Skip to content

Prevent script dump on job cancellation through UI

Romuald Atchadé - OOO until Nov 30th, 2025requested to merge
k8s-prevent-script-dump-on-cancellation into main

What does this MR do?

When the job is cancelled through the UI, GitLab Runner sends SIGTERM to all PIDs related to the stage script. On Bash version 4, the procession termination dumps the executed script in the job logs. To prevent this behaviour the TERM signals are trapped and cause the script to exit 1.

Why was this MR needed?

To prevent script dump on job cancellation through UI

What's the best way to test this MR?

gitlab-ci 
variables:
  CACHE_FALLBACK_KEY: fallback-keys
  # FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: "true".  # <---- Tested in both attach and exec mode
  FF_USE_POWERSHELL_PATH_RESOLVER: "true"
  FF_RETRIEVE_POD_WARNING_EVENTS: "true"
  FF_PRINT_POD_EVENTS: "true"
  FF_SCRIPT_SECTIONS: "true"
  CI_DEBUG_SERVICES: "true"
  GIT_DEPTH: 5
  MY_TEST_VARIABLE_1: gitlab-ci
  MY_TEST_VARIABLE_2: gitlab-ci
  SAST_GOSEC_LEVEL: 2
  END_LOOP: 400

testing_k8s:
  image:
    name: registry.access.redhat.com/ubi8:latest
  script:
    # - echo "Missing closing quote
    - export TEST='foo'
    - |
      i=1
      while [ $i -le "${END_LOOP}" ]; do
          echo "From build container Iteration $i - Current Time: $(date +"%T")"
          i=$((i + 1))
          sleep 1
      done
config.toml 
concurrent = 1 
check_interval = 1
log_level = "debug"
log_format = "runner"
shutdown_timeout = 0

listen_address = ':9252'

[session_server]
  session_timeout = 1800

[[runners]]
  name = "investigation"
  url = "https://gitlab.com/"
  id = 0
  token = "glrt-REDACTED"
  token_obtained_at = "0001-01-01T00:00:00Z"
  token_expires_at = "0001-01-01T00:00:00Z"
  executor = "kubernetes"
  shell = "bash"
  limit = 50
  builds_dir = "/my_custom_dir"
  [runners.kubernetes]
    host = ""
    bearer_token_overwrite_allowed = false
    pod_termination_grace_period_seconds = 0
    namespace = ""
    namespace_overwrite_allowed = ""
    pod_labels_overwrite_allowed = ""
    service_account_overwrite_allowed = ""
    pod_annotations_overwrite_allowed = ""
    node_selector_overwrite_allowed = ".*"
    allow_privilege_escalation = false
    [[runners.kubernetes.volumes.empty_dir]]
          name = "repo"
          mount_path = "/my_custom_dir"
    [runners.kubernetes.build_container_security_context]
      run_as_user = 1000
      # run_as_non_root = true
      run_as_group = 65533
    [[runners.kubernetes.services]]
    [runners.kubernetes.dns_config]
    [runners.kubernetes.pod_labels]
      user = "ratchade"

Upon cancellation, the script is not longer dumped in the job log:

What are the relevant issue numbers?

close #37952 (closed)

Edited by Romuald Atchadé - OOO until Nov 30th, 2025

Merge request reports