Securely call Google Cloud Run APIs with service account auth (main-workflow)

Name: Securely call Google Cloud Run APIs with service account auth (main-workflow)
Availability: InStock
Rating: 4.5 (29 reviews)
Author: Marco Cassar

$20/month : Unlimited workflows

2500 executions/month

Try free

THE #1 IN WEB SCRAPING

Scrape any website without limits

Try free

HOSTINGER 🎉 Early Black Friday Deal
DISCOUNT 20%

Self-hosted n8n

Unlimited workflows - from $4.99/mo

Try free

#1 hub for scraping, AI & automation

6000+ actors - $5 credits/mo

Try free

Who it’s for?

Anyone who wants a simple, secure way to call a Google Cloud Run endpoint from n8n—without exposing it publicly.

People who want a cheap/free-tier way to run custom API logic without hosting n8n or spinning up servers. Example: you’ve got scraping code that needs specific system/python libs—build it into a Dockerfile on Cloud Run, then call it as a secure endpoint from n8n.

How it works

This is a conjunctive workflow: the main workflow calls Service Auth (sub-workflow) to get a Google ID token, merges that auth with your context, then calls your Cloud Run URL with Authorization: Bearer <id_token>. Works great for single calls or looping over items.

How to set up

General instructions below—see my detailed guide for more info:

Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)

Setup:

Create a Cloud Run service and enable Require authentication (Cloud IAM).
Create a Google Service Account and grant Cloud Run Invoker on that service.
In n8n, import the workflows and update the Vars node (service_url, optional service_path).
Create a JWT (PEM) credential from your service account key, then run.
Make sure to read the sticky notes in the workflows—they contain helpful pointers and optional configurations.

Requirements

Cloud Run service URL (auth required)
Google Service Account with Cloud Run Invoker
Private key JSON fields downloaded from Service Account | needed to generate JWT credentials

How to customize

Change the HTTP method/path/body in Cloud Run Request, or drop the Service Auth (sub-workflow) into other workflows to reuse the same auth pattern.

More details

Full write-up (minimal + modular flows), screenshots, and more:

Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier) — by Marco Cassar

Marco Cassar

0 workflows

Nodes

set gmail telegram agent google-gemini

Complexity

advanced

Published 19 Aug 2025

Likes 0

View on n8n.io Download Workflow

✨

Share Your Workflow

Have a great workflow to share? Join the n8n Creator Hub and help the community!

Submit Your Template How to Submit

Related Workflows

Email reports on expiring Microsoft Entra ID app secrets and certificates with Microsoft Graph

## Monitor expiring EntraID application secrets and notify responsible Stay ahead of credential expirations by automatically detecting Entra ID application client secrets and certificates that are about to expire, and sending a neatly formatted email report. ### What this workflow solves Expired client secrets and certificates are a common cause of unexpected outages and failed integrations. Manually checking expiration dates across many Entra ID applications is tedious and easy to miss. This workflow automates the discovery and reporting of credentials that will expire within a configurable time window. ### Key features - Fetches all **Microsoft Entra ID applications** along with: - **Client secrets** (`passwordCredentials`) - **Certificates** (`keyCredentials`) - Splits credentials into individual entries for easier processing - Filters credentials expiring **within the next _N_ days** (configurable) - Normalizes results into a consistent structure including: - Application name - App ID - Credential type (Client Secret / Certificate) - Credential name + ID - Days remaining until expiration - Generates an **HTML table report**, sorted by application name - Sends an email **only when expiring items are found** (otherwise does nothing) ### How it works 1. Fetches all Entra ID applications and their credential metadata via Microsoft Graph 2. Separates client secrets and certificates into individual entries 3. Filters entries that expire within the configured time window 4. Builds a normalized list of expiring items with days remaining 5. Emails an HTML table report (only if results exist) ### Setup requirements - **Microsoft Entra ID app registration** with Microsoft Graph **Application permissions**: - `Application.Read.All` - In n8n: - Create **Microsoft Graph OAuth2** credentials (Client Credentials flow recommended) - Assign those credentials to the **Get EntraID Applications and Secrets** HTTP Request node - Update the **Set Variables** node: - `notificationEmail`: where to send the report - `daysBeforeExpiry`: alert window in days (e.g., 14) ### Notes - The email table highlights soon-to-expire credentials more prominently (based on remaining days). - For automation, replace the manual trigger with a **Schedule Trigger** (e.g., daily/weekly). - The workflow accesses **metadata only** (names/IDs/expiry), not secret values.

View

Get domain expiry reminders with Google Sheets, WHOIS, Telegram, and Ollama AI

This workflow helps you monitor domain expiration dates and send automated reminders via Telegram when a domain is about to expire or has already expired, using WHOIS data and AI-powered information extracting. It helps prevent service downtime, lost traffic, and missed renewals for individuals and teams managing multiple domains. Common use cases: - Track and remind on agency-managed client domains - Monitor personal or business domain portfolios - Send automated expiry alerts for IT and DevOps teams ## How it works - Runs daily at 08:00 AM - Reads domain data from Google Sheets - Fetches WHOIS information from whois.com for each domain - Extracts the data (expired date, domain owner, status domain) using AI - Sends a Telegram reminder if the domain expires within 90 days - Records the notification date to avoid duplicate alerts ## Setup steps 1. Add your Google Sheets ID and ensure the required columns exist 2. Connect your [Google Sheets credentials](https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.googlesheets) 3. Connect your [Telegram credentials](https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.telegram/chat-operations) 4. Configure your LLM provider (Ollama or other) 5. Activate the workflow ### Need Help? Contact me on [LinkedIn](https://www.linkedin.com/in/dwicahyas/)!

