{"id":13687260,"url":"https://github.com/infracost/actions","last_synced_at":"2025-05-15T03:08:34.570Z","repository":{"id":37943214,"uuid":"427451415","full_name":"infracost/actions","owner":"infracost","description":"GitHub Action for Infracost. See cloud cost estimates for Terraform in pull requests. šŸ’°šŸ“‰ Love your cloud bill! ","archived":false,"fork":false,"pushed_at":"2025-02-15T00:28:50.000Z","size":3751,"stargazers_count":248,"open_issues_count":13,"forks_count":35,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-05-11T15:52:16.414Z","etag":null,"topics":["actions","aws","azure","cost-estimation","finops","github-actions","google","infracost","terraform"],"latest_commit_sha":null,"homepage":"https://infracost.io","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/infracost.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-12T17:57:53.000Z","updated_at":"2025-04-28T18:49:39.000Z","dependencies_parsed_at":"2024-08-07T13:03:38.216Z","dependency_job_id":"82555c25-cb9f-4152-b390-c0ff147bd584","html_url":"https://github.com/infracost/actions","commit_stats":{"total_commits":191,"total_committers":13,"mean_commits":"14.692307692307692","dds":0.6544502617801047,"last_synced_commit":"9879cb563cf2cd3d3441c2264a70ce7bf69d9615"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infracost%2Factions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infracost%2Factions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infracost%2Factions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infracost%2Factions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/infracost","download_url":"https://codeload.github.com/infracost/actions/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254264771,"owners_count":22041794,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","aws","azure","cost-estimation","finops","github-actions","google","infracost","terraform"],"created_at":"2024-08-02T15:00:51.184Z","updated_at":"2025-05-15T03:08:29.554Z","avatar_url":"https://github.com/infracost.png","language":"JavaScript","funding_links":[],"categories":["google","JavaScript"],"sub_categories":[],"readme":"# Infracost GitHub Actions\n\n### Try the GitHub App\nšŸ‘‰šŸ‘‰ We recommend using the [**free Infracost GitHub App**](https://www.infracost.io/docs/integrations/github_app/) as it's much simpler to setup and faster to run\n\n---\n\nThis GitHub Action runs Infracost so you can see cloud cost estimates and FinOps best practices for Terraform in pull requests šŸ’°\n\n\u003cimg src=\".github/assets/pull-request.png\" alt=\"Example screenshot\" /\u003e\n\n## Quick start\n\n1. If you haven't done so already, [download Infracost](https://www.infracost.io/docs/#quick-start) and run `infracost auth login` to get a free API key.\n\n2. Retrieve your Infracost API key by running `infracost configure get api_key`.\n\n3. [Create a repo secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository) called `INFRACOST_API_KEY` with your API key.\n\n4. Create a new file in `.github/workflows/infracost.yml` in your repo with the following content.\n\n```yaml\n# Infracost runs on pull requests (PR) and posts PR comments.\n# If you use Infracost Cloud, Infracost also runs on main/master branch pushes so the dashboard is updated.\n# The GitHub Action docs (https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows) describe other trigger options.\non:\n pull_request:\n types: [opened, synchronize, closed]\n push:\n branches:\n - main\n - master\n\nenv:\n # If you use private modules you'll need this env variable to use\n # the same ssh-agent socket value across all jobs \u0026 steps.\n SSH_AUTH_SOCK: /tmp/ssh_agent.sock\njobs:\n # This stage runs the Infracost CLI and posts PR comments.\n # It also updates PR comments when the PR is updated (synchronize event).