This project provides the Jenkins integration for Infracost, so you can see cloud cost estimates and FinOps best practices for Terraform in pull requests 💰
This guide is for using Jenkins with GitHub and Bitbucket. GitHub users can also consider using the Infracost GitHub App as it's much simpler to setup and faster to run. If you use Jenkins with Azure DevOps Repos or GitLab, please email [email protected] so we can discuss your requirements and support you.
-
If you haven't done so already, download Infracost and run
infracost auth login
to get a free API key. -
Retrieve your Infracost API key by running
infracost configure get api_key
. -
Create a new credential in Jenkins' management panel (or wherever you store credentials), called
infracost-api-key
, and enter your Infracost API key. -
Create credentials that Infracost will use to post pull request comments. This should be a credential in Jenkins' management panel (or wherever you store credentials), called
github-token
,bitbucket-app-password
orbitbucket-access-token
.- For GitHub, create a GitHub token, such as Personal Access Token, that can be used by the Infracost CLI in the Jenkinsfile to post comments. The token needs to have
repo
scope so it can post comments. If you are using SAML single sign-on, you must first authorize the token. - For Bitbucket Cloud, you can either use a App password (recommended) or a Repository access token.
- To generate a App password go to your Personal Settings > App passwords and generate a password that has read and write permissions for Repositories and Pull requests.
- To generate a Repository access token go to Repository Settings > Access tokens and generate a token that has read and write permissions for Repositories and Pull requests.
- For Bitbucket Server, set this to your HTTP access token. Read-only repository permission should be enough as the their docs mentions that "comment on a pull request" is allowed too.
- For GitHub, create a GitHub token, such as Personal Access Token, that can be used by the Infracost CLI in the Jenkinsfile to post comments. The token needs to have
-
Implement either Bitbucket Cloud Jenkinsfile or Bitbucket Server Jenkinsfile in your Jenkins. Note how the Jenkinsfile has two key steps:
- one step that runs on pull requests and posts the pull request comment
- another step that runs when the main/master branch is updated to upload the results to Infracost Cloud
The GitHub Jenkinsfile example was developed for cases where there are no pull requests and instead a job is run on feature branches directly; if you use pull requests in your workflow, please email [email protected] so we can update it for you
-
Follow these simple steps to test the integration.
-
Infracost Cloud is our SaaS product that builds on top of Infracost open source. It enables team leads, managers and FinOps practitioners to setup tagging policies, guardrails and best practices to help guide the team. For example, you can check for required tag keys/values, or suggest switching AWS gp2 volumes to gp3 as they are more performant and cheaper.
If you do not want to use Infracost Cloud, go to Org Settings and disable the dashboard. This causes the CLI not to send its JSON output to your dashboard; the JSON does not contain any cloud credentials or secrets, see the FAQ for more information.
If you use private Terraform modules in your project you'll need to correctly configure the Jenkins pipeline to fetch these. You can find more information about private modules on our docs.
The Infracost CLI can post cost estimates to pull request or commits on GitHub, GitLab, Azure Repos and Bitbucket. Run infracost comment --help
to see the the list of options or see our docs.
Issues and pull requests are welcome. Please create issues in this repo or join our community Slack, we are a friendly bunch and happy to help you get started :)