Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ground Controller Lvl 1
Message 1 of 15

Feature Request: Protected Tags

See https://github.com/isaacs/github/issues/1091:

 

Right now, it's basically impossible to have any protection around tags:

* Anyone with write access to a repo can push any tags.
* There's no auditing/logging of tag changes.

Any number of things could be done to improve this:

* Add an option to protect individual tags (or better yet, any tags that match a given regex/have a certain prefix), like how how branches can be protected.
* Include tagging events in the per-organization audit logs.
* Allow tag pushes to be locked down more tightly, like only allowing admins to push tags.

14 Replies
Highlighted
Community Manager
Message 2 of 15

Re: Feature Request: Protected Tags

Hi @jeffnappi ,

 

Thanks for taking the time to write this feedback, we are tracking an internal issue about this. 

 

Though I can't guarantee anything or share a timeline for this, I can tell you that it's been shared with the appropriate teams for consideration.

 

Please let me know if you have any other questions.

Cheers!


I hope this helps,
Andrea

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!

Highlighted
Copilot Lvl 2
Message 3 of 15

Re: Feature Request: Protected Tags

This is something that would be really helpful. We run a process to create a release using github actions and, after the github action completes for performing the release, it would be nice to lock the tag to prevent somebody's local configuration from accidentally changing the tag.

Highlighted
Ground Controller Lvl 1
Message 4 of 15

Re: Feature Request: Protected Tags

What are the road blocks as to why protection around tags is not implemented? Even if there wasn't a robust permissions model for tags like there is for branches, just having a simple checkbox to only allow admins to create and delete tags would be a huge improvement.

Highlighted
Ground Controller Lvl 1
Message 5 of 15

Re: Feature Request: Protected Tags

I agree that this would be a valuable feature.  I would like to prevent non-admins from deleting tags.  This is important for a use-case where code versions are recorded in Github tags instead of in the source code.  I would like to prevent non-admins from deletings tag like `version/*`.

Highlighted
Copilot Lvl 2
Message 6 of 15

Re: Feature Request: Protected Tags

GitLab has this exact functionality. And it is an invaluable, and simple to implement by the GitLab devs (and GitHub devs if they want to offer tag protection).

Highlighted
Ground Controller Lvl 1
Message 7 of 15

Re: Feature Request: Protected Tags

Yeah, this feature is also useful for the CI/CD pipeline with the tag based deploy model, in the case that we could prevent unintentional tag being pushed to github to trigger our deploying.

Highlighted
Ground Controller Lvl 1
Message 8 of 15

Re: Feature Request: Protected Tags


@sevenryze wrote:

Yeah, this feature is also useful for the CI/CD pipeline with the tag based deploy model, in the case that we could prevent unintentional tag being pushed to github to trigger our deploying.


 

I don’t follow, how does a deploy model work? How does tags help the development model? Some examples please

Highlighted
Copilot Lvl 2
Message 9 of 15

Re: Feature Request: Protected Tags

Developer pushes code to branch makes pull request to master triggering CI; successful unit & integration testing allows merge to master; merge in master deploys application to staging for further regression & performance (& if we are talking any legacy application in existance.. some semblance of manual testing), tag is the semantic version which COULD be used to trigger a workflow (Jenkins pipeline/job, github action, etc...) that deploys to prod however, without the ability to prevent someone accidentally tagging the version, we can't use that as a trigger.

Highlighted
GitHub Staff
Message 10 of 15

Re: Feature Request: Protected Tags

Acked. Circling back internally!