You also need to make sure the foo.com development and operations teams have the right access and the right tools to build the application and deploy it. As developers write the code for the app, they can use Cloud Code within the IDE to push the code to Cloud Build, which then packages and tests it, runs vulnerability scans on the code, and invokes Binary Authorization to check for trusted container images, and once the tests are passed, deploys the package to staging. From there you can create a process to review and promote to production. Container images are stored in Artifact Registry from which they can be deployed to GKE or Cloud Run. Compute Engine images are stored in your project.