address comments

Author: shreyas-goenka

acceptance/bundle/deploy/signal-cleanup/out.test.toml

@@ -7,6 +7,11 @@ Deployment in progress, sending interrupt signal...
 
 >>> wait [PID]
 Operation interrupted. Gracefully shutting down...
+Error: terraform apply: exit status 1
+
+Updating deployment state...
+Error: failed in rate limiter: context canceled
+
 
 Exit code: 130
 
@@ -38,3 +43,15 @@ Exit code: 130
     }
   }
 }
+
+>>> [CLI] bundle debug plan
+{
+  "plan": {
+    "resources.jobs.job1": {
+      "action": "create"
+    },
+    "resources.jobs.job2": {
+      "action": "create"
+    }
+  }
+}

acceptance/bundle/deploy/signal-cleanup/output.txt

@@ -27,4 +27,6 @@ trace cat out.requests.txt | jq 'select(.method == "POST" and (.path | contains(
 title "A creation request for job1 should be recorded in the requests file. No request for job2 should exist since the process was terminated mid deployment."
 trace cat out.requests.txt | jq 'select(.method == "POST" and (.path | contains("/api/2.2/jobs/create")))'
 
+trace $CLI bundle debug plan
+
 rm out.requests.txt

acceptance/bundle/deploy/signal-cleanup/script

@@ -2,6 +2,9 @@ Local = true
 Cloud = false
 RecordRequests = true
 
+# Test only terraform engine (signal handling is the same for direct)
+EnvMatrix.DATABRICKS_BUNDLE_ENGINE = ["terraform"]
+
 # Add delay to first job creation to ensure we can interrupt during deployment
 [[Server]]
 Pattern = "POST /api/2.2/jobs/create"

acceptance/bundle/deploy/signal-cleanup/test.toml

@@ -15,6 +15,8 @@ Destroy in progress, sending interrupt signal...
 
 >>> wait [PID]
 Operation interrupted. Gracefully shutting down...
+Error: terraform apply: exit status 1
+
 
 Exit code: 130
 
@@ -30,4 +32,14 @@ Exit code: 130
   }
 }
 
-=== [CLI]
+>>> [CLI] bundle debug plan
+{
+  "plan": {
+    "resources.jobs.job1": {
+      "action": "skip"
+    },
+    "resources.jobs.job2": {
+      "action": "skip"
+    }
+  }
+}

acceptance/bundle/destroy/signal-cleanup/output.txt

@@ -29,4 +29,6 @@ trace cat out.requests.txt | jq 'select(.method == "POST" and (.path | contains(
 title "A deletion request for job2 should be recorded in the requests file. No request for job1 should exist since the process was terminated mid destroy."
 trace cat out.requests.txt | jq 'select(.method == "POST" and (.path | contains("/api/2.2/jobs/delete")))'
 
+trace $CLI bundle debug plan
+
 rm out.requests.txt

acceptance/bundle/destroy/signal-cleanup/script

@@ -123,6 +123,9 @@ type Bundle struct {
 	// Stores the locker responsible for acquiring/releasing a deployment lock.
 	Locker *locker.Locker
 
+	// LockReleaseOnce ensures the lock is only released once
+	LockReleaseOnce sync.Once
+
 	// TerraformPlanPath is the path to the plan from the terraform CLI
 	TerraformPlanPath string
 

bundle/bundle.go

@@ -44,15 +44,22 @@ func (m *release) Apply(ctx context.Context, b *bundle.Bundle) diag.Diagnostics
 		return nil
 	}
 
-	log.Infof(ctx, "Releasing deployment lock")
-	switch m.goal {
-	case GoalDeploy:
-		return diag.FromErr(b.Locker.Unlock(ctx))
-	case GoalBind, GoalUnbind:
-		return diag.FromErr(b.Locker.Unlock(ctx))
-	case GoalDestroy:
-		return diag.FromErr(b.Locker.Unlock(ctx, locker.AllowLockFileNotExist))
-	default:
-		return diag.Errorf("unknown goal for lock release: %s", m.goal)
-	}
+	// Make lock release idempotent using sync.Once to prevent race conditions
+	// This ensures the lock is only released once even if called multiple times
+	var diags diag.Diagnostics
+	b.LockReleaseOnce.Do(func() {
+		log.Infof(ctx, "Releasing deployment lock")
+		switch m.goal {
+		case GoalDeploy:
+			diags = diag.FromErr(b.Locker.Unlock(ctx))
+		case GoalBind, GoalUnbind:
+			diags = diag.FromErr(b.Locker.Unlock(ctx))
+		case GoalDestroy:
+			diags = diag.FromErr(b.Locker.Unlock(ctx, locker.AllowLockFileNotExist))
+		default:
+			diags = diag.Errorf("unknown goal for lock release: %s", m.goal)
+		}
+	})
+
+	return diags
 }

bundle/deploy/lock/release.go

@@ -136,40 +136,98 @@ func uploadLibraries(ctx context.Context, b *bundle.Bundle, libs map[string][]li
 }
 
