Google Cloud

Manage and use Google Cloud resources in your workflows

Triggers

Artifact Registry • On Artifact Analysis Trigger a workflow when a Container Analysis occurrence is published for an artifact

Artifact Registry • On Artifact Push Trigger a workflow when an artifact is pushed to GCP Artifact Registry

Cloud Build • On Build Complete Trigger a workflow when a GCP Cloud Build build reaches a terminal status

Compute • On VM Instance Listen to GCP Compute Engine VM instance lifecycle events

Pub/Sub • On Message Trigger a workflow when a message is published to a GCP Pub/Sub topic

Actions

Artifact Registry • Get Artifact Retrieve artifact version details from GCP Artifact Registry

Artifact Registry • Get Artifact Analysis Retrieve Container Analysis occurrences (vulnerabilities, build provenance, attestations) for an artifact

Cloud Build • Create Build Create a Cloud Build build and wait for it to finish

Cloud Build • Get Build Retrieve a Cloud Build build by ID

Cloud Build • Run Trigger Run a Cloud Build trigger and wait for the build to finish

Cloud DNS • Create Record Create a DNS record in a Google Cloud DNS managed zone

Cloud DNS • Delete Record Delete a DNS record from a Google Cloud DNS managed zone

Cloud DNS • Update Record Update an existing DNS record in a Google Cloud DNS managed zone

Cloud Functions • Invoke Function Invoke a Google Cloud Function and return the response

Compute • Create Virtual Machine Create a Google Compute Engine VM. Configure machine type, zone, provisioning model, and more.

Pub/Sub • Create Subscription Create a GCP Pub/Sub subscription

Pub/Sub • Create Topic Create a GCP Pub/Sub topic

Pub/Sub • Delete Subscription Delete a GCP Pub/Sub subscription

Pub/Sub • Delete Topic Delete a GCP Pub/Sub topic

Pub/Sub • Publish Message Publish a message to a GCP Pub/Sub topic

Instructions

Connection method

Service Account Key

1. Go to IAM & Admin → Service Accounts in the Google Cloud Console.
2. Select a service account → Keys → Add Key → JSON.
3. Paste the downloaded JSON below.

Workload Identity Federation (keyless)

1. Create a Workload Identity Pool with an OIDC provider.
2. Set the Issuer URL to this SuperPlane instance’s URL.
3. Set the Audience to the pool provider resource name.
4. Grant the federated identity permission to impersonate a service account with the roles your workflows need.
5. Enter the pool provider resource name and Project ID below.

Required IAM roles

• roles/logging.configWriter — create logging sinks for event triggers
• roles/pubsub.admin — manage Pub/Sub topics, subscriptions, and IAM policies for event delivery
• Additional roles depending on which components you use (e.g. roles/compute.admin for VM management)

Artifact Registry • On Artifact Analysis

The On Artifact Analysis trigger starts a workflow execution when Google Container Analysis publishes a new occurrence (e.g. vulnerability finding, build provenance, or attestation) for an artifact.

Trigger behavior: SuperPlane subscribes to the container-analysis-occurrences-v1 Pub/Sub topic that Container Analysis automatically publishes to.

Use Cases

• Security automation: React to new vulnerability findings for your container images
• Compliance workflows: Trigger policy enforcement when attestations are created
• Build provenance: React to new build provenance records

Setup

Required GCP setup: Ensure the Container Analysis API (containeranalysis.googleapis.com) and Pub/Sub API are enabled in your project. The service account must have roles/pubsub.admin and roles/containeranalysis.occurrences.viewer.

Configuration

• Occurrence Kinds: Filter by occurrence type. Leave empty to receive only DISCOVERY occurrences (one event per completed scan — recommended). Set explicitly to receive other types such as VULNERABILITY (one event per CVE found).
• Location / Repository / Package: Optional filters to scope events to a specific artifact.

Event Data

Each event contains the full Container Analysis Occurrence resource, including kind, resourceUri, noteName, and the occurrence-specific data (e.g. vulnerability for vulnerability findings).

