← knowledge.oriz.in

No Firebase Cloud Functions — Blaze requires a card on file

rule rulefirebaseno-functionsno-card-on-filecloudflare-workersgithub-actions

No Firebase Cloud Functions — Blaze requires a card on file

Rule

Firebase Cloud Functions are never used in the family. Functions only runs on Blaze (pay-as-you-go), Blaze requires a card on file, and no-card-on-file.md is non-negotiable.

Firebase Auth and Firestore stay — both work on Spark with no card and cover the family's auth + persistence needs.

What to use instead (priority order)

  1. GitHub Actions — cron, build, CI, batch jobs, scrapers. Unlimited minutes on public repos.
  2. Cloudflare Workers — REST APIs, webhook receivers, edge logic. 100K req/day free per Worker (split per domain for headroom — see cf-worker-quota-mitigation.md).
  3. Cloudflare Pages Functions — per-page server logic on a Pages site. Shared 100K/day envelope with Workers.
  4. Firestore client SDK — read/write directly from the browser with Firebase Auth + Security Rules. No server tier needed for most CRUD.

Why

Documented Blaze bill-shock incidents (simmer.io ~$98K, Tamara ~$70K, €54K Gemini-key leak) all involved card-on-file Firebase / GCP projects. Cloud Spend Caps are still private preview at Cloud Next '26 and do not cover Functions. The only real defense is "no Blaze, ever".

Cross-refs