This version of GitHub Enterprise Server was discontinued on 2023-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Configuring tag protection rules

In this article

You can configure tag protection rules for your repository to prevent contributors from creating or deleting tags.

Tag protection rules are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server.

Note: Tag protection rules are currently in beta and subject to change.

About tag protection rules

When you add a tag protection rule, all tags that match the pattern provided will be protected. Only users with admin or maintain permissions in the repository will be able to create protected tags, and only users with admin permissions in the repository will be able to delete protected tags. For more information, see "Repository roles for an organization." GitHub Apps require the Repository administration: write permission to modify a protected tag.

Additionally, you can create custom repository roles to allow other groups of users to create or delete tags that match tag protection rules. For more information, see "Managing custom repository roles for an organization."

Adding tag protection rules

  1. On your GitHub Enterprise Server instance, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Code and automation" section of the sidebar, click Tags.

  4. Click New rule.

  5. Under "Tag name pattern", type the pattern of the tags you want to protect. Tag protection rules use fnmatch syntax. For information about syntax options, see the fnmatch documentation. In this example, typing "*" protects all tags.

    Screenshot of the "Protected tags / New rule" page. The example pattern * is shown with the "Add rule" button.

  6. Click Add rule.