Example Data

{
  "data": {
    "kind": "VULNERABILITY",
    "name": "projects/my-project/occurrences/vuln-001",
    "noteName": "projects/goog-vulnz/notes/CVE-2023-1234",
    "resourceUri": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image@sha256:abc123",
    "vulnerability": {
      "cvssScore": 7.5,
      "packageIssue": [
        {
          "affectedPackage": "libssl1.1",
          "affectedVersion": {
            "kind": "NORMAL",
            "name": "1.1.1n-0+deb11u3"
          },
          "fixedVersion": {
            "kind": "NORMAL",
            "name": "1.1.1n-0+deb11u5"
          }
        }
      ],
      "severity": "HIGH"
    }
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.artifactregistry.artifact.analysis"
}

Artifact Registry • On Artifact Push

The On Artifact Push trigger starts a workflow execution when a Docker image or other container artifact is pushed to Artifact Registry.

Trigger behavior: SuperPlane subscribes to the gcr Pub/Sub topic that Artifact Registry automatically publishes to for container image push events.

Use Cases

• Post-push automation: Trigger vulnerability scans, deployments, or notifications when a new image is pushed
• Release workflows: Promote artifacts through environments when a new tag is published
• Security automation: Kick off container analysis on every new push

Setup

Required GCP setup: Ensure the Artifact Registry API and Pub/Sub API are enabled in your project. The service account must have roles/pubsub.admin so SuperPlane can create the push subscription.

Configuration

• Location: Optional filter by Artifact Registry location. Leave empty to receive events for all locations.
• Repository: Optional filter by repository name. Leave empty to receive events for all repositories.

Event Data

Each event contains:

• action: Always INSERT for pushes
• digest: Full image digest URI (e.g. us-central1-docker.pkg.dev/project/repo/image@sha256:abc)
• tag: Full image tag URI (e.g. us-central1-docker.pkg.dev/project/repo/image:latest)

Example Data

{
  "data": {
    "action": "INSERT",
    "digest": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image@sha256:abc123def456",
    "tag": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image:latest"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.artifactregistry.artifact.push"
}

Cloud Build • On Build Complete

The On Build Complete trigger starts a workflow execution when a GCP Cloud Build build finishes.

Trigger behavior: SuperPlane subscribes to the cloud-builds Pub/Sub topic that Cloud Build automatically publishes to. Build notifications are pushed to SuperPlane and matched to this trigger.

Use Cases

• Post-build automation: Deploy artifacts, send notifications, or update tickets after a build succeeds
• Failure handling: Alert teams or create incidents when builds fail
• Build pipelines: Chain multiple build steps across different projects

Setup

Required GCP setup: Ensure the Cloud Build API and Pub/Sub API are enabled in your project. The service account used by the integration must have roles/pubsub.admin so SuperPlane can automatically create the cloud-builds topic and its push subscription.

Configuration

• Statuses: Filter by terminal Cloud Build status.
• Build Source: Optionally limit events to trigger-based builds or direct/API builds. Leave empty to listen to both.
• Cloud Build Trigger: Filter to a specific Cloud Build trigger. This only applies to trigger-based builds and cannot be combined with Build Source = Direct/API Builds.

Event Data

Each event contains the full Cloud Build resource, including id, status (SUCCESS, FAILURE, INTERNAL_ERROR, TIMEOUT, CANCELLED, EXPIRED), buildTriggerId, logUrl, createTime, finishTime, and more.

Example Data

{
  "data": {
    "buildTriggerId": "abcdefgh-1234-5678-abcd-123456789012",
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Compute • On VM Instance

The On VM Instance trigger starts a workflow execution when a Compute Engine VM instance lifecycle event occurs.

Trigger behavior: SuperPlane creates a Cloud Logging sink that captures Compute Engine audit log events and routes them to a shared Pub/Sub topic. Events are pushed to SuperPlane and matched to this trigger automatically.

Use Cases

• Post-provisioning automation: Run configuration, monitoring, or security setup after a VM is created
• Inventory and compliance: Record new VMs or trigger audits
• Notifications: Notify teams or systems when new VMs appear in a project or zone

Setup

Required GCP setup: Ensure the Pub/Sub API is enabled in your project and the integration’s service account has roles/logging.configWriter and roles/pubsub.admin permissions.

SuperPlane automatically creates a Cloud Logging sink to capture VM instance events.

Event Data

Each event includes the audit log entry with resourceName (e.g. projects/my-project/zones/us-central1-a/instances/my-vm), serviceName (compute.googleapis.com), methodName (v1.compute.instances.insert), and the full log entry data.

