Introduction
In the last guide, we deployed our FastAPI app to Google Cloud Run manually. It worked, but "manual" is a dirty word in modern engineering.
If you have to type docker build and gcloud run deploy every time you fix a typo, you are wasting time. Worse, you risk deploying broken code.
Today, we will build a robust CI/CD Pipeline using GitHub Actions. By the end of this guide, your deployment strategy will be:
git pushDone.
The Architecture
We aren't just running a script. We are setting up a professional workflow:
Trigger: You push code to the
mainbranch.Build: GitHub Actions spins up a runner, installs Docker, and builds your image.
Auth: We authenticate securely with Google Cloud.
Push: The image is uploaded to Google Artifact Registry.
Deploy: The new revision is rolled out to Cloud Run immediately.
Step 1: Create the Service Account
GitHub needs permission to talk to your Google Cloud project. We don't give it your personal admin access; we create a dedicated Service Account.
Go to GCP Console -> IAM & Admin -> Service Accounts.
Create a new account (e.g.,
github-deployer).Grant these roles:
* `Artifact Registry Writer` (to push images)
* `Cloud Run Admin` (to deploy)
* `Service Account User` (to act as the service identity)
Click the account -> Keys -> Add Key -> Create new key (JSON).
Download the file. Keep this safe.
Step 2: Configure GitHub Secrets
Never commit credentials to your code. We use GitHub Secrets.
Go to your GitHub Repository -> Settings -> Secrets and variables -> Actions.
Add a New Repository Secret:
* **Name:** `GCP_SA_KEY`
* **Value:** Paste the entire content of the JSON file you just downloaded.
Step 3: The Workflow File
Create a folder in your project: .github/workflows/ and add a file named deploy.yml.
Here is the complete configuration. I’ve optimized this for speed and clarity.
YAML
name: Deploy to Cloud Run
on:
push:
branches:
- main # Trigger only on push to main branch
env:
PROJECT_ID: your-gcp-project-id # <--- REPLACE THIS
REGION: us-central1 # <--- REPLACE THIS
REPO_NAME: my-repo # <--- REPLACE THIS (Artifact Registry Name)
SERVICE_NAME: logicloop-backend # <--- REPLACE THIS (Cloud Run Service Name)
jobs:
deploy:
runs-on: ubuntu-latest
steps:
# 1. Checkout Code
- name: Checkout code
uses: actions/checkout@v3
# 2. Authenticate with Google Cloud
- name: Google Auth
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
# 3. Setup Cloud SDK
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
# 4. Configure Docker to use gcloud as a credential helper
- name: Docker Auth
run: |
gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev
# 5. Build and Push Container
- name: Build and Push Container
run: |
docker build -t ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPO_NAME }}/${{ env.SERVICE_NAME }}:${{ github.sha }} .
docker push ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPO_NAME }}/${{ env.SERVICE_NAME }}:${{ github.sha }}
# 6. Deploy to Cloud Run
- name: Deploy to Cloud Run
uses: google-github-actions/deploy-cloudrun@v1
with:
service: ${{ env.SERVICE_NAME }}
region: ${{ env.REGION }}
image: ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPO_NAME }}/${{ env.SERVICE_NAME }}:${{ github.sha }}
flags: '--allow-unauthenticated' # Optional: Make public
Step 4: The Test
Save the file.
-
Commit and push:
Bash
git add . git commit -m "Add CI/CD pipeline" git push origin main Go to the "Actions" tab in your GitHub repository.
You will see a workflow running. It will turn green in about 2 minutes. Once it does, check your Cloud Run URL. It has been updated automatically.
Why this makes you a better engineer
This setup encourages small, frequent updates. You are no longer afraid of deployments because they are automated and consistent. If something breaks, you can just revert the commit, and the pipeline will re-deploy the old version automatically.
That is the power of CI/CD.
Top comments (0)