Add destroy workflow (#55)

aws-samples · Mar 27, 2024 · fd4c0c4 · fd4c0c4
1 parent fcf6782
commit fd4c0c4
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 1 deletion.
diff --git a/.github/workflows/destroy.yml b/.github/workflows/destroy.yml
@@ -0,0 +1,53 @@
+name: Destroy
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+  pull-requests: write # This is required to add comments to Pull Requests
+  deployments: write # This is required to deactivate deployments
+
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  destroy-dev:
+    name: Dev Destroy
+    uses: aws-samples/aws-terraform-reusable-workflow/.github/workflows/[email protected]
+    with:
+      deploy: false
+      tf-version: ${{ vars.TF_VERSION }}
+      tf-organization: ${{ vars.TF_ORGANIZATION }}
+      tf-hostname: ${{ vars.TF_HOSTNAME }}
+      tf-workspace: ${{ vars.APP_NAME }}-dev
+      aws-region: "us-west-2"
+      environment: "dev"
+      ref: v1.2.0
+      local-execution-mode: true
+    secrets:
+      tf-token: ${{ secrets.TF_TOKEN }}
+      terraform-execution-iam-plan-role-arn: ${{ secrets.DEV_AWS_PLAN_ROLE_ARN }}
+      terraform-execution-iam-apply-role-arn: ${{ secrets.DEV_AWS_APPLY_ROLE_ARN }}
+      extra-args: ${{ secrets.DEV_EXTRA_ARGS }}
+  destroy-test:
+    needs: destroy-dev
+    name: Test Destroy
+    uses: aws-samples/aws-terraform-reusable-workflow/.github/workflows/[email protected]
+    with:
+      deploy: false
+      tf-version: ${{ vars.TF_VERSION }}
+      tf-organization: ${{ vars.TF_ORGANIZATION }}
+      tf-hostname: ${{ vars.TF_HOSTNAME }}
+      tf-workspace: ${{ vars.APP_NAME }}-test
+      aws-region: "us-west-2"
+      environment: "test"
+      ref: v1.2.0
+      local-execution-mode: true
+    secrets:
+      tf-token: ${{ secrets.TF_TOKEN }}
+      terraform-execution-iam-plan-role-arn: ${{ secrets.TEST_AWS_PLAN_ROLE_ARN }}
+      terraform-execution-iam-apply-role-arn: ${{ secrets.TEST_AWS_APPLY_ROLE_ARN }}
+      extra-args: ${{ secrets.TEST_EXTRA_ARGS }}
diff --git a/README.md b/README.md
@@ -222,7 +222,7 @@ Ensure that you all the required Actions Secrets are present in the [Secrets - A
 
   1. Wait for 5 minutes to allow Karpenter to delete the empty nodes.
 
-  1. Run Terraform destroy.
+  1. Execute the Destroy GitHub Action Workflow to destroy all clusters in all environments or run Terraform destroy manually.
 
       ```shell
       # Personal Access Token (PAT) required to access the application helm chart repo