Using Rover in CI/CD
Integrate Rover into continuous integration and deployment workflows
You can use Rover in any CI/CD environment that uses a Rover-supported operating system (Linux, MacOS, or Windows). Most commonly, this is to run schema checks with rover graph check or rover subgraph check.
Rover's installation is similar to many other CLI tools, but the recommended method varies depending on which provider you're using. We've included instructions for some of the most common CI/CD providers:
If you're using Rover with a CI/CD provider not listed here, we'd love for you to share the steps by opening an issue or pull request.
Use API keys
Rover commands that communicate with GraphOS require an API key. GraphOS supports graph API keys, subgraph API keys, and personal API keys.
On your local development machine, use a personal API key and provide it to Rover with the rover config auth command.
In shared environments like CI, use a graph or subgraph API key and set it as an environment variable.
CircleCI
Linux jobs using the curl installer
Normally when installing, Rover adds the path of its executable to your $PATH. However, CircleCI doesn't use the $PATH variable between run steps. This means that if you install Rover and try to run it in the next step, you get a command not found: rover error.
To fix this, you can modify the $PATH and append it to $BASH_ENV. $BASH_ENV is executed at the beginning of each step, enabling any changes to be maintained across steps. You can add Rover to your $PATH using $BASH_ENV like this:
1echo 'export PATH=$HOME/.rover/bin:$PATH' >> $BASH_ENVAfter you install Rover and modify the $BASH_ENV as shown, Rover should work like normal.
Full example
1# Use the latest 2.1 version of CircleCI pipeline process engine. See: https://circleci.com/docs/2.0/configuration-reference
2version: 2.1
3
4jobs:
5 build:
6 docker:
7 - image: cimg/node:15.11.0
8 steps:
9 - run:
10 name: Install
11 command: |
12 # download and install Rover
13 curl -sSL https://rover.apollo.dev/nix/v0.37.0 | sh
14
15 # This allows the PATH changes to persist to the next `run` step
16 echo 'export PATH=$HOME/.rover/bin:$PATH' >> $BASH_ENV
17 - checkout
18 # after rover is installed, you can run it just like you would locally!
19 # only run this command with the `--background` flag if you have the Apollo Studio GitHub integration enabled on your repository
20 - run: rover graph check my-graph@prod --schema ./schema.graphql --backgroundGitHub
build.environment by name and set build.env variables using the saved secrets.Apollo-provided GitHub Actions
Apollo provides a GitHub Action to run Rover commands for all CI/CD-relevant commands. For full documentation of the parameters of the GitHub Action, see the GitHub Marketplace listing for each:
Full example using the Apollo-provided GitHub Actions
1name: Rover Actions
2
3# Controls when the action will run. Triggers the workflow on push or pull request events
4on: [push, pull_request]
5
6# A workflow run is made up of one or more jobs that can run sequentially or in parallel
7jobs:
8 # This workflow contains a single job called "build"
9 build:
10 # The type of runner that the job will run on
11 runs-on: ubuntu-latest
12
13 # https://docs.github.com/en/actions/reference/encrypted-secrets
14 # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsenv
15 env:
16 APOLLO_KEY: ${{ secrets.APOLLO_KEY }}
17 APOLLO_VCS_BRANCH: ${{ github.head_ref }}
18 APOLLO_VCS_COMMIT: ${{ github.event.pull_request.head.sha }}
19
20 steps:
21 # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
22 - uses: actions/checkout@v4
23
24 # Installs Rover into $PATH for use with subsequent steps
25 - uses: apollographql-gh-actions/install-rover@v1
26
27 # To run the schema check against your graph:
28 - uses: apollographql-gh-actions/rover-subgraph-check@v1
29 with:
30 apollo-key: ${{ secrets.APOLLO_KEY }}
31 # This could also be provided via an environment variable or GitHub Action variable
32 graph-ref: ${{ secrets.APOLLO_GRAPH_REF }}
33 name: subgraph-name
34 # If you use a code-first subgraph, you can generate the schema in another step for use with this action
35 schema: ./path/to/schema.graphql
36 # Only run this command with the `background` setting if you have the Apollo Studio GitHub integration enabled on your repository
37 background: true
38
39 # To run the linter on your subgraph schema:
40 - uses: apollographql-gh-actions/rover-subgraph-lint@v1
41 with:
42 apollo-key: ${{ secrets.APOLLO_KEY }}
43 # This could also be provided via an environment variable or GitHub Action variable
44 graph-ref: ${{ secrets.APOLLO_GRAPH_REF }}
45 name: subgraph-name
46 # If you use a code-first subgraph, you can generate the schema in another step for use with this action
47 schema: ./path/to/schema.graphql
48
49 # To publish the subgraph to Apollo Studio:
50 - uses: apollographql-gh-actions/rover-subgraph-publish@v1
51 with:
52 apollo-key: ${{ secrets.APOLLO_KEY }}
53 # This could also be provided via an environment variable or GitHub Action variable
54 graph-ref: ${{ secrets.APOLLO_GRAPH_REF }}
55 name: subgraph-name
56 # If you use a code-first subgraph, you can generate the schema in another step for use with this action
57 schema: ./path/to/schema.graphql
58
59 # If running the first time, you will need to pass the `routing-url` parameter to the publish action.
