{"id":37166038,"url":"https://github.com/infro-io/infro-core","last_synced_at":"2026-01-14T19:40:32.650Z","repository":{"id":227360252,"uuid":"766425088","full_name":"infro-io/infro-core","owner":"infro-io","description":"Preview infra diffs on your pull requests","archived":false,"fork":false,"pushed_at":"2025-11-08T07:55:30.000Z","size":396,"stargazers_count":25,"open_issues_count":20,"forks_count":7,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-08T09:17:59.102Z","etag":null,"topics":["argo","argo-cd","cd","cicd","continuous-integration","devops","diff","kubernetes","terraform"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/infro-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-03-03T08:21:15.000Z","updated_at":"2025-09-08T07:49:29.000Z","dependencies_parsed_at":"2024-03-31T20:32:10.043Z","dependency_job_id":"5876eb2e-fb42-474b-921f-4cd8b560e186","html_url":"https://github.com/infro-io/infro-core","commit_stats":null,"previous_names":["infro-io/infro-core"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/infro-io/infro-core","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infro-io%2Finfro-core","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infro-io%2Finfro-core/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infro-io%2Finfro-core/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infro-io%2Finfro-core/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/infro-io","download_url":"https://codeload.github.com/infro-io/infro-core/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infro-io%2Finfro-core/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28432677,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argo","argo-cd","cd","cicd","continuous-integration","devops","diff","kubernetes","terraform"],"created_at":"2026-01-14T19:40:32.038Z","updated_at":"2026-01-14T19:40:32.640Z","avatar_url":"https://github.com/infro-io.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/infro-io/infro-core/main/.github/images/banner.png?sanitize=true\" alt=\"infro\" width=\"100%\"\u003e\n\u003c/p\u003e\n\n\u003cp align=center\u003e\n\u003ca href=\"https://hub.docker.com/r/infrolabs/infro-core\"\u003e\n  \u003cimg alt=\"GitHub Action Status\" src=\"https://img.shields.io/docker/v/infrolabs/infro-core\"\u003e\n\u003c/a\u003e\n\u003ca href=\"https://github.com/infro-io/infro-core/actions/workflows/main.yml\"\u003e\n  \u003cimg alt=\"GitHub Action Status\" src=\"https://github.com/infro-io/infro-core/actions/workflows/main.yml/badge.svg\"\u003e\n\u003c/a\u003e\n\u003c/p\u003e\n\n\n## What is it\n\nInfro is a GitOps tool which helps you understand how your changes will affect your infrastructure, before you merge.\nBy integrating with different IaC providers, Infro provides a clear, holistic view of your changes on pull requests:\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/infro-io/infro-core/main/.github/images/diff.png?sanitize=true\" alt=\"diff\" width=\"60%\"\u003e\n\u003c/p\u003e\n\n## Features\n\nInfro supports running dry runs on different IaC providers and publishing results to pull requests for different version control systems:\n\n|                 | GitHub Action | Self-hosted | Infro Cloud |\n|-----------------|---------------|-------------|-------------|\n| Argo CD diffs   | ✅             | ✅           | ✅           |\n| Terraform diffs | ✅             | 🚧          | 🚧          |\n| AWS CDK diffs   | 🚧            | 🚧          | 🚧          |\n| GitHub comments | ✅             | ✅           | ✅           |\n| GitLab comments | 🚧            | 🚧          | 🚧          |\n| No-code         | ❌             | ❌           | ✅           |\n| PR Check status | ✅             | ❌           | ✅           |\n\n## Why Infro?\n\nNearly all IaC tools provide an option to perform diffs and dry runs,\nbut they usually rely on you manually running them.\nMany companies have created custom solutions to publish PR comments for their IaC of choice,\nbut there hasn't yet been a generic solution.\n\n\u003ccenter\u003e\n\u003ctable\u003e\n  \u003ctr\u003e\n      \u003cth\u003e\u003ch3\u003e🔒\u003c/h3\u003e\u003ch3\u003eSecure\u003c/h3\u003e\u003c/th\u003e\n      \u003cth\u003e\u003ch3\u003e🧰\u003c/h3\u003e\u003ch3\u003eExtensible\u003c/h3\u003e\u003c/th\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd width=\"33%\"\u003e\u003csub\u003eInfro doesn't require you to expose your infrastructure to the public internet or give third-party permissions.