I recently deployed a full-stack App from Google AI Studio to Cloud Run (connected to a separate Firebase project). I ran into a few hurdles that I managed to solve. Here is the breakdown in case anyone else faces the same issues:
1. The “Container Failed to Start” Error
-
The Error: My Cloud Run revision failed immediately with “Container failed to start and listen on PORT 8080.”
-
The Logs:
terminated: Application failed to run: volume (type: gcs...): mount operation failed. -
The Cause: The Cloud Run service was trying to mount the GCS bucket containing the built code, but the default Compute Service Account didn’t have permission.
-
The Fix:
-
Located the bucket name in the Cloud Run YAML (
volumeMountssection). -
Went to the Bucket in Cloud Storage.
-
Granted Storage Object Viewer permission to the Cloud Run Service Account.
-
2. The “auth/api-key-not-valid” Error
-
The Error: The app loaded, but logging in threw:
Firebase: Error (auth/api-key-not-valid). -
The Cause: This was a multi-layered issue.
-
Identity Toolkit: The API wasn’t enabled in the Google Cloud Console.
-
Caching: Even after updating the API Key in Cloud Run variables, the old key was hardcoded inside the build artifacts from AI Studio.
-
-
The Fix:
-
Enabled the Identity Toolkit API in the Google Cloud Console.
-
Created a New API Key in the Firebase project.
-
Crucial Step: Updated the
apiKeydirectly in the source code in AI Studio and hit Deploy again (to force a rebuild with the new key). -
Added the Cloud Run URL (
https://myapp.run.app/*) to the API Key’s “Website Restrictions.”
-
3. The “Missing Permissions” Error
-
The Error: User account created in Auth, but profile data failed to save to Firestore.
-
The Fix: Updated Firestore Security Rules from
if falsetoallow read, write: if request.auth != null;.
Pro Tip: If you get permission errors during sign-up, check your Firebase Authentication “Users” list. You might have a “Zombie” account that was created before the database write failed. Delete that user and try signing up again!