# Import from GraphQL Schema

:::info
This feature is only available to organizations that have subscribed to the Web application security assessment feature.
:::

To import endpoints based on a GraphQL schema, follow the steps below.

## Automatically Sync Schemas with GitHub Actions (Recommended)

### Set up GitHub Actions to Log in to Shisho Cloud

To allow your GitHub Actions workflow to log in to Shisho Cloud, you need to configure a few things in Shisho Cloud. First, go to the [Bot creation page](https://cloud.shisho.dev/*/settings/bots) in Shisho Cloud and create a new **Bot**. A bot is an entity that has permission to access Shisho Cloud organizations. Your GitHub Actions job will log in to Shisho Cloud as this bot.

![Bot creation screen](/docs/_md-assets/709014004f-create-bot.png)

Once you have created a bot, click on the bot name to go to the Trust Condition setting screen.

![Trust Condition Setting Screen](/docs/_md-assets/947bafca52-create-trust-condition.png)

A trust condition is a condition that a GitHub Actions job must meet in order to log in to Shisho Cloud as that bot. Enter the Organization and repository name of the GitHub repository where your workflow is stored. This will allow GitHub Actions jobs belonging to that repository to log in to Shisho Cloud as the bot you just created. Once you have entered the information, click the "Save" button.

### Register the GitHub Actions Workflow

A GitHub Actions workflow for automatic synchronization will look like this:

```yaml
name: "Sync the GraphQL Schema with Shisho Cloud"

permissions:
  contents: read
  id-token: write # Required to allow the workflow to log in to Shisho Cloud

on:
  push:
    branches:
      - main
    paths:
      # Path to the workflow file
      - .github/workflows/sync-graphql.yaml
      # FIXME: Replace with the path to the schema file you want to reference
      - docs/schema.graphql

jobs:
  sync:
    name: Sync
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install shishoctl
        run: |
          SHISHOCTL_URL="https://shisho.dev/releases/shishoctl-0.15.0-x86_64-unknown-linux-gnu"
          sudo curl -L $SHISHOCTL_URL -o /usr/local/bin/shishoctl
          sudo chmod +x /usr/local/bin/shishoctl

      - name: Sign in
        uses: flatt-security/shisho-cloud-action@v1
        with:
          # FIXME: The bot-id to be entered is described in the Trust Condition setting screen
          bot-id: "BTXXXXXXXXXXXXXXXXXXXXXXXXXX"

      - name: Sync with Shisho Cloud
        run: |
          shishoctl web-application collect-endpoints graphql \
            --org $ORG_ID \
            --app $APP_ID \
            --url $ENDPOINT_URL \
            --path $SCHEMA_PATH
        env:
          ORG_ID: ${{ vars.SHISHO_CLOUD_ORG_ID }}
          APP_ID: ${{ vars.SHISHO_CLOUD_APP_ID }}
          ENDPOINT_URL: ${{ vars.SHISHO_CLOUD_GRAPHQL_ENDPOINT_URL }}
          # FIXME: Replace with the path to the schema file you want to reference
          SCHEMA_PATH: docs/schema.graphql
```

Be sure to replace any occurrences of `FIXME` with the appropriate values.

Also, register the following variables in your GitHub repository. See the [GitHub official documentation](https://docs.github.com/ja/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#creating-configuration-variables-for-a-repository) for details on how to set them up.

- `SHISHO_CLOUD_ORG_ID` Organization ID
  - Included in the URL of the Shisho Cloud dashboard
  - `https://cloud.shisho.dev/{{ Organization ID }}/dashboard`
- `SHISHO_CLOUD_APP_ID` Application ID
  - Included in the URL of the application page
  - `https://cloud.shisho.dev/{{ Organization ID }}/applications/{{ Application ID }}`
- `SHISHO_CLOUD_GRAPHQL_ENDPOINT_URL` GraphQL endpoint URL to be used for scanning.

## Manually Import with the Web Console

First, go to the "Crawling Jobs" tab (`https://cloud.shisho.dev/[orgid]/applications/[appid]/jobs/find`) and click the "Crawl from Schema" button.

![Crawling Jobs tab](/docs/_md-assets/511a14ee8e-crawling-job-list-empty.png)

Next, select the "GraphQL Schema" tab in the sidebar that appears when you click the button.

After selecting the tab, enter the URL of your GraphQL endpoint in the "GraphQL Endpoint" field.

In addition, click "Click here or drag and drop a GraphQL Schema file to upload" or drag and drop your GraphQL Schema file to upload it.

![Sidebar (initial state)](/docs/_md-assets/56c5a56c41-upload-graphql-1.png)

When you upload a file, the contents of the uploaded GraphQL Schema file are displayed at the bottom of the form.

![Sidebar (after upload)](/docs/_md-assets/457d6f6ce8-upload-graphql-2.png)

If there are no problems with the displayed content, click the "Reserve" button at the bottom of the screen.

A few moments after you schedule the crawl job, Shisho Cloud will register the endpoint based on the URL you specified for the GraphQL endpoint and the contents of the uploaded GraphQL Schema file. When the job status is "Completed", open the "Endpoints" tab to confirm that the endpoint has been registered.