CROP
ProjectsParts Services

Deployment Modes for Search Service

The search service supports two deployment modes to provide flexibility and resilience:

Deployment Modes for Search Service

Overview

The search service supports two deployment modes to provide flexibility and resilience:

  1. GitHub Actions (default) - Full CI/CD pipeline with tests, security scanning, and staged rollout
  2. Cloud Build Trigger (bypass mode) - Direct deployment from GitHub push, bypassing GitHub Actions billing

Comparison

FeatureGitHub ActionsCloud Build Trigger
CostGitHub Actions minutesCloud Build minutes (free tier: 120 min/day)
TriggersPush to main, PR, manualPush to main only
Tests✅ Lint, type check, integration tests❌ No tests (build only)
Security✅ Trivy vulnerability scanning❌ No scanning
Smoke Tests✅ Post-deployment validation❌ No validation
Rollback✅ Automatic on test failure❌ Manual rollback
SetupConfigured (active)Requires manual setup
Best ForProduction deploymentsEmergency/billing bypass

Mode 1: GitHub Actions (Production)

Location: .github/workflows/search-deploy.yml

Flow

┌─────────────┐
│ Push to main│
└──────┬──────┘


┌─────────────┐
│ Lint + Type │
│   Check     │
└──────┬──────┘


┌─────────────┐
│ Build Docker│
│ via Cloud   │
│   Build     │
└──────┬──────┘


┌─────────────┐
│ Trivy Scan  │
│ (Security)  │
└──────┬──────┘


┌─────────────┐
│ Deploy to   │
│ Cloud Run   │
└──────┬──────┘


┌─────────────┐
│ Smoke Tests │
│ (Auto       │
│  Rollback)  │
└─────────────┘

Triggers

  • Push to main: Automatic deployment to production
  • Pull Request: Lint and type checking only (no deployment)
  • Manual: workflow_dispatch trigger available

Advantages

  • ✅ Complete validation pipeline
  • ✅ Security scanning catches vulnerabilities
  • ✅ Automatic rollback on failure
  • ✅ Smoke tests verify deployment health
  • ✅ Better audit trail and visibility

Disadvantages

  • ❌ Consumes GitHub Actions minutes
  • ❌ Can be blocked by billing issues
  • ❌ Slower (multiple stages)

When to Use

  • Default choice for production deployments
  • When you need full validation and security scanning
  • When GitHub Actions minutes are available

Mode 2: Cloud Build Trigger (Bypass)

Location: services/search/cloud-build-trigger.yaml

Flow

┌─────────────┐
│ Push to main│
└──────┬──────┘


┌─────────────┐
│ Cloud Build │
│   Trigger   │
│  (GitHub    │
│    App)     │
└──────┬──────┘


┌─────────────┐
│ Build Docker│
│   (BuildKit)│
└──────┬──────┘


┌─────────────┐
│ Deploy to   │
│ Cloud Run   │
└─────────────┘

Triggers

  • Push to main with changes in:
    • services/search/**
    • packages/**
    • bun.lock
    • package.json

Advantages

  • ✅ No GitHub Actions minutes consumed
  • ✅ Faster (fewer stages)
  • ✅ Direct deployment
  • ✅ Cloud Build free tier: 120 builds/day

Disadvantages

  • ❌ No tests or validation
  • ❌ No security scanning
  • ❌ No automatic rollback
  • ❌ Less visibility

When to Use

  • Emergency bypass when GitHub Actions billing is blocked
  • Temporary solution while resolving billing issues
  • Development/testing environments (not recommended for production)

Setup Instructions

Prerequisites

Both modes require:

  • Google Cloud project with Cloud Build API enabled
  • GitHub repository connected to Cloud Build
  • Cloud Run service created (search-service)
  • Appropriate IAM permissions

Enable Cloud Build Trigger Mode

  1. Run setup script:

    cd services/search
export GCP_PROJECT_ID=your-project-id
export GCP_REGION=us-east1  # Optional, defaults to us-east1
bun scripts/setup-cloud-build-trigger.ts

  2. Verify trigger created:

    gcloud builds triggers list --project=$GCP_PROJECT_ID

    Look for search-service-main-trigger.

  3. Test trigger:

    # Push a dummy commit
git commit --allow-empty -m "chore: test cloud build trigger"
git push origin main

# Monitor build
gcloud builds list --project=$GCP_PROJECT_ID --limit=1

  4. (Optional) Disable GitHub Actions:

    Edit .github/workflows/search-deploy.yml:

    # Change this:
on:
  push:
    branches: [main]

# To this (manual trigger only):
on:
  workflow_dispatch:

Disable Cloud Build Trigger Mode

export GCP_PROJECT_ID=your-project-id
bun scripts/setup-cloud-build-trigger.ts --delete

Or via gcloud:

gcloud builds triggers delete search-service-main-trigger --project=$GCP_PROJECT_ID

Switch Between Modes

GitHub Actions → Cloud Build Trigger:

  1. Enable trigger: bun scripts/setup-cloud-build-trigger.ts
  2. (Optional) Disable GitHub workflow (change to workflow_dispatch)

