This repo shows how Infracost can be used with Jenkins. Given the variety of workflows in Jenkins, this repo currently shows how a stage can be added to pipelines to generate an HTML page for each run, to show the Infracost diff output. It uses Jenkins' docker agent to run Infracost's jenkins_diff.sh
and was also tested using the docker:dind
image (docker in docker). Use this as a template that can be customized based on your requirements. See this repo for a demo.
This integration uses the latest version of Infracost by default as we regularly add support for more cloud resources. If you run into any issues, please join our community Slack channel; we'd be happy to guide you through it.
As mentioned in our FAQ, no cloud credentials or secrets are sent to the Cloud Pricing API. Infracost does not make any changes to your Terraform state or cloud resources.
-
Create a new credential in Jenkins' management panel, called
jenkins-infracost-api-key
, and enter your Infracost API key. To get an API key download Infracost and runinfracost register
. -
Install the Jenkins HTML Publisher plugin. This is used to output the diff result in an HTML file.
-
Add a new stage to your Jenkins' pipeline by updating your project's
Jenkinsfile
as shown below:pipeline { agent any stages { stage('infracost') { agent { docker { image 'infracost/infracost:latest' // The image needs to run as root as it creates files in ~/.config // Also override the entrypoint to do nothing as we define that in steps below args "--user=root --entrypoint=''" } } environment { INFRACOST_API_KEY = credentials('jenkins-infracost-api-key') IAC_PATH = 'path/to/code' } steps { // Do not change sh '/scripts/ci/jenkins_diff.sh' // This ensures that the 'jenkins' user can cleanup without running into permission issues for // files/folders that Terraform created (such as .terraform) sh 'chmod -R 777 .' publishHTML (target: [ allowMissing: false, alwaysLinkToLastBuild: false, keepAll: true, reportDir: './', reportFiles: 'infracost_diff.html', reportName: 'Infracost Diff Output' ]) } } } }
-
Push a change to your project or manually trigger a run; the Infracost Diff Output menu option should appear in your Jenkins project. Check the build Console Output and this page if there are issues.
There are two sets of environment variables: ones that are used by this integration, and ones that are used by the Infracost CLI. Both can be specified in the environment
block of your Jenkinsfile
file as shown in the Usage section above.
Optional Path to the Terraform directory or JSON/plan file. Either IAC_PATH
or CONFIG_FILE
is required.
Optional Flags to pass to the 'terraform plan' command, e.g. "-var-file=my.tfvars -var-file=other.tfvars"
. Applicable when path is a Terraform directory.
Optional The Terraform workspace to use. Applicable when path is a Terraform directory. Only set this for multi-workspace deployments, otherwise it might result in the Terraform error "workspaces not supported".
Optional Path to Infracost usage file that specifies values for usage-based resources, see this example file for the available options.
Optional If your repo has multiple Terraform projects or workspaces, define them in a config file and set this input to its path. Their results will be combined into the same diff output. Cannot be used with IAC_PATH, TERRAFORM_PLAN_FLAGS or USAGE_FILE parameters.
Optional Show unsupported resources, some of which might be free, at the bottom of the Infracost output (default is false).
Optional If set to true
this will create or update the usage file with missing resources, either using zero values or pulling data from AWS CloudWatch. For more information see the Infracost docs here. You must also specify the usage_file
input if this is set to true
.
Optional A JSON string describing the condition that causes the pipeline to fail. Currently only one option is supported:
'{"percentage_threshold": 10}'
: absolute percentage threshold that fails the build. For example, set to 10 to fail the build if the cost estimate changes by more than plus or minus 10%.
Optional If you're using Terraform modules from private Git repositories you can set this environment variable to your private Git SSH key so Terraform can access your module.
Optional Set this to also post the pull request comment to a Slack Webhook, which should post it in the corresponding Slack channel.
This section describes the main environment variables that can be used with the Infracost CLI. Other supported environment variables are described in the this page.
Terragrunt users should also read this page. Terraform Cloud/Enterprise users should also read this page.
Required To get an API key download Infracost and run infracost register
.
Required You do not need to set cloud credentials if you use Terraform Cloud/Enterprise's remote execution mode, instead you should follow this page.
For all other users, the following is needed so Terraform can run init
:
- Azure users should read this section to see which environment variables work for their use-case.
- AWS users should set
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
, or read this section of the Terraform docs for other options. If your Terraform project uses multiple AWS credentials you can configure them using the Infracost config file. We have an example of how this works with GitHub actions here. - GCP users should set
GOOGLE_CREDENTIALS
, or read this section of the Terraform docs for other options.
Optional Used to change the path to the terraform
binary or version, see this page for the available options.
Issues and pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.