Failed to clone Bitbucket repository (exit code 128) when running deployment pull step via API

[HansdeAquisgran]

Context:

I’m using Prefect 3 (latest) with a self-hosted Prefect server and a Docker worker pool.
I created my deployment programmatically via the Prefect API, and I included a git_clone pull step to fetch our internal Bitbucket Server repository before loading the flow.
When the flow run starts, Prefect fails at that pull step with:

RuntimeError: Failed to clone repository 'https://con.trianel.com/bitbucket/scm/tr/prefect-models.git' with exit code 128.

Environment

-Prefect version: 3.x (latest)
-Execution: self-hosted Prefect Server (Orion)
-Worker type: Docker
-Repository: on-prem Bitbucket Server (not Bitbucket Cloud)
-Deployment definition: created via the Prefect API (not via YAML or CLI)
-No direct shell access to the worker container (cannot manually run git commands inside it)
-Docker base image: based on prefecthq/prefect:3-latest
-The image includes my flow code under /flow and sets PYTHONPATH=/flow, but the repository cloning happens via the Prefect runtime step.

Deployment configuration (via API)

({
    "pull": [
        {
            "prefect.deployments.steps.git_clone": {
                "branch": "develop",
                "repository": "https://aquisgran/bitbucket/.../prefect-models.git",
                "credentials": {
                    "username": "[email protected]",
                    "password": "{{ git_password }}"
                    #"{{ prefect.blocks.bitbucket-credentials.bitbucket-hans }}"
                }
            }
        }
    ],
    "entrypoint": "flows/xxx_entry.py:process_xxx",
})

What I see

-The flow run starts, then immediately fails at the git_clone step with exit code 128.
-I cannot test git manually inside the container, so I don’t know if the error is network, SSL, or authentication.
-The same credentials work locally with git clone.
-The repository is accessible via HTTPS with username + app password (2FA enabled on Bitbucket).

What I tried

• Verified the credentials and URL manually (outside Prefect).
• Tried with and without the BitbucketCredentials block.
• Tried embedding credentials in the URL form https://username:token@... — same failure.
• Confirmed that the branch exists and the credentials have read permissions.
• I also read several Prefect issues mentioning that git_clone may behave differently for Bitbucket Cloud vs Bitbucket Server.

Question
-Is there a way to enable Git debug output (e.g., GIT_TRACE=1, GIT_CURL_VERBOSE=1) via job variables/env so the git_clone step logs include the underlying error (TLS/auth/DNS)?
-Any Prefect setting to capture stderr from the git process in logs?
-What is the recommended approach to deploy flows stored in private Bitbucket Server repositories when:
The deployment is created via the API, not CLI/YAML.
The worker runs in Docker and I don’t have shell access to debug git commands.

Goal

I’m looking for the supported, reliable approach to run deployments that source code from a private Bitbucket Server repo, created via the API, and without requiring interactive container access for debugging.

Thanks in advance for any guidance or examples!

[HansdeAquisgran]

Update

I was able to run a fully local test and got access to a container. Inside that container I executed:

• git clone https://xxx/bitbucket/scm/TR/xxx.git /tmp/repo (with properly handled special chars in username/password)
• The clone succeeds locally — repo downloads and deltas resolve 100%.

However, I still see the same failure during the deployment’s git_clone pull step:

Failed to clone repository 'https://xxx/bitbucket/scm/TR/xxxx.git' with exit code 128.