-
Suggestion
-
Resolution: Unresolved
I've had a few instances where developers have pushed tags accidentally/in error. After this point it's really difficult to get rid of them in a big team as - once they're on the remote - they tend to keep reappearing even if they're deleted as other developers end up with them in their local repos and re-pushing them accidentally.
It would be amazing if it was possible to restrict who had permission to push tags to a Bitbucket hosted Git repo in the first place to stop this happening.
Also, due to compliance and permissions policy requirements, its critical to give the ability to Workspace/Project or Repo Admins to limit number of users who can manipulate Tags, example: by adding or removing a tag.
- duplicates
-
- Closed
[BCLOUD-10967] Restrict Pushing Git Tags to Certain Users in a Bitbucket Repo (BB-12083)
This ticket had it's 10 years anniversary and this fundamental feature, which every other git server (gerrit, github, gitlab, gitea etc.) has since years, is still marked as "suggestion".
All of the mentioned workarounds are useless, since they can not prevent tags from being pushed, overwritten or removed.
So years have passed by and still the only acceptable solution is not to use Bitbucket Cloud if tags are important...
Hello ff7973bfbacf
I've tested `/refs/tags/*` approach with branch restrictions in Bitbucket Cloud - got fruitless result.
Regular user with R\W access was able to push tag to master branch tip.
Could you please share way how you achieved?
It would be enough to be able to use branch permissions to control /refs/tags/*.
The use case is to prevent any user being able to rewrite (force push) or delete tags. Doing so violates assumptions in our release system which seem reasonable and they could be enforced in all major competing products.
Hi all, it’s Julen from the Bitbucket Cloud product team. We have reviewed this request and are actively looking into when we can fit this work in the future. In the short term, here are some potential workarounds to this problem:
- We are a few weeks away from shipping Forge based pre-merge checks. With these you could create pre-merge checks to only allow certain users to merge new tags.
- Implementing pre-commit hooks that stop pushing of tags. You can have a master file that contains all approved tags and have pre-commit hook to check all tags against this list.
- Instead of deleting old tags, deprecate tags, and create new ones.
"Tags in BB cloud cannot be removed once added (except to do so locally in Git)"
For me this is the worst part because for aerospace, the authority requires tags to be read-only
Our team has migrated from Bitbucket Server and this feature is really important for us. As everybody already said, it's impossible to get rid of some tags as it's resent to remote by accident by some Dev.
This is a way to overcome issues from https://jira.atlassian.com/browse/BCLOUD-22675
Please prioritize.
This type of thing is super frustrating. This is basic functionality and I'm trying to wrap my head around how:
- Tags are traditionally and commonly used for release versioning
- Tags in BB cloud cannot be removed once added (except to do so locally in Git)
- Anyone can add tags with no restrictions or permission assignments required
I mean, that is crazy to me. If BB cloud isn't production ready, then just say so and let us keep using BB server.
0ac8075348d9 Don´t get stressed, do like me, change to Github and be happy
Talk to Atlassian and talk to your hands are the same