Retrieve code from storage
Learn about where to store your flow code.
When a deployment runs, the execution environment needs access to the flow code. Flow code is not stored in Prefect server or Prefect Cloud.
You have several flow code storage options.
This guide focuses on deployments created with the interactive CLI experience or a prefect.yaml file. To create deployments with Python code, see the work pools guide.
Git-based storage
Git-based version control platforms provide redundancy, version control, and easier collaboration. Prefect supports:
To create a deployment with git-based storage:
- Run
prefect deploy
from the root directory of the git repository - Create a new deployment
- You will see a series of prompts. Select yes creating a new deployment.
- Select the flow code entrypoint
- Name your deployment
Prefect detects that you are in a git repository and asks if you want to store your flow code in a git repository. Select “y” to be prompted to confirm the URL of your git repository and the branch name, as in the example below:
? Your Prefect workers will need access to this flow's code to run it.
Would you like your workers to pull your flow code from its remote repository when running this flow? [y/n] (y):
? Is https://github.com/my_username/my_repo.git the correct URL to pull your flow code from? [y/n] (y):
? Is main the correct branch to pull your flow code from? [y/n] (y):
? Is this a private repository? [y/n]: y
In this example, the git repository is hosted on GitHub. If you are using Bitbucket or GitLab, the URL will match your provider. If the repository is public, enter “n”.
If the repository is private, you can enter a token to access your private repository. This token is saved to an encrypted Prefect Secret block.
? Please enter a token that can be used to access your private repository.
This token will be saved as a Secret block via the Prefect API: "123_abc_this_is_my_token"
Verify that you have a new Secret block in your active workspace named in the format “deployment-my-deployment-my-flow-name-repo-token”.
Creating access tokens differs for each provider.
We recommend using HTTPS with fine-grained Personal Access Tokens to limit access by repository. See the GitHub docs for Personal Access Tokens (PATs).
Under Your Profile -> Developer Settings -> Personal access tokens -> Fine-grained token choose Generate New Token and fill in the required fields. Under Repository access choose Only select repositories and grant the token permissions for Contents.
To configure a Secret block ahead of time, create the block in code or the Prefect UI and
reference it in your prefect.yaml
file.
pull:
- prefect.deployments.steps.git_clone:
repository: https://gitlab.com/org/my-private-repo.git
access_token: "{{ prefect.blocks.secret.my-block-name }}"
Alternatively, you can create a Credentials block ahead of time and reference it in the prefect.yaml
pull step.
- Install the Prefect-Github library with
pip install -U prefect-github
- Register the blocks in that library to make them available on the server with
prefect block register -m prefect_github
- Create a GitHub Credentials block in code or the Prefect UI and reference it as shown:
pull:
- prefect.deployments.steps.git_clone:
repository: https://github.com/org/my-private-repo.git
credentials: "{{ prefect.blocks.github-credentials.my-block-name }}"
Push your code
When you make a change to your code, Prefect does not push your code to your git-based version control platform. You need to push your code manually or as part of your CI/CD pipeline. This is intentional to avoid confusion about the git history and push process.
Docker-based storage
Another way to store your flow code is to include it in a Docker image. All work pool options except Process and Prefect Managed work pools allow you to bake your code into a Docker image.
- Run
prefect init
in the root of your repository and choosedocker
for the project name. Answer the prompts to create aprefect.yaml
file with a build step that creates a Docker image with the flow code built in. See Run flows in Docker containers for more info. - Run
prefect deploy
from the root of your repository to create a deployment. - When a deployment runs, the worker pulls the Docker image and spins up a container.
- The flow code baked into the image runs inside the container.
CI/CD may not require push or pull steps
You don’t need push or pull steps in the prefect.yaml
file if using CI/CD to build a Docker image outside of Prefect.
Instead, the work pool can reference the image directly.
Cloud-provider storage
You can store your code in an AWS S3 bucket, Azure Blob Storage container, or GCP GCS bucket and specify the destination
directly in the push
and pull
steps of your prefect.yaml
file.
To create a templated prefect.yaml
file run prefect init
and select the recipe for the applicable cloud-provider storage.
Below are the recipe options and the relevant portions of the prefect.yaml
file.
Choose s3Bucket
as the recipe and enter the bucket name when prompted.
# push section allows you to manage if and how this project is uploaded to remote locations
push:
- prefect_aws.deployments.steps.push_to_s3:
id: push_code
requires: prefect-aws>=0.3.4
bucket: my-bucket
folder: my-folder
credentials: "{{ prefect.blocks.aws-credentials.my-credentials-block }}" # if private
# pull section allows you to provide instructions for cloning this project in remote locations
pull:
- prefect_aws.deployments.steps.pull_from_s3:
id: pull_code
requires: prefect-aws>=0.3.4
bucket: '{{ push_code.bucket }}'
folder: '{{ push_code.folder }}'
credentials: "{{ prefect.blocks.aws-credentials.my-credentials-block }}" # if private
If the bucket requires authentication to access it, you can do the following:
- Install the Prefect-AWS library with
pip install -U prefect-aws
- Register the blocks in Prefect-AWS with
prefect block register -m prefect_aws
- Create a user with a role with read and write permissions to access the bucket. If using the UI, create an access key pair with IAM -> Users -> Security credentials -> Access keys -> Create access key. Choose Use case -> Other and then copy the Access key and Secret access key values.
- Create an AWS Credentials block in code or the Prefect UI. In addition to the block name, most users will fill in the AWS Access Key ID and AWS Access Key Secret fields.
- Reference the block as shown in the push and pull steps
Another authentication option is to give the worker access to the storage location at runtime through SSH keys.
Alternatively, you can inject environment variables into your deployment. See this example that uses an environment variable named
CUSTOM_FOLDER
:
push:
- prefect_gcp.deployment.steps.push_to_gcs:
id: push_code
requires: prefect-gcp>=0.4.3
bucket: my-bucket
folder: '{{ $CUSTOM_FOLDER }}'
Include or exclude files from storage
By default, Prefect uploads all files in the current folder to the configured storage location when you create a deployment.
When using a git repository, Docker image, or cloud-provider storage location, you may want to exclude certain files or directories:
- If you are familiar with Docker you are likely familiar with the
.dockerignore
file. - For cloud-provider storage the
.prefectignore
file serves the same purpose and follows a similar syntax as those files. So an entry of*.pyc
will exclude all.pyc
files from upload.
Was this page helpful?