Example Data

{
  "data": {
    "data": {
      "protoPayload": {
        "methodName": "v1.compute.instances.insert",
        "resourceName": "projects/my-project/zones/us-central1-a/instances/my-vm",
        "serviceName": "compute.googleapis.com"
      }
    },
    "logName": "projects/my-project/logs/cloudaudit.googleapis.com%2Factivity",
    "methodName": "v1.compute.instances.insert",
    "resourceName": "projects/my-project/zones/us-central1-a/instances/my-vm",
    "serviceName": "compute.googleapis.com",
    "timestamp": "2025-02-14T12:00:00Z"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance"
}

Pub/Sub • On Message

The On Message trigger starts a workflow execution when a message is published to a GCP Pub/Sub topic.

Trigger behavior: SuperPlane creates a push subscription on the selected topic. Published messages are pushed to SuperPlane and delivered to this trigger.

Use Cases

• Event-driven workflows: React to messages published by your applications
• Queue processing: Process tasks published to Pub/Sub topics
• System integration: Connect Pub/Sub events to downstream workflow steps

Setup

Required GCP setup: Ensure the Pub/Sub API is enabled in your project. The service account used by the integration must have roles/pubsub.admin to create push subscriptions on your topics.

Configuration

• Topic: Select the Pub/Sub topic to listen to.
• Subscription (optional): Reuse an existing subscription name. Leave empty to let SuperPlane create one.

Event Data

Each event contains the decoded message payload plus Pub/Sub metadata:

• data: The decoded message body
• messageId: The Pub/Sub message ID
• publishTime: When the message was published
• attributes: Any message attributes

Example Data

{
  "data": {
    "attributes": {
      "eventType": "order.created"
    },
    "data": "{\"event\":\"order.created\",\"orderId\":\"ord_abc123\"}",
    "messageId": "1234567890",
    "publishTime": "2025-01-01T00:00:00Z"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.message"
}

Artifact Registry • Get Artifact

Retrieves the details of a specific artifact version from Google Artifact Registry.

Configuration

Provide either a Resource URL or the four fields below:

• Resource URL: Full resource URL of the image (e.g. https://us-central1-docker.pkg.dev/project/repo/image@sha256:abc). Use this to pass a digest directly from an upstream event such as On Artifact Push.
• Location: The GCP region where the repository is located.
• Repository: The Artifact Registry repository containing the artifact.
• Package: The package (image, library, etc.) within the repository.
• Version: The version or tag to retrieve.

Output

The full Version resource, including name, createTime, updateTime, description, relatedTags, and metadata.

Supported Formats

Artifact Registry supports all package formats when using Select from Registry mode. Resource URL mode is intended for container image URLs (for example from On Artifact Push events).

Example Output

{
  "data": {
    "createTime": "2025-01-01T00:00:00Z",
    "description": "my-image:latest",
    "fingerprints": [
      {
        "type": "DIRSUM_SHA256",
        "value": "Ac2PwnIxFXnnS6DfUou2JchB7F+krMAKv4f6sJr8VzM="
      }
    ],
    "metadata": {
      "buildTime": "1980-01-01T00:00:01Z",
      "imageSizeBytes": "20971520",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "name": "projects/my-project/locations/us-central1/repositories/my-repo/dockerImages/my-image@sha256:abc123def456"
    },
    "name": "projects/my-project/locations/us-central1/repositories/my-repo/packages/my-image/versions/sha256:abc123def456",
    "updateTime": "2025-01-01T00:05:00Z"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.artifactregistry.version"
}

Artifact Registry • Get Artifact Analysis

Retrieves existing Container Analysis occurrences for an artifact from Google Container Analysis.

Configuration

Provide either a Resource URL or the four fields below:

• Resource URL: Full resource URL of the image (e.g. https://us-central1-docker.pkg.dev/project/repo/image@sha256:abc). Use this to pass a digest directly from an upstream event such as On Artifact Push.
• Location: The GCP region where the repository is located.
• Repository: The Artifact Registry repository containing the artifact.
• Package: The package (image) within the repository.
• Version: The version (digest) to query.

