Protected tags (FREE)
Introduced in GitLab 9.1.
Protected tags allow control over who has permission to create tags as well as preventing accidental update or deletion once created. Each rule allows you to match either an individual tag name, or use wildcards to control multiple tags at once.
This feature evolved out of protected branches
Overview
Protected tags prevent anyone from updating or deleting the tag, and prevent creation of matching tags based on the permissions you have selected. By default, anyone without Maintainer permissions is prevented from creating tags.
Configuring protected tags
To protect a tag, you need to have at least Maintainer permissions.
-
Go to the project's Settings > Repository.
-
From the Tag dropdown menu, select the tag you want to protect or type and click Create wildcard. In the screenshot below, we chose to protect all tags matching
v*:
-
From the Allowed to create dropdown, select users with permission to create matching tags, and click Protect:
-
After done, the protected tag displays in the Protected tags list:
Wildcard protected tags
You can specify a wildcard protected tag, which protects all tags matching the wildcard. For example:
| Wildcard Protected Tag | Matching Tags |
|---|---|
v* |
v1.0.0, version-9.1
|
*-deploy |
march-deploy, 1.0-deploy
|
*gitlab* |
gitlab, gitlab/v1
|
* |
v1.0.1rc2, accidental-tag
|
Two different wildcards can potentially match the same tag. For example,
*-stable and production-* would both match a production-stable tag.
In that case, if any of these protected tags have a setting like
Allowed to create, then production-stable also inherit this setting.
If you click on a protected tag's name, GitLab displays a list of all matching tags:
