Schema Updates¶

Overview¶

The schema contains essential API information including: - Types and fields - Queries and mutations - Field-level descriptions

While Escape automatically fetches the latest schema from your endpoint, you can also: - Update schemas manually - Update schemas programmatically through CI/CD - Keep schemas in sync even with closed introspection

Manually Updated Introspection

You can also manually update your application introspection on Escape.

Implementation Examples¶

GitHub ActionGitlab CIBitbucket PipelinesCircleCIJenkins PipelineAzure DevOpsTravis CICLIAPI

name: Post Deploy
on:
  push:
    branches:
      - staging
jobs:
  Escape:
    runs-on: ubuntu-latest
    steps:
      - name: Escape Scan
        uses: Escape-Technologies/action@v0
        with:
          application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
          api_key: ${{ secrets.ESCAPE_API_KEY }}
          schema_file: relative/path/to/schema/from/repo/root/schema.graphql
          # Or use one of these alternatives:
          introspection_file: relative/path/to/schema/from/repo/root/introspection.json
          schema_url: https://url.to/schema/from/repo/root/schema.graphql

Escape:
  stage: post-deploy
  needs:
    - deploy # name of your deployment job
  variables: # you can find those secrets directly in your Escape Application Settings
    - ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
    - ESCAPE_API_KEY: $ESCAPE_API_KEY
    - SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
    # or
    - INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
    # or
    - SCHEMA_URL: https://url.to/schema/from/repo/root/schema.graphql
  image: node:alpine
  before_script:
    - npm install -g @escape.tech/action
    - npm show @escape.tech/action version
  script:
    - escape-action
  allow_failure: true
  only:
    refs:
      - staging

image: node:alpine

pipelines:
  default:
    - step:
        name: Deploy
        script:
          # Your deployment scripts here

    - step:
        name: Escape
        trigger: manual  # Set to manual if you wish to run this step manually
        after-script:   # Similar to post-deploy in GitLab
          - npm install -g @escape.tech/action
          - npm show @escape.tech/action version
          - escape-action
        deployment: staging  # Assuming staging environment for deployment
        script:
          - echo "Starting Escape scan..."
        services:
          - docker
        caches:
          - node
        size: 2x
        max-time: 10
        variables:
          ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
          ESCAPE_API_KEY: $ESCAPE_API_KEY
          SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
          # or
          # INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
          # or
          # SCHEMA_URL: https://url.to/schema/from/repo/root/schema.graphql

version: 2.1

jobs:
  deploy: 
    docker:
      - image: node:alpine
    steps:
      - checkout
      # Your deployment steps here

  escape_scan:
    docker:
      - image: node:alpine
    steps:
      - checkout
      - run:
          name: Install Escape CLI
          command: |
            npm install -g @escape.tech/action
            npm show @escape.tech/action version
      - run:
          name: Run Escape Scan
          command: escape-action
      environment:
        ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
        ESCAPE_API_KEY: $ESCAPE_API_KEY
        SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
        # or
        # INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
        # or
        # SCHEMA_URL: https://url.to/schema/from/repo/root/schema.graphql

workflows:
  version: 2
  deploy_and_scan:
    jobs:
      - deploy
      - escape_scan:
          requires:
            - deploy
          filters:
            branches:
              only: staging

pipeline {
    agent {
        docker {
            image 'node:alpine'
        }
    }

    environment {
        ESCAPE_APPLICATION_ID = credentials('ESCAPE_APPLICATION_ID')
        ESCAPE_API_KEY = credentials('ESCAPE_API_KEY')
        SCHEMA_FILE = 'relative/path/to/schema/from/repo/root/schema.graphql'
        # Alternatively, you can use INTROSPECTION_FILE for the schema
        # INTROSPECTION_FILE = 'relative/path/to/schema/from/repo/root/introspection.json'
        # or
        # SCHEMA_URL = 'https://url.to/schema/from/repo/root/schema.graphql'
    }

    stages {
        stage('Checkout') {
            steps {
                checkout scm // Checkout the codebase from the SCM provider
            }
        }

        stage('Post-Deploy') {
            when {
                branch 'staging' // Only run on the 'staging' branch
            }

            steps {
                script {
                    # Install the Escape CLI tool
                    sh 'npm install -g @escape.tech/action'

                    # Show the installed Escape CLI version
                    sh 'npm show @escape.tech/action version'

                    # Run the Escape action
                    sh 'escape-action'
                }
            }

            post {
                always {
                    # Configuration to allow failure
                }
            }
        }
    }
}

trigger:
  branches:
    include:
      - staging

pool:
  vmImage: 'ubuntu-latest'

jobs:
- job: EscapeScan
  displayName: 'Escape Scan'
  dependsOn: deploy # Assuming you have a 'deploy' job defined elsewhere in your Azure DevOps pipeline.

  variables:
    ESCAPE_APPLICATION_ID: $(EscapeAppId) # Define these in the Azure DevOps Pipeline environment variables or in a variable group.
    ESCAPE_API_KEY: $(EscapeApiKey)
    SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
    # Optionally define INTROSPECTION_FILE instead of SCHEMA_FILE if using the introspection.json approach.
    # INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
    # or
    # SCHEMA_URL: https://url.to/schema/from/repo/root/schema.graphql

  steps:
  - script: |
      sudo npm install -g @escape.tech/action
      npm show @escape.tech/action version
      escape-action
    displayName: 'Run Escape Action'
    env: 
      ESCAPE_APPLICATION_ID: $(EscapeAppId)
      ESCAPE_API_KEY: $(EscapeApiKey)
      SCHEMA_FILE: $(SCHEMA_FILE)
      # INTROSPECTION_FILE: $(INTROSPECTION_FILE) # Uncomment if using the introspection.json approach.
      # or
      # SCHEMA_URL: $(SCHEMA_URL)
    continueOnError: true

language: node_js
node_js:
  - node

jobs:
  include:
    - stage: security
      if: branch = staging
      script:
        - npm install -g @escape.tech/action
        - npm show @escape.tech/action version
        - escape-action
      env:
        - ESCAPE_APPLICATION_ID=$ESCAPE_APPLICATION_ID
        - ESCAPE_API_KEY=$ESCAPE_API_KEY
        - SCHEMA_FILE=relative/path/to/schema/from/repo/root/schema.graphql
        # Or use one of these alternatives:
        # - INTROSPECTION_FILE=relative/path/to/schema/from/repo/root/introspection.json
        # - SCHEMA_URL=https://url.to/schema/from/repo/root/schema.graphql

stages:
  - security

export ESCAPE_APPLICATION_ID=<YOUR APPLICATION ID>
export ESCAPE_API_KEY=<YOUR API KEY>
export SCHEMA_FILE="relative/path/to/schema/from/repo/root/schema.graphql"
# Alternatively, you can use INTROSPECTION_FILE for the schema
# INTROSPECTION_FILE = 'relative/path/to/schema/from/repo/root/introspection.json'
# or
# SCHEMA_URL = 'https://url.to/schema/from/repo/root/schema.graphql'

npm i -g @escape.tech/action
escape-action

export APPLICATION_ID=<YOUR APPLICATION ID>
export API_KEY=<YOUR API KEY>
export INTROSPECTION=$(cat relative/path/to/schema/from/repo/root/introspection.json)

curl -X POST \
-H "Authorization: Key $API_KEY" \
-H "Content-Type: application/json" \
-d "{ \"introspection\": $INTROSPECTION }"
https://public.escape.tech/applications/$APPLICATION_ID/start-scan