Deploy worker pools from source code

This page describes how to deploy a new worker pool or worker pool revision to Cloud Run directly from source code using a single gcloud CLI command, gcloud beta run worker-pools deploy with the --source flag.

Behind the scenes, this command uses Google Cloud's buildpacks and Cloud Build to automatically build container images from your source code without having to install Docker on your machine or set up buildpacks or Cloud Build. That is, the single command described above does what would otherwise require the gcloud builds submit and the gcloud beta run worker-pools deploy commands.

Note that source deployments use Artifact Registry to store built containers. If your project doesn't already have an Artifact Registry repository with the name cloud-run-source-deploy in the region you are deploying to, this feature automatically creates an Artifact Registry repository with the name cloud-run-source-deploy.

If a Dockerfile is present in the source code directory, the uploaded source code is built using that Dockerfile. If no Dockerfile is present in the source code directory, Google Cloud's buildpacks automatically detects the language you are using and fetches the dependencies of the code to make a production-ready container image, using a secure base image managed by Google.

Supported languages

In addition to sources with a Dockerfile, deploying from source supports the following languages:

  • Go
  • Node.js
  • Python
  • Java
  • Kotlin
  • Groovy
  • Scala
  • .NET
  • Ruby
  • PHP
Read more details about supported language versions.

Limitations of this feature

  • Deploy from source uses Artifact Registry and Cloud Build, so this feature is only available in regions supported by Artifact Registry and Cloud Build.
  • Deploying from source is a convenience feature, and does not allow full customization of the build. For more control, build the container image using Cloud Build, for example, using gcloud builds submit, and then deploy the container image using, for example, gcloud beta run workerpools deploy --image.
  • Deploying from source with Google Cloud's buildpacks sets the Last Modified Date of source files to Jan 1, 1980. This is the default behavior of buildpacks and is designed to support reproducible builds. Depending on your language framework, this can affect browser-side caching of static files. If your application is affected by this, Google recommends disabling etag and Last-Modified HTTP headers in your application.
  • Deploying from source with Google Cloud's buildpacks always uses gcr.io/buildpacks/builder:latest. If your preferred language or OS configuration is not available in latest, use a specific builder to create an application image using your preferred builder.
  • You can deploy your worker pool from source using Kotlin and other JVM languages such as Java The language you use must conform to the following rules:

    • You can build the application using Maven or Gradle.
    • The build file contains all the plugins required to product classes.

Before you begin

  • Make sure you have set up a new project for Cloud Run as described in the setup page.
  • Enable the Cloud Run Admin API and the Cloud Build API:

    gcloud services enable run.googleapis.com \
        cloudbuild.googleapis.com

    After the Cloud Run Admin API is enabled, the Compute Engine default service account is automatically created.

Required roles

You or your administrator must grant the deployer account and the Cloud Build service account the following IAM roles.

Click to view required roles for the deployer account

To get the permissions that you need to build and deploy from source, ask your administrator to grant you the following IAM roles:

Click to view required roles for the Cloud Build service account

Cloud Build automatically uses the Compute Engine default service account as the default Cloud Build service account to build your source code and Cloud Run resource, unless you override this behavior. For Cloud Build to build your sources, ask your administrator to grant Cloud Run Builder (roles/run.builder) to the Compute Engine default service account on your project:

  gcloud projects add-iam-policy-binding PROJECT_ID \
      --member=serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com \
      --role=roles/run.builder
  

Replace PROJECT_NUMBER with your Google Cloud project number, and PROJECT_ID with your Google Cloud project ID. For detailed instructions on how to find your project ID, and project number, see Creating and managing projects.

Granting the Cloud Run builder role to the Compute Engine default service account takes a couple of minutes to propagate.

For a list of IAM roles and permissions that are associated with Cloud Run, see Cloud Run IAM roles and Cloud Run IAM permissions. If your Cloud Run worker pool interfaces with Google Cloud APIs, such as Cloud Client Libraries, see the service identity configuration guide. For more information about granting roles, see deployment permissions and manage access.

Deploy from source

To deploy from source code:

  1. Change to your source directory. Note that the source directory doesn't require a Dockerfile, but if a Dockerfile is present it will be used.

  2. Build and deploy your worker pool:

    gcloud beta run workerpools deploy WORKERPOOL --source .
    Replace WORKERPOOL with the name you want for your worker pool.
  3. Respond to any prompts to install required APIs by responding y when prompted. You only need to do this once for a project. Respond to other prompts by supplying the platform and region, if you haven't set defaults for these as described in the setup page.

  4. Wait for the build and deploy to complete. When finished, Cloud Run displays a success message.

Automating building from source

As a best practice for avoiding unversioned changes in local source, Google recommends that you automatically deploy when changes are pushed to your Git repository. To make this easier, you can connect and configure continuous deployment to your Cloud Run worker pool. By connecting your GitHub repositories to Cloud Run, you can configure builds and deploy your repositories without writing Dockerfiles or build files.

What's next

After you deploy a Cloud Run worker pool, you can do the following: