Audit a Release or Tag in a Worktree

When to use

You need to investigate a bug reported in a specific release, review what shipped in a particular version, or compare current code against a tagged release.

Pre-flight

• Know the tag name or release version you need to audit (e.g., v2.0.0, release-2024-01).
• Ensure tags are fetched from the remote: git fetch --tags.

Steps

1. Fetch the latest tags from the remote.

   git fetch --tags

2. Create a worktree in detached HEAD state pointing at the tag.

   git worktree add --detach ../v2-audit v2.0.0

   The --detach flag creates the worktree without checking out a branch, perfect for read-only inspection.

3. Navigate to the audit directory and investigate.

   cd ../v2-audit
   
   # Check the exact commit
   git log -1
   
   # Search for specific code
   grep -r "buggyFunction" src/
   
   # Run the old version if needed
   npm ci && npm start

4. When finished, remove the audit worktree.

   cd ../your-main-repo
   git worktree remove ../v2-audit

Verification

• git worktree list in the audit directory shows (detached HEAD).
• git describe --tags confirms you are at the expected tag.

Why use --detach?

Tags point to specific commits, not branches. Using --detach:

• Avoids creating an unnecessary local branch.
• Makes it clear this is a read-only inspection.
• Prevents accidental commits to a release point.

Alternative: Audit a specific commit

Works the same way with commit hashes:

git worktree add --detach ../commit-audit abc1234

Follow-up

• Document any issues found during the audit.
• If a bug is confirmed, create a fix on the appropriate branch.

Related scenarios

• Spin Up a Git Worktree for an Emergency Hotfix
• Compare Branches Side by Side with Worktrees
• Understanding Git Worktree: Commands, Flags, and Best Practices