Restrict tag pushes
Resources
FE @kushalpandya BE @jamedjo
Description
- Project setting to restrict tag pushes
- Default setting is existing scenario / permissions that any person who can push a branch can push a tag.
- Design similar to protected branches.
Mockups
CE
| Step 01 - Default state | Step 02 - Protected the tag |
|---|---|
 |
 |
EE
| Step 01 - Default state | Step 02 - Protected the tag |
|---|---|
 |
 |
Original description
Hi there - I've got another feature request.
In #18470 (moved) I mentioned having forked repos, this is because (as far as I can tell), if any user has any kind of write access to a repository, they have the ability to push tags. Our dev team tends to use easy-mode git GUIs that have some kind of automatic tag-syncing option built in, it's caused us some headaches - they'll wind up pushing some weird tags, previously deleted tags, etc - and we've got some jobs that are triggered by tag pushes.
It would be really useful to restrict tag pushes in a manner similar to having protected branches.