Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add additional Azure Repos App docs #677

Merged
merged 1 commit into from
Oct 24, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions docs/features/config_file.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -131,14 +131,14 @@ projects:

To use config files in your repos, follow these steps:

### 1. Source Control Integrations (GitHub and GitLab App)
### 1. Source Control Integrations (GitHub, Azure Repos and GitLab App)

When integrating Infracost with systems like GitHub or GitLab, we recommend the following order of precedence:

1. **Infracost Cloud’s Org Settings > Default Repo Config File**: Set a default config file for all repos in your organization. This is useful if a lot of your repos have a similar structure since it applies globally, and individual repos can override it.
<img
src={useBaseUrl('img/infracost-cloud/default-repo-config-file.png')}
alt="Default config file used by all repos in the GitHub App or GitLab App integration"
alt="Default config file used by all repos in the GitHub, Azure Repos or GitLab App integration"
/>
2. **Repo Settings in Infracost Cloud**: For specific repos, customize the config in the **Repo Settings** tab, which takes precedence over the default Org config.
3. **`infracost.yml` or `infracost.yml.tmpl` in the repo root**: If needed, store a config file in the root of your repo. This file will be used only if there is no config set in Infracost Cloud, since the Cloud settings take precedence.
Expand Down Expand Up @@ -351,7 +351,7 @@ projects:
</tr>
<tr>
<td><code>dependency_paths</code></td>
<td>Optional. <span style={{textDecoration: "underline"}}>Only applicable for GitHub App and GitLab App users</span>. Array of strings. Array of file or directory paths that should trigger project estimates. If this is specified, code changes to the <code>path</code> target will <b>NOT</b> trigger cost estimates unless the <code>path</code> is included in <code>dependency_paths</code>. All paths are relative to the working directory of your <code>infracost.yml</code> file. Supports glob patterns, for example:
<td>Optional. <span style={{textDecoration: "underline"}}>Only applicable for GitHub, Azure Repos and GitLab App users</span>. Array of strings. Array of file or directory paths that should trigger project estimates. If this is specified, code changes to the <code>path</code> target will <b>NOT</b> trigger cost estimates unless the <code>path</code> is included in <code>dependency_paths</code>. All paths are relative to the working directory of your <code>infracost.yml</code> file. Supports glob patterns, for example:
<pre>
{`dependency_paths:
- "config/**.json"
Expand Down
2 changes: 1 addition & 1 deletion docs/features/environment_variables.md
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ TF_CLI_CONFIG_FILE="$HOME/.terraformrc-custom" infracost breakdown \

## Environment variables to override cloud provider region

The following environment variables can be used with `infracost breakdown` and `diff` commands to override the cloud provider region. GitHub App users can set these from Org Settings > Integrations > GitHub App > Run configurations. These environment variables cannot currently be set in the [config file](/docs/features/config_file/) as they apply to all projects, not individual ones.
The following environment variables can be used with `infracost breakdown` and `diff` commands to override the cloud provider region. GitHub, Azure Repos and GitLab App users can set these from Org Settings > Integrations > Your App Integration > Run configurations. These environment variables cannot currently be set in the [config file](/docs/features/config_file/) as they apply to all projects, not individual ones.

- `INFRACOST_AWS_OVERRIDE_REGION` for AWS
- `INFRACOST_AZURE_OVERRIDE_REGION` for Azure
Expand Down
2 changes: 1 addition & 1 deletion docs/infracost_cloud/finops_policies.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ Infracost enables you to pro-actively check FinOps best practices in the enginee

## Usage

This section assumes you have already setup the Infracost source control integration with [GitHub or GitLab](/docs/integrations/cicd/#source-control-integrations-recommended) (or added Infracost to your CI/CD pipeline).
This section assumes you have already setup the Infracost source control integration with [GitHub , Azure Repos or GitLab](/docs/integrations/cicd/#source-control-integrations-recommended) (or added Infracost to your CI/CD pipeline).

## 1. See policy failures on repos

Expand Down
21 changes: 15 additions & 6 deletions docs/infracost_cloud/guardrails.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,17 +80,26 @@ The following screenshot shows an example pull request comment with a custom mes

This feature works by failing the CI/CD pipeline that runs Infracost (`infracost comment` will `exit 1`). Depending on how you have configured your source control system this blocks the pull request from being merged, but your source control system admins can usually override this during urgent cases.

#### Setup

To setup this feature, you should:
To setup this feature follow the instructions below for your source control system.