\n infracost-pull-request-checks:\n name: Infracost Pull Request Checks\n if: github.event_name == 'pull_request' \u0026\u0026 (github.event.action == 'opened' || github.event.action == 'synchronize')\n runs-on: ubuntu-latest\n permissions:\n contents: read\n pull-requests: write # Required to post comments\n # env:\n # If you store Terraform variables or modules in a 3rd party such as TFC or Spacelift,\n # specify the following so Infracost can automatically retrieve them.\n # See https://www.infracost.io/docs/features/terraform_modules/#registry-modules for details.\n # INFRACOST_TERRAFORM_CLOUD_TOKEN: ${{ secrets.TFC_TOKEN }}\n # INFRACOST_TERRAFORM_CLOUD_HOST: app.terraform.io\n steps:\n # If you use private modules, add an environment variable or secret\n # called GIT_SSH_KEY with your private key, so Infracost CLI can access\n # private repositories (similar to how Terraform/Terragrunt does).\n # - name: add GIT_SSH_KEY\n # run: |\n # ssh-agent -a $SSH_AUTH_SOCK\n # mkdir -p ~/.ssh\n # echo \"${{ secrets.GIT_SSH_KEY }}\" | tr -d '\\r' | ssh-add -\n # ssh-keyscan github.com \u003e\u003e ~/.ssh/known_hosts\n\n - name: Setup Infracost\n uses: infracost/actions/setup@v3\n # See https://github.com/infracost/actions/tree/master/setup for other inputs\n # If you can't use this action, use Docker image infracost/infracost:ci-0.10\n with:\n api-key: ${{ secrets.INFRACOST_API_KEY }}\n\n # Checkout the base branch of the pull request (e.g. main/master).\n - name: Checkout base branch\n uses: actions/checkout@v4\n with:\n ref: '${{ github.event.pull_request.base.ref }}'\n\n # Generate Infracost JSON file as the baseline.\n - name: Generate Infracost cost estimate baseline\n run: |\n infracost breakdown --path=. \\\n --format=json \\\n --out-file=/tmp/infracost-base.json\n\n # Checkout the current PR branch so we can create a diff.\n - name: Checkout PR branch\n uses: actions/checkout@v4\n\n # Generate an Infracost diff and save it to a JSON file.\n - name: Generate Infracost diff\n run: |\n infracost diff --path=. \\\n --format=json \\\n --compare-to=/tmp/infracost-base.json \\\n --out-file=/tmp/infracost.json\n\n # Posts a comment to the PR using the 'update' behavior.\n # This creates a single comment and updates it. The \"quietest\" option.\n # The other valid behaviors are:\n # delete-and-new - Delete previous comments and create a new one.\n # hide-and-new - Minimize previous comments and create a new one.\n # new - Create a new cost estimate comment on every push.\n # See https://www.infracost.io/docs/features/cli_commands/#comment-on-pull-requests for other options.\n - name: Post Infracost comment\n run: |\n infracost comment github --path=/tmp/infracost.json \\\n --repo=$GITHUB_REPOSITORY \\\n --github-token=${{ github.token }} \\\n --pull-request=${{ github.event.pull_request.number }} \\\n --behavior=update\n\n # Run Infracost on default branch and update Infracost Cloud\n infracost-default-branch-update:\n # If you use private modules, or store Terraform variables or modules in a 3rd party\n # such as TFC or Spacelift, include the same steps/variables as the infracost-pull-request-checks job\n name: Infracost Default Branch Update\n if: github.event_name == 'push' \u0026\u0026 (github.ref_name == 'main' || github.ref_name == 'master')\n runs-on: ubuntu-latest\n steps:\n - name: Setup Infracost\n uses: infracost/actions/setup@v3\n with:\n api-key: ${{ secrets.INFRACOST_API_KEY }}\n\n - name: Checkout main/master branch\n uses: actions/checkout@v4\n\n - name: Run Infracost on default branch and update Infracost Cloud\n run: |\n infracost breakdown --path=. \\\n --format=json \\\n --out-file=infracost.json\n\n infracost upload --path=infracost.json || echo \"Always pass main branch runs even if there are policy failures\"\n\n # Update PR status in Infracost Cloud\n infracost-pull-request-status-update:\n name: Infracost PR Status Update\n if: github.event_name == 'pull_request' \u0026\u0026 github.event.action == 'closed'\n runs-on: ubuntu-latest\n