⨠ Update introspection

The GraphQL introspection (or schema), includes data like types, fields, queries, mutations, and even the field-level descriptions.

By default, Escape will always fetch the latest introspection from your GraphQL endpoint. However, if your introspection is closed, you can still update it manually or programmatically. Escape supports the programmatic update of introspection schemas or GraphQL schemas inside the CI/CD. Using this feature, you can automatically keep your introspection schema in sync even if your introspection is closed. By uploading a GraphQL schema or an introspection response from a CI/CD environment, Escape will always be aware of your latest schema changes before a scan is started.

info

You can also manually update your application introspection on Escape.

GitHub Action

# https://github.com/Escape-Technologies/action
name: Post Deploy
on:
  push:
    branches:
      - staging
jobs:
  Escape:
    runs-on: ubuntu-latest
    steps:
      - name: Escape Scan
        uses: Escape-Technologies/action@v0
        with:
          application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
          api_key: ${{ secrets.ESCAPE_API_KEY }}
          schema_file: relative/path/to/schema/from/repo/root/schema.graphql
          // or
          introspection_file: relative/path/to/schema/from/repo/root/introspection.json

Gitlab CI

Escape:
  stage: post-deploy
  needs:
    - deploy # name of your deployment job
  variables: # you can find those secrets directly in your Escape Application Settings
    - ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
    - ESCAPE_API_KEY: $ESCAPE_API_KEY
    - SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
    // or
    - INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
  image: node:alpine
  before_script:
    - npm install -g @escape.tech/action
    - npm show @escape.tech/action version
  script:
    - escape-action
  allow_failure: true
  only:
    refs:
      - staging

CLI

export ESCAPE_APPLICATION_ID=<YOUR APPLICATION ID>
export ESCAPE_API_KEY=<YOUR API KEY>
export SCHEMA_FILE="relative/path/to/schema/from/repo/root/schema.graphql"
// or
export INTROSPECTION_FILE="relative/path/to/schema/from/repo/root/introspection.json"

npm i -g @escape.tech/action
escape-action

API

export APPLICATION_ID=<YOUR APPLICATION ID>
export API_KEY=<YOUR API KEY>
export INTROSPECTION=$(cat relative/path/to/schema/from/repo/root/introspection.json)

curl -X POST \
-H "Authorization: Key $API_KEY" \
-H "Content-Type: application/json" \
-d "{ \"introspection\": $INTROSPECTION }"
https://api-public.prod.cloud.escape.tech/applications/$APPLICATION_ID/start-scan