architecture-beta
group github(internet)[GitHub]
service repo(server)[Github repo] in github
service build_run(server)[Github Actions] in github
group gcp(cloud)[Google Cloud Platform]
service secret_manager(disk)[Secret Manager] in gcp
service vpc(internet)[VPC] in gcp
service cloud_run(server)[Cloud Run Instance] in gcp
service gcs_bucket(disk)[Google Cloud Bucket] in gcp
group external(cloud)[External Services]
service ovh_postgres(database)[PostgresSQL DB Datalayer] in external
group stopcyber(internet)[StopCyber website]
service iframe(internet)[Embedded App] in stopcyber
service auth(test)[Authentication pending]
%% Define the relationships
repo:T -- B:build_run
secret_manager:L -- R:cloud_run
build_run:T -- B:cloud_run
cloud_run:T -- B:vpc
cloud_run:R -- L:gcs_bucket
iframe:R -- L:auth
auth:R -- L:cloud_run
vpc:T -- B:ovh_postgres
Cloud configuration and architecture
Last updated: 2026-01-30
Secret manager
All necessary keys and environment variables are stored in the Google Cloud secret manager. For access contact Valentin, Heiner or Daniel.
App deployment
The Google Cloud Build/Run is configured with the repository. For the time being, its resources are scaled down to zero depending on demand. This induces a startup delay, when the app is requested after a longer pause.
Network (implementation currently pending)
In order to enable secure communication with the PostgresSQL database of the data layer (which in the future will be hosted on OVH by Centres Relier), the Cloud Run instance is connected to a VPC through which all traffic is routed. The VPC is configured with a static IP address that is authorised for database access.
Datalayer
For proof-of-concept the app was connected to a serverless PostgresSQL database on neon. This configuration is currently intact but will be subject to change.