infracost / infracost-atlantis Goto Github PK
View Code? Open in Web Editor NEWAtlantis integration for Infracost. Shows cloud cost estimates for Terraform in pull requests.
Home Page: https://infracost.io
License: Apache License 2.0
Atlantis integration for Infracost. Shows cloud cost estimates for Terraform in pull requests.
Home Page: https://infracost.io
License: Apache License 2.0
A user mentioned the following, we should test the integration with latest version of Infracost and latest version of Atlantis to see if we can reproduce this:
I'm not sure if it's Infracost and the way it runs the Terraform commands or the newer version of Atlantis we installed when we enabled Infracost, but our Atlantis Plans/Applys show as failed in the GitHub comments now if either of these are true.
Warnings about targeted plan/apply
Deprecation warnings in the plan/apply
Within the bitbucket subsection we should remove the 261 line and put it right after the line 257. In the way it is, all apply workflows will be considered as failed because there'll be no files there when the run is executed.
See images with my tests.
With the config provided in repo
With the config changed
I just implemented infracost with Atlantis for a small POC and found that the json path is differently configured in different places. I used the docs here: https://github.com/infracost/infracost-atlantis/blob/master/examples/combined-infracost-comment/README.md#running-with-azure-repos
In the post workflow hook the path is --path /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM/'*'-infracost.json
while in the workflow the path is /tmp/${BASE_REPO_OWNER//\//-}-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-${REPO_REL_DIR//\//-}-infracost.json
.
Took me a while to see the issue, but in the post workflow hook a subdirectory is expected after the $PULL_NUM
while in the workflow a simple dash is configured. The other docs look correct, although I did not test them, only Azure DevOps has this typo it seems.
I'm following the docs, but I'm confuse about how to setup the post_workflow_hook
together with Terragrunt setup.
My repoConfig
:
repoConfig: |
repos:
- id: "/.*/"
workflow: terragrunt
pre_workflow_hooks: #TGENV and TFENV setup
- run: git clone --depth=1 https://github.com/tfutils/tfenv.git /home/atlantis/.tfenv && git clone https://github.com/cunymatthieu/tgenv.git /home/atlantis/.tgenv
- run: chmod -R +x .tgenv/bin .tfenv/bin
workflows:
terragrunt:
plan:
steps:
- env:
name: INFRACOST_OUTPUT
command: 'echo "/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM/$WORKSPACE-${REPO_REL_DIR//\//-}-infracost.json"'
- env:
name: TERRAGRUNT_TFPATH
command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
- env:
name: PATH #Set PATH of binaries of TGenv and TFenv at atlantis user /home
command: 'echo "${PATH}:${HOME}/.tgenv/bin:${HOME}/.tfenv/bin"'
- run: echo "Setup Terragrunt version if necessary"
- run: tgenv install
- run: echo "Running Terragrunt Plan now!"
- run: terragrunt plan -input=false -out=$PLANFILE
- run: terragrunt show -json $PLANFILE > $SHOWFILE
apply:
steps:
- env:
name: PATH
command: 'echo "${PATH}:${HOME}/.tgenv/bin:${HOME}/.tfenv/bin"'
- run: terragrunt apply -input=false $PLANFILE
Because in this example is about running with Terraform.
Someone can help to understand better?
After run the altantis plan
in my pull-request returns:
running "infracost breakdown --path=$PLANFILE --format=json --out-file=/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-$REPO_REL_DIR-infracost.json" in "/atlantis-data/repos/TiendaNube/terragrunt/47/default/providers/aws/linkedstore/stg/us-west-2/engenharia/sre/sqs-apresentacao": exit status 1: running "infracost breakdown --path=$PLANFILE --format=json --out-file=/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-$REPO_REL_DIR-infracost.json" in "/atlantis-data/repos/TiendaNube/terragrunt/47/default/providers/aws/linkedstore/stg/us-west-2/engenharia/sre/sqs-apresentacao":
time="2022-12-08T00:52:08Z" level=info msg="Detected Terraform plan binary file at /atlantis-data/repos/TiendaNube/terragrunt/47/default/providers/aws/linkedstore/stg/us-west-2/engenharia/sre/sqs-apresentacao/default.tfplan"
Error: Could not detect Terraform directory for /atlantis-data/repos/TiendaNube/terragrunt/47/default/providers/aws/linkedstore/stg/us-west-2/engenharia/sre/sqs-apresentacao/default.tfplan.
Either the current working directory or the plan file's parent directory must be a Terraform directory.
If the above does not work you can generate the plan JSON file with:
terraform show -json tfplan.binary > plan.json
and then run Infracost with --path=plan.json
[...]
Hello, I was configuring a post_workflow_hooks to add a comment on my PR with Infracost information, but nothing was happening. After debug for a while, I checked the WORKSPACE and REPO_REL_DIR variables were not avail on post_workflow_hooks, so Atlantis couldn’t find the path with the Infracost information to post the comment. My current setup is configured with Altantis + Terragrunt.
