@gitlab/truncated-tags
Advanced tools
A semantic-release plugin that creates truncated version tags in GitLab using the API
A semantic-release plugin that creates and updates truncated Git tags using the GitLab API instead of Git commands.
This plugin is designed to work with GitLab's protected tags feature and provides the ability to create truncated version tags (e.g., v1.2).
Renovate is an excellent tool for keeping dependencies updated, but it can generate significant maintenance overhead through frequent update merge requests. With truncated version tags (e.g., v1.2 instead of v1.2.3), Renovate only creates merge requests for minor or major version changes, not for every patch release. This dramatically reduces the "noise" from constant update notifications while still keeping your dependencies current.
However, GitLab's protected tags feature prevents truncated tags from being deleted or modified through standard git operations. Removing the tag protection means that pipelines running on these tags may not have access to secrets requires for the deployment process.
This plugin solves this dilemma by managing truncated tags through the GitLab API, allowing tags to remain protected.
npm install --save-dev @gitlab-com/truncated-tags
Add this plugin to your package.json file:
{
"devDependencies": {
"@gitlab/truncated-tags": "^1.0.0"
}
}
Add this plugin to your semantic-release configuration file, e.g. .releaserc.json:
{
"branches": ["main"],
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"@gitlab/truncated-tags",
"@semantic-release/gitlab"
]
}
Make sure to place this plugin before @semantic-release/gitlab in your plugins list.
GITLAB_TOKEN: A GitLab personal access token or CI token with API access to manage tagsCI_PROJECT_PATH: GitLab project path (automatically set in GitLab CI/CD pipelines)CI_API_V4_URL: GitLab API URL (automatically set in GitLab CI/CD pipelines)v1.2).The plugin currently doesn't support custom configuration options.
MIT License, see LICENSE file.
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports Scala and Kotlin, bringing AI-powered threat detection to JVM projects with easy manifest generation and fast, accurate scans.
Application Security
/Security News
Socket CEO Feross Aboukhadijeh and a16z partner Joel de la Garza discuss vibe coding, AI-driven software development, and how the rise of LLMs, despite their risks, still points toward a more secure and innovative future.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.