Setup infracost #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Generate Infra cost report | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, closed] | |
| push: | |
| branches: | |
| - main | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| jobs: | |
| infracost-pull-request-checks: | |
| name: Infracost Pull Request Checks | |
| if: github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write # Required to post comments | |
| steps: | |
| - name: Setup Infracost | |
| uses: infracost/actions/setup@v3 | |
| with: | |
| api-key: ${{ secrets.INFRACOST_API_KEY }} | |
| - name: Checkout base branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: '${{ github.event.pull_request.base.ref }}' | |
| - name: Generate Infracost cost estimate baseline | |
| run: | | |
| infracost breakdown --path=terraform/ \ | |
| --format=json \ | |
| --out-file=/tmp/infracost-base.json | |
| - name: Checkout PR branch | |
| uses: actions/checkout@v4 | |
| - name: Generate Infracost diff | |
| run: | | |
| infracost diff --path=terraform/ \ | |
| --format=json \ | |
| --compare-to=/tmp/infracost-base.json \ | |
| --out-file=/tmp/infracost.json | |
| - name: Post Infracost comment | |
| run: | | |
| infracost comment github --path=/tmp/infracost.json \ | |
| --repo=$GITHUB_REPOSITORY \ | |
| --github-token=${{ github.token }} \ | |
| --pull-request=${{ github.event.pull_request.number }} \ | |
| --behavior=update | |
| infracost-default-branch-update: | |
| name: Infracost Default Branch Update | |
| if: github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'master') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup Infracost | |
| uses: infracost/actions/setup@v3 | |
| with: | |
| api-key: ${{ secrets.INFRACOST_API_KEY }} | |
| - name: Checkout main/master branch | |
| uses: actions/checkout@v4 | |
| - name: Run Infracost on default branch and update Infracost Cloud | |
| run: | | |
| infracost breakdown --path=terraform/ \ | |
| --format=json \ | |
| --out-file=infracost.json | |
| infracost upload --path=infracost.json || echo "Always pass main branch runs even if there are policy failures" | |
| # Update PR status in Infracost Cloud | |
| infracost-pull-request-status-update: | |
| name: Infracost PR Status Update | |
| if: github.event_name == 'pull_request' && github.event.action == 'closed' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Infracost PR Status Update | |
| run: | | |
| PR_STATUS="MERGED" | |
| if [[ ${{ github.event.pull_request.merged }} = false ]]; then PR_STATUS="CLOSED"; fi | |
| echo "Updating status of ${{ github.event.pull_request.html_url }} to $PR_STATUS" | |
| curl -i \ | |
| --request POST \ | |
| --header "Content-Type: application/json" \ | |
| --header "X-API-Key: $INFRACOST_API_KEY" \ | |
| --data "{ \"query\": \"mutation {updatePullRequestStatus( url: \\\"${{ github.event.pull_request.html_url }}\\\", status: $PR_STATUS )}\" }" \ | |
| "https://dashboard.api.infracost.io/graphql"; | |
| env: | |
| INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }} |