Skip to content
Latchkey

How to Deploy to GCP Cloud Run With Bitbucket Pipelines

Activate a service account with gcloud auth activate-service-account, then gcloud run deploy the image to Cloud Run.

A Cloud Run deploy authenticates with a service account key, then deploys the container image. Store the JSON key as a secured variable, write it to a file, and activate it before deploying.

Steps

  • Create a service account with the Cloud Run Admin and Service Account User roles.
  • Store its JSON key (base64) as the secured variable GCP_SA_KEY.
  • Decode and gcloud auth activate-service-account.
  • gcloud run deploy <service> --image <image> --region <region>.

Pipeline

bitbucket-pipelines.yml
image: google/cloud-sdk:slim
pipelines:
  branches:
    main:
      - step:
          name: Deploy to Cloud Run
          deployment: production
          script:
            - echo "$GCP_SA_KEY" | base64 -d > /tmp/key.json
            - gcloud auth activate-service-account --key-file /tmp/key.json
            - gcloud config set project "$GCP_PROJECT"
            - >
              gcloud run deploy web
              --image "$IMAGE_REPO:$BITBUCKET_COMMIT"
              --region us-central1 --platform managed --quiet

Gotchas

  • The image must live in Artifact Registry or GCR that the service account can read.
  • Add --allow-unauthenticated only if the service should be public.
  • Prefer workload identity federation over a long-lived key where supported.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →