gcp-patterns
Cloud Run deployment, BigQuery optimization, Pub/Sub patterns, IAM best practices
Best use case
gcp-patterns is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Cloud Run deployment, BigQuery optimization, Pub/Sub patterns, IAM best practices
Teams using gcp-patterns should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/gcp-patterns/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How gcp-patterns Compares
| Feature / Agent | gcp-patterns | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Cloud Run deployment, BigQuery optimization, Pub/Sub patterns, IAM best practices
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# GCP Patterns
## Cloud Run Deployment
### Dockerfile for Cloud Run
```dockerfile
FROM node:20-slim AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --production=false
COPY . .
RUN npm run build
FROM node:20-slim
WORKDIR /app
RUN addgroup --system app && adduser --system --ingroup app app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./
USER app
EXPOSE 8080
ENV PORT=8080 NODE_ENV=production
CMD ["node", "dist/server.js"]
```
### Cloud Run Service YAML
```yaml
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: order-service
annotations:
run.googleapis.com/launch-stage: GA
spec:
template:
metadata:
annotations:
autoscaling.knative.dev/minScale: "1"
autoscaling.knative.dev/maxScale: "100"
run.googleapis.com/cpu-throttling: "false"
run.googleapis.com/startup-cpu-boost: "true"
spec:
containerConcurrency: 80
timeoutSeconds: 300
serviceAccountName: order-service@project-id.iam.gserviceaccount.com
containers:
- image: gcr.io/project-id/order-service:latest
ports:
- containerPort: 8080
resources:
limits:
cpu: "2"
memory: 1Gi
env:
- name: DB_CONNECTION
valueFrom:
secretKeyRef:
key: latest
name: db-connection-string
startupProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 5
periodSeconds: 3
```
### Deploy Command
```bash
gcloud run deploy order-service \
--image gcr.io/$PROJECT_ID/order-service:$GIT_SHA \
--region us-central1 \
--service-account order-service@$PROJECT_ID.iam.gserviceaccount.com \
--set-secrets "DB_URL=db-connection:latest" \
--min-instances 1 \
--max-instances 100 \
--cpu 2 --memory 1Gi \
--concurrency 80 \
--no-allow-unauthenticated
```
## BigQuery Optimization
```sql
-- Use partitioning and clustering
CREATE TABLE `project.dataset.events`
PARTITION BY DATE(event_timestamp)
CLUSTER BY user_id, event_type
AS SELECT * FROM `project.dataset.raw_events`;
-- Always filter on partition column
SELECT event_type, COUNT(*) as cnt
FROM `project.dataset.events`
WHERE event_timestamp BETWEEN '2025-01-01' AND '2025-01-31'
AND event_type = 'purchase'
GROUP BY event_type;
-- Use approximate functions for large datasets
SELECT APPROX_COUNT_DISTINCT(user_id) as unique_users
FROM `project.dataset.events`
WHERE DATE(event_timestamp) = CURRENT_DATE();
-- Avoid SELECT * (scans all columns, costs more)
-- Use column selection and LIMIT for exploration
```
## Pub/Sub Patterns
```python
from google.cloud import pubsub_v1
from google.api_core import retry
import json
# Publisher with ordering and retry
publisher = pubsub_v1.PublisherClient()
topic_path = publisher.topic_path("project-id", "order-events")
def publish_event(event: dict, ordering_key: str = "") -> str:
data = json.dumps(event).encode("utf-8")
future = publisher.publish(
topic_path,
data,
ordering_key=ordering_key,
event_type=event["type"],
)
return future.result(timeout=30)
# Subscriber with exactly-once processing
subscriber = pubsub_v1.SubscriberClient()
subscription_path = subscriber.subscription_path("project-id", "order-events-sub")
def callback(message: pubsub_v1.types.PubsubMessage) -> None:
try:
event = json.loads(message.data.decode("utf-8"))
idempotency_key = message.message_id
if already_processed(idempotency_key):
message.ack()
return
process_event(event)
mark_processed(idempotency_key)
message.ack()
except Exception as e:
logger.error(f"Failed to process message: {e}")
message.nack()
subscriber.subscribe(subscription_path, callback=callback)
```
## IAM Best Practices
```yaml
Principles:
- Least privilege: grant minimum permissions needed
- Service accounts per service (not shared)
- No user accounts in production workloads
- Prefer predefined roles over primitive roles
Per-Service Pattern:
order-service:
roles:
- roles/cloudsql.client # DB access
- roles/pubsub.publisher # Publish events
- roles/secretmanager.secretAccessor # Read secrets
# NOT: roles/editor (too broad)
Workload Identity (GKE):
- Bind K8s SA to GCP SA
- No key files, automatic credential rotation
```
## Checklist
- [ ] Cloud Run services use dedicated service accounts
- [ ] Secrets stored in Secret Manager, not env vars
- [ ] BigQuery tables partitioned and clustered
- [ ] Pub/Sub subscribers implement idempotent processing
- [ ] Health check endpoints configured for all services
- [ ] Min instances set for latency-sensitive services
- [ ] IAM follows least privilege (no primitive roles)
- [ ] Cloud Armor WAF in front of public endpoints
- [ ] VPC connector for private resource access
## Anti-Patterns
- Using default compute service account (overprivileged)
- SELECT * on BigQuery (scans all columns, high cost)
- Pub/Sub without dead letter queue (messages lost on repeated failure)
- Hardcoding project ID instead of using environment detection
- Not setting concurrency limits on Cloud Run (OOM under load)
- Using Cloud Run for long-running background jobs (use Cloud Tasks)
- Storing secrets in environment variables instead of Secret ManagerRelated Skills
websocket-patterns
Connection management, room patterns, reconnection strategies, message buffering, and binary protocol design.
vector-db-patterns
Embedding strategies, ANN algorithms, hybrid search, RAG chunking strategies, and reranking for semantic search and retrieval.
tracing-patterns
OpenTelemetry setup, span context propagation, sampling strategies, Jaeger queries
terraform-patterns
Module composition, state management, workspace strategy, provider versioning, and infrastructure-as-code best practices.
swift-patterns
SwiftUI view composition, @Observable patterns, async/await concurrency, TCA architecture, and Combine reactive streams.
springboot-patterns
Spring Boot architecture patterns, REST API design, layered services, data access, caching, async processing, and logging. Use for Java Spring Boot backend work.
seo-patterns
Meta tag patterns, structured data (JSON-LD), Core Web Vitals optimization, and SSR/SSG strategies for search visibility.
secret-patterns
30+ service-specific secret detection regex patterns, entropy-based detection, PEM/JWT/Base64 identification, and false positive filtering.
saas-payment-patterns
Payment provider abstraction, webhook security, subscription lifecycle, dunning flows, pricing models, invoicing, tax handling, and refund patterns for SaaS applications.
saas-auth-patterns
SaaS authentication and authorization patterns including JWT vs session strategies, multi-tenant isolation, RBAC, API key management, passwordless flows, MFA, and secure session handling.
saas-analytics-patterns
SaaS analytics event taxonomy, metric formulas (MRR, churn, LTV), provider-agnostic tracking, funnel analysis, cohort setup, and privacy-respecting instrumentation.
revenuecat-patterns
RevenueCat SDK entegrasyon pattern'leri. iOS (Swift), Android (Kotlin), React Native ve Flutter icin setup, offerings, entitlement checking, webhook integration, StoreKit 2 migration ve sandbox testing.