How to Deploy an AI Agent on Google Cloud Run (with GitHub Actions)

In the world of serverless architecture, Google Cloud Run has emerged as a powerful platform for deploying containerized applications. Whether you're working on a chatbot, an intelligent API, or a LangChain agent, deploying your AI agent to Cloud Run allows you to scale effortlessly while keeping infrastructure management minimal.

In this blog, we’ll walk step-by-step through the process of deploying an AI agent to Google Cloud Run with GitHub Actions, enabling an end-to-end CI/CD pipeline.

🚀 Prerequisites

Before we begin, make sure you have the following:

• A Google Cloud Platform (GCP) account
• Billing enabled on your project
• Google Cloud SDK installed (gcloud CLI)
• Docker installed and authenticated with Google Cloud
• GitHub CLI (gh) installed and authenticated
• A GitHub repository connected to your local project
• A simple AI agent project (e.g., built with FastAPI or Flask)
• Permissions to create a service account and assign IAM roles in GCP
• Ability to add GitHub Secrets (either via UI or CLI)
• An OpenAI account and API key from https://platform.openai.com/account/api-keys

💡 Note: If you haven't installed the required CLI tools, refer to:  

Install Google Cloud CLI - https://cloud.google.com/sdk/docs/install

Install GitHub CLI - https://cli.github.com/

Set up Google Cloud IAM roles - https://cloud.google.com/iam/docs/creating-managing-service-accounts

Set up OpenAI account and API key from https://platform.openai.com/account/api-keys

🧠 Step 1: Create Your AI Agent

Here’s a minimal FastAPI example of an AI agent:

from fastapi import FastAPI
from pydantic import BaseModel
from openai import OpenAI
import os
from dotenv import load_dotenv

# Load environment variables from .env file
load_dotenv()

app = FastAPI()

class Prompt(BaseModel):
    message: str

@app.post("/generate")
async def generate_response(prompt: Prompt):
    client = OpenAI(api_key=os.getenv("OPENAI_API_KEY"))

    response = client.chat.completions.create(
        model="gpt-3.5-turbo",
        messages=[{"role": "user", "content": prompt.message}]
    )
    return {"reply": response.choices[0].message.content}
        

Save it as main.py and add a requirements.txt:

fastapi
uvicorn
openai
pydantic
        

📦 Step 2: Containerize the Agent with Docker

Create a Dockerfile:

FROM python:3.10-slim

WORKDIR /app
COPY . /app
RUN pip install -r requirements.txt

EXPOSE ${PORT:-8000}

# Define the command to run the application
# Use 0.0.0.0 to make it accessible from outside the container
CMD ["sh", "-c", "uvicorn app.main:app --host 0.0.0.0 --port ${PORT:-8000}"]        

Build the image locally (optional for testing):

docker build -t ai-agent .        

🔐 Step 3: Set Up Google Cloud Permissions (via CLI)

Run the following commands one at a time to set up your Google Cloud environment:

1. Authenticate with Google Cloud:

gcloud auth login
        

2. Set your active project:

gcloud config set project YOUR_PROJECT_ID
        

3. Enable required Google Cloud services:

gcloud services enable run.googleapis.com
        

gcloud services enable artifactregistry.googleapis.com
        

gcloud services enable iam.googleapis.com
        

4. Create a service account:

SA_NAME="cloud-run-deployer"
gcloud iam service-accounts create $SA_NAME \
  --description="Deploys to Cloud Run" \
  --display-name="Cloud Run Deployer"
        

6. Assign IAM role: Artifact Registry createOnPushRepoAdmin

PROJECT_ID="your-project-id"
gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/artifactregistry.createOnPushRepoAdmin"
        

6. Assign IAM role: Artifact Registry

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/artifactregistry.admin"        

8. Create a GCP artifact registory repo

gcloud artifacts repositories create ai-agents \
  --repository-format=docker \
  --location=us-central1 \
  --description="Docker repository for AI agent"        

5. Assign IAM role: Cloud Run Admin

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/run.admin"        

7. (Optional) Assign IAM role: Storage Admin

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/storage.admin"        

7. Allow current service account to actAs default compute runtime service account.

PROJECT_NUMBER='your-project-number'
# Required: Allow deployer to act as runtime service account
gcloud iam service-accounts add-iam-policy-binding $PROJECT_NUMBER-compute@developer.gserviceaccount.com \
  --member="serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/iam.serviceAccountUser"        

9. Generate a service account key (to upload to GitHub):

gcloud iam service-accounts keys create key.json \
  --iam-account=$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com        

Upload key.json to your GitHub secrets as shown below.

🔧 Step 4: Set Up GitHub Secrets (via GitHub UI or CLI)

Option 1: Using GitHub UI

In your GitHub repository:

• Go to Settings → Secrets → Actions
• Add the following secrets manually:

Option 2: Using GitHub CLI

Make sure you have the gh CLI installed and authenticated:

Make sure to run inside the repository folder

1. Set the GCP_PROJECT_ID secret:

gh secret set GCP_PROJECT_ID --body "$PROJECT_ID"        

2. Set the OPENAI_API_KEY secret:

gh secret set OPENAI_API_KEY --body "your openai api key"        

2. Set the GCP_SA_KEY secret:

gh secret set GCP_SA_KEY < key.json        

⚠️ Make sure the GitHub CLI (gh) is authenticated and linked to your GitHub account before running these commands.

⚙️ Step 4: Create GitHub Actions Workflow

In your repo, create the file .github/workflows/deploy.yml:

name: Deploy to Cloud Run

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3

      - name: Set up Google Cloud SDK
        uses: google-github-actions/setup-gcloud@v1
        with:
          project_id: ${{ secrets.GCP_PROJECT_ID }}
          service_account_key: ${{ secrets.GCP_SA_KEY }}

      - name: Configure Docker
        run: gcloud auth configure-docker

      - name: Build Docker image
        run: |
          docker build -t gcr.io/${{ secrets.GCP_PROJECT_ID }}/ai-agent .
          docker push gcr.io/${{ secrets.GCP_PROJECT_ID }}/ai-agent

      - name: Deploy to Cloud Run
        run: |
          gcloud run deploy ai-agent \
            --image gcr.io/${{ secrets.GCP_PROJECT_ID }}/ai-agent \
            --region us-central1 \
            --platform managed \
            --allow-unauthenticated
        

📡 Step 5: Access Your Cloud Run Endpoint

After deployment, you’ll get a public URL. You can test it with curl:

curl -X POST https://YOUR_CLOUD_RUN_URL/generate \
    -H "Content-Type: application/json" \
    -d '{"message": "What is AI?"}'
        

✅ Conclusion

Deploying an AI agent to Google Cloud Run using GitHub Actions gives you a fully automated CI/CD pipeline. With this setup, every push to your main branch results in a fresh build and redeployment—making your infrastructure scalable and agile.