solving merge conflicts with main

Author: loiswells97

.devcontainer/devcontainer.json

@@ -67,7 +67,9 @@
         "shopify.ruby-lsp",
         "koichisasada.vscode-rdbg",
         "postman.postman-for-vscode",
-        "ninoseki.vscode-mogami"
+        "ninoseki.vscode-mogami",
+        "GitHub.copilot",
+        "GitHub.copilot-chat"
       ],
       "settings": {
         "terminal.integrated.defaultProfile.linux": "zsh",
@@ -79,7 +81,7 @@
         }
       }
     }
-  }
+  },
 
   // Uncomment to connect as an existing user other than the container default. More info: https://aka.ms/dev-containers-non-root.
   // "remoteUser": "devcontainer"

.github/copilot-instructions.md

@@ -0,0 +1,42 @@
+# Copilot instructions for editor-api
+
+This repo is a Rails 7.1 exposing REST and GraphQL APIs for the Raspberry Pi Foundation Code Editor and Code Editor for Education features.
+
+Architecture and boundaries
+- HTTP surfaces: REST under `app/controllers/api/**` (responses via jbuilder in `app/views/api/**`) and GraphQL at `/graphql` (schema in `app/graphql/**`).
+- Authentication: Browser/session via OmniAuth (OIDC to Hydra) in `config/initializers/omniauth.rb` and `AuthController`; API token via `Authorization: Bearer <token>` with lookup in `Identifiable#identify_user` → `User.from_token` → `HydraPublicApiClient`.
+- Authorization: `cancancan` in `app/models/ability.rb`. Permissions differ for students/teachers/owners/admin. Use `load_and_authorize_resource` in controllers and `Types::ProjectType.authorized?` plus `GraphqlController` context `current_ability` for GraphQL.
+- Domain: `Project` (+ `Component`) with attachments (`images/videos/audio` via Active Storage). Higher-level operations live under `lib/concepts/**` (e.g., `Project::Create`, `Project::Update`, `Project::CreateRemix`). Prefer calling these from controllers/mutations.
+- Jobs: GoodJob (`config/initializers/good_job.rb`, Procfile `worker`). Admin UI is mounted at `/admin/good_job` and gated by `AuthenticationHelper#current_user.admin?`.
+- Integrations: Profile API (`lib/profile_api_client.rb`) for schools/students and safeguarding flags; UserInfo API for user detail fan-out; GitHub GraphQL client in `lib/github_api.rb`; GitHub webhooks via `GithubWebhooksController` trigger `UploadJob` when `ref == ENV['GITHUB_WEBHOOK_REF']` and files under `*/code/` change.
+- Storage/CORS: Active Storage uses S3 in non-dev; `config/initializers/cors.rb` and `lib/origin_parser.rb` parse `ALLOWED_ORIGINS`. `CorpMiddleware` sets CORP for Active Storage routes.
+
+Key conventions and patterns
+- GraphQL context includes: `current_user`, `current_ability`, and `remix_origin` (see `GraphqlController`). Max depth/complexity guard rails in `EditorApiSchema`.
+- GraphQL object IDs use GlobalID; locale fallback for projects via `ProjectLoader` in order `[requested, 'en', nil]`.
+- Jbuilder responses: see `app/views/api/projects/show.json.jbuilder` for shape (components, media URLs via `rails_blob_url`, optional `parent`).
+- Pagination for REST lists returns HTTP `Link` header (see `Api::ProjectsController#pagination_link_header`).
+- Project rules: identifiers unique per locale; default component’s name/extension immutable on update; students cannot update `instructions` on school projects; creating a project within a school auto-builds a `SchoolProject`.
+- Remix: `Project::CreateRemix` clones media/components, sets `remix_origin` from `request.origin` and clears `lesson_id`.
+- Errors: domain ops return `OperationResponse` with `:error`; controllers return 4xx heads for common cases; GraphQL raises `GraphQL::ExecutionError`. Exceptions are reported to Sentry.
+
+Developer workflows (docker-first)
+- Setup: copy `.env.example` → `.env`. Build with `docker-compose build`. Prepare DB: `docker compose run --rm api rails db:setup`.
+- Run: `docker-compose up` (API on http://localhost:3009). GraphiQL available in non-production at `/graphql`.
+- Tests: `docker-compose run api rspec` (or pass a spec path). Bullet, WebMock, and RSpec rails are configured in `spec/rails_helper.rb`.
+- Seeds: run `projects:create_all` and `for_education:*` Rake tasks (examples in README). Experience CS examples auto-run on release (see Procfile `release`).
+- DB sync: scripts in `bin/db-sync/*` pull Heroku backups into your local Docker DB and reset Active Storage to `local`.
+- Gems: update inside the builder image with `./bin/with-builder.sh bundle update`.
+
+Important env vars (see `.env.example`)
+- Postgres: `POSTGRES_HOST/DB/USER/PASSWORD`. Hydra/identity: `HYDRA_PUBLIC_URL`, `HYDRA_PUBLIC_API_URL`, `HYDRA_PUBLIC_TOKEN_URL`, `HYDRA_CLIENT_ID/SECRET`, `IDENTITY_URL`, `HOST_URL`.
+- External APIs: `USERINFO_API_URL/KEY`, `PROFILE_API_KEY`. Webhooks: `GITHUB_WEBHOOK_SECRET`, `GITHUB_WEBHOOK_REF`, optional `GITHUB_AUTH_TOKEN` for GitHub GraphQL.
+- CORS/storage: `ALLOWED_ORIGINS`, `AWS_*` (S3). Local auth/dev: `BYPASS_OAUTH=true` to stub identity; `SMEE_TUNNEL` for local webhook relay.
+
+Examples to follow
+- REST: `GET /api/projects/:id` resolves by identifier+locale (uses `ProjectLoader`); `POST /api/projects/:project_id/images` attaches files; `POST /api/projects/:project_id/remix` creates a remix (requires auth).
+- GraphQL query snippet: `projects(userId: "<uuid>") { edges { node { identifier name components { nodes { name extension } } } } }` and `project(identifier: "abc123") { name images { nodes { filename } } }`.
+
+Where to look first
+- Routes: `config/routes.rb`. Auth: `config/initializers/omniauth.rb`, `app/helpers/authentication_helper.rb`, `app/controllers/concerns/identifiable.rb`.
+- Permissions: `app/models/ability.rb`. Domain ops: `lib/concepts/**`. Data models: `app/models/**`. API views: `app/views/api/**`. GraphQL types/mutations: `app/graphql/**`.

