Bitbucket Pipelines
Run Infracost in Bitbucket Pipelines to see cloud cost estimates and FinOps best practices in pull requests. Works with both Bitbucket Cloud and Data Center / Server.
Quick start
-
Install the Infracost CLI and run
infracost auth loginto get a free API key. Retrieve it withinfracost configure get api_key. -
Bitbucket Cloud users — create either an App password (recommended) or a Repository access token:
- App password: Personal Settings → App passwords. Grant read+write on Repositories and Pull requests.
- Repository access token: Repository Settings → Access tokens. Grant read+write on Repositories and Pull requests.
-
In your repo, go to Repository Settings → Pipelines → Settings and Enable Pipelines. Under Repository variables, add:
INFRACOST_API_KEY— your Infracost API key.BITBUCKET_TOKEN— for Bitbucket Cloud, the App password or Repository access token from step 2. For Bitbucket Server, your HTTP access token.
-
Create a
bitbucket-pipelines.ymlfile in your repo:
pipelines:
pull-requests:
'**':
- step:
name: Run Infracost on pull requests to check costs and policies
# Always use the latest 0.10.x version to pick up bug fixes and new resources
image: infracost/infracost:ci-0.10
script:
# Clone the base branch into a temp directory
# If using a private repo, swap to $BITBUCKET_GIT_SSH_ORIGIN
- git clone $BITBUCKET_GIT_HTTP_ORIGIN --branch=$BITBUCKET_PR_DESTINATION_BRANCH --single-branch /tmp/base
- |
infracost breakdown --path=/tmp/base \
--format=json \
--out-file=infracost-base.json
- |
infracost diff --path=. \
--compare-to=infracost-base.json \
--format=json \
--out-file=infracost.json
# Bitbucket Cloud:
# App password / User token: --bitbucket-token=myusername:$BITBUCKET_TOKEN
# Repository access token: --bitbucket-token=$BITBUCKET_TOKEN
# Bitbucket Server:
# --bitbucket-token=$BITBUCKET_TOKEN (HTTP access token)
# --bitbucket-server-url=https://your-bitbucket-server.com
- |
infracost comment bitbucket --path=infracost.json \
--repo=$BITBUCKET_WORKSPACE/$BITBUCKET_REPO_SLUG \
--pull-request=$BITBUCKET_PR_ID \
--bitbucket-token=myusername:$BITBUCKET_TOKEN \
--behavior=update
branches:
'{main,master}':
- step:
name: Run Infracost on default branch and update Infracost Cloud
image: infracost/infracost:ci-0.10
script:
- |
infracost breakdown \
--path=. \
--format=json \
--out-file=/tmp/infracost.json
infracost upload --path=/tmp/infracost.json || echo "Always pass main branch runs"
- step:
name: Update PR status in Infracost Cloud
image: infracost/infracost:ci-0.10
script:
- |
PATTERN="pull request #([0-9]+)"
if [[ "$(git show $BITBUCKET_COMMIT)" =~ $PATTERN ]]; then
PR_ID=${BASH_REMATCH[1]}
curl \
--request POST \
--header "Content-Type: application/json" \
--header "X-API-Key: ${INFRACOST_API_KEY}" \
--data "{ \"query\": \"mutation { updatePullRequestStatus(url: \\\"${BITBUCKET_GIT_HTTP_ORIGIN}/pull-requests/${PR_ID}\\\", status: MERGED) }\" }" \
"https://dashboard.api.infracost.io/graphql"
fi
- Open a test PR — see these steps for what to expect.
Troubleshooting
HTTP 401 / 403 when posting comments
Usually a token issue. Verify with:
export BITBUCKET_REPO=myorg/myrepo
# For Bitbucket Server, set this to your server API URL
export BITBUCKET_SERVER=https://api.bitbucket.org
# Bitbucket Server: BITBUCKET_TOKEN=token (HTTP access token)
# Bitbucket Cloud: BITBUCKET_TOKEN=myusername:mytoken
export BITBUCKET_TOKEN=myusername:mytoken
export BITBUCKET_COMMIT=xxxxx
curl -i \
-H 'Accept: application/json' \
-u $BITBUCKET_TOKEN \
$BITBUCKET_SERVER/2.0/repositories/$BITBUCKET_REPO/commit/$BITBUCKET_COMMIT
A 401 / 403 response means the token is the issue.
fatal: could not read Username for 'https://bitbucket.org'
Swap $BITBUCKET_GIT_HTTP_ORIGIN for $BITBUCKET_GIT_SSH_ORIGIN in the git clone line.