This message was deleted.
# general
b
This message was deleted.
👋 2
f
Copy code
workflows:
  terragrunt:
    plan:
      steps:
      - env:
          name: TERRAGRUNT_TFPATH
          command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
      - env:
          name: TF_CLI_ARGS
          value: "-no-color"
      - run: terragrunt plan -out $PLANFILE >/dev/null 2>$PLANFILE.err || ! cat $PLANFILE.err
      - run: terragrunt show $PLANFILE 2>/dev/null
      - env:
          name: INFRACOST_TERRAFORM_BINARY
          command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
      - run: "/home/atlantis/infracost_atlantis_diff.sh"
    apply:
      steps:
      - env:
          name: TERRAGRUNT_TFPATH
          command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
      - env:
          name: TF_CLI_ARGS
          value: "-no-color"
      - run: terragrunt apply $PLANFILE
This is our current approach
Would be happy if someone can suggest! Thanks in advance!
m
Hey @famous-ocean-61698 - I’m just having a peek at the
infracost_atlantis_diff.sh
to refresh my memory what we do here
🙏 1
@famous-ocean-61698 If you’re looking to get a combined comment i’d recommend adding the
infracost breakdown
step in your
plan
stage and using the
post-workflow
hook. This is easier as it solves you having issues with resolving plan files in a separate workflow step. Using
infracost comment
in a
post-workflow
hook has glob support so it’s much easier to combine into a single comment when all the files have been built.
e.g.
--path /tmp/*-infracost.json
f
Yeah.. But if I would use
post-workflow
hook. And will add a breakdown step to the existing workflow. Would it mean what comment will be posted only after the whole workflow is finished even with apply step?
m
yes
so what is your use case - I can see you currently have this plan and apply running no matter what?
We normally see that
apply
stage is one with a manual confirmation
e.g. someone triggers that using a comment on a
PR
.
f
Its our case as well
m
hmm
I believe the
post_workflow
hook is only executed after all non confirmed steps. Let me just confirm that.
f
Thanks!
m
@famous-ocean-61698 So
apply
step is external to
post_workflow_hooks
. In your case the
post_workflow_hook
will run after
plan
has finished
so I think it’s the best option for you
f
Great thank you very much 😄
🙌 1
1
@mysterious-teacher-68276 Hey Hugo. Sorry to bother you again, but quick question. If I will specify my workflow here, would it be the default workflow for all repos right? At least this impression which I got after reading atlantis documentation. Problem is that we have a lot of workflows and infracost is used only in one of them. Any hints on how to overcome it from infracost perspective?
Copy code
repos:
 - id: /.*/
  workflow: terraform-infracost
m
Morning @famous-ocean-61698
let me just double check
f
Thank you very much and sorry for bothering 😄
m
no probs
🙌 1
so just to clarify - you use infracost in one “repo”?
In which case you would do something like so:
Copy code
repos:
  - id: <http://github.com/your-org/infracost-repo|github.com/your-org/infracost-repo>
    workflow: terraform-infracost
  - id:  /.*/
    workflow: another-workflow-that-all-repos-use
Copy code
workflows:
  terraform-infracost:
    plan:
      steps:
        ...
        - run: infracost breakdown
  another-workflow-that-all-repos-use: 
    plan:
      ...
f
In multiple repos but its define in projects.
So like terragrunt (with Infracost) is our default workflow for the whole project. But some repos have an exception. I guess this should work out of box since there is more granular settings on project level…
I will give it try and we will see
m
So i’d recommend just setting different workflows on a per repo basis then
👍 1
f
Thanks will try this out!
m
you can also set a different workflow to run in the repository itself using the
atlantis.yml
e.g: server config:
Copy code
- id: /.*/
  workflow: my-default-workflow
  allowed_overrides: [workflow]
repo
atlantis.yml
Copy code
version: 3
automerge: true
delete_source_branch_on_merge: true
projects:
  - name: my-project-name
    dir: .
    workflow: my-specific-workflow
so this might fit your usecase better
f
Yep this is what actually Im trying to do 😄 Thanks!
🙌 1
So I tried to use option with separate comments and step in to issue with
infracost breakdown
.
Copy code
exit status 1: running "infracost breakdown --path=$PLANFILE \\\n                    --format=json \\\n                    --log-level=info \\\n                    --out-file=$INFRACOST_OUTPUT\n" in "/atlantis-data/repos/us-east-1/s3": 
time="2022-03-11T12:58:55Z" level=info msg="Detected Terraform plan file at /atlantis-data/us-east-1/s3/default.tfplan"
time="2022-03-11T12:58:55Z" level=info msg="Starting: Running terraform show"
Copy code
workflows:
  terragrunt:
    plan:
      steps:
      - env:
          name: TERRAGRUNT_TFPATH
          command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
      - env:
          name: TF_CLI_ARGS
          value: "-no-color"
      - env:
          name: INFRACOST_OUTPUT
          command: 'echo "/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-${REPO_REL_DIR//\//-}-infracost.json"'
      - env:
          name: INFRACOST_COMMENT_TAG
          command: 'echo "$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-${REPO_REL_DIR//\//-}"'
      - run: terragrunt plan -out $PLANFILE >/dev/null 2>$PLANFILE.err || ! cat $PLANFILE.err
      - run: terragrunt show $PLANFILE 2>/dev/null
      - run: |
          infracost breakdown --path=$PLANFILE \
                              --format=json \
                              --log-level=info \
                              --out-file=$INFRACOST_OUTPUT
      - run: |
          infracost comment github --repo $BASE_REPO_OWNER/$BASE_REPO_NAME \
                                  --pull-request $PULL_NUM \
                                  --path $INFRACOST_OUTPUT \
                                  --github-token $ATLANTIS_GH_TOKEN \
                                  --tag $INFRACOST_COMMENT_TAG \
                                  --behavior update
    apply:
      steps:
      - env:
          name: TERRAGRUNT_TFPATH
          command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
      - env:
          name: TF_CLI_ARGS
          value: "-no-color"
      - run: terragrunt apply $PLANFILE
Any hint what went wrong with breakdown?
m
it seems like the logs are truncated so I can’t see what’s gone wrong. Could you rerun with
log-level=debug
👍 1
f
seems the issue is related to tf module source. But this breaks only
infracost breakdown
. Atlantis publishing plan ok. Maybe its related to terragrunt somehow?
Copy code
exit status 1: running "infracost breakdown --path=$PLANFILE \\\n          --format=json \\\n          --log-level=info \\\n          --out-file=$INFRACOST_OUTPUT\n" in "/atlantis-data/repos/productboard/pb-infrastructure/828/default/aws/pb-staging-793677888466/us-east-1/s3": 
time="2022-03-11T13:45:34Z" level=info msg="Detected Terraform plan file at /atlantis-data/repos/productboard/pb-infrastructure/828/default/aws/pb-staging-793677888466/us-east-1/s3/default.tfplan"
time="2022-03-11T13:45:34Z" level=info msg="Starting: Running terraform show"

