Google Cloud Run Guide — CI/CD using Github Actions and Flags (allow unauthenticated, tag and others)
2 min read3 days ago
Google Cloud Run is a serverless computing service that allows developers to run containerized applications in the cloud. It automatically handles infrastructure management, scaling, and billing based on actual usage.
Key Features of Google Cloud Run:
- Simple Deployment: Deploy applications using container images.
- Automatic Scaling: Scales automatically from zero to handle peak traffic.
- Pay-per-use: Charges only for resources used while applications are running.
- Integration with Google Cloud Services: Works well with other Google Cloud services like Pub/Sub, Cloud Storage, and Cloud SQL.
Flags:
--platform: Specifies the deployment platform(managed and gke).--allow-unauthenticated: Allows unauthenticated access.--concurrency: Maximum number of requests per instance.--memory: Memory allocated per instance.--cpu: CPU allocated per instance.--max-instances: Maximum number of instances.--timeout: Maximum request timeout.--port: Port for the application.
Github Action on Deploy Cloud Run
We observe a GitHub Action script that uses various actions to perform the following steps:
- Checkout the repository(Checkout)
- Authenticate with the GCP SDK (Google Auth)
- Build and push the container image to Artifact Registry (Build and Push Container)
name: Build and Deploy to Cloud Run
on:
workflow_dispatch:
env:
PROJECT_ID: credible-bridge-421520
GAR_LOCATION: us-central1
SERVICE: cloudrun-job-projects
REGION: us-central1
deploy:
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Google Auth
id: auth
uses: 'google-github-actions/auth@v2'
with:
token_format: 'access_token'
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com
- name: Docker Auth
id: docker-auth
uses: 'docker/login-action@v1'
with:
username: 'oauth2accesstoken'
password: '${{ steps.auth.outputs.access_token }}'
registry: '${{ env.GAR_LOCATION }}-docker.pkg.dev'
- name: Build and Push Container
run: |-
docker build -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ github.sha }}" ./
docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ github.sha }}
More information Flags:
- Allow unauthenticated
--allow-unauthenticated flag in Google Cloud Run is used to allow public access to a deployed service. When this flag is set, the service can be accessed by anyone without requiring authentication. This is useful for services that are intended to be publicly accessible, such as public APIs, websites, or any service that does not need to restrict access to authenticated users.
- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v2
with:
service: ${{ env.SERVICE }}
region: ${{ env.REGION }}
image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ github.sha }}
flags: '--allow-unauthenticated'
- name: Show Output
run: echo ${{ steps.deploy.outputs.url }} -