PSA: TagBot can’t tag & release commits that touch GitHub workflows

ianshmean · December 13, 2025, 3:07pm

It turns out that a large source of TagBot’s puzzling intermittent failures may be because GitHub doesn’t like to make it easy to tag and release tags on commits that touch GitHub workflow files, and TagBot can’t do so (unless you give it a custom PAT). And GitHub’s errors don’t make it clear that that is why.

When it fails for that reason TagBot should now open an issue on the repo with guidance.

The best way to avoid it is to only release commits (via JuliaRegistrator etc.) that don’t touch workflow files.

The readme has updated info and guidance:

ericphanson · December 13, 2025, 4:43pm

Do you have any sense of what the danger is that GitHub is trying to prevent with this restriction?

ianshmean · December 13, 2025, 7:37pm

I don’t immediately see a reason why it’s less secure than what they allow (committing workflow changes then a version bump in a following commit).

Topic		Replies	Views
Tagbot is not tagging releases automatically General Usage package , registry , general-registry , tagbot	1	472	May 24, 2021
TagBot does not create a GitHub release from a tag Tooling tagbot	5	382	August 25, 2025
Slow TagBot. No repo update after 16 hours Package Management package	16	1450	August 29, 2022
TagBot Github Action runs successfully but a new release does not show up on github Releases Tooling tagbot	13	1657	October 6, 2022
Registration via Juliahub does not generate github package release Package Management	4	604	December 4, 2022

PSA: TagBot can’t tag & release commits that touch GitHub workflows

Related topics