Google Cloud Integration

CODITECT runs on Google Cloud Platform and offers deep integration with GCP services.

Overview

CODITECT leverages GCP for:

Cloud Workstations (compute)
Cloud Storage (files)
Cloud SQL (databases)
Secret Manager (credentials)
Cloud Build (CI/CD)

Connecting Your GCP Project

Prerequisites

Google Cloud account
Project with billing enabled
Appropriate IAM permissions

Setup Steps

Go to Settings → Integrations → Google Cloud
Click Connect Google Cloud
Sign in with your Google account
Select your GCP project
Grant requested permissions

Required Permissions

CODITECT requests these OAuth scopes:

Scope	Purpose
`cloud-platform.read-only`	View project resources
`compute`	Manage workstations
`devstorage.read_write`	Access Cloud Storage
`cloudbuild`	Trigger builds

Cloud Workstations

How It Works

CODITECT uses GCP Compute Engine for cloud workstations:

┌─────────────────────────────────────────────────────┐
│                 Your GCP Project                    │
├─────────────────────────────────────────────────────┤
│                                                     │
│  ┌──────────────────┐    ┌──────────────────┐      │
│  │  Cloud Run       │    │  Compute Engine  │      │
│  │  (CODITECT API)  │    │  (Workstations)  │      │
│  └────────┬─────────┘    └────────┬─────────┘      │
│           │                       │                 │
│           └───────────┬───────────┘                 │
│                       │                             │
│              ┌────────▼────────┐                    │
│              │  Cloud Storage  │                    │
│              │  (Projects)     │                    │
│              └─────────────────┘                    │
│                                                     │
└─────────────────────────────────────────────────────┘

Machine Types

Type	vCPUs	Memory	Use Case
Small	2	8 GB	Light development
Medium	4	16 GB	Standard development
Large	8	32 GB	Heavy workloads
Custom	1-96	1-624 GB	Enterprise

Regions

Workstations available in:

us-central1 (Iowa)
us-east1 (South Carolina)
europe-west1 (Belgium)
asia-east1 (Taiwan)

Enterprise plans can request additional regions.

Cloud Storage

Project Files

Project files are stored in Cloud Storage:

gs://coditect-projects-{org-id}/
├── project-abc123/
│   ├── src/
│   ├── node_modules/
│   └── .coditect/
└── project-def456/
    └── ...

Accessing Files Directly

If you have GCP access:

# List project files
gsutil ls gs://coditect-projects-ORG_ID/PROJECT_ID/

# Download file
gsutil cp gs://coditect-projects-ORG_ID/PROJECT_ID/src/app.py .

# Sync project
gsutil -m rsync -r gs://coditect-projects-ORG_ID/PROJECT_ID/ ./local-project/

Storage Classes

Class	Use Case	Price
Standard	Active projects	$0.02/GB/mo
Nearline	Archived projects	$0.01/GB/mo

Projects auto-archive after 30 days of inactivity.

Cloud Build

Automatic CI/CD

CODITECT can trigger Cloud Build for deployments:

Go to Project Settings → CI/CD
Click Connect Cloud Build
Select or create cloudbuild.yaml
Configure triggers

Example cloudbuild.yaml

steps:
  # Install dependencies
  - name: 'node:18'
    entrypoint: npm
    args: ['install']

  # Run tests
  - name: 'node:18'
    entrypoint: npm
    args: ['test']

  # Build application
  - name: 'node:18'
    entrypoint: npm
    args: ['run', 'build']

  # Deploy to Cloud Run
  - name: 'gcr.io/cloud-builders/gcloud'
    args:
      - 'run'
      - 'deploy'
      - 'my-app'
      - '--image'
      - 'gcr.io/$PROJECT_ID/my-app'
      - '--region'
      - 'us-central1'

images:
  - 'gcr.io/$PROJECT_ID/my-app'

Build Triggers

Trigger	Event
Push to main	Deploy to production
Push to develop	Deploy to staging
Pull request	Run tests
Manual	On-demand deployment

Secret Manager

Managing Secrets

CODITECT integrates with Secret Manager for credentials:

# List secrets via CLI
coditect secrets list

# Add secret
coditect secrets set DATABASE_URL "postgres://..."

# Use in workstation
echo $DATABASE_URL

Accessing from Code

# Secrets are available as environment variables
import os

database_url = os.environ["DATABASE_URL"]
api_key = os.environ["API_KEY"]

Secret Rotation

Set up automatic rotation:

Go to Project Settings → Secrets
Select secret
Click Enable Rotation
Set rotation period (30/60/90 days)

IAM Best Practices

Least Privilege

Grant minimal permissions:

# Custom role for CODITECT
title: CODITECT Workstation User
includedPermissions:
  - compute.instances.get
  - compute.instances.start
  - compute.instances.stop
  - storage.objects.get
  - storage.objects.create

Service Account

For automation, create dedicated service account:

# Create service account
gcloud iam service-accounts create coditect-automation \
  --display-name="CODITECT Automation"

# Grant roles
gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="serviceAccount:coditect-automation@PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/compute.instanceAdmin.v1"

Cost Management

Billing Alerts

Set up alerts for CODITECT-related costs:

Go to GCP Console → Billing → Budgets
Create budget for CODITECT project
Set thresholds (50%, 90%, 100%)
Enable email alerts

Cost Breakdown

Typical monthly costs:

Component	Small Team	Large Team
Workstations	$50-100	$500-1000
Storage	$5-20	$50-200
Network	$5-10	$20-50
Total	$60-130	$570-1250

Cost Optimization

Auto-shutdown - Workstations stop after idle period
Preemptible instances - 60-80% savings for non-critical work
Regional storage - Use single region vs multi-region
Committed use - 57% discount for 3-year commitment

Troubleshooting

Authentication Issues

# Refresh GCP credentials
gcloud auth login

# Verify project
gcloud config get-value project

# Check permissions
gcloud projects get-iam-policy PROJECT_ID

Workstation Won't Start

Check quota in GCP Console
Verify billing is active
Check region availability
Review Cloud Logging for errors

Storage Access Denied

Verify service account has storage permissions
Check bucket IAM policy
Confirm project ID matches

Overview​

Connecting Your GCP Project​

Prerequisites​

Setup Steps​

Required Permissions​

Cloud Workstations​

How It Works​

Machine Types​

Regions​

Cloud Storage​

Project Files​

Accessing Files Directly​

Storage Classes​

Cloud Build​

Automatic CI/CD​

Example cloudbuild.yaml​

Build Triggers​

Secret Manager​

Managing Secrets​

Accessing from Code​

Secret Rotation​

IAM Best Practices​

Least Privilege​

Service Account​

Cost Management​

Billing Alerts​

Cost Breakdown​

Cost Optimization​

Troubleshooting​

Authentication Issues​

Workstation Won't Start​

Storage Access Denied​