feat: Configure platform in Infracost comment command (#14)

Co-authored-by: mariusz.wojakowski <[email protected]>

Author: mariusz89016

README.md

@@ -49,6 +49,24 @@ module "template" {
   }
 }
 ```
+
+### Infracost configuration
+
+Every workflow can have separately configurable Infracost post workflow hook. As you can see in the example above
+to enable it you need to set `enabled` parameter to true.  
+Other parameters are:
+* `platform` - used to configure which platform Infracost should interact with.
+   Currently supported are: GitHub, GitLab and Bitbucket.  
+* `token_environment_variable` - used to specifying a custom environment variable with an access token
+   to use to authorize when posting comments
+* `behavior` - used to configuring how comments are posted. Possible values: update, hide-and-new, delete-and-new and new. 
+   For more details see: https://www.infracost.io/docs/features/cli_commands/
+
+#### Autoconfiguration based on platform
+
+If you don't specify `token_environment_variable` then an environment variable with an access token will be chosen
+automatically based on specified platform, e.g. on GitLab it will be `ATLANTIS_GITLAB_TOKEN`.
+
 ## EXAMPLES
 
 - [Complete example](examples/complete)
@@ -65,7 +83,7 @@ module "template" {
 | <a name="input_repo_config_file"></a> [repo\_config\_file](#input\_repo\_config\_file) | Configures config file generation if enabled | <pre>object({<br>    enabled = optional(bool, false)<br>    path    = optional(string, ".")<br>    name    = optional(string, "repo_config.yaml")<br>    format  = optional(string, "yaml")<br>  })</pre> | `{}` | no |
 | <a name="input_repos"></a> [repos](#input\_repos) | Map of repositories and their configs. Refer to https://www.runatlantis.io/docs/server-side-repo-config.html#example-server-side-repo | <pre>list(object({<br>    id                            = optional(string, "/.*/")<br>    branch                        = optional(string)<br>    apply_requirements            = optional(list(string))<br>    allowed_overrides             = optional(list(string))<br>    allowed_workflows             = optional(list(string), [])<br>    allow_custom_workflows        = optional(bool)<br>    delete_source_branch_on_merge = optional(bool)<br>    pre_workflow_hooks = optional(list(object({<br>      run = string<br>    })))<br>    post_workflow_hooks = optional(list(object({<br>      run = string<br>    })))<br>    workflow = optional(string)<br>    ######### Helpers #########<br>    allow_all_server_side_workflows = optional(bool, false)<br>    terragrunt_atlantis_config = optional(object({<br>      enabled              = optional(bool)<br>      output               = optional(string)<br>      automerge            = optional(bool)<br>      autoplan             = optional(bool)<br>      parallel             = optional(bool)<br>      cascade_dependencies = optional(bool)<br>      filter               = optional(string)<br>      use_project_markers  = optional(bool)<br>    }), {})<br>  }))</pre> | `[]` | no |
 | <a name="input_repos_common_config"></a> [repos\_common\_config](#input\_repos\_common\_config) | Common config that will be merged into each item of the repos list | <pre>object({<br>    id                            = optional(string)<br>    branch                        = optional(string)<br>    apply_requirements            = optional(list(string))<br>    allowed_overrides             = optional(list(string))<br>    allowed_workflows             = optional(list(string))<br>    allow_custom_workflows        = optional(bool)<br>    delete_source_branch_on_merge = optional(bool)<br>    pre_workflow_hooks = optional(list(object({<br>      run = string<br>    })))<br>    post_workflow_hooks = optional(list(object({<br>      run = string<br>    })))<br>    workflow = optional(string)<br>    ######### Helpers #########<br>    allow_all_server_side_workflows = optional(bool, false)<br>    terragrunt_atlantis_config = optional(object({<br>      enabled              = optional(bool, false)<br>      output               = optional(string, "atlantis.yaml")<br>      automerge            = optional(bool)<br>      autoplan             = optional(bool)<br>      parallel             = optional(bool)<br>      cascade_dependencies = optional(bool)<br>      filter               = optional(string)<br>      use_project_markers  = optional(bool)<br>    }), {})<br>    infracost = optional(object({<br>      enabled = optional(bool, false)<br>    }), {})<br>  })</pre> | `{}` | no |
