Skip to content
Ileen Docs

Tutorial 4: Deploy Mode — Autonomous DevOps

What you’ll accomplish: Provide GCP credentials once, then deploy your project through a conversational agent that provisions infrastructure, builds Docker images, runs migrations, and validates the deployment — all without touching the GCP console.

Time to complete: 15–25 minutes per deployment (depending on infrastructure size).

Prerequisites: An Ileen account with a credit balance, a GCP project, and a service account with the required IAM roles (listed in Step 1).

Overview

Deploy Mode replaces manual DevOps work with a conversational agent. You describe what to deploy; the agent handles everything from infrastructure provisioning to smoke testing.

AgentWhat it does
🔐 GCP CredentialsStores your service account credentials securely
🚀 Deploy AgentRuns the full deployment pipeline via conversation

Use the interactive demo below to walk through a complete deployment before running your own.

Interactive Demo🚀 Deploy
Step 1 / 6
🔐GCP Credentials
🚀Deploy Agent🔒
🔐 GCP Credentials Setup
Paste the contents of your GCP service account JSON key. The account needs the following roles:
roles/run.adminroles/iam.serviceAccountUserroles/storage.adminroles/cloudbuild.builds.editorroles/secretmanager.admin
{
  "type": "service_account",
  "project_id": "acme-prod-392410",
  "private_key_id": "●●●●●●●●",
  "private_key": "-----BEGIN RSA PRIVATE KEY-----\\n●●●●●●●●"
  ...
Save Credentials →
💡 Provide a GCP service account JSON with the necessary IAM roles. Ileen stores credentials encrypted and uses them only during deployment runs.

Step 1 — Prepare your GCP service account

Before using Deploy Mode, create a GCP service account with the following IAM roles:

RolePurpose
roles/run.adminDeploy and manage Cloud Run services
roles/iam.serviceAccountUserRun services as a service account
roles/storage.adminCreate and manage Cloud Storage buckets
roles/cloudbuild.builds.editorBuild Docker images via Cloud Build
roles/secretmanager.adminStore secrets (API keys, DB passwords)
roles/cloudsql.adminProvision and manage Cloud SQL instances
  1. In the GCP console, go to IAM & Admin → Service Accounts.
  2. Click Create Service Account and assign the roles above.
  3. Go to the Keys tab → Add Key → Create new key → JSON. Download the JSON file.

Step 2 — Switch to Deploy Mode and add credentials

  1. Open the Ileen app and click Deploy in the mode selector (sidebar footer).
  2. Click GCP Credentials in the agent pipeline.
  3. Paste the full contents of your service account JSON key into the credentials field.
  4. Click Save Credentials. Credentials are encrypted at rest and never logged.

Step 3 — Start the deploy conversation

  1. Click Deploy Agent in the agent pipeline.
  2. Describe what you want to deploy:
    • What service or project
    • Target environment (production, staging)
    • Compute preference (Cloud Run, GKE, GCE)
    • Database requirements (Cloud SQL instance type, PostgreSQL version)
    • Any specific regions or VPC requirements

Example:

“Deploy the e-commerce platform. Use Cloud Run for the API and Cloud SQL PostgreSQL 15 for the database. Production environment in eu-west1.”

The agent analyses your architecture plan (if you used Design Mode) or your description, and presents a full infrastructure plan for review before doing anything.

Step 4 — Review the infrastructure plan

Before provisioning starts, the agent lists exactly what it will create:

  • Cloud Run services (vCPU, RAM, min instances, region)
  • Cloud SQL instances (engine, tier, region)
  • Cloud Storage buckets
  • Secret Manager secrets
  • VPC connectors
  • Any other GCP resources

Review this list carefully. If anything is wrong, tell the agent in chat — it will revise the plan before proceeding.

Step 5 — Monitor deployment gates

Once you confirm, the agent works through sequential deployment gates:

  1. Validate credentials & project access
  2. Enable required GCP APIs
  3. Create Cloud SQL instance
  4. Build & push Docker image via Cloud Build
  5. Create Secret Manager secrets
  6. Deploy Cloud Run service
  7. Run database migrations
  8. Smoke test & validate endpoints

Each gate reports success or failure in the chat. The agent pauses and asks for input if it encounters a decision it cannot resolve automatically — for example, a missing API key or an ambiguous configuration.

Step 6 — Respond to input requests

Occasionally the agent needs information it cannot derive from your codebase or plan:

  • A third-party API key to store in Secret Manager
  • A DNS verification token
  • A confirmation before a destructive action

When this happens, the agent pauses the deployment and asks in the chat. Answer directly — the deployment resumes automatically.

Step 7 — Access the live URL

When all 8 gates pass, the agent confirms success and provides:

  • Cloud Run URL — the direct *.run.app endpoint
  • DNS instructions — how to point your custom domain (CNAME record)
  • A summary of all provisioned resources

Your service is now live. Point your DNS record to activate the custom domain.

Fix and redeploy

If a deployment fails mid-way:

  1. Read the agent’s error explanation in chat.
  2. Ask the agent to fix the issue — in most cases it can resolve the problem automatically (wrong column name in a migration, missing environment variable, etc.).
  3. Once the fix is confirmed, say “Proceed” and the agent resumes from the failed gate.

You never need to open the GCP console manually.

What’s next?