This project provides a set of GitHub Actions for Infracost, so you can see cloud cost estimates for Terraform in pull requests 💰

The following steps assume a simple Terraform directory is being used, we recommend you use a more relevant example if required.

1. Retrieve your Infracost API key by running infracost configure get api_key. We recommend using your same API key in all environments. If you don't have one, download Infracost and run infracost register to get a free API key.

2. Create a repo secret called INFRACOST_API_KEY with your API key.

3. Create required repo secrets for any cloud credentials that are needed for Terraform to run. If you have multiple projects/workspaces, consider using an Infracost config-file to define the projects.

   • Terraform Cloud/Enterprise users: if you use Remote Execution Mode, you should follow setup-terraform instructions to set the inputs cli_config_credentials_token, and cli_config_credentials_hostname for Terraform Enterprise.
   • AWS users: use aws-actions/configure-aws-credentials, the Terraform docs explain other options.
   • Azure users: the Terraform docs explain the options. The Azure/login GitHub Actions might also be useful; we haven't tested these with Terraform.
   • Google users: the Terraform docs explain the options, e.g. using GOOGLE_CREDENTIALS.

4. Create a new file in .github/workflows/infracost.yml in your repo with the following content.

   # The GitHub Actions docs (https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#on)
   # describe other options for 'on', 'pull_request' is a good default.
   on: [pull_request]
   jobs:
     infracost:
       runs-on: ubuntu-latest # The following are JavaScript actions (not Docker)
       env:
         working-directory: PATH/TO/TERRAFORM/CODE # Update this!
   
       name: Run Infracost
       steps:
         - name: Check out repository
           uses: actions/checkout@v2
   
         # Typically the Infracost actions will be used in conjunction with
         # https://github.com/hashicorp/setup-terraform. Subsequent steps
         # can run Terraform commands as they would in the shell.
         - name: Install terraform
           uses: hashicorp/setup-terraform@v1
           with:
             terraform_wrapper: false # This is recommended so the `terraform show` command outputs valid JSON
   
         # IMPORTANT: add any required steps here to setup cloud credentials so Terraform can run
   
         - name: Terraform init
           run: terraform init
           working-directory: ${{ env.working-directory }}
   
         - name: Terraform plan
           run: terraform plan -out tfplan.binary
           working-directory: ${{ env.working-directory }}
   
         - name: Terraform show
           run: terraform show -json tfplan.binary > plan.json
           working-directory: ${{ env.working-directory }}
   
         # Install the Infracost CLI, see https://github.com/infracost/actions/tree/master/setup
         # for other inputs such as version, and pricing-api-endpoint (for self-hosted users).
         - name: Setup Infracost
           uses: infracost/actions/setup@v1
           with:
             api-key: ${{ secrets.INFRACOST_API_KEY }}
   
         # Generate Infracost JSON output, the following docs might be useful:
         # Multi-project/workspaces: https://www.infracost.io/docs/features/config_file
         # Combine Infracost JSON files: https://www.infracost.io/docs/features/cli_commands/#combined-output-formats
         - name: Generate Infracost JSON
           run: infracost breakdown --path plan.json --format json --out-file /tmp/infracost.json
           working-directory: ${{ env.working-directory }}
           # Env vars can be set using the usual GitHub Actions syntax
           # See the list of supported Infracost env vars here: https://www.infracost.io/docs/integrations/environment_variables/
           # env:
           #   MY_ENV: ${{ secrets.MY_ENV }}
   
         # See https://www.infracost.io/docs/features/cli_commands/#comment-on-pull-requests for other options.
         - name: Post Infracost comment
           run: |
             # Posts a comment to the PR using the 'update' behavior.
             # This creates a single comment and updates it. The "quietest" option.
             # The other valid behaviors are:
             #   delete-and-new - Delete previous comments and create a new one.
             #   hide-and-new - Minimize previous comments and create a new one.
             #   new - Create a new cost estimate comment on every push.
             infracost comment github --path /tmp/infracost.json \
                                      --repo $GITHUB_REPOSITORY \
                                      --github-token ${{github.token}} \
                                      --pull-request ${{github.event.pull_request.number}} \
                                      --behavior update

5. 🎉 That's it! Send a new pull request to change something in Terraform that costs money. You should see a pull request comment that gets updated, e.g. the 📉 and 📈 emojis will update as changes are pushed!

   If there are issues, check the GitHub Actions logs and this page.

The examples directory demonstrates how these actions can be used in different workflows, including:

• Terraform directory: a Terraform directory containing HCL code
• Terraform plan JSON: a Terraform plan JSON file
• Terragrunt: a Terragrunt project
• Terraform Cloud/Enterprise: a Terraform project using Terraform Cloud/Enterprise
• Multi-project using config file: multiple Terraform projects using the Infracost config file
• Multi-project using build matrix: multiple Terraform projects using GitHub Actions build matrix
• Multi-Terraform workspace: multiple Terraform workspaces using the Infracost config file
• Private Terraform module: a Terraform project using a private Terraform module
• Slack: send cost estimates to Slack

Infracost policies enable centralized teams, who are often helping others with cloud costs, to provide advice before resources are launched, setup guardrails, and prevent human error. Follow our docs to use Infracost's native support for Open Policy Agent (OPA) policies. This enables you to see passing/failing policies in Infracost pull request comments (shown below) without having to install anything else.

If you use HashiCorp Sentinel, follow our example to output the policy pass/fail results into CI/CD logs.

We recommend you use the above quick start guide and examples, which combine the following individual actions:

• setup: downloads and installs the Infracost CLI in your GitHub Actions workflow.

• comment: adds comments to pull requests. This action is deprecated, please use infracost comment directly.
• get-comment: reads a comment from a pull request. This action is deprecated.

Issues and pull requests are welcome! For development details, see the contributing guide. For major changes, including interface changes, please open an issue first to discuss what you would like to change. Join our community Slack channel, we are a friendly bunch and happy to help you get started :)

Apache License 2.0