How to run `terraform destroy` in TF Cloud

I’m trying to run terraform destroy when a PR is merged. The purpose is to clean up a dev environment created during the PR phase.

I’m not sure if I just need the create-run action with is_destroy: true or if I also need the apply-run action (which, looking at the source code, would run terraform apply). I’m presuming I don’t need the apply-run, but wanted to double check with people here.


    name: "Cleanup Dev Environment"
    runs-on: ubuntu-latest
    if: github.event.pull_request.merged == true
      - name: Checkout
        uses: actions/checkout@v4

      - name: Upload Configuration
        uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.0
        id: apply-upload
          workspace: ${{ env.TF_WORKSPACE }}
          directory: ${{ env.CONFIG_DIRECTORY }}

      - name: Create Apply Run
        uses: hashicorp/tfc-workflows-github/actions/create-run@v1.0.0
        id: apply-run
          workspace: ${{ env.TF_WORKSPACE }}
          configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
          is_destroy: true

      - name: Apply
        uses: hashicorp/tfc-workflows-github/actions/apply-run@v1.0.0
        if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable
        id: apply
          run: ${{ steps.apply-run.outputs.run_id }}
          comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"

Apologies for pinging directly, but @apparentlymart you’re usually floating around on this forum :slight_smile: maybe you can let me know about this :point_up:

Thanks. :bowing_man:

Hey @Integralist, thanks for taking the time to put this question out. Judging by the hardcoded ‘-apply’ in the ‘apply-run’ action: tfc-workflows-github/actions/apply-run/action.yml at 34866d21f6856cca1fbca7c09c5644203aa83890 · hashicorp/tfc-workflows-github · GitHub I’m going to assume that you should not be needing this, and only require ‘create-run’ with ‘is_destroy’ set to ‘true’: tfc-workflows-github/actions/create-run/action.yml at 34866d21f6856cca1fbca7c09c5644203aa83890 · hashicorp/tfc-workflows-github · GitHub as you already concluded correctly.

The ‘apply-run’ really seems like a roll-forward action, and you would only be able to destroy resources in an apply if you had removed them from your Terraform configuration.

Let me know if this works for you :slight_smile: