Skip to content


When it comes to building out infrastructure the process is quite simple. Destroying infrastructure if a bit more involved with our pipeline, which is by design to protect us.

We're going to be talking about the .destroy file and how we go about creating it to allow us to destroy our infrastructure.

The .destroy File

Filename Location Group Project/Repository
./destroy ./destroy infrastructure terraform


This file is designed to act as a secondary manual gate. We could just have a "Destroy" stage always present in the pipeline, allowing for a single click to delete everything, but that makes me uncomfortable. If it's accidentally clicked, you've lost everything and recovering would be a long, difficult process depending on the infrastructure. Let's avoid that by adding in an extra step to enable destroying some infrastructure.

Think of the .destroy file process as similar to the process you have to go through when deleting a repository (project) in GitLab: you have to type out the name of the repository in full to confirm. In this case we have to create a file called .destroy, which also has to go through code review and be approved. This adds a lot of extra steps to a dangerous process you'll want to take seriously.

The Solution

Let's create the file and push it.

touch .destroy
git add .destroy
git commit -am 'destroying our infrastructure'
git push


If you commit any changes to any .tf files at the same time as commit the .destroy file, the pipeline will not execute at all. Ensure the only thing you commit and push is the .destroy file.

Once this file hits the remote repository in GitLab it will trigger a pipeline deployment, which will look different to a normal run:

A new pipeline in detail

As you can see it looks like everything has been skipped or ignored, but we can do one of two things here:

  1. We can click on the >> symbol under "Stages" and then click the play button to trigger a destroy
  2. We can click the pipeline ID, the number, and then click the play button to trigger a destroy

Either or, trigger one of these now and the status of the pipeline will change to "Running".

You've now destroyed your Terraform infrastructure.


After running the pipeline manually in the way that we have, let's now have the pipeline run automatically when we make a change to a *.tf file.