1. Enable the "Block pull request from being merged" option when you create the guardrail.

<img src={useBaseUrl("img/infracost-cloud/guardrails/actions.png")} alt="Blocking pull requests" />

2. If you are using the GitHub App integration, in your GitHub repository, go to Settings > Branches > and tick the "Require status checks to pass before merging" option under Protect matching branches. GitLab users should follow [this doc](https://docs.gitlab.com/ee/user/project/merge_requests/status_checks.html#block-merges-of-merge-requests-unless-all-status-checks-have-passed) to setup a similar configuration.
2. Configure your source control system to require status checks to pass before merging pull requests.

**GitHub App**:
1. Go to Settings > Branches > and tick the "Require status checks to pass before merging" option under Protect matching branches.
<img src={useBaseUrl("img/infracost-cloud/guardrails/github-require-status-pass.png")} alt="Configure GitHub to require status checks to pass before pull requests can be merged" />

**Azure Repos App**:
1. Go to Project Settings > Repositories > Policies
2. Add a new or edit the existing Branch Policy for your default branches
3. Add a new Status Check for `checks/infracost`, and set it to Required.
<img src={useBaseUrl("img/infracost-cloud/guardrails/azure-repos-require-status-pass.png")} alt="Configure Azure Repos to require status checks to pass before pull requests can be merged" />

<img src={useBaseUrl("img/infracost-cloud/guardrails/github-require-status-pass.png")} alt="Configure GitHub to require status checks to pass before pull requests can be merged" />
**GitLab App**:
1. Follow [this doc](https://docs.gitlab.com/ee/user/project/merge_requests/status_checks.html#block-merges-of-merge-requests-unless-all-status-checks-have-passed) to setup a similar configuration.

#### Example output

Expand All @@ -108,7 +117,7 @@ If someone with admin access on GitHub or GitLab overrides the guardrail and mer

## How Guardrails work

Cost thresholds are currency-independent, a guardrail with a threshold of 2000 would be triggered by a pull request that increases your monthly costs by $2001 or €2001.
Cost thresholds are currency-independent, a guardrail with a threshold of 2000 would be triggered by a pull request that increases your monthly costs by $2001 or €2001.

The following example describes how guardrails work. Let's say you have two guardrails:
1. A guardrail called "20 percent threshold" that notified FinOps when a pull request (PR) increases costs by more than 20%. This keeps them in the loop and avoids surprising them as this is an anticipated change being made by engineering.
Expand Down
2 changes: 1 addition & 1 deletion docs/infracost_cloud/key_concepts.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ From the Members page, you can invite your team members to join your organizatio

## Repos

Repos, short for code repositories, is where your code lives in GitHub, GitLab or any other source control system. A repo contains one or more projects. Infracost Cloud lets you track how the costs and policy issues of repos and projects change over time.
Repos, short for code repositories, is where your code lives in GitHub, Azure Repos, GitLab or any other source control system. A repo contains one or more projects. Infracost Cloud lets you track how the costs and policy issues of repos and projects change over time.

## Projects

Expand Down
4 changes: 2 additions & 2 deletions docs/integrations/azure_repos_app.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,11 @@ There are two key benefits of using the Azure Repos App over manual CI/CD integr

5. The Infracost Azure Repos App also requires **admin consent** during setup. This step ensures that the app has the necessary permissions to manage service hooks and policies across the selected projects. [Learn more about admin consent](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/user-admin-consent-overview#admin-consent).

6. During setup, Infracost will need a temporary Personal Access Token (PAT) with additional permissions to do the following. The PAT can be deleted in Azure Repos after the setup is done.
6. During setup, Infracost will need a short-lived Personal Access Token (PAT) with additional permissions to do the following. The PAT can be deleted in Azure Repos after the setup is done.
- Create an Azure Active Directory (AAD) group that can manage service hooks and branch policies.
- Add the Infracost service principal to this group.
- Add selected projects to this group so Infracost can manage webhooks and policies in those projects.
Ensure that the temporary PAT belongs to an Owner or Project Collection Administrator and has the following scopes:
Ensure that the short-lived PAT belongs to an Owner or Project Collection Administrator and has the following scopes:
- **Graph (Read & Manage)** - to create the Infracost group.
- **Identity (Read)** - to find the group’s identity descriptor.
- **Security (Manage)** - to assign service hooks permissions to the group.
Expand Down
8 changes: 7 additions & 1 deletion docs/integrations/cicd.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,17 @@ Infracost supports direct integration with GitHub and GitLab. We recommend these
link: "/docs/integrations/github_app",
newWindow: false
},
{
image: "/docs/img/services/azure-repos.svg",
text: "Azure Repos (Azure DevOps Services)",
link: "/docs/integrations/azure_repos_app",
newWindow: false
},
{
image: "/docs/img/services/gitlab.svg",
text: "GitLab.com & self-managed",
link: "/docs/integrations/gitlab_app",
newWindow: true
newWindow: false
},
]}/>

Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions static/img/services/azure-repos.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading