https://infracost.io logo
Join Slack
Powered by
This message was deleted.
# general
b
This message was deleted.
m
hey stevie, could you share the current github action workflow you’ve setup.
passing the terragrunt binary and path reference as you’ve done in the config file should work
I’m just wondering if the 
tfplan
has been lost in between steps - or the tfdir context is incorrect
p
Copy code
---      # Run Terraform via Terragrunt
      # Requires ENV variable ACCOUNT to be set
      - name: Run Terraform
        env:
          ACCOUNT: ${{ env.AWS_ACCOUNT }}
          CONFIG_PATH: terraform/${{ env.AWS_ACCOUNT }}
          SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_PRIVATE_KEY }}
        run: |-
          echo "Add ssh key to access private github repo for terraform modules\n";
          source ./scripts/terragrunt/ssh-agent.source;
          scripts/terragrunt/init_terraform_plugins.sh
          echo "Run Terraform via Terragrunt\n";
          scripts/terragrunt/run_terragrunt run-all plan --terragrunt-non-interactive
      - name: Create infracost config to reuse terraform.tfplan
        run: |
          cfgfile="/tmp/infracost-config.yml"

          # write the infracost config file header
          echo -e "version: 0.1\n\nprojects:\n" > $cfgfile

          # Loop through plans and create Infracost config file
          planfiles=($(find ${GITHUB_WORKSPACE} -name "terraform.tfplan" | tr '\n' ' '))
          for planfile in "${planfiles[@]}"; do
            echo "Adding $planfile to infracost config";
            echo -e "  - path: $planfile\n    terraform_binary: terragrunt" >> $cfgfile
          done

          # export config file name to Github env
          # use it in the next step as env.infracost_configfile
          echo "infracost_configfile=$cfgfile" >> $GITHUB_ENV
          echo "infracost_comment_tag=$GITHUB_WORKFLOW" >> $GITHUB_ENV
      - name: Setup Infracost
        uses: infracost/actions/setup@v1
        with:
          api-key: ${{ secrets.INFRACOST_API_KEY }}
      - name: Run Infracost
        run: infracost breakdown --config-file=${{ env.infracost_configfile}} --format=json --out-file=/tmp/infracost.json
      - name: Post Infracost comment
        uses: infracost/actions/comment@v1
        with:
          path: /tmp/infracost.json
          tag: ${{ env.infracost_comment_tag }}
          behavior: update # Create a single comment and update it.
The terraform-plan files are generated via a terragrunt option.
Like this:
Copy code
terraform {
  extra_arguments "plan_args" {
    commands = ["plan"]
    arguments = concat(
      [
        "-lock=false" # do not lock on plan - useful in CI to use plan to validate code
      ],
      tobool(get_env("CI", "false")) ? ["-out", "${get_terragrunt_dir()}/terraform.tfplan"] : [] # in github actions autogenerate plan into terragrunt dir to be used by infracosts
    )
  }
}
I want to use terragrunt, because terragrunt assumes into an iam role, which is required to read the terraform state
m
ok got it
p
Another option would be, if 
terraform show …
is not accessing the state.
but it looks that 
terraform show
has no options to skip state access
m
ok thanks stevie - we’re taking a peek at this now - I’ll get back to you asap on a potential fix
p
thanks
m
so we’re thinking that the potentially the best/easiest solution to this is to transform the plan to a plan.json file
in your 
Create infracost config to reuse terraform.tfplan
step you could modify it to something like so:
Copy code
planfiles=($(find ${GITHUB_WORKSPACE} -name "terraform.tfplan" | tr '\n' ' '))
    for planfile in "${planfiles[@]}"; do
       scripts/terragrunt/run_terragrunt show -json > "${planfile}.json"
       echo "Adding $planfile.json to infracost config";
       echo -e "  - path: $planfile.json\n    terraform_binary: terragrunt" >> $cfgfile
done
where the 
run_terragrunt
script would be performing something like 
terrform show
FYI you may also need to pass the dir context with something like;
Copy code
scripts/terragrunt/run_terragrunt show -json > "${planfile}.json" --terragrunt-working-dir="$(dirname "$planfile")"
also @plain-ocean-92335 if you want to jump on a call, please let me know, might be easier to go over this live rather than async. Give me a shout it that helps
p
Ok, so in a nutshell, I can not override 
infracosts breakdown
command to use terragrunt?
I would mark this solution as a workaround. Since I pre-generate the plan.json instead of the terraform-plan
I can implement this tomorrow.
m
you can use 
infracosts breakdown
to use terragrunt but it seems in this case that from the 
run_terragrunt
script we can’t seem to infer the terraform directory of the plan so infracost barfs. I think the most complete solution for this would be to allow you to specify dir context in the config file - but obviously this isn’t done yet (we can open an issue and work on this asap). In the meantime, converting the output to plan.json for the multiproject run should work, but if you have any issues please post again in this thread
p
I don’t see why our terragrunt wrapper script has an influence on 
infracost breakdown
. We point infracost to a directory where the terragrunt.hcl and the terraform.plan file exists. If we don’t use the plan file, infracosts autodetects that this is terragrunt.
l
time="2021-12-21T153131Z" level=info msg="Detected Terraform plan file at /home/runner/work/path/to/terraform.plan
what files are in 
/home/runner/work/path/to/
? - trying to work out why we can't find the context dir.
p
basically its a folder with 3 files used for terragrunt (multi project setup)
Copy code
terragrunt.hcl
.terraform.lock.hcl. # optional
terraform.plan
The first two files are from repository code, the plan is generated in a github action step
in the infracost config the path points to the terraform.plan file
15 Views
Open in Slack
PreviousNext
Powered by