Cloud Build Trigger → GitHub Actions:

  1. Disable trigger: bun scripts/setup-cloud-build-trigger.ts --delete
  2. Re-enable GitHub workflow (restore on: push)

Configuration Files

Cloud Build Trigger

services/search/cloud-build-trigger.yaml

  • Trigger name: search-service-main-trigger
  • Branch pattern: ^main$
  • Build config: services/search/cloudbuild.yaml
  • Substitutions: _SERVICE_NAME, _REGION, _DEPLOY_MODE

Cloud Build Config

services/search/cloudbuild.yaml

  • Used by both modes
  • Build steps:
    1. Docker build (BuildKit enabled)
    2. Push to Container Registry
    3. Deploy to Cloud Run (only in trigger mode)

GitHub Actions Workflow

.github/workflows/search-deploy.yml

  • Triggers: Push to main, PRs, manual
  • Steps: Lint → Build → Scan → Deploy → Smoke Test

Monitoring

GitHub Actions

Cloud Build Trigger

Cloud Run

Both modes deploy to the same Cloud Run service:

# Service status
gcloud run services describe search-service --region=us-east1

# Recent revisions
gcloud run revisions list --service=search-service --region=us-east1

# Logs
gcloud logging read "resource.type=cloud_run_revision AND resource.labels.service_name=search-service" \
  --limit=50 --format=json

Troubleshooting

Cloud Build Trigger Not Firing

Check trigger status:

gcloud builds triggers describe search-service-main-trigger --project=$GCP_PROJECT_ID

Common issues:

  • Repository not connected to Cloud Build
  • Branch pattern mismatch (^main$ vs main)
  • Included files filter too restrictive
  • GitHub App permissions insufficient

Fix:

  1. Verify GitHub connection: https://console.cloud.google.com/cloud-build/triggers
  2. Check trigger logs: https://console.cloud.google.com/cloud-build/builds
  3. Re-create trigger: bun scripts/setup-cloud-build-trigger.ts

GitHub Actions Billing Block

Error message:

The job was not started because recent account payments have failed or
your spending limit needs to be increased.

Solutions:

  1. Immediate: Enable Cloud Build Trigger mode
  2. Long-term: Resolve billing in GitHub settings

Build Fails in Both Modes

Check Docker build:

# Local test
export DOCKER_BUILDKIT=1
docker build -f services/search/Dockerfile -t search-test .

# Verify image
docker run --rm search-test bun --version
docker run --rm search-test bun pm ls esbuild  # Should fail (not in prod)

Check Cloud Run deployment:

# Get latest revision
gcloud run revisions list --service=search-service --region=us-east1 --limit=1

# Check revision status
gcloud run revisions describe <revision> --region=us-east1

# View logs
gcloud logging read "resource.type=cloud_run_revision AND resource.labels.revision_name=<revision>" \
  --limit=100

Cost Comparison

GitHub Actions

  • Free tier: 2,000 minutes/month (public repos), 500 minutes/month (private repos)
  • Overage: $0.008/minute (Ubuntu runners)
  • Typical build: 5-10 minutes (full pipeline)
  • Monthly cost (20 deploys): $0.80 - $1.60 (if over free tier)

Cloud Build

  • Free tier: 120 build-minutes/day (3,600 minutes/month)
  • Overage: $0.003/build-minute (first 1,000 minutes/day)
  • Typical build: 3-5 minutes (build + deploy only)
  • Monthly cost (20 deploys): $0 (within free tier)

Recommendation

For production, use GitHub Actions despite higher cost:

  • Security scanning (Trivy) catches vulnerabilities
  • Automatic rollback prevents bad deployments
  • Better audit trail and compliance

For development or emergency bypass, use Cloud Build Trigger:

  • No GitHub Actions minutes consumed
  • Faster deployment
  • Sufficient for testing

References

Last updated: 2025-11-13 Related: services/search/cloudbuild.yaml, .github/workflows/search-deploy.yml

Deployment Guide - CROP Microservices

Last Updated: 2025-11-19 For: Dev/Staging/Production deployments Platform: Google Cloud Platform

Deployment Runbook

Last Updated: 2025-11-12 Owner: DevOps Team Incident Contact: @vova

On this page

Deployment Modes for Search ServiceOverviewComparisonMode 1: GitHub Actions (Production)FlowTriggersAdvantagesDisadvantagesWhen to UseMode 2: Cloud Build Trigger (Bypass)FlowTriggersAdvantagesDisadvantagesWhen to UseSetup InstructionsPrerequisitesEnable Cloud Build Trigger ModeDisable Cloud Build Trigger ModeSwitch Between ModesConfiguration FilesCloud Build TriggerCloud Build ConfigGitHub Actions WorkflowMonitoringGitHub ActionsCloud Build TriggerCloud RunTroubleshootingCloud Build Trigger Not FiringGitHub Actions Billing BlockBuild Fails in Both ModesCost ComparisonGitHub ActionsCloud BuildRecommendationReferences