learningequality · marcellamaki · Dec 18, 2025 · Dec 18, 2025 · Dec 19, 2025 · Dec 19, 2025
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,20 +4,28 @@ version: 2
 updates:
 
   # Maintain dependencies for Python
-  - package-ecosystem: "pip"
+  - package-ecosystem: "uv"
     directory: "/"
     schedule:
-      interval: "weekly"
-      day: "wednesday"
+      interval: "monthly"
       time: "00:00"
+    cooldown:
+      default-days: 7
 
   # Maintain dependencies for Javascript
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
-      interval: "weekly"
-      day: "wednesday"
+      interval: "monthly"
       time: "00:00"
+    cooldown:
+      default-days: 7
+      exclude:
+        - kolibri-constants
+        - kolibri-design-system
+        - kolibri-logging
+        - kolibri-format
+        - kolibri-tools
     groups:
       babel:
         patterns:
@@ -33,9 +41,10 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
-      day: "wednesday"
+      interval: "monthly"
       time: "00:00"
+    cooldown:
+      default-days: 7
     groups:
       github:
         patterns:

diff --git a/.github/workflows/call-contributor-pr-reply.yml b/.github/workflows/call-contributor-pr-reply.yml
@@ -0,0 +1,12 @@
+name: Send reply on a new contributor pull request
+on:
+  pull_request_target:
+    types: [opened]
+jobs:
+  call-workflow:
+    name: Call shared workflow
+    uses: learningequality/.github/.github/workflows/contributor-pr-reply.yml@main
+    secrets:
+      LE_BOT_APP_ID: ${{ secrets.LE_BOT_APP_ID }}
+      LE_BOT_PRIVATE_KEY: ${{ secrets.LE_BOT_PRIVATE_KEY }}
+      SLACK_COMMUNITY_NOTIFICATIONS_WEBHOOK_URL: ${{ secrets.SLACK_COMMUNITY_NOTIFICATIONS_WEBHOOK_URL }}
@@ -4,6 +4,8 @@
    types: [opened]
 jobs:
  call-workflow:
+    permissions:
+      contents: read
    name: Call shared workflow
    uses: learningequality/.github/.github/workflows/contributor-pr-reply.yml@main
    secrets:
@@ -4,6 +4,8 @@
    types: [opened]
 jobs:
  call-workflow:
+    permissions:
+      contents: read
    name: Call shared workflow
    uses: learningequality/.github/.github/workflows/contributor-pr-reply.yml@main
    secrets:
diff --git a/.github/workflows/call-pull-request-target.yml b/.github/workflows/call-pull-request-target.yml
@@ -0,0 +1,11 @@
+name: Handle pull request events
+on:
+  pull_request_target:
+    types: [review_requested, labeled]
+jobs:
+  call-workflow:
+    name: Call shared workflow
+    uses: learningequality/.github/.github/workflows/pull-request-target.yml@main
+    secrets:
+      LE_BOT_APP_ID: ${{ secrets.LE_BOT_APP_ID }}
+      LE_BOT_PRIVATE_KEY: ${{ secrets.LE_BOT_PRIVATE_KEY }}
@@ -1,4 +1,6 @@
 name: Handle pull request events
+permissions:
+  contents: read
 on:
  pull_request_target:
    types: [review_requested, labeled]
@@ -1,4 +1,6 @@
 name: Handle pull request events
+permissions:
+  contents: read
 on:
  pull_request_target:
    types: [review_requested, labeled]
diff --git a/.github/workflows/update-pr-spreadsheet.yml → .../workflows/call-update-pr-spreadsheet.yml b/.github/workflows/update-pr-spreadsheet.yml → .../workflows/call-update-pr-spreadsheet.yml
@@ -1,12 +1,15 @@
 name: Update community pull requests spreadsheet
 on:
   pull_request_target:
-    types: [assigned,unassigned,opened,closed,reopened]
+    types: [assigned, unassigned, opened, closed, reopened, edited, review_requested, review_request_removed]
 
 jobs:
-  call-update-spreadsheet:
+  call-workflow:
+    name: Call shared workflow
     uses: learningequality/.github/.github/workflows/update-pr-spreadsheet.yml@main
     secrets:
+      LE_BOT_APP_ID: ${{ secrets.LE_BOT_APP_ID }}
+      LE_BOT_PRIVATE_KEY: ${{ secrets.LE_BOT_PRIVATE_KEY }}
       CONTRIBUTIONS_SPREADSHEET_ID: ${{ secrets.CONTRIBUTIONS_SPREADSHEET_ID }}
       CONTRIBUTIONS_SHEET_NAME: ${{ secrets.CONTRIBUTIONS_SHEET_NAME }}
       GH_UPLOADER_GCP_SA_CREDENTIALS: ${{ secrets.GH_UPLOADER_GCP_SA_CREDENTIALS }}
diff --git a/.github/workflows/containerbuild.yml b/.github/workflows/containerbuild.yml
@@ -32,32 +32,32 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout codebase
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
 