-| <a name="input_workflows"></a> [workflows](#input\_workflows) | List of custom workflow that will be added to the repo config file | <pre>map(object({<br>    plan = optional(object({<br>      steps = optional(list(object({<br>        env = optional(object({<br>          name    = string<br>          command = string<br>        }))<br>        run      = optional(string)<br>        multienv = optional(string)<br>        atlantis_step = optional(object({<br>          command    = string<br>          extra_args = optional(list(string))<br>        }))<br>      })))<br>    }))<br>    apply = optional(object({<br>      steps = optional(list(object({<br>        env = optional(object({<br>          name    = string<br>          command = string<br>        }))<br>        run      = optional(string)<br>        multienv = optional(string)<br>        atlantis_step = optional(object({<br>          command    = string<br>          extra_args = optional(list(string))<br>        }))<br>      })))<br>    }))<br>    import = optional(object({<br>      steps = optional(list(object({<br>        env = optional(object({<br>          name    = string<br>          command = string<br>        }))<br>        run      = optional(string)<br>        multienv = optional(string)<br>        atlantis_step = optional(object({<br>          command    = string<br>          extra_args = optional(list(string))<br>        }))<br>      })))<br>    }))<br>    state_rm = optional(object({<br>      steps = optional(list(object({<br>        env = optional(object({<br>          name    = string<br>          command = string<br>        }))<br>        run      = optional(string)<br>        multienv = optional(string)<br>        atlantis_step = optional(object({<br>          command    = string<br>          extra_args = optional(list(string))<br>        }))<br>      })))<br>    }))<br>    template = optional(string, "terragrunt-basic")<br>    asdf = optional(object({<br>      enabled = optional(bool, false)<br>    }), {})<br>    checkov = optional(object({<br>      enabled   = optional(bool, false)<br>      soft_fail = optional(bool, false)<br>      file      = optional(string, "$SHOWFILE")<br>    }), {})<br>    infracost = optional(object({<br>      enabled = optional(bool, false)<br>    }), {})<br>    pull_gitlab_variables = optional(object({<br>      enabled = optional(bool, false)<br>    }), {})<br>    check_gitlab_approvals = optional(object({<br>      enabled = optional(bool, false)<br>    }), {}),<br>  }))</pre> | `{}` | no |
+| <a name="input_workflows"></a> [workflows](#input\_workflows) | List of custom workflow that will be added to the repo config file | <pre>map(object({<br>    plan = optional(object({<br>      steps = optional(list(object({<br>        env = optional(object({<br>          name    = string<br>          command = string<br>        }))<br>        run      = optional(string)<br>        multienv = optional(string)<br>        atlantis_step = optional(object({<br>          command    = string<br>          extra_args = optional(list(string))<br>        }))<br>      })))<br>    }))<br>    apply = optional(object({<br>      steps = optional(list(object({<br>        env = optional(object({<br>          name    = string<br>          command = string<br>        }))<br>        run      = optional(string)<br>        multienv = optional(string)<br>        atlantis_step = optional(object({<br>          command    = string<br>          extra_args = optional(list(string))<br>        }))<br>      })))<br>    }))<br>    import = optional(object({<br>      steps = optional(list(object({<br>        env = optional(object({<br>          name    = string<br>          command = string<br>        }))<br>        run      = optional(string)<br>        multienv = optional(string)<br>        atlantis_step = optional(object({<br>          command    = string<br>          extra_args = optional(list(string))<br>        }))<br>      })))<br>    }))<br>    state_rm = optional(object({<br>      steps = optional(list(object({<br>        env = optional(object({<br>          name    = string<br>          command = string<br>        }))<br>        run      = optional(string)<br>        multienv = optional(string)<br>        atlantis_step = optional(object({<br>          command    = string<br>          extra_args = optional(list(string))<br>        }))<br>      })))<br>    }))<br>    template = optional(string, "terragrunt-basic")<br>    asdf = optional(object({<br>      enabled = optional(bool, false)<br>    }), {})<br>    checkov = optional(object({<br>      enabled   = optional(bool, false)<br>      soft_fail = optional(bool, false)<br>      file      = optional(string, "$SHOWFILE")<br>    }), {})<br>    infracost = optional(object({<br>      enabled                    = optional(bool, false)<br>      platform                   = optional(string, "gitlab")<br>      token_environment_variable = optional(string)<br>      behavior                   = optional(string, "new")<br>    }), {})<br>    pull_gitlab_variables = optional(object({<br>      enabled = optional(bool, false)<br>    }), {})<br>    check_gitlab_approvals = optional(object({<br>      enabled = optional(bool, false)<br>    }), {}),<br>  }))</pre> | `{}` | no |
 
