Short answer: no. Prefect Cloud’s serverless infrastructure does not publish a static set of egress IPs. When a deployment uses

flow.from_source(...)

, the code is fetched by the worker that executes your flow run: - Serverless work pools: the checkout happens from Prefect-managed infrastructure with dynamic egress IPs (not suitable for GitHub IP allowlists). - Self-hosted workers (Docker/Kubernetes/Process): the checkout happens from your infrastructure, so GitHub will see your network’s egress IP(s), which you can allowlist. If IP allowlisting is a hard requirement, the typical path is to run your own worker in a work pool you control and point the deployment at that pool. I can help you set that up. A couple of options: - Use a Docker or Kubernetes work pool in your network/VPC with a fixed NAT egress IP and keep using

flow.from_source(...)

. - Alternatively, mirror/package your code somewhere your infra can pull from without IP allowlisting (e.g., object storage with signed URLs), but that’s usually more plumbing. Can you confirm whether you’re using a Serverless work pool or running your own workers today? If it’s serverless, we’ll switch you to a self-hosted worker to satisfy GitHub’s IP restrictions. Refs: - Work pools overview