60 # This URL is used for the Apollo Router to route requests to your subgraph.
61 routing-url: http://localhost:4000/graphql
62 # If the routing-url is invalid for one reason or another, you can also pass the `allow-invalid-routing-url` parameter to the publish action.
63 allow-invalid-routing-url: true
64
65 # If you are publishing to a Connectors-based subgraph, you can pass the `no-url` parameter to the publish action, which is equivalent to passing "" to `routing-url` and true to `allow-invalid-routing-url`.
66 no-url: true
67
68 # To publish persisted queries to Apollo Studio:
69 # Using graph-ref:
70 - uses: apollographql-gh-actions/rover-persisted-queries-publish@v1
71 with:
72 apollo-key: ${{ secrets.APOLLO_KEY }}
73 graph-ref: ${{ secrets.APOLLO_GRAPH_REF }}
74 for-client-name: example-publish
75 manifest: ./path/to/persisted-queries-manifest.json
76 # Using graph-id and list-id:
77 - uses: apollographql-gh-actions/rover-persisted-queries-publish@v1
78 with:
79 apollo-key: ${{ secrets.APOLLO_KEY }}
80 graph-id: ${{ vars.APOLLO_GRAPH_ID }}
81 list-id: 1234-5678
82 for-client-name: example-publish
83 manifest: ./path/to/persisted-queries-manifest.jsonLinux/MacOS jobs using the curl installer
Normally when installing, Rover adds the path of its executable to your $PATH. However, GitHub Actions doesn't use the $PATH variable between run steps. This means that if you install Rover and try to run it in the next step, you get a command not found: rover error.
To fix this, you can append Rover's location to the $GITHUB_PATH variable. $GITHUB_PATH is similar to your system's $PATH variable, and additions to $GITHUB_PATH can be used across multiple steps. You can modify it like this:
1echo "$HOME/.rover/bin" >> $GITHUB_PATHFull example
1# .github/workflows/check.yml
2
3name: Check Schema
4
5# Controls when the action will run. Triggers the workflow on push or pull request events
6on: [push, pull_request]
7
8# A workflow run is made up of one or more jobs that can run sequentially or in parallel
9jobs:
10 # This workflow contains a single job called "build"
11 build:
12 # The type of runner that the job will run on
13 runs-on: ubuntu-latest
14
15 # https://docs.github.com/en/actions/reference/environments
16 environment: apollo
17
18 # https://docs.github.com/en/actions/reference/encrypted-secrets
19 # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsenv
20 env:
21 APOLLO_KEY: ${{ secrets.APOLLO_KEY }}
22 APOLLO_VCS_BRANCH: ${{ github.head_ref }}
23 APOLLO_VCS_COMMIT: ${{ github.event.pull_request.head.sha }}
24
25 # Steps represent a sequence of tasks that will be executed as part of the job
26 steps:
27 # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
28 - uses: actions/checkout@v4
29
30 - name: Install Rover
31 run: |
32 curl -sSL https://rover.apollo.dev/nix/v0.37.0 | sh
33
34 # Add Rover to the $GITHUB_PATH so it can be used in another step
35 # https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#adding-a-system-path
36 echo "$HOME/.rover/bin" >> $GITHUB_PATH
37 # only run this command with the `--background` flag if you have the Apollo Studio GitHub integration enabled on your repository
38 - name: Run check against prod
39 run: |
40 rover graph check my-graph@prod --schema ./test.graphql --backgroundDisplaying schema check results on GitHub pull requests
