Django Deployment Guide using GCP
Welcome! This practically-focused guide will teach you exactly how to take a local Django project and professionally deploy it to Google Cloud Platform using modern, highly-scalable infrastructure patterns.
By the end of these chapters, you will have built a completely automated CI/CD pipeline from scratch. Every time you push new code to GitHub, your app will securely build, test itself, and instantly deploy live to the internet with zero manual intervention.
What gets deployed
While we use a generic Django web application as our blueprint, the core infrastructure concepts you'll learn here apply to almost any modern web framework.
Your final application will run as a protected Docker container hosted on Cloud Run β Google's powerful serverless engine. This means your app will effortlessly scale up to handle massive traffic spikes seamlessly, and crucially, it will automatically scale all the way down to zero when idle to save you money.
Architecture
The Automated Workflow: Once your initial setup is complete, deployment becomes entirely hands-off. When you push or merge a new feature into the main branch, GitHub Actions automatically wakes up. Using securely authenticated Workload Identity, it logs into your Google Cloud account without relying on risky, long-lived JSON keys. It cleanly packages your newest Django code into a fresh Docker image, archives it safely inside Artifact Registry, and instructs Cloud Run to spool up the new version. Within seconds, your active users transition to the newly deployed container, fetching static assets from Cloud Storage and directly querying your PostgreSQL database on Cloud SQL.
Services used
| Service | What it does |
|---|---|
| Cloud Run | Runs the Django app as a container. Scales to zero when idle, scales up under load. Handles HTTPS automatically. |
| Artifact Registry | Stores Docker images. Like Docker Hub but private and inside GCP. |
| Cloud SQL | Managed PostgreSQL database. Google handles backups, patches, and availability. |
| Secret Manager | Stores credentials (DB password, secret key, API keys). Injected into the container at runtime β never stored in code or environment files. |
| Cloud Storage (GCS) | Object storage for user-uploaded images and Django's collected static files. |
| GitHub Actions | Runs the CI/CD pipeline on every push. Free for 2,000 minutes/month. |
| Workload Identity Federation | Lets GitHub Actions authenticate to GCP without storing long-lived credentials in GitHub secrets. |
Chapters
The guide is ordered by setup dependency β each chapter sets up infrastructure the next one needs. But the everyday development flow is the reverse: you push code β GitHub Actions β builds image β deploys to Cloud Run β reads from the infrastructure below.
Setup order (follow this when deploying for the first time)
- GCP Project Setup β project, APIs, service account
- Artifact Registry β where Docker images are stored
- Cloud SQL β Database β PostgreSQL, migrations
- Secret Manager β credentials, API keys
- Cloud Storage β Media & Static Files β uploads, CSS/JS
- Dockerfile β packaging the app as a container
- First Deploy β manual deploy to verify everything works
- Custom Domain & SSL β mycoolproject.cl, HTTPS
- Workload Identity β Keyless Auth β GitHub β GCP auth without keys
- GitHub Actions β CI/CD Pipeline β automates all of the above on every push
- Quick Reference β all commands in one place
- Bonus: Custom Email (@domain.cl) β transactional email configuration
Everyday development flow (once deployed)
π‘ Note on Deployments: Opening or updating a Pull Request will only run your tests to ensure the code is healthy. The actual deployment steps (Build, Migrate, Deploy) only execute when code is officially merged/pushed to the
mainbranch.
Cost overview
New GCP accounts get $300 free credits β enough to run everything for months before paying anything.
| Service | Free tier | Cost after free tier |
|---|---|---|
| Cloud Run | 2M requests + 360K CPU GB-s/month | ~$0.00004/request |
| Artifact Registry | 0.5 GB storage/month | $0.10/GB/month |
| Secret Manager | 6 secret versions + 10K accesses/month | $0.06/version/month |
| Cloud Storage | 5 GB/month | ~$0.023/GB/month |
| GitHub Actions | 2,000 min/month (private repo) | $0.008/min |
| Workload Identity | Unlimited | Free |
| Cloud SQL | β No free tier | ~$7β10/month always running |
| Custom domain | β | ~$10β15/year at your registrar |
| SSL certificate | Free (managed by GCP) | β |
Cloud SQL is the only service that starts billing immediately and continuously. Set it up last β right before go-live β to minimise idle spend.
Recommended setup order to minimise cost
Do these first β all free:
- Chapters 01, 02, 04, 09, 10 (GCP project, Artifact Registry, Secret Manager, Workload Identity, GitHub Actions)
Then nearly free:
- Chapters 05, 06, 07 (Cloud Storage, Dockerfile, Cloud Run deploy)
Then when ready to go live (starts costing money):
- Chapter 03 β Cloud SQL (~$7β10/month from the moment it's created)
- Chapter 08 β Custom domain (~$10β15/year, paid to your registrar)
Prerequisites
- gcloud CLI installed and authenticated (
gcloud auth login) - Docker installed locally (for the first manual deploy)
- A GCP account (new accounts get $300 free credits)
- A GitHub repository with the MyCoolProject codebase
π Chapters
- 01 β GCP Project Setup
- 02 β Artifact Registry
- 03 β Cloud SQL (PostgreSQL Database)
- 04 β Secret Manager
- 05 β Cloud Storage (Media & Static Files)
- 06 β Dockerfile
- 07 β First Deploy
- 08 β Custom Domain & SSL
- 09 β Workload Identity Federation (Keyless GitHub Actions Auth)
- 10 β GitHub Actions CI/CD Pipeline
- 11 β Quick Reference
- 12 β Bonus: Custom Email (@domain.cl)