Restrict runner to script


i would like to setup a runner whose sole purpose it is, to run the same script every time a job gets triggered on it. the use case is that this runner would be in a privileged network and should no nothing else than triggering the update of the production servers.

running some kind of script would be no problem at all using docker’s entrypoint. but how can i prevent the execution of any script (including pre and post scripts) provided by the .gitlab-ci file?