Dockerfile

@@ -1,14 +1,15 @@
-FROM ruby:3.2-slim-bullseye as base
+FROM ruby:3.2-slim-bullseye AS base
 RUN gem install bundler \
   && apt-get update \
   && apt-get upgrade --yes \
   && apt-get install --yes --no-install-recommends \
   libpq5 libxml2 libxslt1.1 libvips \
   curl gnupg graphviz nodejs \
-  && echo "deb http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
-  && curl -sL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
+  && mkdir -p /usr/share/keyrings \
+  && curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-archive-keyring.gpg \
+  && echo "deb [signed-by=/usr/share/keyrings/postgresql-archive-keyring.gpg] http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
   && apt-get update \
-  && apt-get install --yes --no-install-recommends postgresql-client-15 \
+  && apt-get install --yes --no-install-recommends postgresql-client-17 \
   && rm -rf /var/lib/apt/lists/* /var/lib/apt/archives/*.deb
 ENV TZ='Europe/London'
 ENV RUBYOPT='-W:no-deprecated -W:no-experimental'
@@ -31,11 +32,11 @@ FROM builder AS dev-container
 RUN apt-get update \
   && apt-get install --yes --no-install-recommends sudo git vim zsh ssh curl less
 RUN sh -c "$(curl -L https://github.com/deluan/zsh-in-docker/releases/download/v1.1.5/zsh-in-docker.sh)" -- \
-    -t robbyrussell \
-    -p git -p docker-compose -p yarn \
-    -p https://github.com/zsh-users/zsh-autosuggestions \
-    # -p https://github.com/marlonrichert/zsh-autocomplete \
-    -p https://github.com/unixorn/fzf-zsh-plugin
+  -t robbyrussell \
+  -p git -p docker-compose -p yarn \
+  -p https://github.com/zsh-users/zsh-autosuggestions \
+  # -p https://github.com/marlonrichert/zsh-autocomplete \
+  -p https://github.com/unixorn/fzf-zsh-plugin
 RUN chsh -s $(which zsh) ${USER}
 
 # Slim application image without development dependencies

README.md

@@ -33,15 +33,48 @@ Start the application and its dependencies via docker:
 docker-compose up
 ```
 
+### Using the dev-container
+
+There is a dedicated image called `dev-container`, and the easiest way to use this is to use the override:
+
+`cp docker-compose.override.yml.example docker-compose.override.yml`
+
+Now when you run `docker compose up -d` it will always use the `dev-container` image.
+
+When adding a vscode project the dev-container should be automatically found and a dialog will show asking if
+you want to use this, but failing that you can open the cmd palette with `cmd + shift + p` and call:
+
+`Dev Containers: Reopen in Container`
+
+If there's an issue, do check the logs, but you can run:
+
+`Dev Containers: Rebuild and Reopen in Container`
+
+and there's also a 'without cache' variant, to ensure packages are re-built.
+
 #### Updating gems inside the container
 
-This can be done with the `bin/with-builder.sh` script:
+If running inside a dev-container:
+
+```
+bundle install
+```
+
+or outside with:
+
+```
+docker compose run --rm --no-deps api bundle install
+```
+
+This can also be done with the `bin/with-builder.sh` script:
 