If you use GitHub Actions to automatically run schema checks on every pull request as shown below, you can install the Apollo Studio GitHub app to provide links to the results of those checks alongside your other pull request checks:
To display schema check results on pull requests correctly, you need to make sure Rover associates the schema check execution with the pull request's HEAD commit, as opposed to the merge commit that GitHub adds. To guarantee this, set the APOLLO_VCS_BRANCH and APOLLO_VCS_COMMIT environment variables in your action's configuration, like so:
1env:
2 APOLLO_VCS_BRANCH: ${{ github.head_ref }}
3 APOLLO_VCS_COMMIT: ${{ github.event.pull_request.head.sha }}Bitbucket Pipelines
The following is a full example configuration for Bitbucket Pipelines. It shows how to:
Run
rover subgraph checkfor each commit on all branchesRun
rover subgraph publishto keep the schema definition of yourmainbranch in-sync with a base variant (@localin this case)
The example uses the following Pipeline Repository Variables to make the pipeline configuration portable across different repositories:
APOLLO_KEYAPOLLO_SUBGRAPH_NAME, which represents the name of the subgraph you're running schema checks forAPOLLO_LOCAL_PORT, which represents the port number of the base variant
Full example
1# ./bitbucket-pipelines.yml
2
3image: node
4
5definitions:
6 steps:
7 - step: &rover-subgraph-check
8 name: "[Rover] Subgraph Check"
9 caches:
10 - node
11 script:
12 - 'echo "Subgraph name: $APOLLO_SUBGRAPH_NAME"'
13 - npx -p @apollo/rover@latest
14 rover subgraph check my-graph@prod
15 --name $APOLLO_SUBGRAPH_NAME
16 --schema ./schema.graphql
17
18 - step: &local-publish
19 name: "[Rover] @local publish (sync with main/master)"
20 caches:
21 - node
22 script:
23 - 'echo "Subgraph name: $APOLLO_SUBGRAPH_NAME"'
24 - 'echo "Local variant port: $APOLLO_LOCAL_PORT"'
25
26 - npx -p @apollo/rover@latest
27 rover subgraph publish my-graph@local
28 --name $APOLLO_SUBGRAPH_NAME
29 --schema ./schema.graphql
30 --routing-url http://localhost:$APOLLO_LOCAL_PORT/graphql
31
32pipelines:
33 default:
34 - step: *rover-subgraph-check
35
36 branches:
37 "{main,master}":
38 - step: *rover-subgraph-check
39 - step: *local-publishJenkins
To set up Rover for use with Jenkins, first consider which type of Jenkins agent you'll use in your pipelines. The samples below demonstrate a golang pipeline that uses Docker, but you can modify them to meet your specific needs.
Distributed builds via the node agent
If you're running a distributed build system using the node agent type, make sure that Rover is installed on all machines either as part of a baseline image or via a setup script. Also make sure it's available globally via the PATH environment variable.
Pipelines using Docker
If you're using Rover with a Docker-enabled pipeline, note the following additional considerations:
$PATH issues
Normally when installing, Rover adds the path of its executable to your $PATH. However, Jenkins doesn't persist the $PATH variable between runs of sh steps, because each sh block runs as its own process. This means that if you install Rover and try to run it in the next step, you get a command not found: rover error. This is functionally similar to the CircleCI note, but the resolution is different.
