https://infracost.io logo
#help
Title
# help
s

stale-needle-387

03/07/2024, 3:26 PM
I seem to remember seeing documentation about caching the Infracost artefacts (modules and baseline) a while ago when using the GitHub Action. Is this no longer recommended?
w

white-airport-8778

03/07/2024, 10:16 PM
@stale-needle-387 We’ve made big improvements to the CLI performance so I doubt it’s needed anymore. If you can use the free GH App then that’ll only run changed folders based on the GitHub App events, so for very large Terragrunt repos that works best. Is there something preventing you from using the GH App? I’ve seen users with 1K+ terragrunt projects in mono repos use the GH app.
s

stale-needle-387

03/07/2024, 10:48 PM
The primary concern with the GitHub App is we would need to provide that app read access to all of our repositories, as we have Terraform modules defined all over the place. This will likely be an issue for the security teams since there's a larger blast radius if (and I know it's unlikely) your GitHub app tokens get compromised. The CLI keeps everything in our environment, which makes it a much easier sell to use new tools.
It's a possibility to use the GitHub app, but more hoops to jump through
w

white-airport-8778

03/07/2024, 10:52 PM
Noted, yep the security review can take a bit of time but we usually pass them. Anyhow - if the main branch of your Terragrunt repo is running fairly quickly locally then it should be fine on GH Actions too.
s

stale-needle-387

03/07/2024, 10:53 PM
Our GitHub Actions runs take 20+ minutes for each test (so 40 minutes for the baseline and PR checks), hence the question about cache 🙂
(For reference) We may be able to use a larger GitHub Actions runner to speed things up, but cache would reduce the time by around 50%
w

white-airport-8778

03/07/2024, 11:00 PM
Even with the cache, 20mins seems very slow, we aim for ~1min runs on CI (we monitor the run times with GH and GitLab App runs to ensure things are fast).
Do you generate a plan JSON in GH Actions already? (not for infracost, but for your deployment pipelines)
s

stale-needle-387

03/07/2024, 11:03 PM
We do run a
plan
but don't output the plan file. It's something we could look to do, although we inherited a fairly janky pipeline running on ECS (that we have plans to replace in the next quarter)
w

white-airport-8778

03/07/2024, 11:05 PM
hmmm, honestly I’d go for the GH App approach as we can then write config files for you, and the perf issues would go away as we cache the main branch runs, and only run changed projects from the config file and GH event data for PRs.
s

stale-needle-387

03/07/2024, 11:06 PM
Yeah, I think that would be best, so long as we get security on-board. I just tried running Infracost locally on the main branch, and it crashed my system. Needed to set max parallelism 🤦‍♂️
w

white-airport-8778

03/07/2024, 11:07 PM
I’m confident we can pass security, we’ve done it many many times 🙂 We’re also SOC2 Type 2 certified, which is usually the first thing they look for
s

stale-needle-387

03/07/2024, 11:07 PM
Can the GitHub App can read private modules in another GitHub org (belonging to the same GitHub Enterprise)? Or allowing us to use our own SSH key would do the same.
w

white-airport-8778

03/07/2024, 11:09 PM
yep, you can enter your SSH or HTTPS credentials and it’ll use that to fetch the module depending on if it’s
Copy code
git@github.com:my-org
or
Copy code
<http://github.com/my-org|github.com/my-org>
s

stale-needle-387

03/07/2024, 11:11 PM
Awesome! I'll speak with the security team tomorrow! My next question was for info about the SOC2 cert, but I see that link has information
w

white-airport-8778

03/07/2024, 11:11 PM
yep, if you send an email to hello@infracost.io, my co-founder will respond, he’s on the chat here too (@early-queen-42970)
s

stale-needle-387

03/07/2024, 11:13 PM
I notice it's very late for you, so I think that's all my questions for now. Thank you! You may receive an email from someone tomorrow asking about information on security
w

white-airport-8778

03/07/2024, 11:13 PM
Happy to help - I know how frustrating slow CI/CD builds can be 😉
s

stale-needle-387

04/08/2024, 2:51 PM
Hey Ali Sorry to bring up such an old thread, but we are now in the same place again where we are wanting to implement the GitHub Actions cache. I have found some old examples and docs in your repo, but is there anything that has changed that has stopped this from working before we spend too long looking at it? Or was it removed simply because the GitHub app tends to be more suitable for most users, but should still work?
w

white-airport-8778

04/08/2024, 3:06 PM
Hey Robert, I think a few users got to success with GH Actions cache but the GH App was just much easier to setup so we removed the old cache example doc as it wasn’t being maintained anymore. This is the old doc - try it and it might work fine for your usecase.
2 Views