Bring in the Auto-DevOps template from GitLab. We do our own matrix
testing but this brings in the various security, lecence and dependency
scanning tools from Auto-DevOps.

In order to make use of these scanning tools we build a small container
but this is not intended to run the application, just to contain the
source so that the various scanners can scan it. That being said we do
"pip install" within the container so that a basic "pip install" test
must pass before we start all the rest of the test jobs.

Closes #7

Dr Rich Wareham authored 6 years ago and Dr Abraham Martin committed 6 years ago

Re-work the tox deployment so that we mount the application directory as
a read-only volume rather than copying the file in when building the
image. This has the following advantages:

1. We do not build a new image each time we run tests. (This is nicer to
   those of us with finite disk space.)
2. Running tests is slightly faster since a new image is not being
   built.
3. The application directory is mounted read-only so we catch code which
   accidentally writes to the current directory.
4. We can use the upstream tox image rather than rolling our own derived
   image.

In order to make to happy to run in a read-only environment, we specify
that a) it does not run sdist to write an .egg-info directory and b)
that coverage data is stored in /tmp rather than the application
directory.

Use themattrix/tox-base docker image. This image contains all versions of python, whuch makes matrix testing very easy.