Protected tags
Introduced in GitLab 9.1.
Protected tags:
- Allow control over who has permission to create tags.
- Prevent accidental update or deletion once created.
Each rule allows you to match either:
- An individual tag name.
- Wildcards to control multiple tags at once.
This feature evolved out of protected branches
Who can modify a protected tag
By default:
- To create tags, you must have the Maintainer role.
- No one can update or delete tags.
Configuring protected tags
To protect a tag, you need to have at least the Maintainer role.
-
Go to the project’s Settings > Repository.
-
From the Tag dropdown menu, select the tag you want to protect or type and click Create wildcard. In the screenshot below, we chose to protect all tags matching
v*:
-
From the Allowed to create dropdown, select users with permission to create matching tags, and click Protect:
-
After done, the protected tag displays in the Protected tags list:
Wildcard protected tags
You can specify a wildcard protected tag, which protects all tags matching the wildcard. For example:
| Wildcard Protected Tag | Matching Tags |
|---|---|
v*
|
v1.0.0, version-9.1
|
*-deploy
|
march-deploy, 1.0-deploy
|
*gitlab*
|
gitlab, gitlab/v1
|
*
|
v1.0.1rc2, accidental-tag
|
Two different wildcards can potentially match the same tag. For example,
*-stable and production-* would both match a production-stable tag.
In that case, if any of these protected tags have a setting like
Allowed to create, then production-stable also inherit this setting.
If you click on a protected tag’s name, GitLab displays a list of all matching tags:
