GitHub Action to delete AWS Glue Data Catalog databases with optional cascade delete of all tables.
- Delete Glue databases
- Safety check: Fails if database contains tables (unless cascade=true)
- Optional cascade delete (allows deletion of databases with tables)
- Automatic verification that database is deleted
- Gracefully handles non-existent databases
- Support for cross-account catalog access
- Comprehensive error reporting
- name: Delete Glue database
uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: 'my_database'- name: Delete database that contains tables
uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: 'my_database'
cascade: true # Required if database has tables- name: Delete database in another account
uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: 'shared_database'
catalog-id: '987654321098'This action requires AWS credentials to be configured. Use the official AWS configure credentials action:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::123456789012:role/GitHubActionsRole
aws-region: us-east-1
- uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: 'my_database'
cascade: true| Input | Required | Default | Description |
|---|---|---|---|
database-name |
Yes | - | Name of the Glue database to delete |
catalog-id |
No | current account | AWS account ID for cross-account access |
cascade |
No | false | If true, delete all tables in the database first |
| Output | Description |
|---|---|
database-name |
Name of the deleted database |
had-tables |
"true" if database contained tables, "false" if empty |
- Action checks if database contains any tables
- If tables exist, the action FAILS with a clear error message
- This prevents accidental data loss
- Use this for databases you know are empty
- Action checks if database contains any tables
- If tables exist, logs a warning and proceeds with deletion
- Deletes the database (AWS Glue cleans up tables asynchronously)
- Note: AWS handles table deletion in the background - tables are not immediately deleted but will be removed "in a timely manner"
AWS Glue's DeleteDatabase API always succeeds, even if tables exist. AWS then asynchronously deletes orphaned tables "at the discretion of the service." This action adds a safety check to prevent accidental deletion unless you explicitly set cascade: true.
name: Cleanup Glue Database
on:
workflow_dispatch:
inputs:
database_name:
description: 'Database to delete'
required: true
jobs:
delete-database:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::123456789012:role/GitHubActionsRole
aws-region: us-east-1
- name: Delete Glue database
uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: ${{ github.event.inputs.database_name }}
cascade: true
id: delete-db
- name: Report deletion
run: |
echo "Database: ${{ steps.delete-db.outputs.database-name }}"
echo "Had tables: ${{ steps.delete-db.outputs.had-tables }}"- name: Delete test databases
uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: 'test_${{ github.run_id }}'
cascade: true- name: Delete empty database (fails if tables exist)
uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: 'empty_database'
# cascade: false is the default - provides safety checkname: Cleanup on PR Close
on:
pull_request:
types: [closed]
jobs:
cleanup:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::123456789012:role/GitHubActionsRole
aws-region: us-east-1
- name: Delete PR-specific database
uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: 'pr_${{ github.event.pull_request.number }}'
cascade: trueThe AWS credentials used by this action need the following IAM permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetTables"
],
"Resource": [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*",
"arn:aws:glue:*:*:table/*/*"
]
}
]
}Note: glue:GetTables is required to check if the database contains tables for the safety check.
If the database doesn't exist, the action will:
- Log a warning: "Database X does not exist - nothing to delete"
- Exit successfully (not an error)
- Set outputs with 0 tables deleted
If the database contains tables and cascade: false (default):
- Action will fail with a clear error message:
Database X contains tables. Set cascade: true to allow deletion, or manually delete tables first. This safety check prevents accidental data loss. - Set
cascade: trueto allow deletion of databases with tables
If credentials lack necessary permissions:
- Action will fail with AWS SDK error
- Error details include HTTP status and error code
- Check IAM permissions match requirements above
- uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: 'integration_tests'
cascade: true- uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: 'ephemeral_${{ github.sha }}'
cascade: true- name: Cleanup on failure
if: failure()
uses: predictr-io/aws-glue-delete-database@v0
with:
database-name: 'temp_database'
cascade: trueAfter deletion, the action polls GetDatabase to verify the database no longer exists:
- Max 10 attempts with 1s delay
- Logs verification progress
- Ensures eventual consistency is handled
MIT