Add some comments to imageProcessor logic

Signed-off-by: Jan Dubois <[email protected]>
rancher-sandbox · Jan 27, 2025 · db9d915 · db9d915
1 parent 175259a
commit db9d915
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/pkg/rancher-desktop/backend/images/imageProcessor.ts b/pkg/rancher-desktop/backend/images/imageProcessor.ts
@@ -154,8 +154,8 @@ export abstract class ImageProcessor extends EventEmitter {
 
   /**
    * Wrapper around the trivy command to scan the specified image.
-   * @param taggedImageName
-   * @param namespace
+   * @param taggedImageName - fully specified image name, including registry and tag. nginx → docker.io/library/nginx:latest
+   * @param namespace - the containerd namespace of the image. Ignored when using moby.
    */
   abstract scanImage(taggedImageName: string, namespace: string): Promise<childResultType>;
 
@@ -164,6 +164,7 @@ export abstract class ImageProcessor extends EventEmitter {
    * in the args, so it can be called like `CONTAINERD_NAMESPACE=k8s.io trivy image ...`.
    */
   async runTrivyCommand(args: string[]): Promise<childResultType> {
+    // subcommandName is not used by processChildOutput() when args is defined
     const subcommandName = 'image';
     // must run as root to get access to the containerd socket
     const child = this.executor?.spawn({ root: true }, ...args);
@@ -256,7 +257,9 @@ export abstract class ImageProcessor extends EventEmitter {
       child.stdout?.on('data', (data: Buffer) => {
         const dataString = data.toString();
 
-        // don't dump megabytes of trivy JSON output into the browser
+        // Don't dump megabytes of trivy JSON output into the browser.
+        // We can't call with sendNotifications being false because then ok:images-process-output would not be sent
+        // and jsonOutput would not be set (and therefore scan results would be empty).
         if (sendNotifications && commandName !== 'trivy') {
           this.emit('images-process-output', dataString, false);
         }

diff --git a/pkg/rancher-desktop/backend/images/nerdctlImageProcessor.ts b/pkg/rancher-desktop/backend/images/nerdctlImageProcessor.ts
@@ -68,6 +68,8 @@ export default class NerdctlImageProcessor extends imageProcessor.ImageProcessor
   }
 
   async scanImage(taggedImageName: string, namespace: string): Promise<imageProcessor.childResultType> {
+    // environment variables and the trivy command name are included in the command, which may be invoked like:
+    // limactl shell 0 sudo CONTAINERD_ADDRESS=… trivy …
     return await this.runTrivyCommand(
       [
         'CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock',