GitHub Integration Onboarding

Integrating GitHub with Yasu enables automated analysis of your Infrastructure as Code (IaC) configurations, cost optimization recommendations directly in pull requests, and seamless integration with your development workflow.

Prerequisites

Before connecting GitHub, ensure you have:

• GitHub account with appropriate repository access
• Admin permissions for organization/repositories you want to connect
• Infrastructure as Code files (Terraform, CloudFormation, etc.) in your repositories
• Understanding of GitHub Apps and OAuth permissions

Connection Methods

Yasu offers multiple ways to integrate with GitHub, depending on your organization's needs and security requirements.

GitHub App Installation (Recommended)

The GitHub App provides the most seamless integration with granular permissions and webhook support.

Step 1: Install Yasu GitHub App

1. Navigate to GitHub Integration in your Yasu dashboard
2. Click "Install GitHub App"
3. Choose installation scope:
   • Personal account: For individual repositories
   • Organization: For team/company repositories
4. Select repositories to grant access to:
   • All repositories (for comprehensive analysis)
   • Selected repositories (for targeted monitoring)

Step 2: Configure Permissions

The Yasu GitHub App requires these permissions:

Repository Permissions:

• Contents: Read access to analyze IaC files
• Metadata: Read repository information
• Pull requests: Read and write for cost optimization comments
• Issues: Write access for creating cost optimization issues
• Checks: Write access for automated cost checks

Organization Permissions:

• Members: Read access for user mapping (optional)
• Team discussions: Read for relevant cost discussions

Step 3: Webhook Configuration

Webhooks are automatically configured to trigger analysis on:

• Push events to main/master branches
• Pull request events (opened, updated, merged)
• Release events for tracking deployment costs

Personal Access Token (Alternative)

For organizations preferring token-based access:

Step 1: Generate Personal Access Token

1. Go to GitHub Settings > Developer settings > Personal access tokens
2. Click "Generate new token (classic)"
3. Set expiration (recommend 90 days for security)
4. Select scopes:
   • repo (Full control of private repositories)
   • read:org (Read organization data)
   • read:user (Read user profile data)

Step 2: Add Token to Yasu

1. Navigate to Integrations in Yasu dashboard
2. Select "GitHub Token Integration"
3. Paste your personal access token
4. Test connection and select repositories

Repository Configuration

Supported Infrastructure as Code Files

Yasu automatically detects and analyzes these IaC formats:

Terraform:

• *.tf files
• terraform.tfvars
• *.tfplan (plan files)

AWS CloudFormation:

• *.yaml, *.yml templates
• *.json templates
• AWS SAM templates

Google Cloud Deployment Manager:

• *.yaml, *.jinja templates
• Python templates

Azure ARM Templates:

• *.json ARM templates
• Bicep files (*.bicep)

Kubernetes:

• *.yaml, *.yml manifests
• Helm charts
• Kustomize configurations

Repository Structure Best Practices

your-repo/
├── infrastructure/          # IaC files organized by environment
│   ├── environments/
│   │   ├── dev/
│   │   ├── staging/
│   │   └── production/
│   ├── modules/            # Reusable infrastructure modules
│   └── shared/             # Shared configurations
├── .yasu/                  # Yasu configuration (optional)
│   ├── config.yaml
│   └── cost-policies.yaml
└── README.md

Configuration File (.yasu/config.yaml)

# Yasu repository configuration
version: 1.0

# Analysis settings
analysis:
  include_paths:
    - "infrastructure/**"
    - "terraform/**"
    - "cloudformation/**"
  exclude_paths:
    - "**/.terraform/**"
    - "**/node_modules/**"
    - "**/.git/**"

# Cost estimation settings
cost_estimation:
  default_region: "us-east-1"
  currency: "USD"
  include_reserved_pricing: true
  
# Pull request settings
pull_requests:
  auto_comment: true
  cost_threshold_usd: 100
  always_comment_on_increase: true
  
# Environments configuration
environments:
  - name: "development"
    paths: ["infrastructure/environments/dev/**"]
    cost_multiplier: 0.1  # 10% of production estimates
  - name: "staging"
    paths: ["infrastructure/environments/staging/**"]
    cost_multiplier: 0.3  # 30% of production estimates
  - name: "production"
    paths: ["infrastructure/environments/production/**"]
    cost_multiplier: 1.0  # Full cost estimates

Features and Capabilities

Pull Request Analysis

When you create or update a pull request, Yasu automatically:

1. Analyzes infrastructure changes
2. Estimates cost impact of proposed changes
3. Posts detailed comments with cost breakdown
4. Suggests optimizations where applicable
5. Provides approval/blocking based on cost policies

Example Pull Request Comment

## 💰 Yasu Cost Analysis

### Cost Impact Summary
- **Estimated Monthly Increase**: +$1,247.50
- **Annual Impact**: +$14,970.00
- **Confidence Level**: High (85%)

### Resource Changes
| Resource | Change | Monthly Cost |
|----------|--------|--------------|
| aws_instance.web_server | Modified | +$72.00 |
| aws_rds_instance.database | New | +$1,175.50 |

