This action checks your GraphQL server health after deployment. Specifically, it will check:
- The endpoint is reachable
- Introspection is disabled (for non-federated graphs)
- (Optional) Authentication is required to make queries
- If subgraph:
- (Optional) The subgraph contains required Federation elements
name: Deploy
on:
push:
branches:
- main
jobs:
check_graphql:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dbanty/check-graphql-action@v1
with:
endpoint: ${{ vars.PRODUTION_ENDPOINT }}
auth: "Gateway-Authorization: Bearer ${{ secrets.AUTH_TOKEN }}" # If not included, auth is not checked
subgraph: true # defaults to false
allow_introspection: true # Defaults to the value of subgraph
insecure_subgraph: false # Defaults to false
Name | Description | Default |
---|---|---|
endpoint |
The full URL, including scheme (e.g., https:// ) of the GraphQL endpoint |
None |
auth |
The full header to be included. Providing a value enables the "authentication required" check | None |
subgraph |
Whether the endpoint is expected to be a Federation subgraph | false |
allow_introspection |
Whether the GraphQL server should have introspection enabled. This should be disabled for non-subgraphs | value of subgraph |
insecure_subgraph |
Whether it is acceptable for your auth to be empty when subgraph is true . You generally don't want this |
false |
This action will fail if making an HTTP POST request to the provided endpoint fails. The request will contain this query:
query {
__typename
}
It expects this response:
{
"data": {
"__typename": "Query"
}
}
Unless the subgraph
input is set to true
or allow_introspection
is set to true
, this action will fail if the GraphQL server responds to an introspection query. The query will be:
query {
__schema {
types {
name
}
}
}
The GraphQL server must respond with an error for this check to succeed.
If the auth
input is provided, this action will fail if the GraphQL server responds to any query without the provided authentication.
If the subgraph
input is set to true
, this action will check that the subgraph contains the required Federation elements. Specifically, it will run the query:
query {
_service {
sdl
}
}
NOTE: If subgraph
is true
and auth
is not provided, this action will fail—as insecure subgraphs are usually a mistake. If you need a public, insecure subgraph, you can provide the input insecure_subgraph: true
.