Output

An analysis summary for the artifact, including:

• resourceUri: The analyzed artifact URI
• scanStatus: Discovery scan status (if available)
• Severity counts: critical, high, medium, low
• vulnerabilities: Total vulnerability occurrences
• fixAvailable: Count of vulnerabilities with fixes

Notes

• The Container Analysis API (containeranalysis.googleapis.com) must be enabled.
• The service account needs roles/containeranalysis.occurrences.viewer.
• This summarizes existing occurrences for the selected artifact.

Example Output

{
  "data": {
    "critical": 0,
    "fixAvailable": 1,
    "high": 1,
    "low": 0,
    "medium": 2,
    "resourceUri": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image@sha256:abc123",
    "scanStatus": "FINISHED_SUCCESS",
    "vulnerabilities": 3
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.containeranalysis.occurrences"
}

Cloud Build • Create Build

Creates and starts a Google Cloud Build build, then waits for the build to reach a terminal status.

Configuration

• Steps (required): JSON array of build steps. Each step needs at minimum a name (builder image) and optional args. Example: [{"name":"gcr.io/cloud-builders/docker","args":["build","-t","gcr.io/$PROJECT_ID/myapp","."]}]
• Source: Optional JSON object for the build source. This is the most flexible option and supports gitSource, repoSource, or storageSource. Example: {"gitSource":{"url":"https://github.com/org/repo.git","revision":"main"}}
• Connected Repository: Optional Cloud Build 2nd-gen repository path. Select a location, connection, repository, and branch/tag/commit directly from GCP. SuperPlane sends source.connectedRepository and creates the build in the repository’s region.
• Repository / Branch / Tag / Commit SHA: Convenience shortcut for repository-backed builds. If the repository value looks like a Git URL (https://..., ssh://..., or git@...), SuperPlane creates source.gitSource. Otherwise it treats the value as a Cloud Source Repository name and creates source.repoSource. Choose exactly one revision field.
• Images: Optional list of Docker image names to push after the build.
• Substitutions: JSON object of substitution key-value pairs (e.g. {"_ENV":"production"}).
• Timeout: Build timeout (e.g. 600s). Defaults to Cloud Build default (10 minutes).
• Project ID Override: Optionally run the build in a different project than the connected integration.

Output

The terminal Build resource, including id, status, logUrl, createTime, finishTime, and more.

Output Channels

• Passed: Emitted when Cloud Build finishes with SUCCESS.
• Failed: Emitted when Cloud Build finishes with any other terminal status, including FAILURE, INTERNAL_ERROR, TIMEOUT, CANCELLED, or EXPIRED.

Notes

• SuperPlane listens for Cloud Build notifications through the connected GCP integration and falls back to polling if an event does not arrive.
• SuperPlane automatically creates the shared cloud-builds Pub/Sub topic and push subscription when the GCP integration has roles/pubsub.admin and both the Cloud Build and Pub/Sub APIs are enabled.
• Cancelling the running execution from the UI sends a Cloud Build cancel request for the active build.

Example Output

{
  "data": {
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Cloud Build • Get Build

Retrieves the details of a specific Google Cloud Build build.

Configuration

• Build ID (required): The ID or full resource name of the Cloud Build build to retrieve.
• Project ID Override: Override the GCP project ID from the integration.

Output

The full Build resource, including id, status (SUCCESS, FAILURE, WORKING, QUEUED, etc.), logUrl, steps, images, createTime, finishTime, and more.

Example Output

{
  "data": {
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Cloud Build • Run Trigger

Runs an existing Cloud Build trigger and waits for the resulting build to reach a terminal status.

Configuration

• Trigger (required): The Cloud Build trigger to run. Select from triggers in the connected project.
• Branch or tag: Override the branch or tag to build from. Leave empty to use the trigger’s configured default. A 40-character hex string is treated as a commit SHA.
• Project ID Override: Optionally run the trigger in a different project than the connected integration.

Output

The terminal Build resource, including id, status, logUrl, createTime, finishTime, and more.

Output Channels

• Passed: Emitted when Cloud Build finishes with SUCCESS.
• Failed: Emitted when Cloud Build finishes with any other terminal status, including FAILURE, INTERNAL_ERROR, TIMEOUT, CANCELLED, or EXPIRED.

