Summary
git push --tags and individual tag pushes are currently not handled. Tag refs bypass all validation and forwarding logic.
What
- Detect tag refs (
refs/tags/*) in incoming pushes for both proxy and S&F modes
- Run the filter/hook chain for tag pushes (author email + content scanning apply; commit message validation may not)
- Forward tag refs upstream via
ForwardingPostReceiveHook
- Config option to allow/deny tag pushes per provider
Details
- S&F mode: check
ReceiveCommand.getRefName() for refs/tags/ prefix in hook chain
- Proxy mode:
ParseGitRequestFilter + EnrichPushCommitsFilter need to handle tag objects
- Annotated tags point to a tag object → commit; lightweight tags point directly to a commit — dereference accordingly for author email checks
Summary
git push --tagsand individual tag pushes are currently not handled. Tag refs bypass all validation and forwarding logic.What
refs/tags/*) in incoming pushes for both proxy and S&F modesForwardingPostReceiveHookDetails
ReceiveCommand.getRefName()forrefs/tags/prefix in hook chainParseGitRequestFilter+EnrichPushCommitsFilterneed to handle tag objects