Protected Tags (!10356) · Merge requests · GitLab.org / GitLab FOSS

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

James EJ requested to merge 18471-restrict-tag-pushes-protected-tags into master Mar 31, 2017

What

Protected tags feature, similar to protected branches

Prevents tag deletion and force pushing for everyone, and uses access levels (Masters, Developers + Masters, or No one) to control who can create tags. Supports wildcard matching.

Why

To give project admins control over who can create/update/delete tags. Especially useful when tags are used to trigger deploys or official releases.

Questions

Should users be able to update protected tag ‘release notes’?
UX: Should tags index have link similar to Protected branches can be managed in project_settings_link.

Documentation preview

https://gitlab.com/gitlab-org/gitlab-ce/blob/18471-restrict-tag-pushes-protected-tags/doc/user/project/protected_tags.md

Screenshots

Settings

Over git

Project tags

These have the delete button disabled and a Protected label

Tags Index	Tags Show

ProtectedTags#show

Todos

Changelog entry added, if necessary
Tests added for this feature/bug
EE Merge request
Change restriction on force pushing to restriction on update in line with current git behaviour
Double check API access

Follow up tasks

Documentation created/updated
EE-only per user / per-group protections https://gitlab.com/gitlab-org/gitlab-ee/issues/2132
API support added
- This could be done alongside updating the protected branches API which currently uses deprecated developers_can_push style permissions (https://gitlab.com/gitlab-org/gitlab-ce/issues/30102)

Relevant issues

Closes #18471 (closed)

Admin message