"Create a release" API tries to create tag even when it already exists
Summary
The Create a release endpoint requires a tag_name
parameter, which indicates the tag from which the release will be created.
If the tag already exists, this endpoint will still attempt to create the tag, and fail if the tag is protected and the token passed doesn't have sufficient permissions for it, or due to Bug with CI pipeline permissions when Role and Key is selected.
Steps to reproduce
- Create a "Owner" level access token, with API access to the project.
- Create a protected tag wildcard "*-release"
- Create a tag matching that wildcard: "1.0-release"
- Try to create a release based on that existing tag, using the previously created accesst token and this API endpoint:
curl --header 'Content-Type: application/json' --header "PRIVATE-TOKEN: gtlb-pat" \
--data '{ "name": "New release", "tag_name": "1.0-release" }' \
--request POST "https://gitlab.com/api/v4/projects/55082069/releases"
{"message":"You are not allowed to create this tag as it is protected."}%
Example Project
https://gitlab.com/dnldnz_ultimate_group/test-api-protected-branch/
What is the current bug behavior?
API is trying to create a tag and its requirements even when the tag already exists
What is the expected correct behavior?
The endpoint should first check if the tag already exists and not apply limitations related to the creation of the tag, when its objective is to create a release based on a tag.
Relevant logs and/or screenshots
N/A
Possible fixes
Edited by Daniel Diniz