Notes

• SuperPlane listens for Cloud Build notifications through the connected GCP integration and falls back to polling if an event does not arrive.
• SuperPlane automatically creates the shared cloud-builds Pub/Sub topic and push subscription when the GCP integration has roles/pubsub.admin and both the Cloud Build and Pub/Sub APIs are enabled.
• Cancelling the running execution from the UI sends a Cloud Build cancel request for the active build.

Example Output

{
  "data": {
    "buildTriggerId": "abcdefgh-1234-5678-abcd-123456789012",
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Cloud DNS • Create Record

The Create Record component creates a new DNS record set in a Google Cloud DNS managed zone.

Configuration

• Managed Zone (required): The Cloud DNS managed zone where the record will be created.
• Record Name (required): The DNS name for the record (e.g. api.example.com). A trailing dot is added automatically.
• Record Type (required): The DNS record type (A, AAAA, CNAME, TXT, MX, etc.).
• TTL (required): Time to live in seconds. Defaults to 300.
• Record Values (required): The values for the record (e.g. IP addresses for A records).

Required IAM roles

The service account must have roles/dns.admin or roles/dns.editor on the project.

Output

• change.id: The Cloud DNS change ID.
• change.status: The change status (done).
• change.startTime: When the change was submitted.
• record.name: The DNS record name.
• record.type: The DNS record type.

Example Output

{
  "data": {
    "change": {
      "id": "1",
      "startTime": "2026-01-28T10:30:00.000Z",
      "status": "done"
    },
    "record": {
      "name": "api.example.com.",
      "type": "A"
    }
  },
  "timestamp": "2026-01-28T10:30:00.000Z",
  "type": "gcp.clouddns.change"
}

Cloud DNS • Delete Record

The Delete Record component deletes a DNS record set from a Google Cloud DNS managed zone.

Configuration

• Managed Zone (required): The Cloud DNS managed zone containing the record.
• Record Name (required): The DNS name of the record to delete (e.g. api.example.com).
• Record Type (optional): The DNS record type to delete (A, AAAA, CNAME, TXT, MX, etc.). If not specified, all record sets with the given name are deleted.

Required IAM roles

The service account must have roles/dns.admin or roles/dns.editor on the project.

Output

• change.id: The Cloud DNS change ID.
• change.status: The change status (done).
• change.startTime: When the change was submitted.
• record.name: The DNS record name.
• record.type: The DNS record type (comma-separated when multiple types were deleted).

Example Output

{
  "data": {
    "change": {
      "id": "2",
      "startTime": "2026-01-28T10:31:00.000Z",
      "status": "done"
    },
    "record": {
      "name": "old.example.com.",
      "type": "A"
    }
  },
  "timestamp": "2026-01-28T10:31:00.000Z",
  "type": "gcp.clouddns.change"
}

Cloud DNS • Update Record

The Update Record component updates an existing DNS record set in a Google Cloud DNS managed zone.

Configuration

• Managed Zone (required): The Cloud DNS managed zone containing the record.
• Record Name (required): The DNS name of the record to update (e.g. api.example.com).
• Record Type (required): The DNS record type (A, AAAA, CNAME, TXT, MX, etc.).
• TTL (required): New time to live in seconds.
• Record Values (required): The new values for the record.

Required IAM roles

The service account must have roles/dns.admin or roles/dns.editor on the project.

Output

• change.id: The Cloud DNS change ID.
• change.status: The change status (done).
• change.startTime: When the change was submitted.
• record.name: The DNS record name.
• record.type: The DNS record type.

Example Output

{
  "data": {
    "change": {
      "id": "3",
      "startTime": "2026-01-28T10:32:00.000Z",
      "status": "done"
    },
    "record": {
      "name": "api.example.com.",
      "type": "A"
    }
  },
  "timestamp": "2026-01-28T10:32:00.000Z",
  "type": "gcp.clouddns.change"
}

Cloud Functions • Invoke Function

Invokes a Google Cloud Function and waits for the response.

Configuration

• Location (required): The GCP region where the function is deployed (e.g. us-central1).
• Function (required): The Cloud Function to invoke. Select from the list of deployed functions.
• Payload: Optional JSON object sent as the function’s input data.
• Project ID Override: Override the GCP project ID from the integration. Leave empty to use the integration’s project.

