Fix: Add ContainerID to virtual host container

[matthyx]

Summary by CodeRabbit

• Bug Fixes

  • Prevented duplicate readiness signaling to avoid panics during concurrent container operations.
  • Skip SBOM processing when a container image name is missing to avoid unnecessary handling.

• Improvements

  • Host container metadata now includes proper container identification.
  • Ensure container identity is populated before hostname resolution.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6a5dc760-c01a-42ac-acbd-3dfd955b2951

📥 Commits

Reviewing files that changed from the base of the PR and between 4b5592f and 564c5e2.

📒 Files selected for processing (2)

• pkg/rulemanager/ruleadapters/creator.go
• pkg/sbommanager/v1/sbom_manager.go

---

📝 Walkthrough

Walkthrough

Adds a sync.Once to container entries and uses it to guard readiness channel closure; sets the synthetic host container's ContainerID to "host"; populates k8sDetails.ContainerID from the event when missing; and early-returns in SBOM callback when image name is empty.

Changes

Cohort / File(s)	Summary
Container readiness synchronization pkg/containerprofilemanager/v1/containerprofile_manager.go, pkg/containerprofilemanager/v1/lifecycle.go	Adds readyOnce sync.Once to ContainerEntry and wraps channel close with readyOnce.Do() to ensure the ready channel is closed exactly once.
Host container metadata pkg/containerwatcher/v2/container_watcher_collection.go	Sets the synthetic host container's BasicRuntimeMetadata.ContainerID to "host" when constructing the host container.
Host-context container identity fix pkg/rulemanager/ruleadapters/creator.go	In Host branch, assigns k8sDetails.ContainerID = enrichedEvent.ContainerID when k8sDetails.ContainerID is empty before computing hostname/node fields.
SBOM callback guard pkg/sbommanager/v1/sbom_manager.go	Adds an early return (with debug log) in ContainerCallback when the container image name is empty to skip further SBOM processing.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

I’m a rabbit who guards the gate,
Once is enough — no double close fate,
I tag the host with an honest ID,
Skip empty images politely, you see,
Hops and fixes — tidy concurrency. 🐇✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Fix: Add ContainerID to virtual host container' accurately describes the primary change in the changeset, which adds a ContainerID field to the host container's BasicRuntimeMetadata in container_watcher_collection.go. However, the PR also includes related changes across multiple files (containerprofile_manager.go, lifecycle.go, creator.go, and sbom_manager.go) that address a panic issue during concurrent addContainer invocations, which is arguably a more significant fix than just adding the ContainerID field.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-panic

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}