L11. DevOps and CI/CD: Cloud Build, Cloud Deploy, and Artifact Registry
Video generating
Check back soon for the video lesson on DevOps and CI/CD: Cloud Build, Cloud Deploy, and Artifact Registry
Google Cloud provides fully managed CI/CD tools for rapid, reliable software delivery. The Digital Leader exam tests Cloud Build, Cloud Deploy, Artifact Registry, and the DevOps principles they enable.
What Is DevOps?
DevOps is a set of practices that combines software development (Dev) and IT operations (Ops) to shorten the development lifecycle and deliver high-quality software continuously. Key DevOps capabilities:
- Continuous Integration (CI): automatically build and test code on every commit
- Continuous Delivery/Deployment (CD): automatically deploy tested code to production
- Infrastructure as Code (IaC): manage infrastructure declaratively
- Monitoring and feedback: measure everything and feed insights back to development
Cloud Build
Cloud Build is Google Cloud's fully managed CI/CD platform for building and testing code. Key features:
- Builds triggered by Cloud Source Repositories, GitHub, or Bitbucket commits
- Runs builds in isolated containers
- Supports any language and build tool
- Integrates with Artifact Registry for image storage
- Build results visible in the Google Cloud console
Artifact Registry
Artifact Registry is Google Cloud's managed repository for storing build artifacts:
- Container images (Docker)
- Maven packages (Java)
- npm packages (Node.js)
- Python packages
- Helm charts (Kubernetes)
Cloud Deploy
Cloud Deploy is a fully managed CD service for deploying to GKE, Cloud Run, and Anthos. Delivery pipeline concept: define a sequence of targets (dev → staging → production) and rollout strategy; Cloud Deploy manages progression with approvals. Key features: progressive delivery, automated rollbacks, deployment history, integration with Cloud Build.
Binary Authorization
Binary Authorization enforces that only trusted, approved container images can be deployed to GKE and Cloud Run. How it works: images must be signed by attestors before deployment is allowed; policies define which signatures are required.
Infrastructure as Code on Google Cloud
Cloud Deployment Manager: Google Cloud's native IaC tool using YAML/Jinja2 templates. Terraform: the most widely used IaC tool for Google Cloud; uses HCL and the Google provider. Config Connector: Kubernetes-native resource management for Google Cloud; manage GCP resources as Kubernetes objects.| Tool | Purpose |
|---|---|
| Cloud Build | CI: build, test, and package code |
| Artifact Registry | Store container images and build artifacts |
| Cloud Deploy | CD: managed delivery pipelines to GKE/Cloud Run |
| Binary Authorization | Enforce trusted container deployments |
- ✓Cloud Build is a managed CI service that builds and tests code triggered by code commits
- ✓Artifact Registry stores container images, Maven, npm, Python packages, and Helm charts with vulnerability scanning
- ✓Cloud Deploy is a managed CD service for defining delivery pipelines with staged rollouts to GKE and Cloud Run
- ✓Binary Authorization enforces that only cryptographically signed, approved container images can be deployed
- ✓DORA metrics (Deployment Frequency, Lead Time, Change Failure Rate, MTTR) measure DevOps performance
1. A team wants to automatically build, test, and containerize their application every time code is pushed to their GitHub repository. Which Google Cloud service handles the build stage?
2. A security team wants to prevent any container image that has not been cryptographically signed by an approved authority from being deployed to GKE. Which feature should they implement?
Recommended: Pluralsight
Reinforce these lessons with Pluralsight's Google Cloud paths: structured video courses, GCP console labs, and practice exams for the Digital Leader certification.