⨠ Update schema

The schema, includes data like types, fields, queries, mutations, and even the field-level descriptions.

By default, Escape will always fetch the latest schema from your endpoint. However, if your introspection is closed, you can still update it manually or programmatically. Escape supports the programmatic update of schemas inside the CI/CD. Using this feature, you can automatically keep your introspection schema in sync even if your introspection is closed. By uploading a schema response from a CI/CD environment, Escape will always be aware of your latest schema changes before a scan is started.

info

You can also manually update your application introspection on Escape.

GitHub Action

# https://github.com/Escape-Technologies/action
name: Post Deploy
on:
  push:
    branches:
      - staging
jobs:
  Escape:
    runs-on: ubuntu-latest
    steps:
      - name: Escape Scan
        uses: Escape-Technologies/action@v0
        with:
          application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
          api_key: ${{ secrets.ESCAPE_API_KEY }}
          schema_file: relative/path/to/schema/from/repo/root/schema.graphql
          // or
          introspection_file: relative/path/to/schema/from/repo/root/introspection.json

Gitlab CI

Escape:
  stage: post-deploy
  needs:
    - deploy # name of your deployment job
  variables: # you can find those secrets directly in your Escape Application Settings
    - ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
    - ESCAPE_API_KEY: $ESCAPE_API_KEY
    - SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
    // or
    - INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
  image: node:alpine
  before_script:
    - npm install -g @escape.tech/action
    - npm show @escape.tech/action version
  script:
    - escape-action
  allow_failure: true
  only:
    refs:
      - staging

Bitbucket Pipelines

image: node:alpine

pipelines:
  default:
    - step:
        name: Deploy
        script:
          # Your deployment scripts here

    - step:
        name: Escape
        trigger: manual  # Set to manual if you wish to run this step manually
        after-script:   # Similar to post-deploy in GitLab
          - npm install -g @escape.tech/action
          - npm show @escape.tech/action version
          - escape-action
        deployment: staging  # Assuming staging environment for deployment
        script:
          - echo "Starting Escape scan..."
        services:
          - docker
        caches:
          - node
        size: 2x
        max-time: 10
        variables:
          ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
          ESCAPE_API_KEY: $ESCAPE_API_KEY
          SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
          # or
          # INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json

CircleCI

version: 2.1

jobs:
  deploy: 
    docker:
      - image: node:alpine
    steps:
      - checkout
      # Your deployment steps here

  escape_scan:
    docker:
      - image: node:alpine
    steps:
      - checkout
      - run:
          name: Install Escape CLI
          command: |
            npm install -g @escape.tech/action
            npm show @escape.tech/action version
      - run:
          name: Run Escape Scan
          command: escape-action
      environment:
        ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
        ESCAPE_API_KEY: $ESCAPE_API_KEY
        SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
        # or
        # INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json

workflows:
  version: 2
  deploy_and_scan:
    jobs:
      - deploy
      - escape_scan:
          requires:
            - deploy
          filters:
            branches:
              only: staging

Jenkins Pipeline

pipeline {
    agent {
        docker {
            image 'node:alpine'
        }
    }
    
    environment {
        ESCAPE_APPLICATION_ID = credentials('ESCAPE_APPLICATION_ID')
        ESCAPE_API_KEY = credentials('ESCAPE_API_KEY')
        SCHEMA_FILE = 'relative/path/to/schema/from/repo/root/schema.graphql'
        // Alternatively, you can use INTROSPECTION_FILE for the schema
        // INTROSPECTION_FILE = 'relative/path/to/schema/from/repo/root/introspection.json'
    }
    
    stages {
        stage('Checkout') {
            steps {
                checkout scm // Checkout the codebase from the SCM provider
            }
        }
        
        stage('Post-Deploy') {
            when {
                branch 'staging' // Only run on the 'staging' branch
            }

            steps {
                script {
                    // Install the Escape CLI tool
                    sh 'npm install -g @escape.tech/action'
                    
                    // Show the installed Escape CLI version
                    sh 'npm show @escape.tech/action version'
                    
                    // Run the Escape action
                    sh 'escape-action'
                }
            }
            
            post {
                always {
                    // Configuration to allow failure
                }
            }
        }
    }
}

CLI

export ESCAPE_APPLICATION_ID=<YOUR APPLICATION ID>
export ESCAPE_API_KEY=<YOUR API KEY>
export SCHEMA_FILE="relative/path/to/schema/from/repo/root/schema.graphql"
// or
export INTROSPECTION_FILE="relative/path/to/schema/from/repo/root/introspection.json"

npm i -g @escape.tech/action
escape-action

API

export APPLICATION_ID=<YOUR APPLICATION ID>
export API_KEY=<YOUR API KEY>
export INTROSPECTION=$(cat relative/path/to/schema/from/repo/root/introspection.json)

curl -X POST \
-H "Authorization: Key $API_KEY" \
-H "Content-Type: application/json" \
-d "{ \"introspection\": $INTROSPECTION }"
https://public.escape.tech/applications/$APPLICATION_ID/start-scan