Quickstart: Build and deploy a Java Spring Boot web app to Cloud Run

Learn how to use a single command to build and deploy a "Hello World" web application from a code sample to Google Cloud using Cloud Run.

By following the steps in this quickstart, Cloud Run automatically builds a Dockerfile for you when you deploy from source code.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  3. Verify that billing is enabled for your Google Cloud project.

  4. Make sure that you have the following role or roles on the project: Cloud Run Admin, Cloud Run Source Developer, Logs Viewer

    Check for the roles

    1. In the Google Cloud console, go to the IAM page.

      Go to IAM
    2. Select the project.
    3. In the Principal column, find all rows that identify you or a group that you're included in. To learn which groups you're included in, contact your administrator.

    4. For all rows that specify or include you, check the Role column to see whether the list of roles includes the required roles.

    Grant the roles

    1. In the Google Cloud console, go to the IAM page.

      Go to IAM
    2. Select the project.
    3. Click Grant access.
    4. In the New principals field, enter your user identifier. This is typically the email address for a Google Account.

    5. In the Select a role list, select a role.
    6. To grant additional roles, click Add another role and add each additional role.
    7. Click Save.
  5. Install the Google Cloud CLI.

  6. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  7. To initialize the gcloud CLI, run the following command:

    gcloud init
  8. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  9. Verify that billing is enabled for your Google Cloud project.

  10. Make sure that you have the following role or roles on the project: Cloud Run Admin, Cloud Run Source Developer, Logs Viewer

    Check for the roles

    1. In the Google Cloud console, go to the IAM page.

      Go to IAM
    2. Select the project.
    3. In the Principal column, find all rows that identify you or a group that you're included in. To learn which groups you're included in, contact your administrator.

    4. For all rows that specify or include you, check the Role column to see whether the list of roles includes the required roles.

    Grant the roles

    1. In the Google Cloud console, go to the IAM page.

      Go to IAM
    2. Select the project.
    3. Click Grant access.
    4. In the New principals field, enter your user identifier. This is typically the email address for a Google Account.

    5. In the Select a role list, select a role.
    6. To grant additional roles, click Add another role and add each additional role.
    7. Click Save.
  11. Install the Google Cloud CLI.

  12. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  13. To initialize the gcloud CLI, run the following command:

    gcloud init
  14. To set the default project for your Cloud Run service:
     gcloud config set project PROJECT_ID
    Replace PROJECT_ID with your Google Cloud project ID.
  15. If you are under a domain restriction organization policy restricting unauthenticated invocations for your project, you will need to access your deployed service as described under Testing private services.

  16. Enable the Cloud Run Admin API and Cloud Build APIs.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the APIs

    After the Cloud Run Admin API is enabled, the Compute Engine default service account is automatically created.

  17. Make sure that you have the Service Account User role granted on the service identity. By default, the service identity is the Compute Engine default service account.

    Grant the roles

    To grant access on the service identity resource, use the gcloud iam service-accounts add-iam-policy-binding command, replacing the highlighted variables with the appropriate values:

          gcloud iam service-accounts add-iam-policy-binding SERVICE_ACCOUNT_EMAIL \
              --member=user:PRINCIPAL \
              --role=roles/iam.serviceAccountUser
          

    Replace the following:

    • SERVICE_ACCOUNT_EMAIL: the service account email address you are using as the service identity, such as:
      • The Compute Engine default service account: PROJECT_NUMBER-compute@developer.gserviceaccount.com
      • A service account that you created: SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com
    • PRINCIPAL: the user identifier. This is typically the email address that is deploying the Cloud Run resource.
  18. Grant the Cloud Build service account the following IAM role.

    Click to view required roles for the Cloud Build service account

    Cloud Build automatically uses the Compute Engine default service account as the default Cloud Build service account to build your source code and Cloud Run resource, unless you override this behavior. For Cloud Build to build your sources, ask your administrator to grant Cloud Run Builder (roles/run.builder) to the Compute Engine default service account on your project:

      gcloud projects add-iam-policy-binding PROJECT_ID \
          --member=serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com \
          --role=roles/run.builder
      

    Replace PROJECT_NUMBER with your Google Cloud project number, and PROJECT_ID with your Google Cloud project ID. For detailed instructions on how to find your project ID, and project number, see Creating and managing projects.

    Granting the Cloud Run builder role to the Compute Engine default service account takes a couple of minutes to propagate.

  19. Review Cloud Run pricing or estimate costs with the pricing calculator.

Write the sample application

To write an application in Java:

Create a Spring Boot application.

  1. From the console, create a new empty web project using the curl and unzip commands:

    curl https://start.spring.io/starter.zip \
       -d type=maven-project \
       -d dependencies=web \
       -d javaVersion=21 \
       -d name=helloworld \
       -d artifactId=helloworld \
       -d baseDir=helloworld \
       -o helloworld.zip
    unzip helloworld.zip
    cd helloworld
    

    This creates a Spring Boot project.

    To use this cURL command on Microsoft Windows, you'll need one of following command lines, or optionally use the Spring Initializr (configuration preloaded) to generate the project:

  2. Update the HelloworldApplication class in src/main/java/com/example/helloworld/HelloworldApplication.java by adding a @RestController to handle the / mapping and also add a @Value field to provide the NAME environment variable:

    
    package com.example.helloworld;
    
    import org.springframework.beans.factory.annotation.Value;
    import org.springframework.boot.SpringApplication;
    import org.springframework.boot.autoconfigure.SpringBootApplication;
    import org.springframework.web.bind.annotation.GetMapping;
    import org.springframework.web.bind.annotation.RestController;
    
    @SpringBootApplication
    public class HelloworldApplication {
    
      @Value("${NAME:World}")
      String name;
    
      @RestController
      class HelloworldController {
        @GetMapping("/")
        String hello() {
          return "Hello " + name + "!";
        }
      }
    
      public static void main(String[] args) {
        SpringApplication.run(HelloworldApplication.class, args);
      }
    }
  3. Set the server port to be defined by the PORT environment variable in src/main/resources/application.properties:

    server.port=${PORT:8080}

    This code creates a basic web server that listens on the port defined by the PORT environment variable.

