We have been dealing with this issue for years.
Our workaround has been to have a post build step in the form of the following shell script:
git pull origin master
git push origin master --tags
But with this, we depend on the private key of the machine running the job. It does not scale well with multiple agents.
Even with the added git ssh private key binding, I don't see how this will allow my shell script to keep working as is. I sense that I am gonna need to tweak it some way. If that is the case, the script will probably stop being portable across Linux/Windows.
If I can keep my shell as is, that should be ok. If I could drop the shell for something more framed, that would be a lot better.