Required IAM roles

The service account used by the integration must have roles/cloudfunctions.developer (or roles/cloudfunctions.viewer + roles/cloudfunctions.invoker) on the project.

• roles/cloudfunctions.viewer — list locations and functions (required for dropdowns)
• roles/cloudfunctions.invoker — invoke the function
• roles/cloudfunctions.developer — covers both of the above

Output

The invocation result, including:

• functionName: Full resource name of the invoked function.
• executionId: Unique ID assigned to this invocation.
• result: The function’s response, parsed as JSON when possible.
• resultRaw: The raw string response (only present when the response is not valid JSON).

Example Output

{
  "data": {
    "executionId": "h7g2k9qw3x",
    "functionName": "projects/my-project/locations/us-central1/functions/my-function",
    "result": {
      "message": "Hello, World!",
      "status": "ok"
    }
  },
  "timestamp": "2025-01-01T00:00:05Z",
  "type": "gcp.cloudfunctions.invoke"
}

Compute • Create Virtual Machine

Creates a new Google Compute Engine VM.

Steps

1. Machine Configuration – Region, zone, machine type, provisioning model (Spot/Standard), instance name.
2. OS & Storage – Boot disk source (public/custom image, snapshot, existing disk), disk type, size, snapshot schedule.
3. Security – Shielded VM (secure boot, vTPM, integrity monitoring), Confidential VM (AMD SEV/SEV-SNP, Intel TDX).
4. Identity & API access – VM service account, OAuth scopes, OS Login, block project-wide SSH keys.
5. Networking – VPC, subnet, NIC type, internal/external IP (including static), network tags, firewall rules.
6. Management – Metadata, startup script, automatic restart, on host maintenance, maintenance policy.
7. Advanced – GPU accelerators, placement policy (min node CPUs), sole-tenant/host affinity, resource policies.

Output

Emits a payload with instance details: instanceId, selfLink, internalIP, externalIP, status, zone, name, machineType.

Example Output

{
  "data": {
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "e2-medium",
    "name": "my-vm",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "RUNNING",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.createVM.completed"
}

Pub/Sub • Create Subscription

The Create Subscription component creates a new GCP Pub/Sub subscription on a topic.

Use Cases

• Provisioning workflows: Wire up subscriptions as part of service deployment
• Pull queue setup: Create pull subscriptions for batch processing workflows
• Push integration: Create push subscriptions that deliver messages to an HTTP endpoint

Example Output

{
  "data": {
    "name": "projects/my-project/subscriptions/my-subscription",
    "subscription": "my-subscription",
    "topic": "my-topic",
    "type": "pull"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.subscription"
}

Pub/Sub • Create Topic

The Create Topic component creates a new GCP Pub/Sub topic.

Use Cases

• Provisioning workflows: Create topics as part of environment setup
• Dynamic routing: Create topics on demand for new services or tenants
• Automation bootstrap: Prepare messaging infrastructure before publishing

Example Output

{
  "data": {
    "name": "projects/my-project/topics/my-topic",
    "topic": "my-topic"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.topic"
}

Pub/Sub • Delete Subscription

The Delete Subscription component deletes a GCP Pub/Sub subscription.

Use Cases

• Cleanup workflows: Remove subscriptions as part of service teardown
• Lifecycle management: Decommission subscriptions that are no longer needed
• Rollback automation: Remove subscriptions created in failed provisioning runs

Example Output

{
  "data": {
    "deleted": true,
    "subscription": "my-subscription"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.subscription.deleted"
}

Pub/Sub • Delete Topic

The Delete Topic component deletes a GCP Pub/Sub topic.

Use Cases

• Cleanup workflows: Remove temporary topics after execution
• Lifecycle management: Decommission unused messaging resources
• Rollback automation: Remove topics created in failed provisioning runs

Example Output

{
  "data": {
    "deleted": true,
    "topic": "my-topic"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.topic.deleted"
}

Pub/Sub • Publish Message

The Publish Message component sends a message to a GCP Pub/Sub topic.

Use Cases

• Event fan-out: Broadcast workflow results to multiple subscribers
• Notifications: Publish operational updates to downstream systems
• Automation: Trigger Pub/Sub-based pipelines from workflows

Example Output

{
  "data": {
    "messageId": "1234567890",
    "topic": "my-topic"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.message.published"
}