steps:\n - name: Infracost PR Status Update\n run: |\n PR_STATUS=\"MERGED\"\n if [[ ${{ github.event.pull_request.merged }} = false ]]; then PR_STATUS=\"CLOSED\"; fi\n\n echo \"Updating status of ${{ github.event.pull_request.html_url }} to $PR_STATUS\"\n curl -i \\\n --request POST \\\n --header \"Content-Type: application/json\" \\\n --header \"X-API-Key: $INFRACOST_API_KEY\" \\\n --data \"{ \\\"query\\\": \\\"mutation {updatePullRequestStatus( url: \\\\\\\"${{ github.event.pull_request.html_url }}\\\\\\\", status: $PR_STATUS )}\\\" }\" \\\n \"https://dashboard.api.infracost.io/graphql\";\n env:\n INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }}\n```\n\n5. Follow [these simple steps](https://www.infracost.io/docs/infracost_cloud/get_started/#4-send-a-pull-request) to test the integration. This is important as it ensures the CLI commands are running correctly in your workflow šŸ‘Œ\n\n6. [Infracost Cloud](https://dashboard.infracost.io) is our SaaS product that builds on top of Infracost open source. It enables team leads, managers and FinOps practitioners to setup [tagging policies](https://www.infracost.io/docs/infracost_cloud/tagging_policies/), [guardrails](https://www.infracost.io/docs/infracost_cloud/guardrails/) and [best practices](https://www.infracost.io/docs/infracost_cloud/cost_policies/) to help guide the team. For example, you can check for required tag keys/values, or suggest switching AWS gp2 volumes to gp3 as they are more performant and cheaper.\n\n If you **do not** want to use [Infracost Cloud](https://dashboard.infracost.io), go to Org Settings and disable the dashboard. This causes the CLI not to send its JSON output to your dashboard; the JSON does not contain any cloud credentials or secrets, see the [FAQ](https://infracost.io/docs/faq/) for more information.\n\n \u003cimg src=\".github/assets/infracost-cloud-dashboard.png\" alt=\"Infracost Cloud enables you to check for best practices such as using latest generation instance types or block storage, as well as setup tagging policies and guardrails to help guide the team.\" /\u003e\n\n## Troubleshooting\n\nIf you run into any issues, check the GitHub Action logs and the following steps. You can also join our [community Slack channel](https://www.infracost.io/community-chat), we'll help you very quickly šŸ˜„\n\n### Permissions issue\n\nIf you receive an error when running the `infracost comment` command in your pipeline, it's probably related to `${{ github.token }}`. This is the default GitHub token available to actions and is used to post comments. The default [token permissions](https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions) are read-only by default and `pull-requests: write` is required. If you are using SAML single sign-on, you must first [authorize the token](https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on).\n\n#### The `add GIT_SSH_KEY` step fails\n\nIf you are using private modules and receive a `option requires an argument -- a` error in the `add GIT_SSH_KEY` step:\n1. Make sure you have the following set in your workflow `SSH_AUTH_SOCK`:\n ```yml\n env:\n SSH_AUTH_SOCK: /tmp/ssh_agent.sock\n ```\n2. Try changing the `ssh-agent -a $SSH_AUTH_SOCK` line to the following:\n ```yml\n ssh-agent -a \"${{ env.SSH_AUTH_SOCK }}\"\n ```\n\n## Contributing\n\nIssues and pull requests are welcome! For major changes, including interface changes, please open an issue first to discuss what you would like to change. [Join our community Slack channel](https://www.infracost.io/community-chat), we are a friendly bunch and happy to help you get started :)\n\n## License\n\n[Apache License 2.0](https://choosealicense.com/licenses/apache-2.0/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfracost%2Factions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finfracost%2Factions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfracost%2Factions/lists"}