Deploy from source code

This page describes how to deploy new services and new revisions to Cloud Run directly from source code using a single gcloud CLI command, gcloud run deploy with the --source flag. For an example walkthrough of deploying a Hello World service, see Deploy from source quickstarts.

Behind the scenes, this command uses Google Cloud's buildpacks and Cloud Build to automatically build container images from your source code without having to install Docker on your machine or set up buildpacks or Cloud Build. That is, the single command described above does what would otherwise require the gcloud builds submit and the gcloud run deploy commands.

Note that source deployments use Artifact Registry to store built containers. If your project doesn't already have an Artifact Registry repository with the name cloud-run-source-deploy in the region you are deploying to, this feature automatically creates an Artifact Registry repository with the name cloud-run-source-deploy.

If a Dockerfile is present in the source code directory, the uploaded source code is built using that Dockerfile. If no Dockerfile is present in the source code directory, Google Cloud's buildpacks automatically detects the language you are using and fetches the dependencies of the code to make a production-ready container image, using a secure base image managed by Google.

By default, security fixes are only applied when the service is deployed. When you enable automatic security updates for a service, that service receives patches automatically with zero downtime. Learn more about configuring security updates.

Supported languages

In addition to sources with a Dockerfile, deploying from source supports the following languages:

Read more details about language versions supported by Google Cloud's buildpacks.

Limitations of this feature

  • Deploy from source uses Artifact Registry, so this feature is only available in regions supported by Artifact Registry.
  • Deploying from source using gcloud run deploy --source is a convenience feature, and does not allow full customization of the build. For more control, build the container image using Cloud Build, for example, using gcloud builds submit, and then deploy the container image using, for example, gcloud run deploy --image.
  • Deploying from source with Google Cloud's buildpacks sets the Last Modified Date of source files to Jan 1, 1980. This is the default behavior of buildpacks and is designed to support reproducible builds. Depending on your language framework, this can affect browser-side caching of static files. If your application is affected by this, Google recommends disabling etag and Last-Modified HTTP headers in your application.
  • Deploying from source with Google Cloud's buildpacks always uses gcr.io/buildpacks/builder:latest. If your preferred language or OS configuration is not available in latest, use a specific builder to create an application image using your preferred builder.
  • You can deploy your service from source using Kotlin and other JVM languages such as Java The language you use must conform to the following rules:

    • You can build the application using Maven or Gradle.
    • The build file contains all the plugins required to product classes.

Before you start

  • Make sure you have set up a new project for Cloud Run as described in the setup page.
  • If you are under a domain restriction organization policy restricting unauthenticated invocations for your project, you will need to access your deployed service as described under Testing private services.

Required roles

To get the permissions that you need to deploy from source, ask your administrator to grant you the following IAM roles on your project:

For a list of IAM roles and permissions that are associated with Cloud Run, see Cloud Run IAM roles and Cloud Run IAM permissions. If your Cloud Run service interfaces with Google Cloud APIs, such as Cloud Client Libraries, see the service identity configuration guide. For more information about granting roles, see deployment permissions and manage access.

Grant the Cloud Build Service Account role to the Compute Engine default service account

  1. Enable the Cloud Run Admin API and the Cloud Build API:

    gcloud services enable run.googleapis.com \
        cloudbuild.googleapis.com

    After the Cloud Run Admin API is enabled, the Compute Engine default service account is automatically created.

  2. For Cloud Build to be able to build your sources, grant the Cloud Build Service Account role to the Compute Engine default service account by running the following:
    gcloud projects add-iam-policy-binding PROJECT_ID \
        --member=serviceAccount:PROJECT_NUMBER[email protected] \
        --role=roles/cloudbuild.builds.builder

    Replace PROJECT_NUMBER with your Google Cloud project number, and PROJECT_ID with your Google Cloud project ID. For detailed instructions on how to find your project ID, and project number, see Creating and managing projects.

    Granting the Cloud Build Service Account role to the Compute Engine default service account takes a couple of minutes to propagate.

Deploying

To deploy from source code:

  1. Change to your source directory. Note that the source directory doesn't require a Dockerfile, but if a Dockerfile is present it will be used.

  2. Build and deploy your application:

    gcloud run deploy SERVICE --source .

    Replace SERVICE with the name you want for your service.

    Respond to any prompts to install required APIs by responding y when prompted. You only need to do this once for a project. Respond to other prompts by supplying the platform and region, if you haven't set defaults for these as described in the setup page.

  3. Wait for the build and deploy to complete. When finished, a message similar to this one is displayed:

    Service [my-app] revision [my-app-00000-xxx] has been deployed and is serving 100 percent of traffic. Service URL: https://my-app-texampleq-uc.a.run.app

    Upon deployment, note that this service revision serves 100% of traffic.

Automating building from source

As a best practice for avoiding unversioned changes in local source, Google recommends that you automatically deploy when changes are pushed to your Git repository. To make this easier, you can connect and configure continuous deployment to your Cloud Run service. By connecting your GitHub repositories to Cloud Run, you can configure builds and deploy your repositories without writing Dockerfiles or build files.

To configure automated builds, set up automation as described in the continuous builds page, making sure you choose the option for building source with Buildpacks.

What's next

After you deploy a new service, you can do the following:

You can automate the builds and deployments of your Cloud Run services using Cloud Build Triggers: