Tag protection rules - only protect against deletion or at least a regex / inverse match?

[sammcj]

For tag protection, there's no documentation on how the matching works other than the * match-all wildcard.

It seems you also can't protect against tag deletion - without also preventing tag creation 🤯.

Since this is the case - I would have expected you could do something like a Regex or glob match - v*!beta or perhaps at least !beta - but it seems you can't do regexes, or even inverse matches.

How do you either:

A) Protect against tag deletion without preventing tags from being created.

or

B) Protect release semver tags, e.g:

v1.0.0, v1.3.0, etc...

but not protect alpha/beta tags, e.g.

v0.99.0-beta, v1.0.0-beta5, etc....

---

This is trivial in GitLab - https://docs.gitlab.com/ee/user/project/protected_tags.html

[emmaviolet]

👋 Hi @sammcj. So, I think this should currently be possible. By default, everyone with maintain permissions on a repo is able to create tags matching a tag protection rule, while only users with admin permissions on a repo should be able to delete those tags.

But you can adjust this by using custom repository roles which would allow you, for example, to give the "create protected tags" ability to all members of your organization, rather than limiting it to just those with maintain permissions

[sammcj]

Hey @emmaviolet 👋,

I think you're spot on here,

We have quite a few users who don't have maintain level access so when they run a Github Action Workflow that generates tags for builds - it will fail if tag protection is enabled.

The the other problem is when you're working with a large enterprise they can be very hesitant to create custom repo roles.

It's something I'm going to try and get created but I think the proper 'fix' for this is for Github to improve the tag protection functionality to allow regex/glob matching and/or protecting deletion without preventing creation.

[ghost]

Hi 👋 I am interested in this topic too. I'm not sure I understood: are regexes possible or not? I was trying one to protect tags like v1.0.0, v1.0.1 etc. but it doesn't seem to work.
This is the one I tried: v[0-9]+.[0-9]+.[0-9]+

Thank you!