 ## Modules
 

main.tf

@@ -2,6 +2,12 @@ locals {
   #Repo attributes that are meant to simplify configuration rather than being actual repo options
   helper_options = ["allow_all_server_side_workflows", "terragrunt_atlantis_config", "infracost"]
 
+  infracost_parameters = {
+    github : { token_name : "gh-token", environment_variable_name : "ATLANTIS_GH_TOKEN" },
+    gitlab : { token_name : "gitlab-token", environment_variable_name : "ATLANTIS_GITLAB_TOKEN" },
+    bitbucket : { token_name : "bitbucket-token", environment_variable_name : "ATLANTIS_BITBUCKET_TOKEN" }
+  }
+
   #Remove all options that are null
   repos_with_non_null_values = [
     for repo in var.repos : merge(
@@ -50,19 +56,28 @@ locals {
           lookup(repo, "post_workflow_hooks", []),
           lookup(repo, "workflow", "") != "" && lookup(local._workflows, lookup(repo, "workflow", ""), "") != "" ? (
             local._workflows[lookup(repo, "workflow", "")].infracost.enabled ? [
-              { run : <<EOT
-if [ ! -d "/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM" ]; then
-  exit 0
-fi
-
-infracost comment gitlab --repo $BASE_REPO_OWNER/$BASE_REPO_NAME \
-                         --merge-request $PULL_NUM \
-                         --path /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM/'*'-infracost.json \
-                         --gitlab-token $GITLAB_TOKEN \
-                         --behavior new
-
-rm -rf /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM
-EOT
+              { run : join("", [
+                "if [ ! -d \"/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM\" ]; then exit 0; fi",
+                "\n\n",
+                join(" ", [
+                  "infracost",
+                  "comment",
+                  local._workflows[lookup(repo, "workflow", "")].infracost.platform,
+                  "--repo $BASE_REPO_OWNER/$BASE_REPO_NAME",
+                  "--merge-request $PULL_NUM",
+                  "--path /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM/'*'-infracost.json",
+                  format("--%s $%s",
+                    local.infracost_parameters[local._workflows[repo.workflow].infracost.platform].token_name,
+                    coalesce(
+                      local._workflows[repo.workflow].infracost.token_environment_variable,
+                    local.infracost_parameters[local._workflows[repo.workflow].infracost.platform].environment_variable_name)
+                  ),
+                  format("--behavior %s", local._workflows[lookup(repo, "workflow", "")].infracost.behavior)
+                ]),
+                "\n\n",
+                "rm -rf /tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM"
+                ]
+                )
               }
           ] : []) : []
         )

variables.tf

@@ -136,7 +136,10 @@ variable "workflows" {
       file      = optional(string, "$SHOWFILE")
     }), {})
     infracost = optional(object({
-      enabled = optional(bool, false)
+      enabled                    = optional(bool, false)
+      platform                   = optional(string, "gitlab")
+      token_environment_variable = optional(string)
+      behavior                   = optional(string, "new")
     }), {})
     pull_gitlab_variables = optional(object({
       enabled = optional(bool, false)
@@ -180,6 +183,16 @@ variable "workflows" {
     ]))
     error_message = "Invalid command in `atlantis_step`. Allowed values: init, plan, show, policy_check, apply, version, import, state_rm"
   }
+
+  validation {
+    condition     = alltrue([for workflow_name, workflow in var.workflows : contains(["github", "gitlab", "bitbucket"], workflow.infracost.platform)])
+    error_message = "Invalid platform in `infracost`. Allowed values: github, gitlab, bitbucket"
+  }
+
+  validation {
+    condition     = alltrue([for workflow_name, workflow in var.workflows : contains(["update", "hide-and-new", "delete-and-new", "new"], workflow.infracost.behavior)])
+    error_message = "Invalid behavior in `infracost`. Allowed values: update, hide-and-new, delete-and-new, new"
+  }
 }
 
 variable "repo_config_file" {