Skip to content

Commit

Permalink
Create workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@tejavar
tejavar authored May 4, 2022
1 parent b5a3189 commit 4015974
Showing 1 changed file with 121 additions and 0 deletions.
121 changes: 121 additions & 0 deletions .github/workflow
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
# The GitHub Actions docs (https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#on)
# describe other options for 'on', 'pull_request' is a good default.
on:
pull_request:
branches:
- infracost
jobs:
terraform:
runs-on: ubuntu-latest
env:
working-directory: .

name: Terraform Plan
steps:
- name: Check out repository
uses: actions/checkout@v2

- name: Create artifact store
run: mkdir -p tmp/artifacts

- name: Install terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_wrapper: false

- name: Terraform init
run: terraform init
working-directory: ${{ env.working-directory }}

- name: Terraform plan
run: terraform plan -out tfplan.plan
working-directory: ${{ env.working-directory }}

- name: Terraform show
run: terraform show -json tfplan.plan > tmp/artifacts/plan.json
working-directory: ${{ env.working-directory }}

- name: Upload Artifacts
uses: actions/upload-artifact@master
with:
name: workflow-artifacts
path: tmp/artifacts

infracost:
needs: terraform
runs-on: ubuntu-latest
env:
working-directory: .

name: Infracost
steps:
- name: Check out repository
uses: actions/checkout@v2

- name: Download Artifacts
uses: actions/download-artifact@master
with:
name: workflow-artifacts
path: tmp/artifacts

# Install the Infracost CLI, see https://github.com/infracost/actions/tree/master/setup
# for other inputs such as version, and pricing-api-endpoint (for self-hosted users).
- name: Setup Infracost
uses: infracost/actions/setup@v1
with:
api-key: ${{ secrets.INFRACOST_API_KEY }}

# Generate Infracost JSON output, the following docs might be useful:
# Multi-project/workspaces: https://www.infracost.io/docs/features/config_file
# Combine Infracost JSON files: https://www.infracost.io/docs/features/cli_commands/#combined-output-formats
- name: Generate Infracost JSON
run: infracost breakdown --path tmp/artifacts/plan.json --format json --out-file tmp/artifacts/infracost.json
working-directory: ${{ env.working-directory }}
# Env vars can be set using the usual GitHub Actions syntax
# See the list of supported Infracost env vars here: https://www.infracost.io/docs/integrations/environment_variables/
# env:
# MY_ENV: ${{ secrets.MY_ENV }}

# See https://github.com/infracost/actions/tree/master/comment
# for other inputs such as target-type.
- name: Post Infracost comment
uses: infracost/actions/comment@v1
with:
path: tmp/artifacts/infracost.json
# Choose the commenting behavior, 'update' is a good default:
behavior: update # Create a single comment and update it. The "quietest" option.
# behavior: delete-and-new # Delete previous comments and create a new one.
# behavior: hide-and-new # Minimize previous comments and create a new one.
# behavior: new # Create a new cost estimate comment on every push.

- name: Upload Artifacts
uses: actions/upload-artifact@master
with:
name: workflow-artifacts
path: tmp/artifacts

policies:
needs: infracost
runs-on: ubuntu-latest
container:
image: hashicorp/sentinel
env:
working-directory: .

name: HashiCorp Sentinel
steps:
- name: Check out repository
uses: actions/checkout@v2

- name: Download Artifacts
uses: actions/download-artifact@master
with:
name: workflow-artifacts
path: tmp/artifacts

- name: Run Sentinel
run: |
sentinel apply -config ./policies/sentinel.hcl -global cost="$(cat tmp/artifacts/infracost.json)" -trace # -json \
# | jq -r '(["POLICY","PASSED"] | (., map(length*"-"))),(.policies[] | [ .policy, .result ]) | @tsv' \
# | column -t
working-directory: ${{ env.working-directory }}

0 comments on commit 4015974

Please sign in to comment.