Skip to content
Ileen Docs

Tutorial 4: Deploy Mode — Autonomous DevOps

What you’ll accomplish: Provide GCP credentials once, then deploy your project through a conversational agent that provisions infrastructure, builds Docker images, runs migrations, and validates the deployment — all without touching the GCP console.

Time to complete: 10 to 30 minutes per deployment (depending on infrastructure size and complexity).

Prerequisites: An Ileen account with a credit balance, a GCP project, and a service account with the required IAM roles (listed in Step 1).

Overview

Deploy Mode replaces manual DevOps work with a conversational agent. You describe what to deploy; the agent handles everything from infrastructure provisioning to smoke testing.

ComponentWhat it does
🔐 GCP Service Account setupOne-time screen to upload your service account JSON key and pick a region. The key is stored encrypted in GCP Secret Manager
🚀 Deploy Agent (chat)Clones all your repositories, plans infrastructure, provisions GCP resources, builds Docker images, deploys Cloud Run services, and validates endpoints

Multi-repo support: If your project spans multiple repositories (e.g. a backend API, a frontend, and a worker service), the Deploy Agent handles all of them in a single deployment run. Each repository is treated as an independent Cloud Run service with its own branch and Docker image.

Use the interactive demo below to walk through a complete deployment before running your own.

Interactive Demo🚀 Deploy
Step 1 / 6
🔐GCP Credentials
🚀Deploy Agent🔒
🔐 GCP Credentials Setup
Paste the contents of your GCP service account JSON key. The account needs the following roles:
roles/run.adminroles/iam.serviceAccountUserroles/storage.adminroles/cloudbuild.builds.editorroles/secretmanager.admin
{
  "type": "service_account",
  "project_id": "acme-prod-392410",
  "private_key_id": "●●●●●●●●",
  "private_key": "-----BEGIN RSA PRIVATE KEY-----\\n●●●●●●●●"
  ...
Save Credentials →
💡 Provide a GCP service account JSON with the necessary IAM roles. Ileen stores credentials encrypted and uses them only during deployment runs.

Step 1 — Prepare your GCP service account

Before using Deploy Mode, create a GCP service account. The simplest setup is to grant it the Owner role on the project — this covers everything the agent needs without granular configuration. If your organisation requires least-privilege access, grant these specific roles instead:

RolePurpose
roles/run.adminDeploy and manage Cloud Run services
roles/iam.serviceAccountUserDeploy as the runtime service account
roles/artifactregistry.adminCreate repositories and push Docker images
roles/cloudbuild.builds.editorBuild Docker images via Cloud Build
roles/secretmanager.adminStore secrets (API keys, DB passwords)
roles/serviceusage.serviceUsageAdminEnable required GCP APIs on first run

If your project needs a managed database, also add roles/cloudsql.admin so the agent can provision Cloud SQL instances.

  1. In the GCP console, go to IAM & Admin → Service Accounts.
  2. Click Create Service Account and assign the role(s) above.
  3. Go to the Keys tab → Add Key → Create new key → JSON. Download the JSON file.

Step 2 — Switch to Deploy Mode and add credentials

  1. Open the Ileen app and click Deploy in the mode selector (sidebar footer).
  2. Select your project from the sidebar. The first time you open Deploy Mode for a project, Ileen shows the GCP Service Account setup screen.
  3. Drag & drop your Service Account JSON key onto the upload area (or click to browse).
  4. Pick the target GCP Region from the dropdown (defaults to europe-west1).
  5. Click Authenticate & Continue. The key is validated, then stored encrypted in GCP Secret Manager — never persisted in our database or logs.

Step 3 — Start the deploy conversation

Once credentials are stored, the Deploy Agent chat opens automatically.

  1. Click Start Deploy (the big button in the empty state, or the suggestion chip).
  2. Optionally describe what you want to deploy before launching:
    • What service or project
    • Target environment (production, staging)
    • Compute preference (Cloud Run is the default)
    • Database requirements (Cloud SQL instance type, PostgreSQL version)
    • Any specific regions or VPC requirements

Example:

“Deploy the e-commerce platform. Use Cloud Run for the API and Cloud SQL PostgreSQL 15 for the database. Production environment in eu-west1.”

The agent clones all repositories linked to your project (each on its own configured branch), analyses your codebase and architecture plan (if you used Design Mode).

Step 4 — Review the infrastructure plan

Before provisioning starts, the agent lists exactly what it will create:

  • Cloud Run services (vCPU, RAM, min instances, region)
  • Cloud SQL instances (engine, tier, region)
  • Cloud Storage buckets
  • Secret Manager secrets
  • VPC connectors
  • Any other GCP resources

Review this list carefully. If anything is wrong, tell the agent in chat — it will revise the plan before proceeding.

Step 5 — Monitor the deployment pipeline

The agent works through the deployment conversationally. For each service it typically:

  1. Validates GCP credentials and project access
  2. Enables required GCP APIs
  3. Provisions databases and Cloud SQL instances (if needed)
  4. Creates Secret Manager secrets
  5. Builds and pushes a Docker image via Cloud Build (Artifact Registry)
  6. Deploys the Cloud Run service
  7. Runs database migrations
  8. Smoke-tests and validates endpoints

For multi-repo projects, the agent repeats the build/deploy/validate cycle for each repository, reporting progress in the chat after every major step. The exact sequence varies with the codebase — simpler projects skip database and secret steps automatically.

The agent pauses and asks for input if it encounters a decision it cannot resolve automatically — for example, a missing API key, an ambiguous configuration, or a destructive action that requires your confirmation.

Step 6 — Respond to input requests

Occasionally the agent needs information it cannot derive from your codebase or plan:

  • A third-party API key to store in Secret Manager
  • A DNS verification token
  • A confirmation before a destructive action

When this happens, the agent pauses the deployment and asks in the chat. Answer directly — the deployment resumes automatically.

Step 7 — Access the live URL

When the deployment finishes successfully, the agent confirms in chat and provides:

  • Cloud Run URL — the direct *.run.app endpoint
  • DNS instructions — how to point your custom domain (CNAME record)
  • A summary of all provisioned resources

Your service is now live. Point your DNS record to activate the custom domain.

Fix and redeploy

If a deployment fails mid-way, or if something is broken after a successful deployment:

  1. Read the agent’s error explanation in the chat — it describes which service failed, what went wrong, and what it intends to fix.
  2. Tell the agent what to fix, or let it fix the issue automatically — in most cases it can resolve the problem on its own (wrong column name in a migration, missing environment variable, misconfigured Cloud Run service, etc.).
  3. Type your message in the chat input and click Fix & Redeploy (visible after a successful deploy when at least one repository is connected). The agent applies the code fix to the correct repository (it knows which service is broken), commits the change with a clean commit message, pushes to the configured branch, and automatically triggers a new build and deployment. You do not need to send a second message.

You never need to open the GCP console manually.

What’s next?