This page describes how to deploy new services and new
revisions to Cloud Run directly from source code using a single gcloud CLI command, gcloud run deploy
with the
--source
flag. For an example
walkthrough of deploying a Hello World service, see
Deploy from source quickstarts.
Behind the scenes, this command uses
Google Cloud's buildpacks
and Cloud Build to automatically build
container images from your source code without having to install Docker on your
machine or set up buildpacks or Cloud Build. That is, the single command
described above does what would otherwise require the
gcloud builds submit
and the
gcloud run deploy
commands.
Note that source deployments use Artifact Registry to
store built containers. If your project doesn't already have an Artifact Registry
repository with the name cloud-run-source-deploy
in the region you are
deploying to, this feature automatically creates an Artifact Registry repository
with the name cloud-run-source-deploy
.
If a Dockerfile is present in the source code directory, the uploaded source code is built using that Dockerfile. If no Dockerfile is present in the source code directory, Google Cloud's buildpacks automatically detects the language you are using and fetches the dependencies of the code to make a production-ready container image, using a secure base image managed by Google.
By default, security fixes are only applied when the service is deployed. When you enable automatic security updates for a service, that service receives patches automatically with zero downtime. Learn more about configuring security updates.
Supported languages
In addition to sources with a Dockerfile, deploying from source supports the following languages:
Read more details about language versions supported by Google Cloud's buildpacks.
Limitations of this feature
- Deploy from source uses Artifact Registry and Cloud Build, so this feature is only available in regions supported by Artifact Registry and Cloud Build.
- Deploying from source using
gcloud run deploy --source
is a convenience feature, and does not allow full customization of the build. For more control, build the container image using Cloud Build, for example, usinggcloud builds submit
, and then deploy the container image using, for example,gcloud run deploy --image
. - Deploying from source with Google Cloud's buildpacks sets the Last Modified Date
of source files to Jan 1, 1980. This is the default behavior of buildpacks and is designed to support
reproducible builds. Depending on your
language framework, this can affect browser-side caching of static files. If
your application is affected by this, Google recommends disabling
etag
andLast-Modified
HTTP headers in your application. - Deploying from source with Google Cloud's buildpacks always uses
gcr.io/buildpacks/builder:latest
. If your preferred language or OS configuration is not available inlatest
, use a specific builder to create an application image using your preferred builder. You can deploy your service from source using Kotlin and other JVM languages such as Java The language you use must conform to the following rules:
- You can build the application using Maven or Gradle.
- The build file contains all the plugins required to product classes.
Before you begin
- Make sure you have set up a new project for Cloud Run as described in the setup page.
If you are under a domain restriction organization policy restricting unauthenticated invocations for your project, you will need to access your deployed service as described under Testing private services.
Enable the Cloud Run Admin API and the Cloud Build API:
gcloud services enable run.googleapis.com \ cloudbuild.googleapis.com
After the Cloud Run Admin API is enabled, the Compute Engine default service account is automatically created.
Required roles
You or your administrator must grant the deployer account and the Cloud Build service account the following IAM roles.
Click to view required roles for the deployer account
To get the permissions that you need to build and deploy from source, ask your administrator to grant you the following IAM roles:
- Cloud Run Source Developer (
roles/run.sourceDeveloper
) on your project - Service Account User (
roles/iam.serviceAccountUser
) on the Cloud Run service identity
Click to view required roles for the Cloud Build service account
Cloud Build automatically uses the
Compute Engine default service
account as the default Cloud Build service account to build your source code and
Cloud Run resource, unless you override this behavior. For
Cloud Build to build your sources, ask your administrator to grant
Cloud Run Builder
(roles/run.builder
) to the Compute Engine default
service account on your project:
gcloud projects add-iam-policy-binding PROJECT_ID \ --member=serviceAccount:PROJECT_NUMBER[email protected] \ --role=roles/run.builder
Replace PROJECT_NUMBER
with your Google Cloud
project number, and PROJECT_ID
with your Google Cloud
project ID. For detailed instructions on how to find your project ID, and project number,
see Creating
and managing projects.
Granting the Cloud Run builder role to the Compute Engine default service account takes a couple of minutes to propagate.
For a list of IAM roles and permissions that are associated with Cloud Run, see Cloud Run IAM roles and Cloud Run IAM permissions. If your Cloud Run service interfaces with Google Cloud APIs, such as Cloud Client Libraries, see the service identity configuration guide. For more information about granting roles, see deployment permissions and manage access.
Deploying
To deploy from source code:
Change to your source directory. Note that the source directory doesn't require a Dockerfile, but if a Dockerfile is present it will be used.
Build and deploy your application:
gcloud run deploy SERVICE --source .
Replace
SERVICE
with the name you want for your service.Respond to any prompts to install required APIs by responding
y
when prompted. You only need to do this once for a project. Respond to other prompts by supplying the platform and region, if you haven't set defaults for these as described in the setup page.Wait for the build and deploy to complete. When finished, a message similar to this one is displayed:
Service [my-app] revision [my-app-00000-xxx] has been deployed and is serving 100 percent of traffic. Service URL: https://my-app-texampleq-uc.a.run.app
Upon deployment, note that this service revision serves 100% of traffic.
Automating building from source
As a best practice for avoiding unversioned changes in local source, Google recommends that you automatically deploy when changes are pushed to your Git repository. To make this easier, you can connect and configure continuous deployment to your Cloud Run service. By connecting your GitHub repositories to Cloud Run, you can configure builds and deploy your repositories without writing Dockerfiles or build files.
To configure automated builds, set up automation as described in the continuous builds page, making sure you choose the option for building source with Buildpacks.
What's next
After you deploy a new service, you can do the following:
- Gradual rollouts, rollback revisions, traffic migration
- View service logs
- Monitor service performances
- Set memory limits
- Set environment variables
- Change service concurrency
- Manage the service
- Manage service revisions
You can automate the builds and deployments of your Cloud Run services using Cloud Build Triggers: