Cost Visibility For Infrastructure As Code

Infrastructure cost is a critical topic, especially when it comes to cloud cost. Simply because most of the expenses are not fixed, and it’s easy to screw it up by choosing the wrong tools. Yet, there is always an awesome engineer behind every complicated problem. @infracost team has developed an outstanding tool that scans the Terraform code changes and creates a simple, understandable cost estimate before any resources are launched. How Infracost works and how we can integrate it to CI/CD
I would like to share my experience integrating Infra-cost API into Terraform repositories. Technical expertise along with some working knowledge of GitHub actions, Terraform, and Infracost API is required.

Table of content :

• Infracost API
• preparation
• Integrate Infracost with Github Action
• Integrate Infracost using your Action
• Docker container Action

Infra-cost API :

Infra-cost API is an amazing tool to calculate cost impact in terraform projects. it enables DevOps, SRE, and developers to see a cost breakdown and understand costs before making changes, either in terminal or pull requests. It can also be used to automatically add a PR comment showing the cost estimate differences.

Preparation:

1- Install infra cost:

1- brew install infracost
2- infracost --version

2- Get API key: which is used by the CLIto retrieve prices from Infracost Cloud. The key can be retrieved with infracost configure get api_key

1- infracost register 
2- infracost configure get api_key.

3- Add to CI/CD: There are multiple CI/CD to integrate Infra-cost API. In this article, we will focus only on GitHub Actions. for more information please check infracost.io documentation.

4- Store the Key in GitHub secrets: Since the key will be used in GitHub actions we need to store it in Actions secrets. To do so go to Settings-> secrets-> Actions . then click on New repository secret.

Actions secrets

Post your key retrieve it using infracost configure get api_key then click on Add secret. please note adding the key for an organization can be done only by someone who has administrative
access to the organization.

Post Infracost key

Integrate Infracost with Github Action:

In infra-cost documentation, there is a template to integrate infracost with GitHub action.

infracost

Integrate Infra-cost using your Action:

In the previous step, we noticed how easy to integrate infra-cost to Terraform repository.
But here is the scenario: A company is using a monorepo approach for its terraform directories, where code for many projects is stored in the same repository. For example, we have a repository that contains terraform for service1, service2, and service3. In case a developer changed service1 and service2 in the same pull request. In which service the Infracost will be run? In addition, as security best practice, we prefer to use our actions instead of using third-party actions. In short, the above-given action is not ideal for our case, therefore we need to write our own action.

Creating a Docker container action:

Docker container action has three main files: action yaml, which is responsible to run the Dockerfile, and the latter is responsible to run the entrypoint.

Docker container action workflow

1. Action YAML: Create a new file in infracost/action.yml in your repo with the following content. The main job for this yaml is to run the docker file as you can see in line 5.

action.yml

2. Dockerfile: As you can see above in the -Integrate infra-cost using Github Action step that we are using terraform command(line 22, 26, 30), git command to checkout(line 12–13), and infracost command (line 34–39).
So let’s go ahead and download all the required commands in our Dockerfile:

Dockerfile

3. Entrypoint.sh:

entrypoint.sh

In the second line, we are running git diff --name-only origin/master > 'directories.txt' the command which will give us the difference between the current branch and master/main branch. the label --name-only will give us only the name of changed directories and then post them in 'directories.txt'. In the fourth line, we are fetching the directory name from the 'directories.txt' file. then cd to the directory name.

In the fourth line, we fetch the PR_number from GITHUB_REF environment variable, -which will be used in the sixth line-, then cd to the terraform directory, run infracost breakdown, and finally comment it t the GitHub pull request as you can see in the fourth, sixth, and seventh line.

Indeed there is a problem with this script. let’s run the command git diff --name-only origin/master> 'directories.txt' locally and see the directories.txt output:

output of directory.txt

As you can see the file directories.txt contains all directories including .github, which doesn’t contain any terraform file. which means the script will have terrible running. Furthermore, there are terraform changes in multiple directories/services. let’s rewrite the script putting into consideration the multiple directories and unpalatable directories.

entrypoint.sh correct version

Here we are running the diff command and saving the output into $filename. In the sixth line, we are splitting the String in the $filename taking only the first string before /, then sorting them sort, removing any duplication uniq, and then ignoring anything grep -v with .github So we can only have the terraform directories.

Finally, Do a loop through the directories and run the infracost command.

and here is the final result in github :

Infracost-API

To sum up, in this blog post we glanced over the Infracost API and GitHub Actions and how to Integrate Infracost API with GitHub action, elaborating on how to write your own workflows using Docker container Action.

I hope you enjoyed reading this article, if so please — clap, comment, and share.

Rufaida