Skip to main content
Google Cloud Run is a fully managed container platform that scales to zero when idle. This makes it a cost-effective choice for teams with sporadic pull request activity.

Overview

This guide walks you through deploying the MergeWatch container image to Cloud Run, connecting it to a Cloud SQL PostgreSQL instance, and configuring your GitHub App webhook to point at the Cloud Run service URL.

Prerequisites

1

Install the Google Cloud CLI

Install and authenticate the gcloud CLI.
gcloud auth login
gcloud config set project YOUR_PROJECT_ID
2

Enable required APIs

gcloud services enable run.googleapis.com sqladmin.googleapis.com
3

Gather your GitHub App credentials

You need the following values from your GitHub App settings:
VariableDescription
GITHUB_APP_IDNumeric App ID from the GitHub App settings page
GITHUB_PRIVATE_KEYPEM-formatted private key generated for the App
GITHUB_WEBHOOK_SECRETSecret used to validate incoming webhook payloads
4

Choose an LLM provider

Set LLM_PROVIDER to your preferred provider (e.g. anthropic, openai, bedrock). For the default Anthropic provider, you also need ANTHROPIC_API_KEY.

Deploy to Cloud Run

1

Create the Cloud Run service

Deploy the MergeWatch container image with all required environment variables.
gcloud run deploy mergewatch \
  --image ghcr.io/santthosh/mergewatch:latest \
  --region us-central1 \
  --port 3000 \
  --allow-unauthenticated \
  --set-env-vars "GITHUB_APP_ID=YOUR_APP_ID" \
  --set-env-vars "GITHUB_PRIVATE_KEY=YOUR_PRIVATE_KEY" \
  --set-env-vars "GITHUB_WEBHOOK_SECRET=YOUR_WEBHOOK_SECRET" \
  --set-env-vars "LLM_PROVIDER=anthropic" \
  --set-env-vars "ANTHROPIC_API_KEY=YOUR_ANTHROPIC_KEY" \
  --set-env-vars "DATABASE_URL=postgresql://USER:PASSWORD@HOST:5432/mergewatch"
Cloud Run scales to zero when there are no incoming requests. You only pay for the time MergeWatch is actively processing webhooks — ideal for teams with sporadic PR activity.
2

Note the service URL

After deployment, gcloud prints the service URL:
Service URL: https://mergewatch-abc123-uc.a.run.app
Save this URL — you will need it to configure the webhook.

Set up Postgres

MergeWatch requires a PostgreSQL database to store installation and review data.

Cloud SQL (recommended)

Fully managed PostgreSQL with automatic backups, high availability, and private networking to Cloud Run.

AlloyDB

PostgreSQL-compatible managed database for high-throughput workloads. Use if you need advanced analytics or larger scale.
1

Create a Cloud SQL instance

gcloud sql instances create mergewatch-db \
  --database-version=POSTGRES_15 \
  --tier=db-f1-micro \
  --region=us-central1

gcloud sql databases create mergewatch \
  --instance=mergewatch-db

gcloud sql users create mergewatch \
  --instance=mergewatch-db \
  --password=YOUR_DB_PASSWORD
2

Connect Cloud Run to Cloud SQL

Add the Cloud SQL connection to your Cloud Run service:
gcloud run services update mergewatch \
  --add-cloudsql-instances YOUR_PROJECT:us-central1:mergewatch-db \
  --update-env-vars "DATABASE_URL=postgresql://mergewatch:YOUR_DB_PASSWORD@/mergewatch?host=/cloudsql/YOUR_PROJECT:us-central1:mergewatch-db"
Cloud Run connects to Cloud SQL over a Unix socket, so the DATABASE_URL uses the /cloudsql/ prefix instead of a TCP host.

Configure the webhook URL

Set the webhook URL on your GitHub App to point at your Cloud Run service. 
https://mergewatch-abc123-uc.a.run.app/webhook
The webhook URL is your Cloud Run service URL followed by /webhook.
The service must be configured with --allow-unauthenticated so GitHub can deliver webhook payloads. MergeWatch validates every payload using GITHUB_WEBHOOK_SECRET — unauthenticated requests without a valid signature are rejected.

Next steps

Configure review behavior

Tune sensitivity, ignored paths, and review focus areas.

Environment variables

Full list of supported environment variables.

Troubleshooting

Common issues and how to fix them.

Upgrading

How to update MergeWatch to the latest version.