bulky-pizza-7116
11/15/2022, 11:03 AMinfracost:
stage: infracost
dependencies:
- checkov
- tfsec
image:
name: infracost/infracost:ci-0.10
entrypoint: [""]
script:
# Clone the base branch of the pull request (e.g. main/master) into a temp directory.
- git clone $CI_REPOSITORY_URL --branch=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --single-branch /tmp/base
# Generate an Infracost cost snapshot from the comparison branch, so that Infracost can compare the cost difference.
- |
infracost breakdown --path=/tmp/base/${TF_ROOT} \
--format=json \
--out-file=infracost-base.json
# Generate an Infracost diff and save it to a JSON file.
- |
infracost diff --path=${TF_ROOT} \
--compare-to=infracost-base.json \
--format=json \
--out-file=infracost.json
- |
infracost comment gitlab --path=infracost.json \
--repo=$CI_PROJECT_PATH \
--merge-request=$CI_MERGE_REQUEST_IID \
--gitlab-server-url=$CI_SERVER_URL \
--gitlab-token=$GITLAB_TOKEN \
--behavior=update
variables:
INFRACOST_API_KEY: $INFRACOST_API_KEY
GITLAB_TOKEN: $GITLAB_TOKEN # With `api` scope to post merge request comments
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
busy-agent-35515
11/15/2022, 11:26 AMbulky-pizza-7116
11/15/2022, 11:31 AMbusy-agent-35515
11/15/2022, 11:39 AMbulky-pizza-7116
11/15/2022, 11:49 AMbusy-agent-35515
11/15/2022, 11:52 AM$INFRACOST_API_KEY
to the container. For example, in Windows I'd need to use $env:INFRACOST_API_KEY
insteadbulky-pizza-7116
11/15/2022, 1:14 PMbusy-agent-35515
11/15/2022, 1:16 PM