Google Cloud
DevOps
intermediate
CI/CD with Cloud Build — Google Cloud Architecture Template
Source pushes trigger Cloud Build to test, scan, and publish images to Artifact Registry, then deploy to Cloud Run staging and GKE production.
Why this architecture works
- Every deploy flows through the same build pipeline — no manual pushes to production.
- Artifact Registry vulnerability scanning blocks known-CVE images before deployment.
- Staging on Cloud Run gives cheap, production-like validation before GKE rollout.
- Build secrets come from Secret Manager, never from repo files or build logs.
- A dedicated deploy service account with minimal roles limits the blast radius of a compromised pipeline.
What's inside (9 resources)
Source Repo
gcp-source-repositories
Deploy SA
gcp-iam
Cloud Build
gcp-cloud-build
Build Secrets
gcp-secret-manager
Artifact Registry
gcp-artifact-registry
Staging (Cloud Run)
gcp-cloud-run
Production (GKE)
gcp-gke
Build Logs
gcp-logging
Cloud Monitoring
gcp-monitoring
From template to running infrastructure
- Open this template in the CloudForge visual designer (free account, no credit card).
- Customize resources, names, and connections on the drag-and-drop canvas — or ask Vani, the AI architect, to adapt it.
- Generate production-ready Terraform or Pulumi in one click.
- Review the plan diff and security scan, then deploy with human approval.