 Terraform command failed with:
  Error: Module source has changed
   on <http://developer-productboard-info.tf|developer-productboard-info.tf> line 2, in module "developer-productboard-info":
    2:  source = "terraform-aws-modules/s3-bucket/aws"
  The source address was changed since this module was installed. Run
  "terraform init" to install all modules required by this configuration.
  Error: Module source has changed

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
 + create

Terraform will perform the following actions:
Will try with debug level on Monday… Sorry for bothering 🙂
m
@famous-ocean-61698 I think the issue is your passing the
planfile
to the breakdown
this should be the $SHOWFILE instead
f
Ok will try to adjust!
m
so:
I believe with terragrunt:
Copy code
terragrunt show -json $PLANFILE > $SHOWFILE
then using:
Copy code
- run: |
          infracost breakdown --path=$SHOWFILE \
                              --format=json \
                              --log-level=info \
                              --out-file=$INFRACOST_OUTPUT
would do the trick
f
Thank you very much
Managed to make it work 🙂 Thanks a lot for all your help.
m
good job
f
Just visual question 😄 (I promise last one). Now comment is posted in PR before atlantis plan comment… Is where anyway to post it after? Its would looks nicer 😄
m
hmm, good question, I don’t believe there is any support for this currently in
infracost comment
. However, it’s a good idea and maybe something we can incorporate. Though I’m unsure how we would identify the atlantis comment (we use special markdown tags to identify infracost comments)
👍 1
@famous-ocean-61698 , @crooked-daybreak-55253 pointed out something useful that I hadn’t spotted in your
infracost comment
step. You’re using
--behavior update
which will cause the comment to be posted once and updated every re-run,
--behavior new
or
--behavior hide-and-new
might be better for you.
hide-and-new
removes prior comment and posts a new one &
new
just adds a new comment. These are less likely to get lost in atlantis comment noise
f
@mysterious-teacher-68276 Yeah I already adjusted that. Because initially in documentation its says update is quitest one 😄 So I thought its will be the best but not.
🙌 1
m
yeah it is the best option for everything outside of atlantis!