- Who can modify a protected tag
- Configuring protected tags
- Wildcard protected tags
- Prevent tag creation with the same name as branches
Protected tags
Protected tags:
- Allow control over who has permission to create tags.
- Prevent accidental update or deletion once created.
Each rule allows you to match either:
- An individual tag name.
- Wildcards to control multiple tags at once.
This feature evolved out of protected branches
Who can modify a protected tag
By default:
- To create tags, you must have the Maintainer role.
- No one can update or delete tags.
Configuring protected tags
To protect a tag, you must have at least the Maintainer role.
-
Go to the project and navigate to Project Settings > Version Control.
-
From the Tag dropdown list, select the tag you want to protect or type and click Create wildcard. In the screenshot below, we chose to protect all tags matching
v*
: -
From the Allowed to create dropdown list, select users with permission to create matching tags, and select Protect:
-
After done, the protected tag displays in the Protected tags list:
Wildcard protected tags
You can specify a wildcard protected tag, which protects all tags matching the wildcard. For example:
Wildcard Protected Tag | Matching Tags |
---|---|
v*
|
v1.0.0 , version-9.1
|
*-deploy
|
march-deploy , 1.0-deploy
|
*wvs*
|
wvs , wvs/v1
|
*
|
v1.0.1rc2 , accidental-tag
|
Two different wildcards can potentially match the same tag. For example,
*-stable
and production-*
would both match a production-stable
tag.
In that case, if any of these protected tags have a setting like
Allowed to create, then production-stable
also inherit this setting.
If you select a protected tag’s name, WVS displays a list of all matching tags:
Prevent tag creation with the same name as branches
A tag and a branch with identical names can contain different commits. If your
tags and branches use the same names, users running git checkout
commands might check out the tag qa
when they instead meant to check out
the branch qa
.
To prevent this problem:
- Identify the branch names you do not want used as tags.
-
As described in Configuring protected tags, create a protected tag:
- For the Name, provide a name, such as
stable
. You can also create a wildcard likestable-*
to match multiple names, likestable-v1
andstable-v2
. - For Allowed to Create, select No one.
- Select Protect.
- For the Name, provide a name, such as
Users can still create branches, but not tags, with the protected names.