-action'
}
}
post {
always {
// Configuration to allow failure
}
}
}
}
}
trigger:
branches:
include:
- staging
pool:
vmImage: 'ubuntu-latest'
jobs:
- job: EscapeScan
displayName: 'Escape Scan'
dependsOn: deploy # Assuming you have a 'deploy' job defined elsewhere in your Azure DevOps pipeline.
variables:
ESCAPE_APPLICATION_ID: $(EscapeAppId) # Define these in the Azure DevOps Pipeline environment variables or in a variable group.
ESCAPE_API_KEY: $(EscapeApiKey)
SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
# Optionally define INTROSPECTION_FILE instead of SCHEMA_FILE if using the introspection.json approach.
# INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
steps:
- script: |
sudo npm install -g @escape.tech/action
npm show @escape.tech/action version
escape-action
displayName: 'Run Escape Action'
env:
ESCAPE_APPLICATION_ID: $(EscapeAppId)
ESCAPE_API_KEY: $(EscapeApiKey)
SCHEMA_FILE: $(SCHEMA_FILE)
# INTROSPECTION_FILE: $(INTROSPECTION_FILE) # Uncomment if using the introspection.json approach.
continueOnError: true
export ESCAPE_APPLICATION_ID=<YOUR APPLICATION ID>
export ESCAPE_API_KEY=<YOUR API KEY>
export SCHEMA_FILE="relative/path/to/schema/from/repo/root/schema.graphql"
// or
export INTROSPECTION_FILE="relative/path/to/schema/from/repo/root/introspection.json"
npm i -g @escape.tech/action
escape-action
export APPLICATION_ID=<YOUR APPLICATION ID>
export API_KEY=<YOUR API KEY>
export INTROSPECTION=$(cat relative/path/to/schema/from/repo/root/introspection.json)
curl -X POST \
-H "Authorization: Key $API_KEY" \
-H "Content-Type: application/json" \
-d "{ \"introspection\": $INTROSPECTION }"
https://public.escape.tech/applications/$APPLICATION_ID/start-scan