Normally Digger workflow is not supposed to be triggered manually. It is triggered ether by the orchestrator backend, or directly by an event from GitHub (in the “backendless” mode with no-backend: true option set). The Destroy operation is a special case, by design: the only way to run terraform destroy in Digger is by triggering a workflow manually. This way unwanted destroys are guaranteed to never happen.

You can create a dedicated workflow accepting project name and action:

on:
  workflow_dispatch:
    inputs:
      project:
        description: 'Digger project to perform destroy on'
        required: true
jobs:
  destroy:
    runs-on: ubuntu-latest
    steps:
    - name: digger destroy
      uses: diggerhq/digger@vLatest
      with:
        mode: manual
        command: "digger destroy"
        project: "${{ inputs.project }}"
        setup-aws: true
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-2
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Note the arguments “mode: manual” and “command: digger destroy” above are different from the default workflow

Custom commandsDraft PRs