View

Analyze mobile app build-time hotspots with Gradle, CocoaPods, Airtable, GitHub, Gmail and GPT-4.1-mini

# Mobile App Build Time Hotspot Tracker - Gradle/CocoaPods Analyzer Alerting This workflow automates the monitoring and analysis of CI/CD build performance for mobile projects using Gradle and CocoaPods. It triggers upon build completion, compares metrics against historical performance stored in Airtable, and leverages AI to identify regressions. The system provides automated feedback via GitHub PR comments and email alerts for critical performance drops. ### ⚡ Quick Implementation Steps 1. Configure CI Pipeline: Set your CI job to send a POST request with build metrics to the workflow's Webhook URL. 2. Set Configuration: Adjust the regressionThreshold (default: 20%) and excludeModules in the Set Configuration node. 3. Connect Airtable: Link your credentials to the Fetch Historical Builds and Store Build Data nodes. 4. Connect GitHub & Gmail: Authenticate your GitHub and Gmail OAuth2 credentials for reporting. 5. Verify AI Model: Ensure the OpenAI Chat Model is connected to power the performance analysis. ## What It Does The workflow acts as an intelligent performance gatekeeper for development pipelines: 1. **Metric Collection:** Captures detailed task durations, build IDs, and PR context directly from CI/CD webhooks. 2. **Historical Comparison:** Automatically retrieves the last 10 builds for a specific repository to calculate average baselines. 3. **AI-Powered Diagnostics:** Uses a specialized AI agent to analyze slowdowns, identify root causes, and provide optimization recommendations. 4. **Automated Reporting:** Categorizes findings by severity (Critical, Warning, Info) and updates stakeholders through PR comments and high-priority emails. ## Who’s It For - Mobile Engineering Teams looking to prevent "death by a thousand cuts" in build time slowdowns. - DevOps/Platform Engineers who need automated auditing of build infrastructure health. - Release Managers requiring an audit trail of performance regressions across different pull requests. ## Technical Workflow Breakdown ### Entry Points (Triggers) 1. Webhook: Listens for POST requests at /webhook/build-hotspot-tracker containing build metrics and repository metadata. ### Processing & Logic 1. Set Configuration: Defines static variables like regression sensitivity and modules to ignore (e.g., test modules). 2. Historical Analysis: Aggregate nodes calculate min, max, and average build times from historical records. 3. AI Build Analyzer: An AI Agent utilizing GPT-4.1-mini to synthesize current build data with historical trends and PR context. 4. Route by Severity: A switch node that directs the workflow based on whether the AI classifies the regression as Critical, Warning, or Info. ### Output & Integrations 1. GitHub (Comment on PR): Posts a formatted markdown report including a severity badge, regressions list, and root causes. 2. Airtable (Store Build Data): Logs the build ID, total duration, and AI recommendations for long-term tracking. 3. Gmail (Notify Email): Sends immediate alerts to the team for critical regressions, including a direct link to the affected PR. ## Customization ### Adjust Sensitivity Modify the regressionThreshold in the Set Configuration node to change how aggressive the system is in flagging slowdowns (e.g., set to 10 for stricter monitoring). ### Module Filtering Update the excludeModules parameter to ignore specific tasks like linting or unit tests that may have volatile durations but do not represent core build performance. ### Analysis Detail The AI Build Analyzer prompt can be customized to focus on specific platform needs, such as focusing heavily on CocoaPods link times or Gradle configuration phases. ## Troubleshooting Guide | Issue | Possible Cause | Solution | | :-------------------------- | :----------------------------------------- | :----------------------------------------------------------------------------------------- | | **No PR Comments** | GitHub permissions or incorrect PR number. | Verify your GitHub token has write access and the CI payload includes a valid prNumber. | | **Historical Data Missing** | Airtable Filter failure. | Ensure the repository and prNumber fields in Airtable match the incoming Webhook data. | | **AI Analysis Errors** | OpenAI credits or model timeout. | Check your OpenAI API quota and verify the gpt-4.1-mini model is available in your region. | | **Emails Not Sending** | Gmail OAuth2 expired. | Re-authenticate the Gmail node in your n8n credentials settings. | ## Need Help? If you need assistance customizing this workflow, adding new features or integrating more systems (like JIRA, Slack or Google Sheets), feel free to reach out. Our [n8n automation experts](https://www.weblineindia.com/hire-n8n-developers/) at WeblineIndia are here to support you in scaling your automation journey.

View

👨‍💻

Need Custom Automation?

N8N Automation Expert

Specialized in N8N automation, I design custom workflows that connect your tools and automate your processes.