Terraform Destroy Workflow #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Destroy Workflow | |
| on: | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: read | |
| jobs: | |
| terraform-destroy: | |
| name: Terraform Destroy | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v5 | |
| - name: Verify Variables Available | |
| run: | | |
| echo "CLUSTER_NAME: ${{ vars.CLUSTER_NAME }}" | |
| echo "NAMESPACE: ${{ vars.APP_NAMESPACE }}" | |
| echo "MONITORING_NAMESPACE: ${{ vars.MONITORING_NAMESPACE }}" | |
| echo "ARGOCD_NAMESPACE: ${{ vars.ARGOCD_NAMESPACE }}" | |
| echo "APP_NAME: ${{ vars.APP_NAME }}" | |
| if [[ -z "${{ vars.CLUSTER_NAME }}" ]]; then | |
| echo "ERROR: CLUSTER_NAME variable not found. Infrastructure may not be deployed." | |
| exit 1 | |
| fi | |
| if [[ -z "${{ vars.APP_NAMESPACE }}" ]]; then | |
| echo "ERROR: APP_NAMESPACE variable not found. Infrastructure may not be deployed." | |
| exit 1 | |
| fi | |
| - name: Configure AWS credentials via OIDC | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubActionsInfraRole | |
| aws-region: us-east-1 | |
| - name: Setup Terraform | |
| uses: hashicorp/[email protected] | |
| with: | |
| terraform_version: 1.5.7 | |
| - name: Update kubeconfig | |
| run: aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} --region us-east-1 | |
| continue-on-error: true | |
| - name: Install Helm | |
| uses: azure/[email protected] | |
| with: | |
| version: v3.14.0 | |
| continue-on-error: true | |
| # --------------------------- | |
| # Delete ArgoCD Applications | |
| # --------------------------- | |
| - name: Delete ArgoCD Applications | |
| run: | | |
| kubectl delete application ${{ vars.APP_NAME }} -n ${{ vars.ARGOCD_NAMESPACE }} --ignore-not-found | |
| kubectl delete application kube-prometheus-stack -n ${{ vars.ARGOCD_NAMESPACE }} --ignore-not-found | |
| continue-on-error: true | |
| # --------------------------- | |
| # Uninstall Helm Releases | |
| # --------------------------- | |
| - name: Uninstall Helm Releases | |
| run: | | |
| helm uninstall ${{ vars.APP_NAME }} -n ${{ vars.APP_NAMESPACE }} || true | |
| helm uninstall kube-prometheus-stack -n ${{ vars.MONITORING_NAMESPACE }} || true | |
| helm uninstall argocd -n ${{ vars.ARGOCD_NAMESPACE }} || true | |
| continue-on-error: true | |
| # --------------------------- | |
| # Delete Namespaces | |
| # --------------------------- | |
| - name: Delete Namespaces | |
| run: | | |
| kubectl delete namespace ${{ vars.APP_NAMESPACE }} --ignore-not-found | |
| kubectl delete namespace ${{ vars.MONITORING_NAMESPACE }} --ignore-not-found | |
| kubectl delete namespace ${{ vars.ARGOCD_NAMESPACE }} --ignore-not-found | |
| continue-on-error: true | |
| # --------------------------- | |
| # Delete CRDs (Prometheus & Grafana) | |
| # --------------------------- | |
| - name: Delete CRDs | |
| run: | | |
| kubectl get crd -o name | grep -E 'prometheus|grafana|alertmanager|servicemonitor|prometheusrule' | xargs -r kubectl delete || true | |
| continue-on-error: true | |
| # --------------------------- | |
| # Cleanup PVCs & PVs | |
| # --------------------------- | |
| - name: Cleanup Persistent Storage | |
| run: | | |
| kubectl delete pvc --all -A || true | |
| kubectl delete pv --all || true | |
| continue-on-error: true | |
| # --------------------------- | |
| # Wait for cleanup to complete | |
| # --------------------------- | |
| - name: Wait for cleanup | |
| run: sleep 30 | |
| # --------------------------- | |
| # Terraform Destroy | |
| # --------------------------- | |
| - name: Terraform Init | |
| run: terraform init | |
| working-directory: ./Terraform | |
| - name: Terraform Destroy Plan | |
| run: terraform plan -destroy | |
| working-directory: ./Terraform | |
| - name: Terraform Destroy | |
| run: terraform destroy -auto-approve | |
| working-directory: ./Terraform | |
| # --------------------------- | |
| # Clean up GitHub Variables | |
| # --------------------------- | |
| - name: Remove GitHub repository variables | |
| run: | | |
| gh variable delete CLUSTER_NAME --repo $GITHUB_REPOSITORY || true | |
| gh variable delete APP_NAMESPACE --repo $GITHUB_REPOSITORY || true | |
| gh variable delete MONITORING_NAMESPACE --repo $GITHUB_REPOSITORY || true | |
| gh variable delete ARGOCD_NAMESPACE --repo $GITHUB_REPOSITORY || true | |
| gh variable delete APP_NAME --repo $GITHUB_REPOSITORY || true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.PAT_GITHUB }} | |
| continue-on-error: true |