Protected Tags (!10356) · Merge requests · GitLab.org / GitLab FOSS

GitLab 15.0 is launching on May 22! This version brings many exciting improvements, but also removes deprecated features and introduces breaking changes that may impact your workflow. To see what is being deprecated and removed, please visit Breaking changes in 15.0 and Deprecations.

Project 'gitlab-org/gitlab-ce' was moved to 'gitlab-org/gitlab-foss'. Please update any links and bookmarks that may still have the old path.

Protected Tags

What

Protected tags feature, similar to protected branches

Prevents tag deletion and force pushing for everyone, and uses access levels (Masters, Developers + Masters, or No one) to control who can create tags. Supports wildcard matching.

Why

To give project admins control over who can create/update/delete tags. Especially useful when tags are used to trigger deploys or official releases.

Questions

Should users be able to update protected tag ‘release notes’?
UX: Should tags index have link similar to Protected branches can be managed in project_settings_link.

Documentation preview

https://gitlab.com/gitlab-org/gitlab-ce/blob/18471-restrict-tag-pushes-protected-tags/doc/user/project/protected_tags.md

Screenshots

Settings

Over git

Project tags

These have the delete button disabled and a Protected label

Tags Index	Tags Show

ProtectedTags#show

Todos

Changelog entry added, if necessary
Tests added for this feature/bug
EE Merge request
Change restriction on force pushing to restriction on update in line with current git behaviour
Double check API access

Follow up tasks

Documentation created/updated
EE-only per user / per-group protections https://gitlab.com/gitlab-org/gitlab-ee/issues/2132
API support added
- This could be done alongside updating the protected branches API which currently uses deprecated developers_can_push style permissions (https://gitlab.com/gitlab-org/gitlab-ce/issues/30102)

Relevant issues

Closes #18471 (closed)