### 🚨 Optimization Recommendations
1. **RDS Instance Sizing**: Consider `db.t3.large` instead of `db.m5.xlarge` (saves $580/month)
2. **EBS Volume Type**: Use `gp3` instead of `io1` for better cost efficiency

### 📊 Detailed Breakdown
View full analysis: [Yasu Dashboard](https://app.yasu.cloud/analysis/pr-123)

Automated Cost Checks

Set up GitHub Status Checks to block expensive deployments:

# .github/workflows/cost-check.yml
name: Cost Check
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  cost-analysis:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Yasu Cost Analysis
        uses: yasu-cloud/github-action@v1
        with:
          yasu-token: ${{ secrets.YASU_TOKEN }}
          fail-on-increase: $500  # Fail if cost increase > $500/month

Branch Protection Rules

Configure branch protection to require cost approval:

1. Go to repository Settings > Branches
2. Add rule for main/master branch
3. Enable "Require status checks"
4. Select "Yasu Cost Analysis" as required check

Integration Features

Cost Monitoring Dashboard

Track repository-specific metrics:

• Cost trends over time
• Resource utilization insights
• Optimization opportunities by repository
• Team-based cost allocation

Automated Issue Creation

Yasu can automatically create GitHub issues for:

• High-cost resources detected in commits
• Optimization opportunities in existing infrastructure
• Cost anomalies and unexpected increases
• Security and compliance violations

Deployment Tracking

Connect deployments to cost changes:

• Release tagging with cost impact
• Environment-specific cost tracking
• Rollback cost analysis
• A/B testing cost comparison

Security and Permissions

Data Access and Privacy

What Yasu Accesses:

• Repository contents (IaC files only)
• Pull request metadata
• Commit information
• Branch and tag data

What Yasu Does NOT Access:

• Application source code
• Secrets or environment variables
• Private communications
• Personal user data

Minimal Permissions

The GitHub App operates with minimal required permissions:

• Read-only access to repository contents
• Write access only for comments and checks
• No access to organization secrets
• No access to other repositories (unless explicitly granted)

Security Features

• OAuth 2.0 authentication
• Webhook signature verification
• Encrypted data transmission
• Regular permission audits
• GDPR and SOC 2 compliance

Advanced Configuration

Custom Cost Policies

Define organization-specific cost policies:

# .yasu/cost-policies.yaml
policies:
  - name: "production-cost-limit"
    environments: ["production"]
    max_monthly_increase: 1000
    action: "block"
    
  - name: "development-optimization"
    environments: ["development", "staging"]
    require_optimization_review: true
    auto_suggest_downsizing: true
    
  - name: "database-policies"
    resources: ["aws_rds_instance", "google_sql_database_instance"]
    require_backup_enabled: true
    max_instance_size: "large"

Multi-Repository Analytics

For organizations with multiple repositories:

• Cross-repository cost analysis
• Shared resource tracking
• Team-based cost allocation
• Executive reporting dashboards

API Integration

Use Yasu's GitHub integration API for custom workflows:

// Example: Custom cost analysis in CI/CD
const yasuApi = require('@yasu/github-api');

const analysis = await yasuApi.analyzePullRequest({
  repository: 'your-org/your-repo',
  pullRequestNumber: 123,
  authToken: process.env.YASU_TOKEN
});

if (analysis.costIncrease > 500) {
  throw new Error(`Cost increase too high: $${analysis.costIncrease}`);
}

Troubleshooting

Common Issues

GitHub App Not Receiving Webhooks

• Check webhook URL configuration
• Verify repository access permissions
• Test webhook delivery in repository settings

Pull Request Comments Not Appearing

• Ensure app has write permissions to pull requests
• Check if repository is private and app has access
• Verify webhook events are configured correctly

Cost Analysis Incomplete

• Verify IaC files are in supported formats
• Check file paths against include/exclude patterns
• Ensure cloud provider credentials are configured

Permission Denied Errors

• Review GitHub App installation permissions
• Check organization security policies
• Verify user has admin access to repository

Diagnostic Steps

1. Test webhook delivery:

   # Check recent deliveries in repository settings
   Repository → Settings → Webhooks → Yasu App
   

2. Verify file detection:

   • Check Yasu dashboard for repository file count
   • Review detected IaC files in analysis logs

3. Test cost estimation:

   • Create a simple test PR with minimal changes
   • Verify cost analysis appears in comments

Best Practices

Repository Organization

• Consistent file structure across repositories
• Environment separation in directory structure
• Shared modules for reusable components
• Documentation of cost-related decisions

Team Workflow

• Regular cost reviews in pull request process
• Cost ownership assignments for different components
• Optimization sprints based on Yasu recommendations
• Training sessions on cost-conscious development

Automation Setup

• Branch protection rules for cost checks
• Automated alerts for high-cost changes
• Regular reporting to stakeholders
• Integration with existing CI/CD pipelines

Next Steps

After connecting GitHub to Yasu:

1. Configure cost policies for your organization
2. Set up branch protection rules with cost checks
3. Train your team on cost-conscious development practices
4. Review existing repositories for optimization opportunities
5. Implement automated workflows for cost monitoring