     - name: Log in to Docker Hub
       if: github.event_name != 'pull_request'
-      uses: docker/login-action@v3
+      uses: docker/login-action@v4
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Extract metadata (tags, labels) for Docker
       id: meta
-      uses: docker/metadata-action@v5
+      uses: docker/metadata-action@v6
       with:
         images: ghcr.io/learningequality/postgres
       env:
         DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
 
     - name: Build and push Docker image
-      uses: docker/build-push-action@v6
+      uses: docker/build-push-action@v7
       with:
         context: ./docker
         file: ./docker/Dockerfile.postgres.dev
@@ -88,16 +88,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout codebase
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
 
     - name: Build Docker image
-      uses: docker/build-push-action@v6
+      uses: docker/build-push-action@v7
       with:
         context: ./
         file: ./docker/Dockerfile.nginx.prod

diff --git a/.github/workflows/deploytest.yml b/.github/workflows/deploytest.yml
@@ -27,11 +27,11 @@ jobs:
     if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Use pnpm
-      uses: pnpm/action-setup@v4
+      uses: pnpm/action-setup@v5
     - name: Use Node.js
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@v6
       with:
         node-version: '20.x'
         cache: 'pnpm'
@@ -47,29 +47,21 @@ jobs:
     if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up Python 3.10
-      uses: actions/setup-python@v5
+    - uses: actions/checkout@v6
+    - name: Install uv
+      uses: astral-sh/setup-uv@v7
       with:
         python-version: '3.10'
-    - name: pip cache
-      uses: actions/cache@v4
-      with:
-        path: ~/.cache/pip
-        key: ${{ runner.os }}-pyprod-${{ hashFiles('requirements.txt') }}
-        restore-keys: |
-          ${{ runner.os }}-pyprod-
-    - name: Install pip-tools and python dependencies
+        activate-environment: "true"
+        enable-cache: "true"
+    - name: Install python dependencies with uv
       run: |
-        # Pin pip to 25.2 to avoid incompatibility with pip-tools and 25.3
-        # see https://github.com/jazzband/pip-tools/issues/2252
-        python -m pip install pip==25.2
-        pip install pip-tools
-        pip-sync requirements.txt
+        # Use uv to install dependencies directly from requirements files
+        uv pip sync requirements.txt
     - name: Use pnpm
-      uses: pnpm/action-setup@v4
+      uses: pnpm/action-setup@v5
     - name: Use Node.js
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@v6
       with:
         node-version: '20.x'
         cache: 'pnpm'

diff --git a/.github/workflows/frontendtest.yml b/.github/workflows/frontendtest.yml
@@ -27,11 +27,11 @@ jobs:
     if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Use pnpm
-      uses: pnpm/action-setup@v4
+      uses: pnpm/action-setup@v5
     - name: Use Node.js
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@v6
       with:
         node-version: '20.x'
         cache: 'pnpm'

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -31,14 +31,16 @@ jobs:
     if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
+    - uses: actions/checkout@v6
+    - name: Install uv
+      uses: astral-sh/setup-uv@v7
       with:
         python-version: '3.10'
+        ignore-nothing-to-cache: 'true'
     - name: Use pnpm
-      uses: pnpm/action-setup@v4
+      uses: pnpm/action-setup@v5
     - name: Use Node.js
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@v6
       with:
         node-version: '20.x'
         cache: 'pnpm'

diff --git a/.github/workflows/pythontest.yml b/.github/workflows/pythontest.yml
@@ -61,32 +61,24 @@ jobs:
           # Maps port 6379 on service container to the host
           - 6379:6379
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Set up minio
       run: |
         docker run -d -p 9000:9000 --name minio \
                     -e "MINIO_ROOT_USER=development" \
                     -e "MINIO_ROOT_PASSWORD=development" \
                     -e "MINIO_DEFAULT_BUCKETS=content:public" \
                     bitnamilegacy/minio:2024.5.28
-    - name: Set up Python 3.10
-      uses: actions/setup-python@v5
+    - name: Install uv
+      uses: astral-sh/setup-uv@v7
       with:
         python-version: '3.10'
-    - name: pip cache
-      uses: actions/cache@v4
-      with:
-        path: ~/.cache/pip
-        key: ${{ runner.os }}-pytest-${{ hashFiles('requirements.txt', 'requirements-dev.txt') }}
-        restore-keys: |
-          ${{ runner.os }}-pytest-
-    - name: Install pip-tools and python dependencies
+        activate-environment: "true"
+        enable-cache: "true"
+    - name: Install python dependencies with uv
       run: |
-        # Pin pip to 25.2 to avoid incompatibility with pip-tools and 25.3
-        # see https://github.com/jazzband/pip-tools/issues/2252
-        python -m pip install pip==25.2
-        pip install pip-tools
-        pip-sync requirements.txt requirements-dev.txt
+        # Use uv to install dependencies directly from requirements files
+        uv pip sync requirements.txt requirements-dev.txt
     - name: Test pytest
       run: |
         sh -c './contentcuration/manage.py makemigrations --check'

diff --git a/.gitignore b/.gitignore
@@ -25,6 +25,7 @@ var/
 
 # Ignore editor / IDE related data
 .vscode/
+.claude/
 .gemini/
 
 # IntelliJ IDE, except project config
@@ -133,6 +134,3 @@ storybook-static/
 
 # i18n
 /contentcuration/locale/**/LC_MESSAGES/*.csv
-
-# pyenv
-.python-version
diff --git a/.python-version b/.python-version
@@ -0,0 +1 @@
+3.10
diff --git a/Makefile b/Makefile
@@ -1,9 +1,10 @@
 # standalone install method
-DOCKER_COMPOSE = docker-compose
+DOCKER_COMPOSE ?= docker-compose
+CELERY = cd contentcuration/ && celery -A contentcuration worker -l info --concurrency=3 --task-events
 
 # support new plugin installation for docker-compose
-ifeq (, $(shell which docker-compose))
-DOCKER_COMPOSE = docker compose
+ifeq (, $(shell command -v docker-compose 2>/dev/null))
+DOCKER_COMPOSE := docker compose
 endif
 
 ###############################################################
@@ -16,7 +17,7 @@ altprodserver: collectstatic compilemessages
 	cd contentcuration/ && gunicorn contentcuration.wsgi:application --timeout=4000 --error-logfile=/var/log/gunicorn-error.log --workers=${NUM_PROCS} --threads=${NUM_THREADS} --bind=0.0.0.0:8081 --pid=/tmp/contentcuration.pid --log-level=debug || sleep infinity
 
 prodceleryworkers:
-	cd contentcuration/ && celery -A contentcuration worker -l info --concurrency=3 --task-events
+	$(CELERY)
 
 collectstatic:
 	python contentcuration/manage.py collectstatic --noinput
@@ -147,7 +148,7 @@ purge-postgres: .docker/pgpass
 destroy-and-recreate-database: purge-postgres setup
 
 devceleryworkers:
-	$(MAKE) -e DJANGO_SETTINGS_MODULE=contentcuration.dev_settings prodceleryworkers
+	DJANGO_SETTINGS_MODULE=contentcuration.dev_settings $(CELERY) --pool=threads
 
 run-services:
 	$(MAKE) -j 2 dcservicesup devceleryworkers
@@ -196,8 +197,8 @@ dctest: .docker/minio .docker/postgres
 
 dcservicesup: .docker/minio .docker/postgres
 	# launch all studio's dependent services using docker-compose
-	$(DOCKER_COMPOSE) -f docker-compose.yml -f docker-compose.alt.yml up minio postgres redis
+	$(DOCKER_COMPOSE) up minio postgres redis
 
 dcservicesdown:
 	# stop services that were started using dcservicesup
-	$(DOCKER_COMPOSE) -f docker-compose.yml -f docker-compose.alt.yml down
+	$(DOCKER_COMPOSE) down
diff --git a/contentcuration/contentcuration/constants/community_library_submission.py b/contentcuration/contentcuration/constants/community_library_submission.py
@@ -0,0 +1,27 @@
+STATUS_PENDING = "PENDING"
+STATUS_APPROVED = "APPROVED"
+STATUS_REJECTED = "REJECTED"
+STATUS_SUPERSEDED = "SUPERSEDED"
+STATUS_LIVE = "LIVE"
+
+status_choices = (
+    (STATUS_PENDING, "Pending"),
+    (STATUS_APPROVED, "Approved"),
+    (STATUS_REJECTED, "Rejected"),
+    (STATUS_SUPERSEDED, "Superseded"),
+    (STATUS_LIVE, "Live"),
+)
+
+REASON_INVALID_LICENSING = "INVALID_LICENSING"
+REASON_TECHNICAL_QUALITY_ASSURANCE = "TECHNICAL_QUALITY_ASSURANCE"
+REASON_INVALID_METADATA = "INVALID_METADATA"
+REASON_PORTABILITY_ISSUES = "PORTABILITY_ISSUES"
+REASON_OTHER = "OTHER"
+
+resolution_reason_choices = (
+    (REASON_INVALID_LICENSING, "Invalid Licensing"),
+    (REASON_TECHNICAL_QUALITY_ASSURANCE, "Technical Quality Assurance"),
+    (REASON_INVALID_METADATA, "Invalid Metadata"),
+    (REASON_PORTABILITY_ISSUES, "Portability Issues"),
+    (REASON_OTHER, "Other"),
+)
diff --git a/contentcuration/contentcuration/dev_urls.py b/contentcuration/contentcuration/dev_urls.py
@@ -8,7 +8,6 @@
 from django.urls import include
 from django.urls import path
 from django.urls import re_path
-from django.views.generic import TemplateView
 from drf_yasg import openapi
 from drf_yasg.views import get_schema_view
 from rest_framework import permissions
@@ -76,10 +75,3 @@ def file_server(request, storage_path=None):
     re_path(r"^api-auth/", include("rest_framework.urls", namespace="rest_framework")),
     re_path(r"^content/(?P<storage_path>.+)$", file_server),
 ]
-
-urlpatterns += [
-    re_path(
-        r"^editor-dev(?:/.*)?$",
-        TemplateView.as_view(template_name="contentcuration/editor_dev.html"),
-    ),
-]