Here is some informations bellow:
terragrunt-infracost:
plan:
steps:
- env:
name: INFRACOST_OUTPUT
command: 'echo "/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-${REPO_REL_DIR//\//-}-infracost.json"'
- env:
name: TERRAGRUNT_TFPATH
command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
- run: terragrunt plan -out=$PLANFILE
- run: terragrunt show -json $PLANFILE > $SHOWFILE
post_workflow_hooks:
- run: |
echo "testing post_workflow_hooks for PR $PULL_NUM" >> /tmp/test.txt
echo "/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE/'*'-infracost.json"
# post_workflow_hooks are executed after the repo workflow has run.
# This enables you to post an Infracost comment with the combined cost output
# from all your projects. However, post_workflow_hooks are also triggered when
# an apply occurs. In order to stop commenting on PRs twice we need to check
# if the Infracost output directory created in our 'plan' stage exists before continuing.
echo "before if stage exists" >> /tmp/test.txt
echo "/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE" >> /tmp/test.txt
echo "WORKSPACE: $WORKSPACE" >> /tmp/test.txt
echo "REPO_REL_DIR: ${REPO_REL_DIR//\//-}" >> /tmp/test.txt
if [ ! -d "/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE" ]; then
exit 0
fi
echo "after if stage exists" >> /tmp/test.txt
# Choose the commenting behavior, 'new' is a good default:
# new: Create a new cost estimate comment on every run of Atlantis for each project.
# update: Create a single comment and update it. The "quietest" option.
# hide-and-new: Minimize previous comments and create a new one.
# delete-and-new: Delete previous comments and create a new one.
echo "before infracost comment" >> /tmp/test.txt
echo "--repo $BASE_REPO_OWNER/$BASE_REPO_NAME" >> /tmp/test.txt
echo "--pull-request $PULL_NUM" >> /tmp/test.txt
echo "--path /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE/'*'-infracost.json" >> /tmp/test.txt
echo "--github-token $GITHUB_TOKEN" >> /tmp/test.txt
infracost comment github --repo $BASE_REPO_OWNER/$BASE_REPO_NAME \
--pull-request $PULL_NUM \
--path /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE/'*'-infracost.json \
--github-token $GITHUB_TOKEN \
--behavior new
# remove the Infracost output directory so that `infracost comment` is not
# triggered on an `atlantis apply`
echo "before deleting foolder" >> /tmp/test.txt
rm -rf /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE
debug output:
bash-5.1$ cat test.txt
testing post_workflow_hooks for PR 175
before if stage exists
/tmp/org-respository-175-
WORKSPACE:
REPO_REL_DIR:
after if stage exists
before infracost comment
--repo org/repository
--pull-request 175
--path /tmp/org-repository-175-/'*'-infracost.json
--github-token 123456
As a workaround to solve this issue, I stoped using WORKSPACE on my infracost output and I created a single folder for my PR /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM/
with all outputs inside.
This feedback is from a user:
Sometimes infracost script silently fails our atlantis workflow without showing any exceptions and since we depend on Atlantis success plan before merge - it blocks our workflow.
Hello,
I am using Github App for Git Host authentication with Atlantis. I have private repo so ATLANTIS_WRITE_GIT_CREDS
is set to true
so that it write git credentials to /home/atlantis/.git-credentials
infracost comment github
should read from this file for the --github-token
value
Many of us will already be using policy_check to check the terraform plan output and run conftest against it.
There is a lack of documentation available on how to achieve both conftest on the terraform plan file and the infracost json output.
Though conftest makes available --combine
this is less than optimal as it would mean re-writing all existing policies to accommodate the combined input sources.
Thoughts?
'looks like its on v0.17.5
when using the infracost/infracost-atlantis:latest
image. The current atlantis release is v0.18.1
In the official integration docs, it shows a custom workflow with the following.
infracost comment github --repo $BASE_REPO_OWNER/$BASE_REPO_NAME \
--pull-request $PULL_NUM \
--path /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM/'*'-infracost.json \
--github-token $GITHUB_TOKEN \
--behavior new
I'd much rather omit the --github-token
and have infracost comment github
subcommand read the token from an environment variable. Is this possible today? If so, can we update the docs accordingly? If not, could this gh issue serve as a feature request to enable that?
Seems I have run into an issue configuring infracost to run with Terraform/Terragrunt. Following the docs here and basically adapting the config to work with GH.
Receiving the following error:
Error running post-workflow hooks exit status 1: running "infracost comment github --repo $BASE_REPO_OWNER/$BASE_REPO_NAME \\\n --pull-request $PULL_NUM \\\n --path /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM/'*'-infracost.json \\\n --github-token $ATLANTIS_GH_TOKEN \\\n --behavior hide-and-new\n" in "/home/atlantis/.atlantis/repos/foo/4532/default":
�[91mError:�[0m Error reading JSON file: open /tmp/foo-4532/*-infracost.json: no such file or directory
It looks like something doesn't quite look right with the flag syntax on the comment
command? I have looked and the /tmp/foo-4532
directory exists but not sure what else I'm missing.
Will arm image be supported?
Currently, only amd images seem to be supported.
This setting is already known by atlantis, infracost should scrape the atlantis server --default-tf-version=
setting, and use this for its binary.
Thanks!
is it possible to use the github app token instead of the the github token
Please see infracost/infracost#1179 to upvote ideas or provide feedback on what you'd like to see next
The latest atlantis release, version 0.27.3 resolves a problem where atlantis can't download terraform version 1.8.2. Can we please get an update to this image to use the latest atlantis release?
Currently there is no precise bitbucket example (unlike others like GH and Gitlab)
Ill try to work on this myself as im currently doing this integration
From the community slack:
jwr: unrelated to my initial problem, but speaking of docker tags... since there's only a :latest tag being offered, how do terraform upgrades work? would there be a scenario when a new :latest gets pushed and the TF version that we're pinned on becomes unavailable?
me: The infracost-atlantis image just does this, I doubt atlantis would remove those TF versions but you raise a good point, we should start to version the infracost-atlantis integration repo itself. There’s also this ticket so we pin the infracost CLI version too.
We can update this repo's Dockerfile to use the latest released version of infracost's atlantis_diff.sh, something like might help:
curl -s -L https://api.github.com/repos/infracost/infracost/releases/latest | jq '.tarball_url' | xargs curl -s -L | tar xz -C /tmp/infracost...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.