linuxlab.io
Tutorials▾
  • Linux & networking
    File system, processes, TCP/IP, BGP and OSPF
    →
  • Terraform & IaC
    HCL, state, plan/apply on a LocalStack sandbox
    →
  • Git & GitHub
    Object model, plumbing, branching, GitHub Actions
    →
All tutorials →
PricingAboutSign inCreate account
/
Intro
Lessons
Footer
linuxlab-TutorialsPricingAboutPrivacy & cookies
Copyright © 2026 LinuxLab. All rights reserved.
linuxlab.io
Tutorials▾
  • Linux & networking
    File system, processes, TCP/IP, BGP and OSPF
    →
  • Terraform & IaC
    HCL, state, plan/apply on a LocalStack sandbox
    →
  • Git & GitHub
    Object model, plumbing, branching, GitHub Actions
    →
All tutorials →
PricingAboutSign inCreate account
/
  • Introduction
  • Chapters
  • How it works
  • Lessons
  • Knowledge base
  • Interview prep
home/git/kb/Object model/tag

kb/objects ── Object model ── intermediate

Tag

A named pointer to a commit. Two kinds: lightweight (a file with a SHA in `refs/tags/`) and annotated (a separate object in `objects/` with author, date, and optional signature). For releases, use annotated.

view as markdownaka: git-tag, annotated-tag, lightweight-tag

A tag is a human-readable named pointer to an object. It almost always points to a commit and is used to mark releases: "this commit is version 1.0." Formally, an annotated tag can point to a blob, tree, or another tag, but in practice that is rare.

Unlike a branch, a tag does not move. Once created, it stays on the commit it pointed to at creation time, unless you delete and recreate it.

Lightweight tag

A lightweight tag is just a file, .git/refs/tags/<name>, containing the commit SHA. No object is created in .git/objects/:

bash
git tag v1.0
cat .git/refs/tags/v1.0
# a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0

In structure it resembles a branch, but it does not advance with new commits.

Annotated tag

An annotated tag is a full object in .git/objects/ with an author, date, message, and an optional GPG signature:

bash
git tag -a v1.0 -m "First stable release"
git cat-file -p v1.0
# object a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0
# type commit
# tag v1.0
# tagger John Smith <email@example.com> 1716817500 +0300
#
# First stable release

The file .git/refs/tags/v1.0 points to this tag object, not directly to the commit. The tag object in turn points to the commit.

Which to use

  • For releases and public markers, use annotated. They carry an author, date, and message. They can be GPG-signed. Release history is trackable.
  • For temporary bookmarks ("check this commit," "stuck here, revisit later"), lightweight is fine. Created instantly, no editor opened.

Signed tags

Annotated tags can be signed with a GPG key:

bash
git tag -s v1.0 -m "Release 1.0"

The signature is stored inside the tag object. Verify with git tag -v v1.0. This gives cryptographic proof that the tag was created by the person whose key is listed and has not been tampered with.

Pushing to a remote

Tags are not pushed automatically along with commits. To send them:

bash
git push origin v1.0          # one specific tag
git push origin --tags        # all local tags
git push origin --follow-tags # annotated tags tied to commits being pushed

Semver

The standard naming convention for releases is vMAJOR.MINOR.PATCH. See semver for details.

§ команды

bash
git tag v1.0

Create a lightweight tag on HEAD

bash
git tag -a v1.0 -m "..."

Create an annotated tag

bash
git tag -s v1.0 -m "..."

Create a signed annotated tag

bash
git tag -l

List all tags

bash
git tag -d v1.0

Delete a tag locally

bash
git push origin --tags

Push all tags to the remote

§ см. также

  • commitCommitA Git object: a snapshot of the entire project (via a tree) plus metadata including author, committer, date, parents, and message. The SHA of a commit includes the parent's SHA, which makes history cryptographically linked.
  • branchBranchA branch in Git is a file inside `.git/refs/heads/` that holds the SHA of one commit. Creating, switching, and deleting branches are trivial operations because a branch contains exactly 41 bytes of data.
  • gpg-signingGPG Commit SigningGit commits can be signed with a GPG key (or an SSH key starting with Git 2.34). A signature cryptographically proves that the signer had access to the private key at the time of the commit. The link between "key" and "specific person" comes from key verification (web of trust in OpenPGP, confirmation through a GitHub account, etc.), not from Git itself. Git does not verify who you are.
Footer
linuxlab-
Copyright © 2026 LinuxLab. All rights reserved.
Tutorials
Pricing
About
Privacy & cookies