\u003c/sub\u003e\u003c/td\u003e\n      \u003ctd width=\"50%\"\u003e\u003csub\u003eOne solution should be able to double check your changes across all your infra. Is your IaC or VCS not supported? It should be easy to integrate.\u003c/sub\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003cth\u003e\u003ch3\u003e🤖️\u003c/h3\u003e\u003ch3\u003eAutomated\u003c/h3\u003e\u003c/th\u003e\n    \u003cth\u003e\u003ch3\u003e🎧\u003c/h3\u003e\u003ch3\u003eReduce Noise\u003c/h3\u003e\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd width=\"50%\"\u003e\u003csub\u003eInfro doesn't rely on manually intervention to perform dry runs across different infrastructure. Just open a pull request, and let Infro take care of the rest.\u003c/sub\u003e\u003c/td\u003e\n    \u003ctd width=\"33%\"\u003e\u003csub\u003eYou don't always need to see every changed line, just the ones that matter. Infro is on a mission to point out the changes that matter.  \u003c/sub\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\u003c/center\u003e\n\n## How it works\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/infro-io/infro-core/main/.github/images/integrations.svg?sanitize=true\" alt=\"infro\" width=\"100%\"\u003e\n\u003c/p\u003e\n\nInfro integrates with different version control systems (VCSs) and IaC providers (i.e. deployers).\nInfro detects when a new commit is added to a VCS pull request.\nDepending on the installation, this happens either by [polling for changes](#poll-mode) or by an [event trigger](#event-driven-mode).\nInfro determines how the commit will change the live infrastructure by running a dry run against all of the IaC providers (i.e. deployers) defined in the [configuration yaml](#configuration),\nand comment the diffs back to the pull request.\n\n#### Poll Mode\nSelf-hosted deployments run in poll mode.\nInfro will continuously poll the VCS API (e.g. Github) to scan for new pull requests commits under the configured organization or user (i.e. owner).\nTherefore, you don't need to expose your infrastructure to a third-party.\n\n#### Event-Driven Mode\nSome deployments run in event-driven mode such as GitHub Actions and Infro Cloud.\nWhen a new commit is added to a pull request, Infro is triggered to perform dry runs for that revision.\n\n## Install\n\n### As a Github Action\nInstalling as a Github Action to have Infro comment diffs on each pull request in that repository.\nAdd a job to your GitHub action yaml that is triggered when a pull_request is opened.\nHere's an example configuration for running diffs against an Argo CD cluster:\n\n```yaml\non:\n  pull_request:\n    branches:\n      - main\n\njobs:\n  comment-diffs:\n    name: comment diffs\n    runs-on: ubuntu-latest\n    permissions:\n      pull-requests: write\n    steps:\n      - uses: infro-io/comment-diffs-action@v1.4\n        with:\n          repo: ${{ github.repository }}\n          revision: ${{ github.sha }}\n          pull-number: ${{ github.event.number }}\n          config: |\n            deployers:\n              - type: argocd\n                name: my-argo-cluster\n                endpoint: ${{ secrets.ARGOCD_ENDPOINT }}\n                authtoken: ${{ secrets.ARGOCD_TOKEN }}\n            vcs:\n              type: github\n              authtoken: ${{ secrets.GITHUB_TOKEN }}\n```\n\nYou can use the [example-helm repo](https://github.com/infro-io/example-helm/pull/4) for reference.\nThe action requires `pull-requests: write` permissions to comment.\nYou must also pass the `repo`, `revision`, and `pull-number` from github context.\n`GITHUB_TOKEN` is provided automatically, but you must provide additional secrets, such as `ARGOCD_TOKEN`, in repository `secrets`.\nMore information about the configuration [here](#configuration).\n\n### Self-hosted\n\nThe self-hosted deployment polls the version control system for new pull requests and comments diffs on the ones it finds ([more info](#poll-mode)).\nInfro can be installed into your Kubernetes cluster by using kubectl or Kustomize.