CI/CD Pipeline on GCP using Cloud Source Repository, Cloud Build, Container Registry and Cloud Run

Automatically building and deploying containers into Cloud Run when changes pushed to CSR repository.

GCP Serverless CI/CD Pipeline Architecture


In this article, we’ll see how to configure a CI/CD pipeline on GCP using Cloud Source Repository, Cloud Build, Container Registry and Cloud Run.

Cloud Source Repository

Google Cloud Source Repositories are fully featured, private Git repositories hosted on Google Cloud Platform. Collaborate easily and securely manage your code on a fully featured, scalable, private Git repository.

Cloud Build

Cloud Build is a service that executes your builds on Google Cloud Platform infrastructure. Cloud Build can import source code from Google Cloud Storage, Cloud Source Repositories, GitHub, or Bitbucket, execute a build to your specifications, and produce artifacts such as Docker containers or Java archives.

Container Registry

Container Registry is a private container image registry that runs on Google Cloud.

Cloud Run

Fully managed compute platform for deploying and scaling containerized applications quickly and securely

Setup the GCP Project

To follow this tutorial, you will need access to GCP Project

  1. Access the GCP console, enter a name for your new project and click the CREATE button
  2. Select APIs & Service and then click on the ENABLE APIS AND SERVICES
  3. Enable these APIs: Cloud Source Repositories API, Cloud Build APIGoogle Container Registry API and the Cloud Run API.

The Sample Application

The sample application we’ll use for this tutorial is a very simple Flask application.

If you want to know more about the app, please follow my previous blog

This is config service using Google Sheet.

It exposes two endpoints

  • /project/<>/env/<>/key/<>: a endpoint to get value of the key.
  • /spreadsheet/<>/worksheet/<>/id/<>: returns data belongs to the id.


FROM python:3.7


COPY requirements.txt /requirements.txt

RUN pip3 install -r requirements.txt

COPY . /

ENTRYPOINT [ "python3" ]

CMD [ "app/" ]

Create Service Account

Go to cloud shell (right corner “>_” ) icon. Run following command

gcloud iam service-accounts create sample-app

The service account created as ‘sample-app@$’

Create Repository in Cloud Source Repository

This step will create repository in Cloud Source Repository and then clone it from Github.

  1. From left menu select, Cloud Source Repository. Then select Add repository.
Create Repository

2. Enter the repository name and project name.

3. Go to Cloud shell and clone the sample code from Github.

cd ~git clone sample-app

4. Configure source code repository as remote

cd ~/sample-app
PROJECT_ID=$(gcloud config get-value project)
git remote add google \

5. Push the sample app code to CSR

git push google master

6. Refresh the Cloud Source Repository to see if code has been pushed.

Configuring Cloud Build Pipeline

The steps to build pipeline defined in YML file called cloudbuild.yaml. The pipeline is composed of three steps.

  1. The first step is responsible for building and tagging the Docker image of our application.
  2. The second step is responsible for pushing the Docker image built on the step one to Container Registry.
  3. The third step is responsible for deploying the Docker image to Cloud Run.
- name: ''
  args: [ 'build', '-t', '${PROJECT_ID}/${_SERVICE_NAME}:$SHORT_SHA', '.' ]
- name: ''
  args: [ 'push', '${PROJECT_ID}/${_SERVICE_NAME}:$SHORT_SHA']
- name: ''
    - 'run'
    - 'deploy'
    - '${_SERVICE_NAME}'
    - '--region=${_REGION}'
    - '--platform=managed'
    - '--allow-unauthenticated'
    - '--service-account=${_SERVICE_ACCOUNT_EMAIL}'

We make use of some variables like $PROJECT_ID and $SHORT_SHA. These are provided by Cloud Build.

I have also created${ _SERVICE_NAME}, ${_REGION} and ${_SERVICE_ACCOUNT_EMAIL}, a user defined variables to generate Docker image.

Set up the Cloud Build Trigger

From menu, select Cloud Build, select Trigger, Select the Repository we created in CSR, click on : and select Add trigger

Add trigger in Cloud build

Here, we specify:

  • The Name and Description of the trigger;
  • That the build should be triggered whenever stuff is pushed into the master branch of the repository;
  • That the build configuration is provided by the cloudbuild.yaml file from our repository;
  • That the _SERVICE_ACCOUNT_EMAIL variable from our cloudbuild.yaml should be replaced with the service account value. As described before, this variable is used for managing our generated Docker image, as well as to set the name of the deployed Cloud Run service.

Service account permissions

Click on Settings and enable following permission to default cloud build service account.

  • Cloud Run
  • Service Accounts

Triggering builds

To test the configuration,

  1. Commit and push any changed to the master branch of your repository.
  2. Run the trigger manually bu clicking the Run Trigger button.

Test the pipeline

Click on the Run Trigger button.

The dashboard shows the high level details of the triggers


Click on History to see the status of each steps in Build

Cloud Build details

Container Registry

The Cloud Build trigger pushed the Docker image to Container Registry.

List of images

You can directly deploy this Docker container to either

  • Cloud Run
  • Google Kubernetes Engine
  • Google Compute Engine

Cloud Run

Now that the application is built and deployed, you should be able to access it through the endpoint generated by Cloud Run. To get its address:

  • In the GCP Console, select Cloud Run from the top-left menu;
  • Click on the name of the deployed service;
  • Copy the URL at the top of the page:

This service has two endpoints

  • /project/<>/env/<>/key/<>: a endpoint to get value of the key.
  • /spreadsheet/<>/worksheet/<>/id/<>: returns data belongs to the id.

Access the Sample Application

This sample application is Config service on Google Sheet.

To access application you need to follow the steps below

  1. Enable APIs: Sheet API, Drive API
  2. Create Google Sheet using any google account.
sample-app sheet

3. Share the Googlesheet to the service account created in this Tutorial.

4. Hit GET API /project/<>/env/<>/key/<>

5. Hit GET API /spreadsheet/<>/worksheet/<>/id/<>

Note: Sometimes, it takes time to reciprocate Drives API, so you can use spreadsheet_id in project_name or spreadsheet_name.

Cleaning up

To Avoid incurring charges to your Google Cloud Platform account for the resources used in this tutorial.

  1. Either delete the project

2. Delete the resources

  • Delete the deployed Cloud Run service
  • Delete the Container Registry saved images
  • Delete the Cloud Build configured triggers
  • Delete the Cloud Source repository.


The pipeline was configured to be triggered every time new code was pushed into the master branch of the Cloud Source Repository. Once that happens, the pipeline:

  • Builds the Docker image;
  • Pushes the built Docker image into Container Registry;
  • Deploy the Docker image into Cloud Run;

Leave a Comment

MFH IT Solutions (Regd No -LIN : AP-03-46-003-03147775)

Consultation & project support organization.


MFH IT Solutions (Regd)
NAD Kotha Road, Opp Bashyam School, Butchurajupalem, Jaya Prakash Nagar Visakhapatnam, Andhra Pradesh – 530027