Deployment
The Vectreal Platform is deployed on Google Cloud Run behind a Global HTTPS Load Balancer with CDN, managed by Terraform and automated through GitHub Actions.
The canonical source of truth for infrastructure configuration is
terraform/README.md. This page provides a high-level overview and links to the detailed Terraform docs rather than duplicating them.
Architecture
GitHub Actions CI/CD
│
▼
Artifact Registry (Docker images)
│
▼
Cloud Run (container instances)
├── production (vectreal.com)
└── staging (staging.vectreal.com)
│
▼
Global HTTPS Load Balancer + Cloud CDN
│
▼
Supabase (Auth + Database)
Google Cloud Storage (3D assets)
First-time infrastructure setup
Prerequisites
- A GCP project with billing enabled
gcloudCLI authenticated with Owner or Editor role- Terraform ≥ 1.5
- GitHub CLI (
gh) authenticated
Two-step setup
# 1. Provision GCP infrastructure (Cloud Run, Artifact Registry, IAM, GCS)
cd terraform
./scripts/apply-infrastructure.sh
# 2. Configure GitHub secrets from your .env.development
./scripts/setup-github-secrets.shSee the full Terraform README for all configuration options, Terraform variable reference, and troubleshooting.
CI/CD workflows
Workflows live in .github/workflows/.
| Workflow | Trigger | What it does |
|---|---|---|
| Staging deploy | Push to main | Builds Docker image, pushes to Artifact Registry, deploys to Cloud Run staging |
| Production deploy | Manual workflow_dispatch | Promotes staging image to production Cloud Run |
| Package release | Version tag v*.*.* | Builds and publishes npm packages to npmjs.com |
Required GitHub secrets
| Secret | Description |
|---|---|
GCP_CREDENTIALS / GCP_CREDENTIALS_STAGING | Service account JSON key for Cloud Run deployments |
GCP_PROJECT_ID / GCP_PROJECT_ID_STAGING | Google Cloud project ID |
DATABASE_URL_PROD / DATABASE_URL_STAGING | PostgreSQL connection string |
SUPABASE_URL_PROD / SUPABASE_URL_STAGING | Supabase project URL |
SUPABASE_KEY_PROD / SUPABASE_KEY_STAGING | Supabase anon key |
GOOGLE_CLOUD_STORAGE_PRIVATE_BUCKET_PROD / GOOGLE_CLOUD_STORAGE_PRIVATE_BUCKET_STAGING | GCS bucket name |
APPLICATION_URL_PROD / APPLICATION_URL_STAGING | Public app URL used for health checks and runtime config |
CSRF_SECRET_PROD / CSRF_SECRET_STAGING | Server-side CSRF/session secret |
If you use the helper script (
terraform/scripts/setup-github-secrets.sh), these names are configured automatically.
Database migrations
Migrations follow a Supabase-first flow — Drizzle generates SQL, Supabase CLI applies it.
# Generate SQL from schema changes
pnpm nx run vectreal-platform:drizzle-generate
# Apply to staging
pnpm nx run vectreal-platform:supabase-db-push-staging
# Apply to production
pnpm nx run vectreal-platform:supabase-db-push-prodSee DB_MIGRATIONS.md for the full migration workflow.
Docker
The platform app is containerised with Docker. See DOCKER.md for local Docker usage, multi-stage build details, and health check configuration.
Staging-first latency rollout
Before promoting any change to production:
- Push to
main→ staging deployment runs automatically. - Validate on
staging.vectreal.com(auth flows, 3D pipeline, embed preview). - Run the production deploy workflow manually once staging is green.
Cost optimisation
Key cost levers for Cloud Run:
- Set
--min-instances=0for staging to scale to zero when idle. - Use committed-use discounts for production if traffic is predictable.
- Cloud CDN caches static assets from the staging GCS bucket — cache hit ratio is visible in Cloud Monitoring.
Full cost guidance in the Terraform README.
Related docs
- Installation — local setup and environment basics
- Publishing & Embedding — runtime preview and token usage
- @vctrl/core — server-side model pipeline used by API routes/jobs