Configuring tag protection rules

You can configure tag protection rules for your repository to prevent contributors from creating or deleting tags.

Note

Tag protection rules are deprecated in GitHub Enterprise Server version 3.16 and later. Use rulesets instead. Any tag protection rules still in use will be auto-migrated. You can read more about this on the the GitHub Blog.

When you add a tag protection rule, all tags that match the pattern provided will be protected. Only users with admin or maintain permissions, or custom roles with the "edit repository rules" permission in the repository will be able to create protected tags, and only users with admin permissions or custom roles with the "edit repository rules" permission in the repository will be able to delete protected tags. For more information, see "Repository roles for an organization." GitHub Apps require the Repository administration: write permission to modify a protected tag.

Additionally, you can create custom repository roles to allow other groups of users to create or delete tags that match tag protection rules. For more information, see "Managing custom repository roles for an organization."

Adding tag protection rules

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Code and automation" section of the sidebar, click Tags.

  4. Click New rule.

  5. Under "Tag name pattern", type the pattern of the tags you want to protect. Tag protection rules use fnmatch syntax. For information about syntax options, see the fnmatch documentation. In this example, typing "*" protects all tags.

    Screenshot of the "Protected tags / New rule" page. The example pattern * is shown with the "Add rule" button.

  6. Click Add rule.