wave Hello team I am new at infra cost and facing the issue Infracost Community #help

$https://infracost.io logo$

:wave: Hello, team! - I am new at infra-cost and f...

mysterious-ability-32034

10/02/2024, 4:25 PM

👋 Hello, team! - I am new at infra-cost and facing the issue below:

Copy code

Error: The pull request comment was generated successfully but could not be posted:
Could not resolve to a Repository with the name 'argoXai/argus'.

Full logs enclosed. Thanks for your help!

busy-agent-35515

10/02/2024, 5:08 PM

Hello! It seems that your token is not allowed to access the repo. Here’s more about this https://github.com/infracost/actions?tab=readme-ov-file#permissions-issue

busy-agent-35515

10/02/2024, 5:12 PM

Copy code

permissions:
      contents: read
      pull-requests: write # Required to post comments

mysterious-ability-32034

10/02/2024, 5:16 PM

Thanks Vadim - yes I looked into this and added

pull-requests: write

But still facing the same issue, and my Org is not using SAML.

mysterious-ability-32034

10/02/2024, 5:17 PM

Here is my github workflow:

Copy code

# Infracost runs on pull requests (PR) and posts PR comments.
# If you use Infracost Cloud, Infracost also runs on main branch pushes so the dashboard is updated.
# The GitHub Action docs (<https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows>) describe other trigger options.
on:
  pull_request:
    types: [opened, synchronize, closed]
  push:
    branches:
      - main

env:
  # If you use private modules you'll need this env variable to use
  # the same ssh-agent socket value across all jobs & steps.
  SSH_AUTH_SOCK: /tmp/ssh_agent.sock
jobs:
  # This stage runs the Infracost CLI and posts PR comments.
  # It also updates PR comments when the PR is updated (synchronize event).
  infracost-pull-request-checks:
    name: Infracost Pull Request Checks
    if: github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize')
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write # Required to post comments
    env:
      # If you store Terraform variables or modules in a 3rd party such as TFC or Spacelift,
      # specify the following so Infracost can automatically retrieve them.
      # See <https://www.infracost.io/docs/features/terraform_modules/#registry-modules> for details.
      INFRACOST_TERRAFORM_CLOUD_TOKEN: ${{ secrets.INFRACOST_API_KEY }}
      INFRACOST_TERRAFORM_CLOUD_HOST: <http://app.terraform.io|app.terraform.io>
    steps:
      # If you use private modules, add an environment variable or secret
      # called GIT_SSH_KEY with your private key, so Infracost CLI can access
      # private repositories (similar to how Terraform/Terragrunt does).
      - name: add GIT_SSH_KEY
        run: |
             ssh-agent -a $SSH_AUTH_SOCK
             mkdir -p ~/.ssh
             echo "${{ secrets.GIT_SSH_KEY }}" | tr -d '\r' | ssh-add -
             ssh-keyscan <http://github.com|github.com> >> ~/.ssh/known_hosts

      - name: Setup Infracost
        uses: infracost/actions/setup@v3
        # See <https://github.com/infracost/actions/tree/master/setup> for other inputs
        # If you can't use this action, use Docker image infracost/infracost:ci-0.10
        with:
          api-key: ${{ secrets.INFRACOST_API_KEY }}

      # Checkout the base branch of the pull request (e.g. main/master).
      - name: Checkout base branch
        uses: actions/checkout@v4
        with:
          ref: '${{ github.event.pull_request.base.ref }}'

      # Generate Infracost JSON file as the baseline.
      - name: Generate Infracost cost estimate baseline
        run: |
          infracost breakdown --path=../../ \
                              --format=json \
                              --out-file=/tmp/infracost-base.json

      # Checkout the current PR branch, so we can create a diff.
      - name: Checkout PR branch
        uses: actions/checkout@v4

      # Generate an Infracost diff and save it to a JSON file.
      - name: Generate Infracost diff
        run: |
          infracost diff --path=../../ \
                          --format=json \
                          --compare-to=/tmp/infracost-base.json \
                          --out-file=/tmp/infracost.json

      # Posts a comment to the PR using the 'update' behavior.
      # This creates a single comment and updates it. The "quietest" option.
      # The other valid behaviors are:
      #   delete-and-new - Delete previous comments and create a new one.
      #   hide-and-new - Minimize previous comments and create a new one.
      #   new - Create a new cost estimate comment on every push.
      # See <https://www.infracost.io/docs/features/cli_commands/#comment-on-pull-requests> for other options.
      - name: Post Infracost comment
        run: |
            infracost comment github --path=/tmp/infracost.json \
                                     --repo=$GITHUB_REPOSITORY \
                                     --github-token=${{ secrets.TERRAFORM_PAT }} \
                                     --pull-request=${{ github.event.pull_request.number }} \
                                     --behavior=update

  # Run Infracost on default branch and update Infracost Cloud
  infracost-default-branch-update:
    # If you use private modules, or store Terraform variables or modules in a 3rd party
    # such as TFC or Spacelift, include the same steps/variables as the infracost-pull-request-checks job
    name: Infracost Default Branch Update
    if: github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'master')
    runs-on: ubuntu-latest
    steps:
      - name: Setup Infracost
        uses: infracost/actions/setup@v3
        with:
          api-key: ${{ secrets.INFRACOST_API_KEY }}

      - name: Checkout main/master branch
        uses: actions/checkout@v4

      - name: Run Infracost on default branch and update Infracost Cloud
        run: |
          infracost breakdown --path=../../ \
                    --format=json \
                    --out-file=infracost.json

          infracost upload --path=infracost.json || echo "Always pass main branch runs even if there are policy failures"

  # Update PR status in Infracost Cloud
  infracost-pull-request-status-update:
    name: Infracost PR Status Update
    if: github.event_name == 'pull_request' && github.event.action == 'closed'
    runs-on: ubuntu-latest
    steps:
    - name: Infracost PR Status Update
      run: |
        PR_STATUS="MERGED"
        if [[ ${{ github.event.pull_request.merged }} = false ]]; then PR_STATUS="CLOSED"; fi

        echo "Updating status of ${{ github.event.pull_request.html_url }} to $PR_STATUS"
        curl -i \
          --request POST \
          --header "Content-Type: application/json" \
          --header "X-API-Key: $INFRACOST_API_KEY" \
          --data "{ \"query\": \"mutation {updatePullRequestStatus( url: \\\"${{ github.event.pull_request.html_url }}\\\", status: $PR_STATUS )}\" }" \
          "<https://dashboard.api.infracost.io/graphql>";
      env:
        INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }}

busy-agent-35515

10/02/2024, 5:25 PM

Can you try replacing

${{ secrets.TERRAFORM_PAT }}

with

${{ github.token }}

busy-agent-35515

10/02/2024, 5:26 PM

The permission I mentioned works for the system token generated by GitHub -

github.token

. The one you pass in

TERRAFORM_PAT

might not have right permissions

mysterious-ability-32034

10/02/2024, 5:37 PM

yes thanks that was the fix ! 😁

busy-agent-35515

10/02/2024, 5:53 PM

Awesome!

6 Views

Open in Slack

Previous Next