  4. Create a project.toml file in the application root directory to specify a Java version:

    [[build.env]]
    name =  "GOOGLE_RUNTIME_VERSION"
    value = "21"
    

Your app is finished and ready to be deployed.

Deploy to Cloud Run from source

Important: This quickstart assumes that you have owner or editor roles in the project you are using for the quickstart. Otherwise, refer to the Cloud Run Source Developer role for the required permissions for deploying a Cloud Run resource from source.

Deploy from source automatically builds a container image from source code and deploys it.

To deploy from source:

  1. In the directory that contains the pom.xml file, deploy the app using the following command:

    gcloud run deploy --source .
    1. When you are prompted for the service name, press Enter to accept the default name, for example helloworld.

    2. If you are prompted to enable additional APIs on the project, for example, the Artifact Registry API, respond by pressing y.

    3. When you are prompted for region: select the region of your choice, for example europe-west1.

    4. If you are prompted to create a repository in the specified region, respond by pressing y.

    5. If you are prompted to allow public access: respond y. You might not see this prompt if there is a domain restriction organization policy that prevents it; for more details see the Before you begin section.

    Then wait a few moments until the deployment is complete. On success, the command line displays the service URL.

  2. Visit your deployed service by opening the service URL in a web browser.

Cloud Run locations

Cloud Run is regional, which means the infrastructure that runs your Cloud Run services is located in a specific region and is managed by Google to be redundantly available across all the zones within that region.

Meeting your latency, availability, or durability requirements are primary factors for selecting the region where your Cloud Run services are run. You can generally select the region nearest to your users but you should consider the location of the other Google Cloud products that are used by your Cloud Run service. Using Google Cloud products together across multiple locations can affect your service's latency as well as cost.

Cloud Run is available in the following regions:

Subject to Tier 1 pricing

  • asia-east1 (Taiwan)
  • asia-northeast1 (Tokyo)
  • asia-northeast2 (Osaka)
  • asia-south1 (Mumbai, India)
  • europe-north1 (Finland) leaf icon Low CO2
  • europe-north2 (Stockholm) leaf icon Low CO2
  • europe-southwest1 (Madrid) leaf icon Low CO2
  • europe-west1 (Belgium) leaf icon Low CO2
  • europe-west4 (Netherlands) leaf icon Low CO2
  • europe-west8 (Milan)
  • europe-west9 (Paris) leaf icon Low CO2
  • me-west1 (Tel Aviv)
  • northamerica-south1 (Mexico)
  • us-central1 (Iowa) leaf icon Low CO2
  • us-east1 (South Carolina)
  • us-east4 (Northern Virginia)
  • us-east5 (Columbus)
  • us-south1 (Dallas) leaf icon Low CO2
  • us-west1 (Oregon) leaf icon Low CO2

Subject to Tier 2 pricing

  • africa-south1 (Johannesburg)
  • asia-east2 (Hong Kong)
  • asia-northeast3 (Seoul, South Korea)
  • asia-southeast1 (Singapore)
  • asia-southeast2 (Jakarta)
  • asia-south2 (Delhi, India)
  • australia-southeast1 (Sydney)
  • australia-southeast2 (Melbourne)
  • europe-central2 (Warsaw, Poland)
  • europe-west10 (Berlin)
  • europe-west12 (Turin)
  • europe-west2 (London, UK) leaf icon Low CO2
  • europe-west3 (Frankfurt, Germany)
  • europe-west6 (Zurich, Switzerland) leaf icon Low CO2
  • me-central1 (Doha)
  • me-central2 (Dammam)
  • northamerica-northeast1 (Montreal) leaf icon Low CO2
  • northamerica-northeast2 (Toronto) leaf icon Low CO2
  • southamerica-east1 (Sao Paulo, Brazil) leaf icon Low CO2
  • southamerica-west1 (Santiago, Chile) leaf icon Low CO2
  • us-west2 (Los Angeles)
  • us-west3 (Salt Lake City)
  • us-west4 (Las Vegas)

If you already created a Cloud Run service, you can view the region in the Cloud Run dashboard in the Google Cloud console.

Clean up

To avoid additional charges to your Google Cloud account, delete all the resources you deployed with this quickstart.

Delete your repository

Cloud Run doesn't charge you when your deployed service isn't in use. However, you might still be charged for storing the container image in Artifact Registry. To delete Artifact Registry repositories, follow the steps in Delete repositories in the Artifact Registry documentation.

Delete your service

Cloud Run services don't incur costs until they receive requests. To delete your Cloud Run service, follow one of these steps:

Console

To delete a service:

  1. In the Google Cloud console, go to Cloud Run:

    Go to Cloud Run

  2. Locate the service you want to delete in the services list, and click its checkbox to select it.

  3. Click Delete. This deletes all revisions of the service.

gcloud

To delete a service, run the following command:

gcloud run services delete SERVICE --region REGION

Replace the following:

  • SERVICE: name of your service.
  • REGION: Google Cloud region of the service.

Delete your test project

Deleting your Google Cloud project stops billing for all resources in that project. To release all Google Cloud resources in your project, follow these steps:

  1. In the Google Cloud console, go to the Manage resources page.

    Go to Manage resources

  2. In the project list, select the project that you want to delete, and then click Delete.
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

What's next

For more information on building a container from code source and pushing to a repository, see: