From ce83271d35026b1ece3d99baea1bf5a9a842bb50 Mon Sep 17 00:00:00 2001
From: Mradul Tiwari <mradultiwari1708@gmail.com>
Date: Mon, 20 Apr 2026 02:22:41 +0530
Subject: [PATCH] Fix Dockerfile to use cornucopia.owasp.org as build context

---
 .../workflows/zap-nightly-scan-website.yml    |  3 +++
 cornucopia.owasp.org/.dockerignore            |  9 ++++++++
 cornucopia.owasp.org/Dockerfile               | 22 +++++++------------
 3 files changed, 20 insertions(+), 14 deletions(-)
 create mode 100644 cornucopia.owasp.org/.dockerignore

diff --git a/.github/workflows/zap-nightly-scan-website.yml b/.github/workflows/zap-nightly-scan-website.yml
index 7bc114731..0bdef1e05 100644
--- a/.github/workflows/zap-nightly-scan-website.yml
+++ b/.github/workflows/zap-nightly-scan-website.yml
@@ -18,6 +18,9 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
+      - name: Copy source data into build context
+        run: cp -r source cornucopia.owasp.org/source
+
       - name: Build website Docker image
         run: docker build -t cornucopia-website -f cornucopia.owasp.org/Dockerfile cornucopia.owasp.org
 
diff --git a/cornucopia.owasp.org/.dockerignore b/cornucopia.owasp.org/.dockerignore
new file mode 100644
index 000000000..6bb3070f7
--- /dev/null
+++ b/cornucopia.owasp.org/.dockerignore
@@ -0,0 +1,9 @@
+node_modules
+npm-debug.log
+build
+.svelte-kit
+coverage
+.env
+.env.*
+.DS_Store
+.vs
diff --git a/cornucopia.owasp.org/Dockerfile b/cornucopia.owasp.org/Dockerfile
index 12d47de56..c2288bd6f 100644
--- a/cornucopia.owasp.org/Dockerfile
+++ b/cornucopia.owasp.org/Dockerfile
@@ -2,21 +2,17 @@ FROM node:iron-alpine3.21@sha256:957dbf2afb4f22d9e2b94b981e242cbb796965cd3d9cc02
 
 WORKDIR /app
 
-# Install dependencies
-# V15.2: Copy the lockfile before install so dependency resolution is deterministic
-# and Docker can safely cache the dependency layer.
-COPY cornucopia.owasp.org/package.json ./
-COPY cornucopia.owasp.org/pnpm-lock.yaml ./
+# Install dependencies (lockfile copied for deterministic builds)
+COPY package.json pnpm-lock.yaml ./
 RUN npm install -g pnpm@v10.3.0 --save-exact
 RUN pnpm install --frozen-lockfile
 
-# Followed copilot suggestion 2: Copy source data AFTER dependency install
-WORKDIR /source
-COPY source .
+# Copy source data needed for SvelteKit prerendering (card YAML files)
+# The workflow copies the repo-root source/ directory into the build context
+COPY source /source
 
-WORKDIR /app
 # Copy the frontend application code
-COPY cornucopia.owasp.org .
+COPY . .
 
 # Build the application
 ENV NODE_OPTIONS="--max-old-space-size=4096"
@@ -29,10 +25,8 @@ FROM nginx:alpine3.21@sha256:b471bb609adc83f73c2d95148cf1bd683408739a3c09c0afc66
 COPY --from=builder /app/build /usr/share/nginx/html
 
 # Copy custom Nginx configuration
-COPY cornucopia.owasp.org/nginx.conf /etc/nginx/conf.d/default.conf
+COPY nginx.conf /etc/nginx/conf.d/default.conf
 
 EXPOSE 80
 
-CMD ["nginx", "-g", "daemon off;"]
-
-# Added a comment to push to repo webhook
\ No newline at end of file
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file