To avoid this issue, do one of the following:
Use the script, but reference
roverby its full path ($HOME/.rover/bin/rover)Download the latest release via
cURLand extract the binary. This downloads Rover0.37.0for Linux x86 architectures:Text1curl -L https://github.com/apollographql/rover/releases/download/v0.37.0/rover-v0.37.0-x86_64-unknown-linux-gnu.tar.gz | tar --strip-components=1 -zxv
Permission issues
If you run into permissions issues within Docker, you can resolve many of them by creating a user to run the install and build processes. The example Dockerfile below shows how to accomplish this with a specific Docker image for your Jenkins build pipeline:
1FROM golang:1.18
2RUN useradd -m rover && echo "rover:rover" | chpasswd
3USER rover
4RUN curl -sSL https://rover.apollo.dev/nix/latest | shJenkinsfile Configuration
After you've installed Rover appropriately, you can execute the rover command within a sh step, as shown in the example configuration below. Because rover outputs logs via stderr and emits proper status codes, it generates build errors if the rover subgraph check command fails.
We recommend passing arguments to rover commands via environment variables. This enables you to reuse large portions of your pipeline, making it faster to onboard new subgraphs without rewriting code.
Additionally, we strongly recommend passing in the APOLLO_KEY by using a Jenkins credential and referencing it using credentials(key_name) within your jenkinsfile. An example of this is below.
1pipeline {
2 agent {
3 dockerfile {
4 filename './build_artifacts/Dockerfile'
5 }
6
7 }
8 stages {
9 stage('Rover Check') {
10 steps {
11 sh '''echo "Subgraph: $APOLLO_SUBGRAPH_NAME
12 $HOME/.rover/bin/rover subgraph check $APOLLO_GRAPH_REF --name $APOLLO_SUBGRAPH_NAME --schema $SCHEMA_PATH'''
13 }
14 }
15
16 stage('Build') {
17 steps {
18 sh 'go build .'
19 }
20 }
21
22 stage('Go Test') {
23 steps {
24 sh 'go test ./... -v'
25 }
26 }
27
28 stage('Schema Publish to Dev') {
29 when {
30 expression { env.BRANCH_NAME == 'main' }
31 }
32 steps {
33 sh '$HOME/.rover/bin/rover subgraph publish $APOLLO_GRAPH_REF --name $APOLLO_SUBGRAPH_NAME --schema $SCHEMA_PATH'
34 }
35 }
36
37 }
38 environment {
39 APOLLO_KEY = credentials('apollo_key')
40 APOLLO_SUBGRAPH_NAME = 'products'
41 APOLLO_CONFIG_HOME = '~/.config/rover'
42 SCHEMA_PATH = './graph/schema.graphqls'
43 APOLLO_GRAPH_REF = 'ApolloJenkins@dev'
44 }
45}Gitlab
Since there isn't any official Docker image for Rover, we can use the debian:stable-slim as a base image. All you need to do is fetch the source via cURL, add the executable to the PATH variable, then publish your subgraphs.
1push_subgraphs:
2stages:
3 - publish_subgraphs
4
5publish_subgraphs:
6 stage: publish_subgraphs
7 image: debian:stable-slim
8 retry: 1 # to retry if any connection issue or such happens
9 before_script:
10 - apt-get update && apt-get install curl -y
11 script:
12 - curl -sSL https://rover.apollo.dev/nix/latest | sh # Install the latest version of Rover
13 - export PATH="$HOME/.rover/bin:$PATH" # Manually add it to the ruuner PATH
14 - export APOLLO_KEY=$APOLLO_FEDERATION_KEY
15 - rover subgraph publish $APOLLO_GRAPH_REF --name $APOLLO_SUBGRAPH_NAME --schema $SCHEMA_PATHUsing With npm/npx
If you're running in a Node.js workflow, it might be easier to use the NPM distribution of Rover. This way, you don't need to adjust the PATH at all to run Rover, and it might fit better into your existing workflow.
You can use Rover by adding it to your package.json dependencies using these instructions and then execute it using npm scripts, similar to other workflows you might already have. If you don't want to install Rover as a dependency, you can run it with npx by using the -p flag:
--background flag if you have the Apollo Studio GitHub integration enabled on your repository.1npx -p @apollo/rover rover graph check my-graph@prod --schema=./schema.graphql --background