feat(iac): Update aws provider to ~> 5.95 #129
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Infracost | |
| on: | |
| pull_request: | |
| branches: [main] | |
| types: [opened, reopened, synchronize] | |
| paths: | |
| - iac/**/*.tf | |
| - iac/**/*.tfvars | |
| - iac/**/*.tftpl | |
| - iac/**/*.hcl | |
| permissions: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.repository }} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: iac | |
| jobs: | |
| infracost: | |
| name: Infracost Pull Request Checks | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Setup Infracost | |
| uses: infracost/actions/setup@e9d6e6cd65e168e76b0de50ff9957d2fe8bb1832 # v3.0.1 | |
| with: | |
| api-key: ${{ secrets.INFRACOST_API_KEY }} | |
| # Checkout the base branch of the pull request | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: ${{ github.event.pull_request.base.ref }} | |
| persist-credentials: false | |
| # Generate Infracost JSON file as the baseline. | |
| - name: Generate Infracost cost estimate baseline | |
| run: | | |
| infracost breakdown --path=. \ | |
| --format=json \ | |
| --out-file=/tmp/infracost-base.json | |
| # Checkout the current PR branch so we can create a diff. | |
| - name: Checkout PR branch | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| # Generate an Infracost diff and save it to a JSON file. | |
| - name: Generate Infracost diff | |
| run: | | |
| infracost diff --path=. \ | |
| --format=json \ | |
| --compare-to=/tmp/infracost-base.json \ | |
| --out-file=/tmp/infracost.json | |
| # Posts a comment to the PR using the 'update' behavior. | |
| - name: Post Infracost comment | |
| run: | | |
| infracost comment github --path /tmp/infracost.json \ | |
| --repo $GITHUB_REPOSITORY \ | |
| --github-token ${{ github.token }} \ | |
| --pull-request ${{ github.event.pull_request.number }} \ | |
| --behavior update \ | |
| --policy-path ${{ github.workspace }}/infracost/infracost-policy.rego |