While investigating some ways to label our releases inside Azure DevOps I discovered that there are in fact 2 types of tags: lightweight and annotated.
From the documentation:
A lightweight tag is very much like a branch that doesn’t change — it’s just a pointer to a specific commit.
Annotated tags, however, are stored as full objects in the Git database. They’re checksummed; contain the tagger name, email, and date; have a tagging message; and can be signed and verified with GNU Privacy Guard (GPG). It’s generally recommended that you create annotated tags so you can have all this information; but if you want a temporary tag or for some reason don’t want to keep the other information, lightweight tags are available too
Azure DevOps Services and TFS support both annotated and lightweight tags. Go to the Repos section(1) and select Tags from the menu(2). Now you can start searching for both tag types(3):
When you type a tag name, tags are filtered.
Annotated tags are displayed with a tag name, message, commit, tagger, and creation date(e.g. demo2 in the screenshot above). Lightweight tags are displayed with a tag name and commit(e.g. demo in the screenshot above).
You can create annotated tags using the web portal, and starting with Visual Studio 2017 Update 6, you can create both lightweight and annotated tags from within Visual Studio:
Open up Visual Studio and go to Team Explorer. Select Tags from the available options. Click on New Tag to create a new one.
To create an annotated tag, provide both a name and a message when creating the tag. To create a lightweight tag, omit the message and supply only a name.
Which tag type should I use?
I prefer to use annotated tags because of the extra metadata it allows you to add. The fact that you know who created the tag but also the option to add some extra comments make them far more usable than lightweight tags.
I’m aware that an annotated tag can be signed as an extra level of security but I never had a reason to start doing this.