git verify-tag: Usage, Options & Common CI Errors
git verify-tag confirms that a signed annotated tag is authentic and trusted.
Release pipelines that ship from signed tags use verify-tag to ensure the tag was created by an authorized key before building or publishing artifacts.
What it does
git verify-tag checks the GPG or SSH signature embedded in an annotated tag object against your keyring and exits non-zero if it is missing, invalid, or untrusted.
Common usage
Terminal
git verify-tag v1.2.0
git verify-tag -v v1.2.0
git verify-tag --raw v1.2.0
git tag -v v1.2.0Options
| Flag | What it does |
|---|---|
| -v / --verbose | Show the tag body and signature info |
| --raw | Emit raw GPG status output |
| <tag> | The tag to verify |
Common errors in CI
error: <tag>: cannot verify a non-tag object - lightweight tags carry no signature, so only annotated, signed tags (git tag -s) can be verified. "gpg: Can’t check signature: No public key" means the runner lacks the signer’s public key; import it before the gate runs.
Related guides
git verify-commit: Usage, Options & Common CI Errorsgit verify-commit checks the GPG/SSH signature on a commit. Reference for --raw, -v, exit codes, and the no-s…
git tag: Usage, Options & Common CI Errorsgit tag creates and lists tags for releases. Reference for -a, -m, -d, pushing tags, and the "tag already exi…
git show: Usage, Options & Common CI Errorsgit show displays a commit, tag, or object with its diff. Reference for --stat, --name-only, blob viewing, an…
git describe: Usage, Options & Common CI Errorsgit describe produces a readable name from the nearest tag, ideal for build versions. Reference for --tags, -…