GCP Scenario

CI/CD with Automation + Performance Gates

Cloud Build → Artifact Registry → Cloud Deploy promotes through dev/qa/prod; verify jobs run Playwright and k6 as quality gates.

Architecture

GitHub ─► Cloud Build (unit + lint + docker build)
                       │
                       ├─► Artifact Registry (scan)
                       │
                       └─► Cloud Deploy
                              ├─► dev target  (Cloud Run)  ─► verify: smoke
                              ├─► qa target   (Cloud Run)  ─► verify: Playwright e2e + k6 perf gate
                              └─► prod target (Cloud Run, canary 10%) ─► SLO check

Services used

Cloud Build Artifact Registry Cloud Deploy Cloud Run Cloud Storage Pub/Sub

Steps

1. Source + unit
cloudbuild.yaml runs `npm ci && npm test`, then builds container.
2. Scan
Artifact Registry on-push scan; pipeline fails on HIGH CVEs.
3. Deploy + verify
Cloud Deploy promotes to qa target and runs a verify job: Playwright e2e + k6 perf script.
4. Perf gate
k6 thresholds (`http_req_duration p(95)<800`, `http_req_failed<0.01`) decide promote vs. fail.
5. Reports
Verify job uploads HTML + JSON results to GCS bucket per release tag.
6. Prod canary
Cloud Deploy shifts 10% via LB weight, watches SLO burn before promote.

Takeaways

Verify jobs make automation + perf first-class release gates.
k6 thresholds in CI mean perf regressions block merges, not surprise prod.