 ```
 ./bin/with-builder.sh bundle update
 ```
 
-which should update the Gems in the container, without the need for rebuilding.
+which should update the Gems in the container.
+
+None of these methods require rebuilding.
 
 ### Seeding
 

app/controllers/api/lessons_controller.rb

@@ -10,7 +10,11 @@ def index
       archive_scope = params[:include_archived] == 'true' ? Lesson : Lesson.unarchived
       scope = params[:school_class_id] ? archive_scope.where(school_class_id: params[:school_class_id]) : archive_scope
       ordered_scope = scope.order(created_at: :asc)
-      @lessons_with_users = ordered_scope.accessible_by(current_ability).with_users
+
+      accessible_lessons = ordered_scope.accessible_by(current_ability)
+      lessons_with_users = accessible_lessons.with_users
+      remixes = user_remixes(accessible_lessons)
+      @lessons_with_users_and_remixes = lessons_with_users.zip(remixes)
       if current_user&.school_teacher?(school) || current_user&.school_owner?(school)
         render :teacher_index, formats: [:json], status: :ok
       else
@@ -78,6 +82,22 @@ def verify_school_class_belongs_to_school
       raise ParameterError, 'school_class_id does not correspond to school_id'
     end
 
+    def user_remixes(lessons)
+      lessons.map do |lesson|
+        next nil unless lesson&.project&.remixes&.any?
+
+        user_remix(lesson)
+      end
+    end
+
+    def user_remix(lesson)
+      lesson.project&.remixes
+            &.where(user_id: current_user.id)
+            &.accessible_by(current_ability)
+            &.order(created_at: :asc)
+            &.first
+    end
+
     def lesson_params
       base_params.merge(user_id: current_user.id)
     end

app/controllers/api/projects/remixes_controller.rb

@@ -5,7 +5,7 @@ module Projects
     class RemixesController < ApiController
       before_action :authorize_user
       load_and_authorize_resource :school, only: :index
-      before_action :load_and_authorize_remix, only: %i[show]
+      before_action :load_and_authorize_remix, only: %i[show show_identifier]
 
       def index
         projects = Project.where(remixed_from_id: project.id).accessible_by(current_ability)
@@ -17,6 +17,10 @@ def show
         render '/api/projects/show', formats: [:json]
       end
 
+      def show_identifier
+        render json: { identifier: @project.identifier }, status: :ok
+      end
+
       def create
         # Ensure we have a fallback value to prevent bad requests
         remix_origin = request.origin || request.referer

app/views/api/lessons/student_index.json.jbuilder

@@ -2,4 +2,5 @@
 
 json.array!(@lessons_with_users) do |lesson, user|
   json.partial! 'lesson', lesson: lesson, user: user
+  json.remix_identifier(remix.identifier) if remix.present?
 end

bin/docker-debug-entrypoint.sh

@@ -1,4 +1,15 @@
 #!/bin/bash
+set -euo pipefail # Use strict-mode in based to ensure errors are surfaced early
 
-rails db:prepare
-rdbg -n -o -c -- bin/rails s -p 3009 -b '0.0.0.0'
+# Check if bundle install needs to be run
+bundle check >/dev/null 2>&1 || bundle install --jobs "${BUNDLE_JOBS:-4}"
+
+# Check if yarn install needs to be run
+if [ -f package.json ] && command -v yarn >/dev/null 2>&1; then
+	yarn install --check-files --frozen-lockfile || yarn install --check-files
+fi
+
+# Prepare the database
+bundle exec rails db:prepare
+
+exec rdbg -n -o -c -- bundle exec rails s -p 3009 -b '0.0.0.0'

bin/docker-entrypoint.sh

@@ -1,4 +1,15 @@
 #!/bin/bash
+set -euo pipefail # Use strict-mode in based to ensure errors are surfaced early
 
-rails db:prepare
-rails server --port 3009 --binding 0.0.0.0
+# Check if bundle install needs to be run
+bundle check >/dev/null 2>&1 || bundle install --jobs "${BUNDLE_JOBS:-4}"
+
+# Check if yarn install needs to be run
+if [ -f package.json ] && command -v yarn >/dev/null 2>&1; then
+	yarn install --check-files --frozen-lockfile || yarn install --check-files
+fi
+
+# Prepare the database
+bundle exec rails db:prepare
+
+exec bundle exec rails server --port 3009 --binding 0.0.0.0

config/routes.rb

@@ -43,7 +43,9 @@
       post :submit, on: :member, to: 'school_projects#submit'
       post :return, on: :member, to: 'school_projects#return'
       post :complete, on: :member, to: 'school_projects#complete'
-      resource :remix, only: %i[show create], controller: 'projects/remixes'
+      resource :remix, only: %i[show create], controller: 'projects/remixes' do
+        get :identifier, on: :member, to: 'projects/remixes#show_identifier'
+      end
       resources :remixes, only: %i[index], controller: 'projects/remixes'
       resource :images, only: %i[show create], controller: 'projects/images'
       resources :feedback, only: %i[index create], controller: 'feedback' do