Cyber Intelligence
Infrastructure and Application Modernization · Modernizing applications

L11. DevOps and CI/CD: Cloud Build, Cloud Deploy, and Artifact Registry

Video generating

Check back soon for the video lesson on DevOps and CI/CD: Cloud Build, Cloud Deploy, and Artifact Registry

Google Cloud provides fully managed CI/CD tools for rapid, reliable software delivery. The Digital Leader exam tests Cloud Build, Cloud Deploy, Artifact Registry, and the DevOps principles they enable.

What Is DevOps?

DevOps is a set of practices that combines software development (Dev) and IT operations (Ops) to shorten the development lifecycle and deliver high-quality software continuously. Key DevOps capabilities:

  • Continuous Integration (CI): automatically build and test code on every commit
  • Continuous Delivery/Deployment (CD): automatically deploy tested code to production
  • Infrastructure as Code (IaC): manage infrastructure declaratively
  • Monitoring and feedback: measure everything and feed insights back to development
Google's contribution to DevOps: Google authored the DORA (DevOps Research and Assessment) metrics: Deployment Frequency, Lead Time for Changes, Change Failure Rate, Mean Time to Restore.

Cloud Build

Cloud Build is Google Cloud's fully managed CI/CD platform for building and testing code. Key features:

  • Builds triggered by Cloud Source Repositories, GitHub, or Bitbucket commits
  • Runs builds in isolated containers
  • Supports any language and build tool
  • Integrates with Artifact Registry for image storage
  • Build results visible in the Google Cloud console

Artifact Registry

Artifact Registry is Google Cloud's managed repository for storing build artifacts:

  • Container images (Docker)
  • Maven packages (Java)
  • npm packages (Node.js)
  • Python packages
  • Helm charts (Kubernetes)
Key feature: Vulnerability scanning for container images, integration with Binary Authorization. Replaces: Container Registry (legacy service, now deprecated in favor of Artifact Registry).

Cloud Deploy

Cloud Deploy is a fully managed CD service for deploying to GKE, Cloud Run, and Anthos. Delivery pipeline concept: define a sequence of targets (dev → staging → production) and rollout strategy; Cloud Deploy manages progression with approvals. Key features: progressive delivery, automated rollbacks, deployment history, integration with Cloud Build.

Binary Authorization

Binary Authorization enforces that only trusted, approved container images can be deployed to GKE and Cloud Run. How it works: images must be signed by attestors before deployment is allowed; policies define which signatures are required.

Infrastructure as Code on Google Cloud

Cloud Deployment Manager: Google Cloud's native IaC tool using YAML/Jinja2 templates. Terraform: the most widely used IaC tool for Google Cloud; uses HCL and the Google provider. Config Connector: Kubernetes-native resource management for Google Cloud; manage GCP resources as Kubernetes objects.
ToolPurpose
Cloud BuildCI: build, test, and package code
Artifact RegistryStore container images and build artifacts
Cloud DeployCD: managed delivery pipelines to GKE/Cloud Run
Binary AuthorizationEnforce trusted container deployments
Exam tip: Cloud Build = CI (build and test). Cloud Deploy = CD (delivery pipelines). Artifact Registry = image and package storage. Binary Authorization = container supply chain security.

Exam Focus Points
  • Cloud Build is a managed CI service that builds and tests code triggered by code commits
  • Artifact Registry stores container images, Maven, npm, Python packages, and Helm charts with vulnerability scanning
  • Cloud Deploy is a managed CD service for defining delivery pipelines with staged rollouts to GKE and Cloud Run
  • Binary Authorization enforces that only cryptographically signed, approved container images can be deployed
  • DORA metrics (Deployment Frequency, Lead Time, Change Failure Rate, MTTR) measure DevOps performance
Knowledge Check

1. A team wants to automatically build, test, and containerize their application every time code is pushed to their GitHub repository. Which Google Cloud service handles the build stage?

2. A security team wants to prevent any container image that has not been cryptographically signed by an approved authority from being deployed to GKE. Which feature should they implement?

Recommended: Pluralsight

Reinforce these lessons with Pluralsight's Google Cloud paths: structured video courses, GCP console labs, and practice exams for the Digital Leader certification.

Start Digital Leader prep free10-day free trial available