\nFirst save the config file as a Kubernetes secret in `infro-secrets.yaml`:\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: infro-secrets\ndata:\n  owner: \u003cGITHUB_ORG_OR_USER\u003e\n  config: | \n    deployers:\n    - type: argocd\n      name: my-cluster\n      endpoint: \u003cARGOCD_ENDPOINT\u003e\n      authtoken: \u003cARGOCD_TOKEN\u003e\n    vcs:\n      type: github\n      authtoken: \u003cGITHUB_TOKEN\u003e\n```\nThen add them to the infro namespace:\n```shell\nkubectl create namespace infro\nkubectl apply -n infro -f infro-secrets.yaml\n```\nThen create the infro namespace and install the deployment:\n```shell\nkubectl apply -n infro -f https://raw.githubusercontent.com/infro-io/infro-core/main/deploy/install.yaml\n```\nor you can install it with Kustomize:\n```yaml\napiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nnamespace: infro\nresources:\n- https://raw.githubusercontent.com/infro-io/infro-core/main/deploy/install.yaml\n```\n\nYou can also try this out locally by using [Tilt](https://tilt.dev/).\nCheck out this repository and open the `Tiltfile`.\nReplace the `ARGOCD_ENDPOINT`, `ARGOCD_TOKEN`, `GITHUB_TOKEN`, and `GITHUB_OWNER` values, then run:\n\n```shell\ntilt up\n```\nThen open a pull request for a repository managed by your Argo CD and watch the magic happen.\nMore information about the configuration [here](#configuration).\n\n### Infro Cloud\n\nThere is no code or deployment required if you choose to use Infro Cloud.\nAll setup is performed in the UI at [infro.io](https://infro.io).\n1. Configure your organization https://infro.io/docs/configure-org\n2. Registering your Argo CD instance https://infro.io/docs/register-argo-cd\n\n## Configuration\n\n- The config yaml structure:\n```yaml\ndeployers:\n  - type: argocd\n    name: \u003cARBITRARY_NAME\u003e\n    authtoken: \u003cARGOCD_TOKEN\u003e\n    endpoint: \u003cARGOCD_ENDPOINT\u003e\n  - type: terraform\n    workdir: \u003cTERRAFORM_WORKDIR\u003e\nvcs:\n  type: github\n  authtoken: \u003cGITHUB_TOKEN\u003e\n```\n\n### `argocd`:\n- `endpoint`: The Argo CD server address without the protocol (e.g. `http`).\nFor example, the default endpoint in Kubernetes clusters should be `argocd-server.argocd.svc.cluster.local`. \n- `authtoken`: an [Argo CD automation token](https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#authentication). See how to generate a secure token:\n\u003cdetails id=\"argocd-token-generation\"\u003e\n\u003csummary\u003eHow to generate an Argo CD token\u003c/summary\u003e\n\n###### 1. Add an account to your Argo CD ConfigMap.\n\nThe account needs the [`apiKey`](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/) capability in order to generate an auth token.\nIf you already have an account with this capability, you can skip this step.\nThe account can be added by modifying [`argocd-cm`](https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-cm-yaml/) ConfigMap:\n\n~~~yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: argocd-cm\n  namespace: argocd\n  labels:\n    app.kubernetes.io/name: argocd-cm\n    app.kubernetes.io/part-of: argocd\ndata:\n  accounts.infro: \"apiKey\"\n~~~\n\n###### 2. Add an account policy.\n\nThe account also needs permissions to read `applications` and `projects` to perform `app diff`.\nThe account policy can be added by modifying [`argocd-rbac-cm`](https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-cm-yaml/) ConfigMap:\n\n~~~yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: argocd-rbac-cm\n  namespace: argocd\n  labels:\n    app.kubernetes.io/name: argocd-rbac-cm\n    app.kubernetes.io/part-of: argocd\ndata:\n  policy.csv: |\n    p, role:readonly, applications, get, *, allow\n    p, role:readonly, projects, get, *, allow\n    g, infro, role:readonly\n~~~\n\n###### 3. Generate an auth token for the account.\n\nVisit your ArgoCD UI and go to *Settings \u003e Accounts*. Under Tokens, click *Generate New*.\n\n\u003c/details\u003e\n\n### `terraform`:\n- `workdir`: The [Terraform working directory](https://developer.hashicorp.com/terraform/cli/init).\n\n### `github`:\n- `authtoken`: a GitHub personal access token. See how to create one [here](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token).\n\n# Contributing\n\nAll contributions are welcome!\n\n### Development\n\nCommands:\n```shell\n$ make help\nbuild-docker: Build Docker image\nbuild-go: Build go binary\nformat: Format code based on linter configuration\nhelp: Show help for each of the Makefile recipes.\nlint: Run linters\ntest-integration: Run integration tests\ntest-unit: Run unit tests\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfro-io%2Finfro-core","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finfro-io%2Finfro-core","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfro-io%2Finfro-core/lists"}