Skip to content

Documentation: Oryx remote build causes massive Azure Storage transaction costs #294

New issue
New issue
Open
Open
Documentation: Oryx remote build causes massive Azure Storage transaction costs#294
@sparkeros

Description

@sparkeros
sparkeros
opened on Dec 13, 2025

Summary

When deploying Python Azure Functions with Oryx remote build enabled (the default), each deployment can generate 20-30K+ Azure Storage transactions per minute during the pip install phase. This can result in unexpected costs that are difficult to diagnose.

Problem

The Azure/functions-action@v1 action defaults to enabling Oryx build, which runs pip install on Azure instead of the GitHub runner. Each file operation during pip install generates storage transactions.

Real-world impact: A deployment that should cost pennies generated 290K+ storage transactions and $0.50+ in unexpected costs. At scale, this could be financially catastrophic.

Root Cause

Oryx remote build is triggered by:

  • scm-do-build-during-deployment: true (default)
  • enable-oryx-build: true (default)
  • Azure CLI with --build-remote true

When enabled, Oryx runs on Azure and downloads/installs all Python packages from PyPI to Azure Storage, generating thousands of storage I/O operations.

Solution

Build dependencies locally on the Ubuntu runner and disable Oryx:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      
      # Install dependencies LOCALLY on GitHub runner
      - name: Install dependencies
        run: |
          pip install -r requirements.txt --target=".python_packages/lib/site-packages"
      
      - name: Create deployment package
        run: zip -r release.zip . -x ".git/*" -x ".github/*" -x ".venv/*"
      
      - uses: actions/upload-artifact@v4
        with:
          name: python-app
          path: release.zip

  deploy:
    runs-on: ubuntu-latest
    needs: build
    steps:
      - uses: actions/download-artifact@v4
        with:
          name: python-app
      
      - run: unzip release.zip -d ./deploy
      
      - uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
      
      # CRITICAL: Disable Oryx to prevent storage transaction costs
      - uses: Azure/functions-action@v1
        with:
          app-name: 'MyFunctionApp'
          package: './deploy'
          scm-do-build-during-deployment: false  # Disable Oryx
          enable-oryx-build: false                # Disable Oryx

Why this works: Ubuntu runner is Linux, same as Azure Functions Linux host. Dependencies compiled on Ubuntu work on Azure without Oryx rebuilding them.

Request

Please consider:

  1. Adding a warning in the documentation about storage transaction costs when Oryx is enabled
  2. Documenting the --target=".python_packages/lib/site-packages" pattern for local builds
  3. Adding cost considerations to the README

Environment

  • Azure Functions Python 3.11
  • Linux Consumption Plan
  • GitHub Actions with Azure/functions-action@v1

This issue was created after debugging an unexpected Azure cost spike caused by Oryx remote builds.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions