Normally Digger workflow is not supposed to be triggered manually. It is triggered ether by the orchestrator backend, or directly by an event from GitHub (in the “backendless” mode with no-backend: true option set). The Destroy operation is a special case, by design: the only way to run terraform destroy in Digger is by triggering a workflow manually. This way unwanted destroys are guaranteed to never happen.

You can create a dedicated workflow accepting project name and action:


  on:
  workflow_dispatch:
  inputs:
    project:
      description: 'Digger project to perform destroy on'
      required: true
  jobs:
  destroy:
  runs-on: ubuntu-latest
  steps:
  - name: digger destroy
    uses: diggerhq/digger@v0.4.13
    with:
      mode: manual
      command: "digger destroy"
      project: "${{ inputs.project }}"
      setup-aws: true
      aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
      aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      aws-region: us-east-2
      # digger-token: ${{ secrets.DIGGER_TOKEN }}
      # digger-organisation: digger
      # digger-hostname: https://cloud.digger.dev/
    env:
      GITHUB_CONTEXT: ${{ toJson(github) }}
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Note the arguments “mode: manual” and “command: digger destroy” above are different from the default workflow

Custom commandsDisable auto-checkout