How to Deploy to GCP Cloud Run

Deploy AuditSwarm to Google Cloud Platform using Cloud Run (current production setup).

Overview

This guide walks through deploying both the main Next.js app and the MCP server to GCP Cloud Run, with Cloud SQL for the database.

Estimated Time: 45-60 minutes Cost: ~$50-100/month for small deployments

Prerequisites

GCP account with billing enabled
gcloud CLI installed and authenticated
Domain name (optional, for custom URLs)

Architecture

Internet
   │
   ├─→ Cloud Run: auditswarms-demo-app (Next.js)
   │        │
   │        └─→ Cloud SQL: SQL Server database
   │
   └─→ Cloud Run: auditswarms-mcp (MCP Server)
            │
            └─→ Cloud SQL (shared)

Step 1: Set Up Cloud SQL Database

1.1 Create Cloud SQL Instance

gcloud sql instances create auditswarms-db \
  --database-version=SQLSERVER_2019_STANDARD \
  --tier=db-custom-2-7680 \
  --region=us-central1 \
  --root-password=STRONG_PASSWORD_HERE

1.2 Create Database

gcloud sql databases create auditswarms \
  --instance=auditswarms-db

1.3 Get Connection String

gcloud sql instances describe auditswarms-db \
  --format="value(connectionName)"

Save this - you'll need it for DATABASE_URL.

Step 2: Store Secrets in Secret Manager

# Database URL
echo -n "sqlserver://auditswarms-db:us-central1:auditswarms-db/auditswarms?user=sqlserver&password=YOUR_PASSWORD" | \
  gcloud secrets create DATABASE_URL --data-file=-

# NextAuth secret
openssl rand -base64 32 | \
  gcloud secrets create NEXTAUTH_SECRET --data-file=-

# Encryption key
openssl rand -base64 32 | \
  gcloud secrets create ENCRYPTION_KEY --data-file=-

Step 3: Build and Push Container Images

3.1 Enable APIs

gcloud services enable \
  cloudbuild.googleapis.com \
  run.googleapis.com \
  secretmanager.googleapis.com

3.2 Build App Container

gcloud builds submit --tag gcr.io/YOUR_PROJECT_ID/auditswarms-app

3.3 Build MCP Container

gcloud builds submit --tag gcr.io/YOUR_PROJECT_ID/auditswarms-mcp \
  --config cloudbuild-mcp.yaml

Step 4: Deploy Main App to Cloud Run

gcloud run deploy auditswarms-demo-app \
  --image gcr.io/YOUR_PROJECT_ID/auditswarms-demo-app \
  --region us-central1 \
  --platform managed \
  --allow-unauthenticated \
  --set-secrets="DATABASE_URL=DATABASE_URL:latest,NEXTAUTH_SECRET=NEXTAUTH_SECRET:latest,ENCRYPTION_KEY=ENCRYPTION_KEY:latest" \
  --add-cloudsql-instances YOUR_PROJECT_ID:us-central1:auditswarms-db \
  --memory 2Gi \
  --cpu 2 \
  --min-instances 1 \
  --max-instances 10

Expected Output:

Service [auditswarms-demo-app] deployed
URL: https://auditswarms-app-HASH.us-central1.run.app

Step 5: Deploy MCP Server to Cloud Run

gcloud run deploy auditswarms-mcp \
  --image gcr.io/YOUR_PROJECT_ID/auditswarms-mcp \
  --region us-central1 \
  --platform managed \
  --allow-unauthenticated \
  --set-secrets="DATABASE_URL=DATABASE_URL:latest" \
  --add-cloudsql-instances YOUR_PROJECT_ID:us-central1:auditswarms-db \
  --memory 1Gi \
  --cpu 1 \
  --min-instances 1 \
  --max-instances 5

Step 6: Run Database Migrations

# From your local machine
export DATABASE_URL="sqlserver://..."  # From Secret Manager

npx prisma migrate deploy

Step 7: Configure OAuth (Optional)

If using Google OAuth:

# Set environment variables
gcloud run services update auditswarms-demo-app \
  --update-env-vars="GOOGLE_CLIENT_ID=your-client-id,GOOGLE_CLIENT_SECRET=your-secret,NEXTAUTH_URL=https://your-app-url.run.app"

Step 8: Verify Deployment

Test Main App

curl https://auditswarms-app-HASH.us-central1.run.app/api/health

Expected: {"status":"ok"}

Test MCP Server

curl https://auditswarms-mcp-HASH.us-central1.run.app/mcp/health

Expected: {"status":"healthy","tools":4}

Step 9: Set Up Custom Domain (Optional)

gcloud run domain-mappings create \
  --service auditswarms-demo-app \
  --domain your-domain.com \
  --region us-central1

Follow DNS instructions provided.

Monitoring & Logs

View Logs

gcloud run services logs read auditswarms-demo-app --region us-central1

Set Up Alerts

# Cloud Monitoring alert for high error rate
gcloud alpha monitoring policies create \
  --notification-channels=CHANNEL_ID \
  --display-name="AuditSwarm High Error Rate" \
  --condition-threshold-value=5 \
  --condition-threshold-duration=300s

Cost Optimization

Estimated Monthly Costs:

Cloud SQL (db-custom-2-7680): ~$100
Cloud Run App (1-10 instances): ~$20-50
Cloud Run MCP (1-5 instances): ~$10-20
Total: ~$130-170/month

To reduce costs:

Use --min-instances=0 for dev environments
Scale down Cloud SQL tier: db-custom-1-3840
Use Cloud Storage for artifacts instead of database

Troubleshooting

Problem: Database connection errors

Solution:

# Verify Cloud SQL connection
gcloud sql instances describe auditswarms-db | grep connectionName

# Check secret values
gcloud secrets versions access latest --secret=DATABASE_URL

Problem: 502 Bad Gateway errors

Solution:

Check container logs: gcloud run services logs read auditswarms-demo-app
Verify health endpoint: /api/health
Increase memory: --memory 4Gi

Overview​

Prerequisites​

Architecture​

Step 1: Set Up Cloud SQL Database​

1.1 Create Cloud SQL Instance​

1.2 Create Database​

1.3 Get Connection String​

Step 2: Store Secrets in Secret Manager​

Step 3: Build and Push Container Images​

3.1 Enable APIs​

3.2 Build App Container​

3.3 Build MCP Container​

Step 4: Deploy Main App to Cloud Run​

Step 5: Deploy MCP Server to Cloud Run​

Step 6: Run Database Migrations​

Step 7: Configure OAuth (Optional)​

Step 8: Verify Deployment​

Test Main App​

Test MCP Server​

Step 9: Set Up Custom Domain (Optional)​

Monitoring & Logs​

View Logs​

Set Up Alerts​

Cost Optimization​

Troubleshooting​

Next Steps​

Related Documentation​