Easily spin up a Windows 11 VM on Azure for testing things out#374
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| timeout-minutes: 60 | ||
|
|
||
| steps: | ||
| - name: Azure Login | ||
| uses: azure/login@v2 | ||
| with: | ||
| creds: ${{ secrets.AZURE_CREDENTIALS }} | ||
|
|
||
| - name: Start VM | ||
| run: | | ||
| echo "Starting VM: pareto" | ||
| az vm start --resource-group pareto --name pareto | ||
|
|
||
| # Wait for VM to be fully running | ||
| echo "Waiting for VM to be fully started ..." | ||
| az vm wait --resource-group pareto --name pareto --updated | ||
|
|
||
| - name: Get VM Status | ||
| run: | | ||
| echo "VM Status:" | ||
| az vm get-instance-view \ | ||
| --resource-group pareto \ | ||
| --name pareto \ | ||
| --query "instanceView.statuses[?starts_with(code, 'PowerState/')].displayStatus" \ | ||
| --output tsv | ||
|
|
||
| - name: Wait 45 minutes | ||
| run: | | ||
| echo "VM is running. Waiting 45 minutes before shutdown..." | ||
| echo "Start time: $(date)" | ||
| # sleep 2700 | ||
| sleep 60 | ||
| echo "End time: $(date)" | ||
|
|
||
| - name: Deallocate VM | ||
| run: | | ||
| echo "Shutting down VM ..." | ||
| az vm deallocate --resource-group pareto --name pareto --no-wait | ||
|
|
||
| - name: Wait for Deallocation | ||
| run: | | ||
| echo "Waiting for VM to be fully shut down ..." | ||
| az vm wait --resource-group pareto --name pareto --updated | ||
|
|
||
| - name: Reimage VM | ||
| run: | | ||
| echo "Reimaging VM to default Win11 state ..." | ||
| az vm reimage --resource-group pareto --name pareto | ||
|
|
||
| echo "VM has been reimaged and is ready for next use" | ||
|
|
||
| - name: Final VM Status | ||
| if: always() | ||
| run: | | ||
| echo "Final VM Status:" | ||
| az vm get-instance-view \ | ||
| --resource-group pareto \ | ||
| --name pareto \ | ||
| --query "instanceView.statuses[?starts_with(code, 'PowerState/')].displayStatus" \ | ||
| --output tsv || echo "Unable to get VM status" No newline at end of file |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix the problem, add a permissions block to the workflow file. The safest way is to add permissions: at the top level (applies to all jobs). Since this workflow does not interact with repository contents, pull requests, or any other GitHub resources other than possibly reading workflow files, the minimal safe permission is contents: read. This change is made by inserting the following YAML after the workflow name and description fields and before the on: trigger block (usually line 3). No further changes are needed elsewhere in the file.
| @@ -1,6 +1,9 @@ | ||
| name: Win11 VM | ||
| description: Start a temporary Windows 11 VM in Azure, wait 45 minutes, then shut it down and reimage it to default state. | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
|
|
zupo
changed the title
|
I need to merge this so I can start testing it. It can only be scheduled manually, so it shouldn't break anything? |
1 participant
Refs https://github.com/teamniteo/pareto/issues/812