We have sent the relevant documentation via Google Search Console and await a response from Google. We will explore options including:
temporarily using another domain for new workloads
exploring wildcard and vanity replacement of *.code.run on a per-user basis
adding *.code.run to an allow-list
A user was caught deploying a phishing website and was banned within 10 minutes of notification. *.code.run is a member of the PSL, and, unfortunately, it is not considered when blocking thousands of domains for one offending workload.