hey there! trying to test out infracost in gitlab,...
# help
hey there! trying to test out infracost in gitlab, and seem to have everything working, problem is I am using dynamic parent child pipelines with terraform, and the merge request I'm testing on succesfully commented, but it says there are not changes when the terraform plan job stage says there is. any help or guidance on how to suss out what is happening?
Hi Lucas, have you seen this “matrix build” example? It sounds like you may need to do something similar to handle the child pipelines. The key points are: 1. use
infracost diff
to generate an
for each child and save it as an artifiact. 2. have a final step that calls
infracost comment gitlab
passing in all the previously generated jsons as the path (for example, as a glob
okay checking now. also trying to verify if my issue is because I haven't set a config file yet
ty for a response
any thoughts? getting this type of error, think I'm close though. This is in the top level pipeline trying to pickup the child artifacts and comment
Copy code
xecuting busybox-1.35.0-r17.trigger
OK: 85 MiB in 44 packages
$ echo -e "credentials \"$CI_SERVER_HOST\" {\n  token = \"$CI_JOB_TOKEN\"\n}" > $TF_CLI_CONFIG_FILE
$ infracost comment gitlab --path="infracost-*.json" \ # collapsed multi-line command
time="2023-11-02T20:44:20Z" level=info msg="Enabled policies V2"
time="2023-11-02T20:44:20Z" level=info msg="Enabled tag policies"
Post an Infracost comment to GitLab
  infracost comment gitlab [flags]
  Update comment on a merge request:
      infracost comment gitlab --repo my-org/my-repo --merge-request 3 --path infracost.json --gitlab-token $GITLAB_TOKEN
  Post a new comment to a commit:
      infracost comment gitlab --repo my-org/my-repo --commit 2ca7182 --path infracost.json --behavior delete-and-new --gitlab-token $GITLAB_TOKEN
      --behavior string            Behavior when posting comment, one of:
                                     update (default)  Update latest comment
                                     new               Create a new comment
                                     delete-and-new    Delete previous matching comments and create a new comment (default "update")
      --commit string              Commit SHA to post comment on, mutually exclusive with merge-request
      --dry-run                    Generate comment without actually posting to GitLab
      --gitlab-server-url string   GitLab Server URL (default "<https://gitlab.com>")
      --gitlab-token string        GitLab token
  -h, --help                       help for gitlab
      --merge-request int          Merge request number to post comment on, mutually exclusive with commit
  -p, --path stringArray           Path to Infracost JSON files, glob patterns need quotes
      --policy-path stringArray    Path to Infracost policy files, glob patterns need quotes (experimental)
      --repo string                Repository in format owner/repo
      --show-all-projects          Show all projects in the table of the comment output
      --show-skipped               List unsupported and free resources
      --tag string                 Customize hidden markdown tag used to detect comments posted by Infracost
      --debug-report       Generate a debug report file which can be sent to Infracost team
      --log-level string   Log level (trace, debug, info, warn, error, fatal)
      --no-color           Turn off colored output
Error: either --commit or --merge-request is required
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 1
this is what my pipeline job stage looks like
Copy code
  stage: infracost_comment
    # Always use the latest 0.10.x version to pick up bug fixes and new resources.
    # See <https://www.infracost.io/docs/integrations/cicd/#docker-images> for other options
    name: infracost/infracost:ci-0.10
    entrypoint: [""] # Override since we're running commands below
      - |
        infracost comment gitlab --path="infracost-*.json" \
                                --repo=$CI_PROJECT_PATH \
                                --merge-request=$CI_MERGE_REQUEST_IID \
                                --gitlab-server-url=$CI_SERVER_URL \
                                --gitlab-token=$GITLAB_TOKEN \

  when: manual
it looks like $CI_MERGE_REQUEST_IID isn’t set some for reason. Are you sure it’s a merge request pipeline? I see in the example we have
Copy code
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
ok will check
okay tried to push it over to merge request type and think it helped but running into other issues now. My infracost api key was working yesterday, but now as part of pipeline testing i'm cating the json file generated, and seeing errors
Copy code
{"code":0,"message":"Invalid API key\nPlease check your /root/.config/infracost/credentials.yml file or INFRACOST_API_KEY environment variable.\nIf you recently regenerated your API key, you can retrieve it from <https://dashboard.infracost.io>.\nSee <https://infracost.io/support> if you continue having issues.","data":null}]
even tried regenerating token from Ifracost dashboard today and putting in gitlab, and still getting that error. also still running into the artifacts/globbing issues
Copy code
$ echo -e "credentials \"$CI_SERVER_HOST\" {\n  token = \"$CI_JOB_TOKEN\"\n}" > $TF_CLI_CONFIG_FILE
$ infracost comment gitlab --path="infracost-*.json" \ # collapsed multi-line command
time="2023-11-03T15:10:07Z" level=info msg="Enabled policies V2"
time="2023-11-03T15:10:07Z" level=info msg="Enabled tag policies"
Error: could not load input file infracost-*.json err: Infracost JSON file does not exist, generate it by running the following command then try again:
infracost breakdown --path /code --format json --out-file infracost-base.json
does your api key work if you try it locally with the CLI?
about to test that
yeah it works
set it as local cli api key, and breakdown command worked
ok so it must be a problem with how it is set in the pipeline. looking at the example again:
Copy code
3. Create a project environment variable called INFRACOST_API_KEY with your API key. This should be masked. To make sure this can be used on all merge requests untick the 'Protect variable' option.
Maybe check that the protect variable is unticked?
yeah its good
hmm I’m not sure where it’s going wrong
hrrrmm, finishing up something, but I will try to add a lot more context in a few minutes here
or will that debug command be helpful
Do you have the variable defined in the pipeline properly? Something like
Copy code
Yeah will Verify tomorrow. Turned on debug logs but didn't find anything/unsure what to look for
yea I have it
Copy code
            "value": "$INFRACOST_API_KEY"
Are you able to output the value in debug just to double check that it’s set as expected?
will try