 // registerGracefulCleanup sets up signal handlers to release the lock
-// before the process terminates. Returns a cleanup function for the normal exit path.
+// before the process terminates. Returns a new context that will be cancelled
+// when a signal is received, and a cleanup function for the exit path.
+//
+// This follows idiomatic Go patterns for graceful shutdown:
+// 1. Use context cancellation to signal shutdown to the main routine
+// 2. Use a done channel to wait for the main routine to complete
+// 3. Only exit after confirming the main routine has terminated
 //
 // Catches SIGINT (Ctrl+C), SIGTERM, SIGHUP, and SIGQUIT.
 // Note: SIGKILL and SIGSTOP cannot be caught - the kernel terminates the process directly.
-func registerGracefulCleanup(ctx context.Context, b *bundle.Bundle, goal lock.Goal) func() {
+func registerGracefulCleanup(ctx context.Context, b *bundle.Bundle, goal lock.Goal) (context.Context, func()) {
+	// Create a cancellable context to propagate cancellation to the main routine
+	ctx, cancel := context.WithCancel(ctx)
+
+	// Channel to signal that the main routine has completed
+	done := make(chan struct{})
+
+	// Channel to signal that a signal was received and handled
+	signalReceived := make(chan struct{})
+
+	// Channel to receive OS signals
 	sigChan := make(chan os.Signal, 1)
 	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP, syscall.SIGQUIT)
 
-	// Start goroutine to handle signals
-	go func() {
+	signalHandler := func() {
+		// Wait for a signal to be received.
 		sig := <-sigChan
-		// Stop listening for more signals
+
+		// Stop listening for more signals. This allows for multiple interrupts
+		// to cause the program to force exit.
 		signal.Stop(sigChan)
 
+		// Signal that we received an interrupt
+		close(signalReceived)
+
 		cmdio.LogString(ctx, "Operation interrupted. Gracefully shutting down...")
 
-		// Release the lock.
-		bundle.ApplyContext(ctx, b, lock.Release(goal))
+		// Cancel the context to signal the main routine to stop
+		cancel()
+
+		// Wait for the main routine to complete before releasing the lock
+		// This ensures we don't exit while operations are still in progress
+		<-done
 
-		// Exit immediately with standard signal exit code (128 + signal number).
-		// The deferred cleanup function returned below won't run because we exit here.
+		// Release the lock using a context without cancellation to avoid cancellation issues
+		// We use context.WithoutCancel to preserve context values (like user agent)
+		// but remove the cancellation signal so the lock release can complete
+		releaseCtx := context.WithoutCancel(ctx)
+		bundle.ApplyContext(releaseCtx, b, lock.Release(goal))
+
+		// Calculate exit code (128 + signal number)
 		exitCode := 128
 		if s, ok := sig.(syscall.Signal); ok {
 			exitCode += int(s)
 		}
+
+		// Exit with the appropriate signal exit code
 		os.Exit(exitCode)
-	}()
+	}
+
+	// Start goroutine to handle signals
+	go signalHandler()
 
-	// Return cleanup function for normal exit path
-	return func() {
+	// Return cleanup function for the exit path
+	// This should be called via defer to ensure it runs even if there's a panic
+	cleanup := func() {
+		// Stop listening for signals
 		signal.Stop(sigChan)
-		// Don't close the channel - it causes the goroutine to receive nil
-		bundle.ApplyContext(ctx, b, lock.Release(goal))
+
+		// Release the lock (idempotent thanks to sync.Once in lock.Release)
+		// Use context.WithoutCancel to preserve context values but remove cancellation
+		releaseCtx := context.WithoutCancel(ctx)
+		bundle.ApplyContext(releaseCtx, b, lock.Release(goal))
+
+		// Signal that the main routine has completed.
+		// Once the signal is recieved,
+		// This must be done AFTER all cleanup is complete
+		close(done)
+
+		// If a signal was received, wait indefinitely for the signal handler to exit
+		// This prevents the main function from returning and exiting with a different code
+		// If no signal was received, signalReceived will never be closed, so we just return
+		select {
+		case <-signalReceived:
+			// Signal was received, wait forever for os.Exit() in signal handler
+			select {}
+		default:
+			// No signal received, proceed with normal exit
+		}
 	}
+
+	return ctx, cleanup
 }
 
 // The deploy phase deploys artifacts and resources.
@@ -189,7 +247,8 @@ func Deploy(ctx context.Context, b *bundle.Bundle, outputHandler sync.OutputHand
 	}
 
 	// lock is acquired here - set up signal handlers and defer cleanup
-	defer registerGracefulCleanup(ctx, b, lock.GoalDeploy)()
+	ctx, cleanup := registerGracefulCleanup(ctx, b, lock.GoalDeploy)
+	defer cleanup()
 
 	libs := deployPrepare(ctx, b, false, directDeployment)
 	if logdiag.HasError(ctx) {

bundle/phases/deploy.go

@@ -130,7 +130,8 @@ func Destroy(ctx context.Context, b *bundle.Bundle, directDeployment bool) {
 	}
 
 	// lock is acquired here - set up signal handlers and defer cleanup
-	defer registerGracefulCleanup(ctx, b, lock.GoalDestroy)()
+	ctx, cleanup := registerGracefulCleanup(ctx, b, lock.GoalDestroy)
+	defer cleanup()
 
 	if !directDeployment {
 		bundle.ApplySeqContext(ctx, b,