Fix issue with SIGINT failing to stop analyzer
What does this MR do?
The analyzer in gemnasium-maven is run using a wrapper script.
This wrapper script ensures that we have the functionality
needed to switch between Java runtimes correctly. When the
wrapper runs, it is assigned PID 1 as is the norm by the
Docker container, and spawns a separate child process for
the analyzer binary. For Docker, this causes issues because
it sends the SIGINT and SIGTERM signals to PID 1, which
leaves the child processes in a zombie state, and the
container running (you can force close it with a SIGKILL
using docker stop
, but it takes time and it's possible
that a contributor might not know this).
The PID 1 issue is documented in the Dockerfile reference,
which also has a solution - use exec
to have the child
process assume the PID of the parent, i.e. it becomes PID 1.
There are other tools that can be used like tini, dumb-init,
runit, and s6, but exec
is a builtin for Bash, and is
the boring solution, which is why the wrapper now executes
using it.
TODO: Create a lint rule that enforces exec for the last command in a wrapper script.
For more info about the Docker ENTRYPOINT and CMD usage see https://docs.docker.com/engine/reference/builder/#entrypoint
What are the relevant issue numbers?
None, I discovered this locally and made the change.
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer